git.ipfire.org Git - ipfire-2.x.git/commit

author	Adolf Belka <adolf.belka@ipfire.org>
	Thu, 18 Jan 2024 11:40:29 +0000 (12:40 +0100)
committer	Michael Tremer <michael.tremer@ipfire.org>
	Tue, 23 Jan 2024 13:56:42 +0000 (13:56 +0000)
commit	ab5113ae07f19f84f368d3dc7f791ec267f27d30
tree	b4f588e409de91b4bcee90bd35ba12446df94a50	tree \| snapshot
parent	b0ef2af113b196cb98972017c31532bbc62ed0b2	commit \| diff

stunnel: Update to version 5.71

- Update from vesrion 5.69 to 5.71
- Update of rootfile not required
- Changelog
    5.71, 2023.09.19, urgency: MEDIUM
Security bugfixes
  - OpenSSL DLLs updated to version 3.1.3.
Bugfixes
  - Fixed the console output of tstunnel.exe.
Features sponsored by SAE IT-systems
  - OCSP stapling is requested and verified in the client mode.
  - Using "verifyChain" automatically enables OCSP
    stapling in the client mode.
  - OCSP stapling is always available in the server mode.
  - An inconclusive OCSP verification breaks TLS negotiation.
    This can be disabled with "OCSPrequire = no".
  - Added the "TIMEOUTocsp" option to control the maximum
    time allowed for connecting an OCSP responder.
Features
  - Added support for Red Hat OpenSSL 3.x patches.
    5.70, 2023.07.12, urgency: HIGH
Security bugfixes
  - OpenSSL DLLs updated to version 3.0.9.
  - OpenSSL FIPS Provider updated to version 3.0.8.
Bugfixes
  - Fixed TLS socket EOF handling with OpenSSL 3.x.
    This bug caused major interoperability issues between
    stunnel built with OpenSSL 3.x and Microsoft's
    Schannel Security Support Provider (SSP).
  - Fixed reading certificate chains from PKCS#12 files.
Features
  - Added configurable delay for the "retry" option.

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>