git.ipfire.org Git - thirdparty/openwrt.git/commit

author	John Audia <therealgraysky@proton.me>
	Wed, 2 Jul 2025 15:38:03 +0000 (11:38 -0400)
committer	Robert Marko <robimarko@gmail.com>
	Thu, 3 Jul 2025 11:03:39 +0000 (13:03 +0200)
commit	e2cdcf8e4614176d3ff05db0c292440e844d5cb2
tree	1c9d7a99627b6fe99ed94173b3018e4e297489f8	tree
parent	23dc466969f3364dfa7ab480e7745480a2e816f9	commit \| diff

openssl: update to 3.5.1

Automatically rebased: 100-Configure-afalg-support.patch

Changes between 3.5.0 and 3.5.1:
Fix x509 application adds trusted use instead of rejected use.
Issue summary: Use of -addreject option with the openssl x509 application
adds a trusted use instead of a rejected use for a certificate.

Impact summary: If a user intends to make a trusted certificate rejected
for a particular use it will be instead marked as trusted for that use.
(CVE-2025-4575)

Aligned the behaviour of TLS and DTLS in the event of a no_renegotiation
alert being received. Older versions of OpenSSL failed with DTLS if a
no_renegotiation alert was received. All versions of OpenSSL do this for TLS.
From 3.2 a bug was exposed that meant that DTLS ignored no_rengotiation.
We have now restored the original behaviour and brought DTLS back into line
with TLS.

Signed-off-by: John Audia <therealgraysky@proton.me>
Link: https://github.com/openwrt/openwrt/pull/19283
Signed-off-by: Robert Marko <robimarko@gmail.com>

package/libs/openssl/Makefile		diff \| blob \| blame \| history
package/libs/openssl/patches/100-Configure-afalg-support.patch		diff \| blob \| blame \| history