Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 15 Feb 2021 01:48:12 +0000
From:      bugzilla-noreply@freebsd.org
To:        ports-bugs@FreeBSD.org
Subject:   [Bug 253526] security/libressl-3.2.4 breaks OpenLDAP, Dovecot, and Postfix
Message-ID:  <bug-253526-7788-uahiuQF1D4@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-253526-7788@https.bugs.freebsd.org/bugzilla/>
References:  <bug-253526-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D253526

--- Comment #1 from Mohammad S. Babaei <info@babaei.net> ---
I have to mention that my certificate for the OpenLDAP has been issued by L=
et's
Encrypt and is not self-signed if it makes any difference (because I saw the
following changes) on the release note:

https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.2.4-relnotes.txt

We have released LibreSSL 3.2.4, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon.

It includes the following bug and interoperability fixes:

    * Switch back to certificate verification code from LibreSSL 3.1.x. The
      new verifier is not bug compatible with the old verifier causing issu=
es
      with applications expecting behavior of the old verifier.

    * Unbreak DTLS retransmissions for flights that include a CCS

    * Only check BIO_should_read() on read and BIO_should_write() on write

    * Implement autochain for the TLSv1.3 server

    * Use the legacy verifier for autochain

    * Implement exporter for TLSv1.3

    * Free alert_data and phh_data in tls13_record_layer_free()

    * Plug leak in x509_verify_chain_dup()

    * Free the policy tree in x509_vfy_check_policy()

The LibreSSL project continues improvement of the codebase to reflect moder=
n,
safe programming practices. We welcome feedback and improvements from the
broader community. Thanks to all of the contributors who helped make this
release possible.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-253526-7788-uahiuQF1D4>