LibreSSL 2.5.4 Released

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

LibreSSL 2.5.4 Released

Brent Cook
We have released LibreSSL 2.5.4, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon. It includes the
following changes:

  * Reverted a previous change that forced consistency between return
    value and error code when specifing a certificate verification
    callback, since this breaks the documented API. When a user supplied
    callback always returns 1, and later code checks the error code to
    potentially abort post verification, this will result in incorrect
    successul certificate verification.

  * Switched Linux getrandom() usage to non-blocking mode, continuing to
    use fallback mechanims if unsuccessful. This works around a design
    flaw in Linux getrandom(2) where early boot usage in a library makes
    it impossible to recover if getrandom(2) is not yet initialized.

  * Fixed a bug caused by the return value being set early to signal
    successful DTLS cookie validation. This can mask a later failure and
    result in a positive return value being returned from
    ssl3_get_client_hello(), when it should return a negative value to
    propagate the error.

  * Fixed a build error on non-x86/x86_64 systems running Solaris.

This is the first stable fix release for the LibreSSL 2.5.x branch. The
next development release will be 2.6.0.