What's Changed
- Fixes for
PKCS12_set_macby @justsmth in #3079 - Allow zero-length PEM passwords in callback paths by @geedo0 in #3073
- Relicense OpenSSL Sources to Apache-2.0, Cleanup Sources and LICENSE file Details by @skmcgrail in #3091
- Harden HMAC error paths: fix resource leaks, state bugs, and missing cleansing by @justsmth in #3081
- Fix modulewrapper memory leak by @justsmth in #3094
- Distribution Packaging Improvements by @skmcgrail in #3042
- Add bounds checks for
size_ttointtruncation inRSA_METHODcalls by @justsmth in #3084 - Clean up sensitive stack buffers and minor fixes in PKCS#8 by @justsmth in #3067
- More NULL checks in bio_ssl.cc by @justsmth in #3076
- Reject IPv6 literal URIs in name constraint checking by @justsmth in #3045
- Abort on
RAND_bytesfailure by @justsmth in #3078 - Fix race condition in
new_certs_diroutput path by @justsmth in #3095 - Fall back to EVP_{marshal,parse} in {i2d,d2i}_{Public,Private}Key by @WillChilds-Klein in #2897
- Fix stale
key_methodpointer after private key switch inCERTby @justsmth in #3085 - Clean up on X509_STORE_CTX_add_custom_crit_oid error paths by @samuel40791765 in #3088
- Correct purpose setting for OCSP_request_verify by @samuel40791765 in #3089
- Correct types finished-based APIs for TLS 1.3 by @samuel40791765 in #3087
- Fix issues in
pass_util.ccpassword handling by @justsmth in #3032 - Use explicit check for X509 path length by @nhatnghiho in #3080
- Prepare v1.71.0 by @samuel40791765 in #3102
- BoringSSL: Const-correct the kPrintMethods table and Update citations from RFC 3447 to RFC 8017 by @nebeid in #3026
- Fix CN fallback handling in name constraints checking by @samuel40791765 in #3107
- Fix CRL distribution point scope check logic in crl_crldp_check by @samuel40791765 in #3105
Full Changelog: v1.70.0...v1.71.0