diff options
| author | Matthias Andree <matthias.andree@gmx.de> | 2022-11-01 09:32:48 +0100 |
|---|---|---|
| committer | Matthias Andree <matthias.andree@gmx.de> | 2022-11-01 09:37:10 +0100 |
| commit | 2eb6f8a71170fabf8e37d7d27d1f8d430fbaafdc (patch) | |
| tree | ba9c7b40f048470e60241faafe4f13d4d9c083b1 | |
| parent | 4473f2426df04acae357762a621dd735b828f6a1 (diff) | |
| download | fetchmail-2eb6f8a71170fabf8e37d7d27d1f8d430fbaafdc.tar.gz fetchmail-2eb6f8a71170fabf8e37d7d27d1f8d430fbaafdc.tar.bz2 fetchmail-2eb6f8a71170fabf8e37d7d27d1f8d430fbaafdc.zip | |
TLS: bump library version requirements
to OpenSSL 1.1.1q and 3.0.7 (warning only)
and WolfSSL 5.4.0 (force break build)
| -rw-r--r-- | NEWS | 6 | ||||
| -rw-r--r-- | README.SSL | 12 | ||||
| -rw-r--r-- | socket.c | 12 |
3 files changed, 18 insertions, 12 deletions
@@ -100,6 +100,12 @@ removed from a 6.5.0 or newer release.) This should not affect the normal build, which uses a C compiler. -------------------------------------------------------------------------------- +fetchmail-6.4.35 (not yet released): + +# BREAKING CHANGES: +* Fetchmail now warns about OpenSSL before 1.1.1s or 3.0.7, + and rejects wolfSSL older than 5.4.0. +-------------------------------------------------------------------------------- fetchmail-6.4.34 (released 2022-10-15, 31701 LoC): # CRITICAL BUG FIXES: @@ -21,7 +21,7 @@ below and in the manual). fetchmail 6.4.0 will auto-negotiate TLSv1 or newer only. -Fetchmail 6.4.25 supports OpenSSL 3.0.5 and 1.1.1q and WolfSSL 5.4.0 or newer. +Fetchmail 6.4.35 supports OpenSSL 3.0.7 and 1.1.1s and WolfSSL 5.4.0 or newer. Note that WolfSSL 5 is a bit less flexible about its trust store, see INSTALL chapter 2.1 for details. @@ -29,16 +29,16 @@ Note that many messages printed by fetchmail will print "OpenSSL" even if wolfSSL is being used. Reason is that fetchmail uses wolfSSL's OpenSSL compatibility layer and not the native wolfSSL API. - -- Matthias Andree, 2021-12-05 + -- Matthias Andree, 2022-11-01 Quickstart ---------- -Use an up-to-date release of OpenSSL v1.1.1 or v3.0 or wolfSSL 5.4.0 or -newer, so as to get TLSv1.3 support. Older OpenSSL versions are unsupported -upstream, and fetchmail rejects versions before v1.0.2f and warns about -versions before v1.1.1. +Use an up-to-date release of OpenSSL v1.1.1 or v3.0 or wolfSSL 5.4 or +newer, so as to get TLSv1.3 support and latest fixes. Older OpenSSL versions +are unsupported upstream, and fetchmail rejects versions before v1.0.2f and +warns about versions before v1.1.1. wolfSSL needs to be configured with --enable-opensslall --enable-harden, else some required OpenSSL APIs are missing, especially for SNI (server name @@ -414,17 +414,17 @@ va_dcl { #endif #ifdef USING_WOLFSSL -# if LIBWOLFSSL_VERSION_HEX < 0x05002000L -# error "FAILED - wolfSSL MUST be at least version 5.2.0." +# if LIBWOLFSSL_VERSION_HEX < 0x05004000L +# error "FAILED - wolfSSL MUST be at least version 5.4.0." # endif #else /* !USING_WOLFSSL */ #define fm_MIN_OPENSSL_VER 0x1000206fL /* 1.0.2f */ -# if OPENSSL_VERSION_NUMBER < 0x101010efL -# pragma message "WARNING - OpenSSL 1.m.nx SHOULD be at least release version 1.1.1n, using " OPENSSL_VERSION_TEXT "." +# if OPENSSL_VERSION_NUMBER < 0x1010111fL +# pragma message "WARNING - OpenSSL 1.m.nx SHOULD be at least release version 1.1.1q, using " OPENSSL_VERSION_TEXT "." # endif /* 0xMNN00PPSL */ # if OPENSSL_VERSION_NUMBER >= 0x30000000L -# if OPENSSL_VERSION_NUMBER < 0x30000020L -# pragma message "WARNING - OpenSSL 3.m.n SHOULD be at least release version 3.0.2, using " OPENSSL_VERSION_TEXT "." +# if OPENSSL_VERSION_NUMBER < 0x30000070L +# pragma message "WARNING - OpenSSL 3.m.n SHOULD be at least release version 3.0.7, using " OPENSSL_VERSION_TEXT "." # endif # endif /* 0xMNN00PPSL */ # if OPENSSL_VERSION_NUMBER < fm_MIN_OPENSSL_VER |