A Tcl interface to GNU Privacy Guard. This library was designed to
replace TclGPGME, allowing the same functionality with any GPG version.
Multiple fixes from stu@
OK sthen@, stu@
During certificate verification, OpenSSL (starting from version 1.0.1n and
1.0.2b) will attempt to find an alternative certificate chain if the first
attempt to build such a chain fails. An error in the implementation of this
logic can mean that an attacker could cause certain checks on untrusted
certificates to be bypassed, such as the CA flag, enabling them to use a valid
leaf certificate to act as a CA and "issue" an invalid certificate.
This issue will impact any application that verifies certificates including
SSL/TLS/DTLS clients and SSL/TLS/DTLS servers using client authentication.
- switch threading model to pthread since that it is the default process model in stunnel;
- fix stunnel.pem path in pkg/MESSAGE;
- add patches to make it build with libressl;
- fix some hardcoding paths in tools/stunnel.conf-sample.in.
Tweaks and Feedback:
jca@ yasuoka@ jasper@ brad@ and Markus Lude, thanks !
tested by yasuoka@ and Markus Lude on @sparc64(markus's tests against 3.18 version, but no many changes to 3.19, assuming that should work too...)...
full changelog at:
https://www.stunnel.org/sdf_ChangeLog.html
This library is used to gain direct access to the functions exposed by Daniel J.
Bernstein’s nacl library via libsodium or tweetnacl. It has been constructed to
maintain extensive documentation on how to use nacl as well as being completely
portable. The file in libnacl/__init__.py can be pulled out and placed directly
in any project to give a single file binding to all of nacl.
ok jasper@
libressl (py-cryptography was providing its own implementation of
EC_curve_nid2nist for libressl and for old openssl versions, this was
broken when libressl added it - since LIBRESSL_VERSION doesn't provide
anything useful for recognising this, simply delete the libressl check
from the ifdef).
