Merge pull request #3 from Iristyle/openssl
OpenSSL.Light for Win32 1.0.1c
This commit is contained in:
		
							
								
								
									
										96
									
								
								OpenSSL.Light/OpenSSL.Light.nuspec
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										96
									
								
								OpenSSL.Light/OpenSSL.Light.nuspec
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,96 @@ | |||||||
|  | <?xml version="1.0"?> | ||||||
|  | <package xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"> | ||||||
|  |   <metadata> | ||||||
|  |     <id>OpenSSL.Light</id> | ||||||
|  |     <title>OpenSSL - The Open Source SSL and TLS toolkit</title> | ||||||
|  |     <version>1.0.1.3</version> | ||||||
|  |     <authors>Shining Light Productions</authors> | ||||||
|  |     <owners>Ethan Brown</owners> | ||||||
|  |     <summary>Open Source SSL v2/v3 and TLS v1 toolkit</summary> | ||||||
|  |     <description>This is really 1.0.1c, but the Nuget spec doesn't allow such version identifiers, so the file versions are used. | ||||||
|  |  | ||||||
|  |     The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. The project is managed by a worldwide community of volunteers that use the Internet to communicate, plan, and develop the OpenSSL toolkit and its related documentation. | ||||||
|  |  | ||||||
|  |     The Win32 OpenSSL Installation Project is dedicated to providing a simple installation of OpenSSL. It is easy to set up and easy to use through the simple, effective installer. No need to compile anything or jump through any hoops, just click a few times and it is installed, leaving you to doing real work. Download it today! Note that these are default builds of OpenSSL and subject to local and state laws. More information can be found in the legal agreement of the installation. | ||||||
|  |     </description> | ||||||
|  |     <projectUrl>http://slproweb.com/products/Win32OpenSSL.html</projectUrl> | ||||||
|  |     <tags>openssl SSL TLS pfx pem key RSA</tags> | ||||||
|  |     <licenseUrl>http://www.openssl.org/source/license.html</licenseUrl> | ||||||
|  |     <requireLicenseAcceptance>false</requireLicenseAcceptance> | ||||||
|  |     <iconUrl>https://github.com/Iristyle/ChocolateyPackages/raw/master/SABnzbd/OpenSSL.Light/OpenSSL.Light.png</iconUrl> | ||||||
|  |     <releaseNotes>Changes between 1.0.1b and 1.0.1c [10 May 2012] | ||||||
|  |  | ||||||
|  |   *) Sanity check record length before skipping explicit IV in TLS | ||||||
|  |      1.2, 1.1 and DTLS to avoid DoS attack. | ||||||
|  |  | ||||||
|  |      Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic | ||||||
|  |      fuzzing as a service testing platform. | ||||||
|  |      (CVE-2012-2333) | ||||||
|  |      [Steve Henson] | ||||||
|  |  | ||||||
|  |   *) Initialise tkeylen properly when encrypting CMS messages. | ||||||
|  |      Thanks to Solar Designer of Openwall for reporting this issue. | ||||||
|  |      [Steve Henson] | ||||||
|  |  | ||||||
|  |   *) In FIPS mode don't try to use composite ciphers as they are not | ||||||
|  |      approved. | ||||||
|  |      [Steve Henson] | ||||||
|  |  | ||||||
|  |  Changes between 1.0.1a and 1.0.1b [26 Apr 2012] | ||||||
|  |  | ||||||
|  |   *) OpenSSL 1.0.0 sets SSL_OP_ALL to 0x80000FFFL and OpenSSL 1.0.1 and | ||||||
|  |      1.0.1a set SSL_OP_NO_TLSv1_1 to 0x00000400L which would unfortunately | ||||||
|  |      mean any application compiled against OpenSSL 1.0.0 headers setting | ||||||
|  |      SSL_OP_ALL would also set SSL_OP_NO_TLSv1_1, unintentionally disablng | ||||||
|  |      TLS 1.1 also. Fix this by changing the value of SSL_OP_NO_TLSv1_1 to | ||||||
|  |      0x10000000L Any application which was previously compiled against | ||||||
|  |      OpenSSL 1.0.1 or 1.0.1a headers and which cares about SSL_OP_NO_TLSv1_1 | ||||||
|  |      will need to be recompiled as a result. Letting be results in | ||||||
|  |      inability to disable specifically TLS 1.1 and in client context, | ||||||
|  |      in unlike event, limit maximum offered version to TLS 1.0 [see below]. | ||||||
|  |      [Steve Henson] | ||||||
|  |  | ||||||
|  |   *) In order to ensure interoperabilty SSL_OP_NO_protocolX does not | ||||||
|  |      disable just protocol X, but all protocols above X *if* there are | ||||||
|  |      protocols *below* X still enabled. In more practical terms it means | ||||||
|  |      that if application wants to disable TLS1.0 in favor of TLS1.1 and | ||||||
|  |      above, it's not sufficient to pass SSL_OP_NO_TLSv1, one has to pass | ||||||
|  |      SSL_OP_NO_TLSv1|SSL_OP_NO_SSLv3|SSL_OP_NO_SSLv2. This applies to | ||||||
|  |      client side. | ||||||
|  |      [Andy Polyakov] | ||||||
|  |  | ||||||
|  |  Changes between 1.0.1 and 1.0.1a [19 Apr 2012] | ||||||
|  |  | ||||||
|  |   *) Check for potentially exploitable overflows in asn1_d2i_read_bio | ||||||
|  |      BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer | ||||||
|  |      in CRYPTO_realloc_clean. | ||||||
|  |  | ||||||
|  |      Thanks to Tavis Ormandy, Google Security Team, for discovering this | ||||||
|  |      issue and to Adam Langley <agl@chromium.org> for fixing it. | ||||||
|  |      (CVE-2012-2110) | ||||||
|  |      [Adam Langley (Google), Tavis Ormandy, Google Security Team] | ||||||
|  |  | ||||||
|  |   *) Don't allow TLS 1.2 SHA-256 ciphersuites in TLS 1.0, 1.1 connections. | ||||||
|  |      [Adam Langley] | ||||||
|  |  | ||||||
|  |   *) Workarounds for some broken servers that "hang" if a client hello | ||||||
|  |      record length exceeds 255 bytes: | ||||||
|  |   | ||||||
|  |      1. Do not use record version number > TLS 1.0 in initial client | ||||||
|  |         hello: some (but not all) hanging servers will now work. | ||||||
|  |      2. If we set OPENSSL_MAX_TLS1_2_CIPHER_LENGTH this will truncate | ||||||
|  |         the number of ciphers sent in the client hello. This should be | ||||||
|  |         set to an even number, such as 50, for example by passing: | ||||||
|  |         -DOPENSSL_MAX_TLS1_2_CIPHER_LENGTH=50 to config or Configure. | ||||||
|  |         Most broken servers should now work. | ||||||
|  |      3. If all else fails setting OPENSSL_NO_TLS1_2_CLIENT will disable | ||||||
|  |         TLS 1.2 client support entirely. | ||||||
|  |      [Steve Henson] | ||||||
|  |  | ||||||
|  |   *) Fix SEGV in Vector Permutation AES module observed in OpenSSH. | ||||||
|  |      [Andy Polyakov]</releaseNotes> | ||||||
|  |   </metadata> | ||||||
|  |   <files> | ||||||
|  |     <file src="tools\**" target="tools" /> | ||||||
|  |   </files> | ||||||
|  | </package> | ||||||
							
								
								
									
										
											BIN
										
									
								
								OpenSSL.Light/OpenSSL.Light.png
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										
											BIN
										
									
								
								OpenSSL.Light/OpenSSL.Light.png
									
									
									
									
									
										Normal file
									
								
							
										
											Binary file not shown.
										
									
								
							| After Width: | Height: | Size: 4.8 KiB | 
							
								
								
									
										24
									
								
								OpenSSL.Light/tools/chocolateyInstall.ps1
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										24
									
								
								OpenSSL.Light/tools/chocolateyInstall.ps1
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,24 @@ | |||||||
|  | $package = 'OpenSSL.Light' | ||||||
|  |  | ||||||
|  | try { | ||||||
|  |  | ||||||
|  |   #default is to plop in c:\ -- yuck! | ||||||
|  |   $installDir = Join-Path $Env:ProgramFiles 'OpenSSL' | ||||||
|  |  | ||||||
|  |   $params = @{ | ||||||
|  |     packageName = $package; | ||||||
|  |     fileType = 'exe'; | ||||||
|  |     #InnoSetup - http://unattended.sourceforge.net/InnoSetup_Switches_ExitCodes.html | ||||||
|  |     silentArgs = '/silent', '/verysilent', '/sp-', '/suppressmsgboxes', | ||||||
|  |       "/DIR=`"$installDir`""; | ||||||
|  |     url = 'http://slproweb.com/download/Win32OpenSSL_Light-1_0_1c.exe' | ||||||
|  |     url64bit = 'http://slproweb.com/download/Win64OpenSSL_Light-1_0_1c.exe' | ||||||
|  |   } | ||||||
|  |  | ||||||
|  |   Install-ChocolateyPackage @params | ||||||
|  |  | ||||||
|  |   Write-ChocolateySuccess $package | ||||||
|  | } catch { | ||||||
|  |   Write-ChocolateyFailure $package "$($_.Exception.Message)" | ||||||
|  |   throw | ||||||
|  | } | ||||||
		Reference in New Issue
	
	Block a user