libressl: init at 2.7, change url to https #40440
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Motivation for this change
LibreSSL 2.7 has been released in March. Since 2.6.4, a memory leak, null check, and
tls_config_clear_keys()
bug have been fixed, apart from other improvements.The releases page states:
If I understand correctly, this means that 2.5 is no longer supported, as 2.5.3 was tagged for OpenBSD 6.1 on April 11th, 2017, and OpenBSD 6.2 included LibreSSL 2.6.3. However, previous release notes of 2.6.3 and 2.5.3 also include “LibreSSL 2.4.x support has also ended” and “LibreSSL 2.3.x support has also ended”. The release notes of 2.7.2 (that goes with OpenBSD 6.3) did not include such a statement. I am not sure whether this is intentional, or an oversight in the release notes. In any case, it would probably be a good idea to update the default
libressl
to a newer version in the future.Things done
build-use-sandbox
innix.conf
on non-NixOS)nix-shell -p nox --run "nox-review wip"
./result/bin/
)The contributing guidelines say to also update the
license
field, but the situation for LibreSSL is complicated, I am not really sure what to put there.