Version 3.3.2
This release is based on LibreSSL 3.3.2:
https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.3.2-relnotes.txt
The relevant changes are copied below:
* Destroy the mutex in a tls_config object on tls_config_free().
* Allow setting a keypair on a tls context without specifying the
private key, and fake it internally in libtls. This removes the
need for privsep engines like relayd to use bogus keys.
* Skip the private key check for fake private keys.
* Move the private key setup from tls_configure_ssl_keypair() to a
helper function with proper error checking.
* Change the internal tls_configure_ssl_keypair() function to
return -1 instead of 1 on failure.
* Make supported protocols and options for DHE params more prominent
in tls_config_set_protocols.3.
* Use tls_set_errorx() on OCSP_basic_verify() failure since the latter
does not set errno.
A release tarball for this version can be downloaded from:
https://causal.agency/libretls/libretls-3.3.2.tar.gz