summaryrefslogtreecommitdiffstats
path: root/Configure (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Add sslkeylog config option and implementationNeil Horman2024-10-211-0/+2
| | | | | | | | | | | | | | | Add a config option for sslkeylog (disabled by default) When enabled, SSL_CTX_new[_ex] becomes sensitive to the SSLKEYLOGFILE environment variable. It records keylog callback messages to the file specified in the environment variable according to the format specified in https://www.ietf.org/archive/id/draft-thomson-tls-keylogfile-00.html Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Hugo Landau <hlandau@devever.net> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25297)
* Add configuration option to allow the FIPS provider to use the jitter source ↵Pauli2024-10-091-1/+9
| | | | | | | | | | | internally Enabling this breaks FIPS compliance unless an entropy assessment and a revalidation are undertaken. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/25498)
* Add debuginfo build targetNeil Horman2024-08-211-0/+1
| | | | | | | | | | | | In the webinar we are currently producing on debugging openssl applications, we talk about ways to allow debugable binaries without having to ship all the debug DWARF information to production systems. Add an optional target to do that DWARF separation to aid users Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25174)
* fips: allow to customize provider vendor nameDimitri John Ledkov2024-08-151-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | FIPS providers need to specify identifiable names and versions. Allow to customize the fips provider name prefix, via VERSION.dat which already allows to customize version & buildinfo. With this patch in-place it removes the need of patching code to set customized provider name. E.g. echo FIPS_VENDOR=ACME >> VERSION.dat, results in ``` $ OPENSSL_CONF=fips-and-base.cnf ../util/wrap.pl ../apps/openssl list -providers --verbose Providers: base name: OpenSSL Base Provider version: 3.4.0 status: active build info: 3.4.0-dev gettable provider parameters: name: pointer to a UTF8 encoded string (arbitrary size) version: pointer to a UTF8 encoded string (arbitrary size) buildinfo: pointer to a UTF8 encoded string (arbitrary size) status: integer (arbitrary size) fips name: ACME FIPS Provider for OpenSSL version: 3.4.0 status: active build info: 3.4.0-dev gettable provider parameters: name: pointer to a UTF8 encoded string (arbitrary size) version: pointer to a UTF8 encoded string (arbitrary size) buildinfo: pointer to a UTF8 encoded string (arbitrary size) status: integer (arbitrary size) security-checks: integer (arbitrary size) tls1-prf-ems-check: integer (arbitrary size) drbg-no-trunc-md: integer (arbitrary size) ``` Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24368)
* Add "no-fips-post" configure option.slontis2024-08-091-1/+2
| | | | | | | | | | | Using this option disables the OpenSSL FIPS provider self tests. This is intended for debugging purposes only, as it breaks FIPS compliance. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25063)
* JITTER: implement error handling from jitter libraryDimitri John Ledkov2024-07-311-5/+4
| | | | | | Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24844)
* JITTER: excercise all tests in CI with JITTER seed source under certain ↵Dimitri John Ledkov2024-07-311-0/+5
| | | | | | | | build configuration Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24844)
* jitter: add a new provider containing a jitter entropy source aloneDimitri John Ledkov2024-07-311-0/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | This entropy source can be used instead of SEED-SRC. Sample openssl.cnf configuration is provided. It is built as a separate provider, because it is likely to require less frequent updates than fips provider. The same build likely can span multiple generations of FIPS 140 standard revisions. Note that rand-instances currently chain from public/private instances to primary, prior to consuming the seed. Thus currently a unique ESV needs to be obtained, and resue of jitterentropy.a certificate is not possible as is. Separately a patch will be sent to allow for unchaining public/private RAND instances for the purpose of reusing ESV. Also I do wonder if it makes sense to create a fips variant of stock SEED-SRC entropy source, which in addition to using getrandom() also verifies that the kernel is operating in FIPS mode and thus is likely a validated entropy source. As in on Linux, check that /proc/sys/crypto/fips_enabled is set to 1, and similar checks on Windows / MacOS and so on. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24844)
* Configure: Remove -Wswitch-default from strict warningsTomas Mraz2024-07-031-2/+1
| | | | | | | | | | | Also move -Wno-tautological-constant-out-of-range-compare to clang-specific options as it is not supported by gcc. Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24758) (cherry picked from commit 3d9c6b16d8b8e75b73e2fd34849e930e2792f3a4)
* Add aix-clang and aix64-clang configurationsanumesh2024-06-281-1/+1
| | | | | | | Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24609)
* Configure: make absolutedir() use rel2abs() on Windows tooRichard Levitte2024-06-151-0/+7
| | | | | | | | | | | perl's realpath() seems to be buggy on Windows, so we turn to rel2abs() there as well. Fixes #23593 Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24569)
* rand: remove unimplemented librandom stub codeDimitri John Ledkov2024-05-241-1/+1
| | | | | | | | Clean up of unsuable / no-op code. Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24465)
* Add support for integrity-only cipher suites for TLS v1.3Rajeev Ranjan2024-05-141-0/+1
| | | | | | | | | | | | | | | | | | - add test vectors for tls1_3 integrity-only ciphers - recmethod_local.h: add new member for MAC - tls13_meth.c: add MAC only to tls 1.3 - tls13_enc.c: extend function to add MAC only - ssl_local.h: add ssl_cipher_get_evp_md_mac() - s3_lib.c: add the new ciphers and add #ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS - ssl_ciph.c : add ssl_cipher_get_evp_md_mac() and use it - tls13secretstest.c: add dummy test function - Configure: add integrity-only-ciphers option - document the new ciphers Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22903)
* Security hardening: Expose Build flags for Position Independed Execution (PIE)Craig Lorentzen2024-05-061-0/+6
| | | | | | Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22596)
* disable http3 demo on windowsNeil Horman2024-04-121-0/+4
| | | | | | | | | | | | The external nghttp3 library seems to have a linking issue on windows (several missing symbols). Disable that build in windows for now until its fixed Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> (Merged from https://github.com/openssl/openssl/pull/24047)
* fix all the warnings in our demos and make them enableableNeil Horman2024-04-121-0/+4
| | | | | | | | | | | Fix up the warnings in the demos and make them configurable with enable-demos Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> (Merged from https://github.com/openssl/openssl/pull/24047)
* Copyright year updatesRichard Levitte2024-04-091-1/+1
| | | | | | | | | | Reviewed-by: Neil Horman <nhorman@openssl.org> Release: yes (cherry picked from commit 0ce7d1f355c1240653e320a3f6f8109c1f05f8c0) Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24034)
* Enable qlog support by defaultHugo Landau2024-03-061-16/+0
| | | | | | Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23744)
* Configure: Fix ordering bug when processing split DEPENDsRichard Levitte2024-02-081-2/+3
| | | | | | | | | | | | | | | | | | Configure was recently made to process this sort of line: DEPEND[generated]=util/perl|OpenSSL/something.pm Unfortunately, in processing such lines, the order in which paths were recomputed caused some resulting paths to be faulty under some circumstances. This change fixes that. Fixes #22853 Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23500) (cherry picked from commit 64cae4064405384cf7fe130a1e0189725db5e877)
* QLOG: Editorial fixes (QLOG is spelled 'qlog')Hugo Landau2024-02-021-2/+2
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22037)
* Configure: Add warning when enabling QLOGHugo Landau2024-02-021-0/+15
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22037)
* QLOG: ConfigurationHugo Landau2024-02-021-0/+7
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22037)
* Add atexit configuration option to using atexit() in libcrypto at build-time.Randall S. Becker2024-02-021-1/+2
| | | | | | | | | | | | | | | | | | | | | | | This fixes an issue with a mix of atexit() usage in DLL and statically linked libcrypto that came out in the test suite on NonStop, which has slightly different DLL unload processing semantics compared to Linux. The change allows a build configuration to select whether to register OPENSSL_cleanup() with atexit() or not, so avoid situations where atexit() registration causes SIGSEGV. INSTALL.md and CHANGES.md have been modified to include and describe this option. The no-atexit option has been added to .github/workflows/run-checker-daily.yml. Fixes: #23135 Signed-of-by: Randall S. Becker <randall.becker@nexbridge.ca> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> (Merged from https://github.com/openssl/openssl/pull/23394)
* Fail the Configure script with no ConfigurationsWill Sackfield2024-01-081-0/+6
| | | | | | | | | | * Print a message about why the failure is happening. * Send the usage information. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22855)
* Configure: Refuse to make directories in the source treeRichard Levitte2023-12-071-16/+18
| | | | | | | | Fixes #22907 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> (Merged from https://github.com/openssl/openssl/pull/22908)
* Configure: do not check for an absolute prefix in cross-buildsViktor Szakats2023-11-151-2/+5
| | | | | | | | | | | | | | The check is always made according to the host platform's rules, which may not be true for true when the target platform is different, e.g. when cross-building for Windows on a Linux machine. So skip this check when used together with the `--cross-compile-prefix=` option. Fixes https://github.com/openssl/openssl/issues/9520 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22723)
* Copyright year updatesMatt Caswell2023-09-071-1/+1
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Release: yes
* ch_init(): Add braces to appease older clang compilersTomas Mraz2023-08-251-0/+1
| | | | | | | | | | | | | They produce a warning `suggest braces around initialization of subobject` otherwise. Add -Wno-missing-braces to silence old clang compilers And drop unnecessary braces in zeroing initializers. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21823)
* Optimize SM2 on aarch64Xu Yizhou2023-08-241-0/+1
| | | | | | | | Signed-off-by: Xu Yizhou <xuyizhou1@huawei.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20754)
* no-module should not imply disabling DSO loading supportTomas Mraz2023-07-171-4/+1
| | | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21459)
* Disable QUIC if TLSv1.3 is disabledMatt Caswell2023-07-061-0/+1
| | | | | | | | | | QUIC depends on TLSv1.3, so if the latter is disabled then we must do the same for QUIC. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21332)
* Enable QUIC by defaultMatt Caswell2023-07-061-3/+1
| | | | | | | | | | | | | | | Ensure builds enable QUIC without explicitly having to ask for it. To disable QUIC pass "no-quic" to Configure. As a result we can remove all use of "enable-quic" from the various CI runs. We also add a CHANGES and NEWS entry for QUIC support. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21332)
* add no-docs optionVladimír Kotal2023-06-281-0/+1
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21240)
* Allow to disable apps building with no-appsVladimír Kotal2023-06-231-0/+1
| | | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21212)
* configure: introduce no-ecx to remove ECX related featureYi Li2023-06-141-1/+2
| | | | | | | | | | | This can effectively reduce the binary size for platforms that don't need ECX feature(~100KB). Signed-off-by: Yi Li <yi1.li@intel.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20781)
* build.info: Introduce special syntax for dependencies on script modulesRichard Levitte2023-06-081-8/+39
| | | | | | | | | | | | | | | | | | | | | | | | | | | | The DEPEND statement, when applied on files generated with GENERATE, may be used to specify script modules that the template to be generated from depends on. In short, this sort of depend: DEPEND[generated]=util/perl/OpenSSL/something.pm ... would generate a perl run that has the inclusion directory 'util/perl/OpenSSL' and 'something' as the module to be loaded. However, the package name for this module is 'OpenSSL::something', so to load it the way it's expected, the inclusion directory should be 'util/perl', and the module to be loaded should be specified as 'OpenSSL/something' (to be massaged into a proper module name by the build file template). To allow this, we introduce a file syntax, where a single '|' is used as a directory separator, to delineate what part should be used as the inclustion directory, and which part the module name to be loaded should be derived from: DEPEND[generated]=util/perl|OpenSSL/something.pm Fixes #21112 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21117)
* allow to disable httpVladimír Kotal2023-06-061-1/+4
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21108)
* Added ability to pass additional ASFLAGS to ConfigureMathias Berchtold2023-04-251-0/+1
| | | | | | | | | | | This allows additional command line options to be passed to the assembler. For example: Configure VC-WIN64A ASFLAGS=--reproducible Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20813)
* Fix Configure test for -mips in CFLAGSMike Gilbert2023-03-191-1/+1
| | | | | | | | | | | | | | We want to add -mips2 or -mips3 only if the user hasn't already specified a mips version in CFLAGS. The existing test was a double-negative. CLA: trivial Fixes: https://github.com/openssl/openssl/issues/20214 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20273)
* providers: add Argon2 KDFČestmír Kalina2023-03-171-0/+3
| | | | | | | | | | https://datatracker.ietf.org/doc/rfc9106/ Signed-off-by: Čestmír Kalina <ckalina@redhat.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12256)
* Use $config{build_file} instead of $target{build_file}Richard Levitte2023-02-011-4/+4
| | | | | | | | | | | | If the user specifies an alternative build file than the default, this alternative is recorded in $config{build_file}, not $target{build_file}. Therefore, the former should be used, leaving the latter as a mere default. This is a bug. While fixing it, document it better too. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20173)
* QUIC: Dummy Handshake Layer for PrototypingHugo Landau2023-01-131-1/+2
| | | | | | | | | | | This disables -Wtype-limits / -Wtautological-constant-out-of-range-compare. Since it generates warnings for valid and reasonable code, IMO this actually encourages people to write worse code. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19703)
* Convert ZLIB defines to OPENSSL_NO_ZLIBTodd Short2022-10-181-1/+1
| | | | | | | | | Use the normal OPENSSL_NO_ prefix to enable/disable ZLIB Make `BIO_f_zlib()` always available. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18186)
* Add ZSTD compression support (RFC8478bis)Todd Short2022-10-181-1/+18
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18186)
* Add brotli compression support (RFC7924)Todd Short2022-10-181-3/+20
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18186)
* crypto: add preemptive threading supportČestmír Kalina2022-10-171-16/+3
| | | | | | | | | | | | | | | | | | | | | Some primitives are designed to be used in a multi-threaded environment, if supported, e.g., Argon2. This patch adds support for preemptive threading and basic synchronization primitives for platforms compliant with POSIX threads or Windows CRT. Native functions are wrapped to provide a common (internal) API. Threading support can be disabled at compile time. If enabled, threading is disabled by default and needs to be explicitly enabled by the user. Thread enablement requires an explicit limit on the number of threads that OpenSSL may spawn (non-negative integer/infinity). The limit may be changed. Signed-off-by: Čestmír Kalina <ckalina@redhat.com> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12255)
* Configure: add thread-pool and default-thread-poolČestmír Kalina2022-10-171-1/+23
| | | | | | | | Signed-off-by: Čestmír Kalina <ckalina@redhat.com> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12255)
* Fix detection of ktls support in cross-compile environment on LinuxTomas Mraz2022-09-191-10/+3
| | | | | | | | Fixes #19212 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19213)
* Add support for loading root CAs from Windows crypto APIHugo Landau2022-09-141-0/+7
| | | | | | | | Fixes #18020. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18070)
* Always automatically add -DPEDANTIC with enable-ubsanTomas Mraz2022-08-231-3/+1
| | | | | | | | To avoid reports like: #19028 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19029)
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-18 09:02:30 +0100