SL-15211 Update OpenSSL library

10 files changed, 83 insertions, 60 deletions

diff --git a/autobuild.xml b/autobuild.xml
index b7a2f0a132..fc7226c346 100644
--- a/autobuild.xml
+++ b/autobuild.xml
@@ -398,9 +398,9 @@
             <key>archive</key>
             <map>
               <key>hash</key>
-              <string>52fc837a5840f5e6991842cf2f73a9d7</string>
+              <string>13f74f43a6363ec998569f731fd869c5</string>
               <key>url</key>
-              <string>https://automated-builds-secondlife-com.s3.amazonaws.com/ct2/80409/758717/curl-7.54.1.558452-darwin64-558452.tar.bz2</string>
+              <string>https://automated-builds-secondlife-com.s3.amazonaws.com/ct2/82637/774617/curl-7.54.1.560191-darwin64-560191.tar.bz2</string>
             </map>
             <key>name</key>
             <string>darwin64</string>
@@ -434,11 +434,11 @@
             <key>archive</key>
             <map>
               <key>hash</key>
-              <string>8de0af7c8168406bf18bdcd5bc44e40e</string>
+              <string>0df99bd685dc3561ca8ea347b2921987</string>
               <key>hash_algorithm</key>
               <string>md5</string>
               <key>url</key>
-              <string>https://automated-builds-secondlife-com.s3.amazonaws.com/ct2/80411/758714/curl-7.54.1.558452-windows-558452.tar.bz2</string>
+              <string>https://automated-builds-secondlife-com.s3.amazonaws.com/ct2/82639/774610/curl-7.54.1.560191-windows-560191.tar.bz2</string>
             </map>
             <key>name</key>
             <string>windows</string>
@@ -448,16 +448,16 @@
             <key>archive</key>
             <map>
               <key>hash</key>
-              <string>dc633acdbd3595db4f904e68e48b4744</string>
+              <string>50db2a9e6b74ec4b0c38b1ea8f135735</string>
               <key>url</key>
-              <string>https://automated-builds-secondlife-com.s3.amazonaws.com/ct2/80410/758715/curl-7.54.1.558452-windows64-558452.tar.bz2</string>
+              <string>https://automated-builds-secondlife-com.s3.amazonaws.com/ct2/82638/774608/curl-7.54.1.560191-windows64-560191.tar.bz2</string>
             </map>
             <key>name</key>
             <string>windows64</string>
           </map>
         </map>
         <key>version</key>
-        <string>7.54.1.558452</string>
+        <string>7.54.1.560191</string>
       </map>
       <key>db</key>
       <map>
@@ -2738,9 +2738,9 @@ Copyright (c) 2012, 2014, 2015, 2016 nghttp2 contributors</string>
             <key>archive</key>
             <map>
               <key>hash</key>
-              <string>166aa05b379b13156de5821252040498</string>
+              <string>5503e4928bcdb0a29685b3242c4a409b</string>
               <key>url</key>
-              <string>https://automated-builds-secondlife-com.s3.amazonaws.com/ct2/78582/743936/openssl-1.0.2l.557043-darwin64-557043.tar.bz2</string>
+              <string>https://automated-builds-secondlife-com.s3.amazonaws.com/ct2/82619/774464/openssl-1.1.1l.560177-darwin64-560177.tar.bz2</string>
             </map>
             <key>name</key>
             <string>darwin64</string>
@@ -2774,9 +2774,9 @@ Copyright (c) 2012, 2014, 2015, 2016 nghttp2 contributors</string>
             <key>archive</key>
             <map>
               <key>hash</key>
-              <string>68aae05216c035283c79aad6dd88d8da</string>
+              <string>d2153f20dc2d35c609b876a9f019a748</string>
               <key>url</key>
-              <string>https://automated-builds-secondlife-com.s3.amazonaws.com/ct2/78590/743992/openssl-1.0.2l.557043-windows-557043.tar.bz2</string>
+              <string>https://automated-builds-secondlife-com.s3.amazonaws.com/ct2/82623/774521/openssl-1.1.1l.560177-windows-560177.tar.bz2</string>
             </map>
             <key>name</key>
             <string>windows</string>
@@ -2786,16 +2786,16 @@ Copyright (c) 2012, 2014, 2015, 2016 nghttp2 contributors</string>
             <key>archive</key>
             <map>
               <key>hash</key>
-              <string>d2576a386559cefb654154d8f0de6337</string>
+              <string>f40b8622ba38084b0962e273988d748f</string>
               <key>url</key>
-              <string>https://automated-builds-secondlife-com.s3.amazonaws.com/ct2/78588/743976/openssl-1.0.2l.557043-windows64-557043.tar.bz2</string>
+              <string>https://automated-builds-secondlife-com.s3.amazonaws.com/ct2/82624/774520/openssl-1.1.1l.560177-windows64-560177.tar.bz2</string>
             </map>
             <key>name</key>
             <string>windows64</string>
           </map>
         </map>
         <key>version</key>
-        <string>1.0.2l.557043</string>
+        <string>1.1.1l.560177</string>
       </map>
       <key>pcre</key>
       <map>
diff --git a/indra/cmake/Copy3rdPartyLibs.cmake b/indra/cmake/Copy3rdPartyLibs.cmake
index 9978de6eba..848547f2a2 100644
--- a/indra/cmake/Copy3rdPartyLibs.cmake
+++ b/indra/cmake/Copy3rdPartyLibs.cmake
@@ -56,14 +56,21 @@ if(WINDOWS)
         libapr-1.dll
         libaprutil-1.dll
         libapriconv-1.dll
-        ssleay32.dll
-        libeay32.dll
         nghttp2.dll
         glod.dll
         libhunspell.dll
         uriparser.dll
         )
 
+    # OpenSSL
+    if(ADDRESS_SIZE EQUAL 64)
+        set(release_files ${release_files} libcrypto-1_1-x64.dll)
+        set(release_files ${release_files} libssl-1_1-x64.dll)
+    else(ADDRESS_SIZE EQUAL 64)
+        set(release_files ${release_files} libcrypto-1_1.dll)
+        set(release_files ${release_files} libssl-1_1.dll)
+    endif(ADDRESS_SIZE EQUAL 64)
+
     # Filenames are different for 32/64 bit BugSplat file and we don't
     # have any control over them so need to branch.
     if (BUGSPLAT_DB)
diff --git a/indra/cmake/OpenSSL.cmake b/indra/cmake/OpenSSL.cmake
index eb548bdcc1..32400f5e4e 100644
--- a/indra/cmake/OpenSSL.cmake
+++ b/indra/cmake/OpenSSL.cmake
@@ -9,7 +9,7 @@ if (USESYSTEMLIBS)
 else (USESYSTEMLIBS)
   use_prebuilt_binary(openssl)
   if (WINDOWS)
-    set(OPENSSL_LIBRARIES ssleay32 libeay32)
+    set(OPENSSL_LIBRARIES libssl libcrypto)
   else (WINDOWS)
     set(OPENSSL_LIBRARIES ssl crypto)
   endif (WINDOWS)
diff --git a/indra/llmessage/llblowfishcipher.cpp b/indra/llmessage/llblowfishcipher.cpp
index 0b5025a422..949d4cc0c7 100644
--- a/indra/llmessage/llblowfishcipher.cpp
+++ b/indra/llmessage/llblowfishcipher.cpp
@@ -52,24 +52,28 @@ U32 LLBlowfishCipher::encrypt(const U8* src, U32 src_len, U8* dst, U32 dst_len)
 	if (src_len > dst_len) return 0;
 
 	// OpenSSL uses "cipher contexts" to hold encryption parameters.
-    EVP_CIPHER_CTX context;
-    EVP_CIPHER_CTX_init(&context);
+    EVP_CIPHER_CTX *context = EVP_CIPHER_CTX_new();
+    if (!context)
+    {
+        LL_WARNS() << "LLBlowfishCipher::encrypt EVP_CIPHER_CTX initiation failure" << LL_ENDL;
+        return 0;
+    }
 
 	// We want a blowfish cyclic block chain cipher, but need to set 
 	// the key length before we pass in a key, so call EncryptInit 
 	// first with NULLs.
-	EVP_EncryptInit_ex(&context, EVP_bf_cbc(), NULL, NULL, NULL);
-	EVP_CIPHER_CTX_set_key_length(&context, (int)mSecretSize);
+	EVP_EncryptInit_ex(context, EVP_bf_cbc(), NULL, NULL, NULL);
+	EVP_CIPHER_CTX_set_key_length(context, (int)mSecretSize);
 	
 	// Complete initialization.  Per EVP_EncryptInit man page, the
 	// cipher pointer must be NULL.  Apparently initial_vector must
 	// be 8 bytes for blowfish, as this is the block size.
     unsigned char initial_vector[] = { 0, 0, 0, 0, 0, 0, 0, 0 };
-	EVP_EncryptInit_ex(&context, NULL, NULL, mSecret, initial_vector);
+	EVP_EncryptInit_ex(context, NULL, NULL, mSecret, initial_vector);
 
-    int blocksize = EVP_CIPHER_CTX_block_size(&context);
-    int keylen = EVP_CIPHER_CTX_key_length(&context);
-    int iv_length = EVP_CIPHER_CTX_iv_length(&context);
+    int blocksize = EVP_CIPHER_CTX_block_size(context);
+    int keylen = EVP_CIPHER_CTX_key_length(context);
+    int iv_length = EVP_CIPHER_CTX_iv_length(context);
     LL_DEBUGS() << "LLBlowfishCipher blocksize " << blocksize
 		<< " keylen " << keylen
 		<< " iv_len " << iv_length
@@ -77,7 +81,7 @@ U32 LLBlowfishCipher::encrypt(const U8* src, U32 src_len, U8* dst, U32 dst_len)
 
 	int output_len = 0;
 	int temp_len = 0;
-	if (!EVP_EncryptUpdate(&context,
+	if (!EVP_EncryptUpdate(context,
 			dst,
 			&output_len,
 			src,
@@ -89,18 +93,18 @@ U32 LLBlowfishCipher::encrypt(const U8* src, U32 src_len, U8* dst, U32 dst_len)
 
 	// There may be some final data left to encrypt if the input is
 	// not an exact multiple of the block size.
-	if (!EVP_EncryptFinal_ex(&context, (unsigned char*)(dst + output_len), &temp_len))
+	if (!EVP_EncryptFinal_ex(context, (unsigned char*)(dst + output_len), &temp_len))
 	{
 		LL_WARNS() << "LLBlowfishCipher::encrypt EVP_EncryptFinal failure" << LL_ENDL;
 		goto ERROR;
 	}
 	output_len += temp_len;
 
-	EVP_CIPHER_CTX_cleanup(&context);
+	EVP_CIPHER_CTX_free(context);
 	return output_len;
 
 ERROR:
-	EVP_CIPHER_CTX_cleanup(&context);
+	EVP_CIPHER_CTX_free(context);
 	return 0;
 }
 
diff --git a/indra/newview/CMakeLists.txt b/indra/newview/CMakeLists.txt
index 63045502c9..41b3b1d30f 100644
--- a/indra/newview/CMakeLists.txt
+++ b/indra/newview/CMakeLists.txt
@@ -1828,10 +1828,6 @@ if (WINDOWS)
       ${CMAKE_CURRENT_SOURCE_DIR}/licenses-win32.txt
       ${CMAKE_CURRENT_SOURCE_DIR}/featuretable.txt
       ${CMAKE_CURRENT_SOURCE_DIR}/featuretable_xp.txt
-      ${ARCH_PREBUILT_DIRS_RELEASE}/libeay32.dll
-      ${ARCH_PREBUILT_DIRS_RELEASE}/ssleay32.dll
-      ${ARCH_PREBUILT_DIRS_DEBUG}/libeay32.dll
-      ${ARCH_PREBUILT_DIRS_DEBUG}/ssleay32.dll
       ${viewer_APPSETTINGS_FILES}
       SLPlugin
       media_plugin_cef
@@ -1844,11 +1840,15 @@ if (WINDOWS)
         list(APPEND COPY_INPUT_DEPENDENCIES
             ${SHARED_LIB_STAGING_DIR}/${CMAKE_CFG_INTDIR}/vivoxsdk_x64.dll
             ${SHARED_LIB_STAGING_DIR}/${CMAKE_CFG_INTDIR}/ortp_x64.dll
+           ${ARCH_PREBUILT_DIRS_RELEASE}/libcrypto-1_1-x64.dll
+           ${ARCH_PREBUILT_DIRS_RELEASE}/libssl-1_1-x64.dll
             )
     else (ADDRESS_SIZE EQUAL 64)
         list(APPEND COPY_INPUT_DEPENDENCIES
             ${SHARED_LIB_STAGING_DIR}/${CMAKE_CFG_INTDIR}/vivoxsdk.dll
             ${SHARED_LIB_STAGING_DIR}/${CMAKE_CFG_INTDIR}/ortp.dll
+            ${ARCH_PREBUILT_DIRS_RELEASE}/libcrypto-1_1.dll
+            ${ARCH_PREBUILT_DIRS_RELEASE}/libssl-1_1.dll
             )
     endif (ADDRESS_SIZE EQUAL 64)
 
diff --git a/indra/newview/llsecapi.h b/indra/newview/llsecapi.h
index 14059f828a..1e6f2154bc 100644
--- a/indra/newview/llsecapi.h
+++ b/indra/newview/llsecapi.h
@@ -452,7 +452,7 @@ public:
 	virtual LLPointer<LLCertificate> getCertificate(X509* openssl_cert)=0;
 	
 	// instantiate a chain from an X509_STORE_CTX
-	virtual LLPointer<LLCertificateChain> getCertificateChain(const X509_STORE_CTX* chain)=0;
+	virtual LLPointer<LLCertificateChain> getCertificateChain(X509_STORE_CTX* chain)=0;
 	
 	// instantiate a cert store given it's id.  if a persisted version
 	// exists, it'll be loaded.  If not, one will be created (but not
diff --git a/indra/newview/llsechandler_basic.cpp b/indra/newview/llsechandler_basic.cpp
index 737ef30ada..94331fddfa 100644
--- a/indra/newview/llsechandler_basic.cpp
+++ b/indra/newview/llsechandler_basic.cpp
@@ -95,7 +95,7 @@ LLBasicCertificate::LLBasicCertificate(const std::string& pem_cert,
 LLBasicCertificate::LLBasicCertificate(X509* pCert,
                                        const LLSD* validation_params) 
 {
-	if (!pCert || !pCert->cert_info)
+	if (!pCert)
 	{
 		LLTHROW(LLInvalidCertificate(LLSD::emptyMap()));
 	}	
@@ -355,8 +355,8 @@ LLSD cert_name_from_X509_NAME(X509_NAME* name)
 		char buffer[32];
 		X509_NAME_ENTRY *entry = X509_NAME_get_entry(name, entry_index);
 		
-		std::string name_value = std::string((const char*)M_ASN1_STRING_data(X509_NAME_ENTRY_get_data(entry)), 
-											 M_ASN1_STRING_length(X509_NAME_ENTRY_get_data(entry)));
+		std::string name_value = std::string((const char*)ASN1_STRING_data(X509_NAME_ENTRY_get_data(entry)), 
+											 ASN1_STRING_length(X509_NAME_ENTRY_get_data(entry)));
 
 		ASN1_OBJECT* name_obj = X509_NAME_ENTRY_get_object(entry);		
 		OBJ_obj2txt(buffer, sizeof(buffer), name_obj, 0);
@@ -683,29 +683,29 @@ std::string LLBasicCertificateStore::storeId() const
 // LLBasicCertificateChain
 // This class represents a chain of certs, each cert being signed by the next cert
 // in the chain.  Certs must be properly signed by the parent
-LLBasicCertificateChain::LLBasicCertificateChain(const X509_STORE_CTX* store)
+LLBasicCertificateChain::LLBasicCertificateChain(X509_STORE_CTX* store)
 {
 
 	// we're passed in a context, which contains a cert, and a blob of untrusted
 	// certificates which compose the chain.
-	if((store == NULL) || (store->cert == NULL))
+	if((store == NULL) || X509_STORE_CTX_get0_cert(store) == NULL)
 	{
 		LL_WARNS("SECAPI") << "An invalid store context was passed in when trying to create a certificate chain" << LL_ENDL;
 		return;
 	}
 	// grab the child cert
-	LLPointer<LLCertificate> current = new LLBasicCertificate(store->cert);
+	LLPointer<LLCertificate> current = new LLBasicCertificate(X509_STORE_CTX_get0_cert(store));
 
 	add(current);
-	if(store->untrusted != NULL)
+	if(X509_STORE_CTX_get0_untrusted(store) != NULL)
 	{
 		// if there are other certs in the chain, we build up a vector
 		// of untrusted certs so we can search for the parents of each
 		// consecutive cert.
 		LLBasicCertificateVector untrusted_certs;
-		for(int i = 0; i < sk_X509_num(store->untrusted); i++)
+		for(int i = 0; i < sk_X509_num(X509_STORE_CTX_get0_untrusted(store)); i++)
 		{
-			LLPointer<LLCertificate> cert = new LLBasicCertificate(sk_X509_value(store->untrusted, i));
+			LLPointer<LLCertificate> cert = new LLBasicCertificate(sk_X509_value(X509_STORE_CTX_get0_untrusted(store), i));
 			untrusted_certs.add(cert);
 
 		}		
@@ -1340,9 +1340,10 @@ void LLSecAPIBasicHandler::_readProtectedData()
 		
 
 		// read in the rest of the file.
-		EVP_CIPHER_CTX ctx;
-		EVP_CIPHER_CTX_init(&ctx);
-		EVP_DecryptInit(&ctx, EVP_rc4(), salt, NULL);
+		EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
+        // todo: ctx error handling
+
+		EVP_DecryptInit(ctx, EVP_rc4(), salt, NULL);
 		// allocate memory:
 		std::string decrypted_data;	
 		
@@ -1350,14 +1351,14 @@ void LLSecAPIBasicHandler::_readProtectedData()
 			// read data as a block:
 			protected_data_stream.read((char *)buffer, BUFFER_READ_SIZE);
 			
-			EVP_DecryptUpdate(&ctx, decrypted_buffer, &decrypted_length, 
+			EVP_DecryptUpdate(ctx, decrypted_buffer, &decrypted_length, 
 							  buffer, protected_data_stream.gcount());
 			decrypted_data.append((const char *)decrypted_buffer, protected_data_stream.gcount());
 		}
 		
 		// RC4 is a stream cipher, so we don't bother to EVP_DecryptFinal, as there is
 		// no block padding.
-		EVP_CIPHER_CTX_cleanup(&ctx);
+        EVP_CIPHER_CTX_free(ctx);
 		std::istringstream parse_stream(decrypted_data);
 		if (parser->parse(parse_stream, mProtectedDataMap, 
 						  LLSDSerialize::SIZE_UNLIMITED) == LLSDParser::PARSE_FAILURE)
@@ -1393,12 +1394,14 @@ void LLSecAPIBasicHandler::_writeProtectedData()
 	
 	llofstream protected_data_stream(tmp_filename.c_str(), 
                                      std::ios_base::binary);
+    EVP_CIPHER_CTX *ctx = NULL;
 	try
 	{
 		
-		EVP_CIPHER_CTX ctx;
-		EVP_CIPHER_CTX_init(&ctx);
-		EVP_EncryptInit(&ctx, EVP_rc4(), salt, NULL);
+		ctx = EVP_CIPHER_CTX_new();
+        // todo: ctx error handling
+
+		EVP_EncryptInit(ctx, EVP_rc4(), salt, NULL);
 		unsigned char unique_id[MAC_ADDRESS_BYTES];
         LLMachineID::getUniqueID(unique_id, sizeof(unique_id));
 		LLXORCipher cipher(unique_id, sizeof(unique_id));
@@ -1413,13 +1416,13 @@ void LLSecAPIBasicHandler::_writeProtectedData()
 				break;
 			}
 			int encrypted_length;
-			EVP_EncryptUpdate(&ctx, encrypted_buffer, &encrypted_length, 
+			EVP_EncryptUpdate(ctx, encrypted_buffer, &encrypted_length, 
 						  buffer, formatted_data_istream.gcount());
 			protected_data_stream.write((const char *)encrypted_buffer, encrypted_length);
 		}
 		
 		// no EVP_EncrypteFinal, as this is a stream cipher
-		EVP_CIPHER_CTX_cleanup(&ctx);
+        EVP_CIPHER_CTX_free(ctx);
 
 		protected_data_stream.close();
 	}
@@ -1431,6 +1434,11 @@ void LLSecAPIBasicHandler::_writeProtectedData()
 		// it may be, however.
 		LLFile::remove(tmp_filename);
 
+        if (ctx)
+        {
+            EVP_CIPHER_CTX_free(ctx);
+        }
+
 		// EXP-1825 crash in LLSecAPIBasicHandler::_writeProtectedData()
 		// Decided throwing an exception here was overkill until we figure out why this happens
 		//LLTHROW(LLProtectedDataException("Error writing Protected Data Store"));
@@ -1483,7 +1491,7 @@ LLPointer<LLCertificate> LLSecAPIBasicHandler::getCertificate(X509* openssl_cert
 }
 		
 // instantiate a chain from an X509_STORE_CTX
-LLPointer<LLCertificateChain> LLSecAPIBasicHandler::getCertificateChain(const X509_STORE_CTX* chain)
+LLPointer<LLCertificateChain> LLSecAPIBasicHandler::getCertificateChain(X509_STORE_CTX* chain)
 {
 	LLPointer<LLCertificateChain> result = new LLBasicCertificateChain(chain);
 	return result;
diff --git a/indra/newview/llsechandler_basic.h b/indra/newview/llsechandler_basic.h
index 0bc7f5230f..82670f9083 100644
--- a/indra/newview/llsechandler_basic.h
+++ b/indra/newview/llsechandler_basic.h
@@ -197,7 +197,7 @@ class LLBasicCertificateChain : virtual public LLBasicCertificateVector, public
 {
 	
 public:
-	LLBasicCertificateChain(const X509_STORE_CTX * store);
+	LLBasicCertificateChain(X509_STORE_CTX * store);
 	
 	virtual ~LLBasicCertificateChain() {}
 	
@@ -241,7 +241,7 @@ public:
 	virtual LLPointer<LLCertificate> getCertificate(X509* openssl_cert);
 	
 	// instantiate a chain from an X509_STORE_CTX
-	virtual LLPointer<LLCertificateChain> getCertificateChain(const X509_STORE_CTX* chain);
+	virtual LLPointer<LLCertificateChain> getCertificateChain(X509_STORE_CTX* chain);
 	
 	// instantiate a cert store given it's id.  if a persisted version
 	// exists, it'll be loaded.  If not, one will be created (but not
diff --git a/indra/newview/tests/llsecapi_test.cpp b/indra/newview/tests/llsecapi_test.cpp
index caa3016d2e..37fbbb449b 100644
--- a/indra/newview/tests/llsecapi_test.cpp
+++ b/indra/newview/tests/llsecapi_test.cpp
@@ -57,7 +57,7 @@ void LLSecAPIBasicHandler::init() {}
 LLSecAPIBasicHandler::~LLSecAPIBasicHandler() {}
 LLPointer<LLCertificate> LLSecAPIBasicHandler::getCertificate(const std::string& pem_cert) { return NULL; }
 LLPointer<LLCertificate> LLSecAPIBasicHandler::getCertificate(X509* openssl_cert) { return NULL; }
-LLPointer<LLCertificateChain> LLSecAPIBasicHandler::getCertificateChain(const X509_STORE_CTX* chain) { return NULL; }
+LLPointer<LLCertificateChain> LLSecAPIBasicHandler::getCertificateChain(X509_STORE_CTX* chain) { return NULL; }
 LLPointer<LLCertificateStore> LLSecAPIBasicHandler::getCertificateStore(const std::string& store_id) { return NULL; }
 void LLSecAPIBasicHandler::setProtectedData(const std::string& data_type, const std::string& data_id, const LLSD& data) {}
 void LLSecAPIBasicHandler::addToProtectedMap(const std::string& data_type, const std::string& data_id, const std::string& map_elem, const LLSD& data) {}
diff --git a/indra/newview/viewer_manifest.py b/indra/newview/viewer_manifest.py
index 80f6b2aa9f..c0a0a7ec46 100755
--- a/indra/newview/viewer_manifest.py
+++ b/indra/newview/viewer_manifest.py
@@ -553,9 +553,13 @@ class WindowsManifest(ViewerManifest):
                 self.path("vivoxsdk.dll")
                 self.path("ortp.dll")
             
-            # Security
-            self.path("ssleay32.dll")
-            self.path("libeay32.dll")
+            # OpenSSL
+            if (self.address_size == 64):
+                self.path("libcrypto-1_1-x64.dll")
+                self.path("libssl-1_1-x64.dll")
+            else:
+                self.path("libcrypto-1_1.dll")
+                self.path("libssl-1_1.dll")
 
             # HTTP/2
             self.path("nghttp2.dll")