mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2025-01-08 09:05:30 +00:00
Correct indentation and labelling in ChangeLog
This commit is contained in:
parent
4721831ffb
commit
58897fbd7d
33
ChangeLog
33
ChangeLog
|
@ -27,13 +27,13 @@ Bugfix
|
|||
|
||||
Security
|
||||
* Fix authentication bypass in SSL/TLS: when auth_mode is set to optional,
|
||||
mbedtls_ssl_get_verify_result() would incorrectly return 0 when the peer's
|
||||
X.509 certificate chain had more than MBEDTLS_X509_MAX_INTERMEDIATE_CA
|
||||
(default: 8) intermediates, even when it was not trusted. Could be
|
||||
triggered remotely on both sides. (With auth_mode set to required
|
||||
(default), the handshake was correctly aborted.)
|
||||
mbedtls_ssl_get_verify_result() would incorrectly return 0 when the peer's
|
||||
X.509 certificate chain had more than MBEDTLS_X509_MAX_INTERMEDIATE_CA
|
||||
(default: 8) intermediates, even when it was not trusted. Could be
|
||||
triggered remotely on both sides. (With auth_mode set to required
|
||||
(default), the handshake was correctly aborted.)
|
||||
|
||||
Changes
|
||||
API Changes
|
||||
* Certificate verification functions now set flags to -1 in case the full
|
||||
chain was not verified due to an internal error (including in the verify
|
||||
callback) or chain length limitations.
|
||||
|
@ -75,7 +75,7 @@ Bugfix
|
|||
* Accept empty trusted CA chain in authentication mode
|
||||
MBEDTLS_SSL_VERIFY_OPTIONAL. Found by jethrogb. #864
|
||||
* Fix implementation of mbedtls_ssl_parse_certificate() to not annihilate
|
||||
fatal errors in authentication mode MBEDTLS_SSL_VERIFY_OPTIONAL and to
|
||||
fatal errors in authentication mode MBEDTLS_SSL_VERIFY_OPTIONAL and to
|
||||
reflect bad EC curves within verification result.
|
||||
* Fix bug that caused the modular inversion function to accept the invalid
|
||||
modulus 1 and therefore to hang. Found by blaufish. #641.
|
||||
|
@ -203,9 +203,9 @@ Bugfix
|
|||
= mbed TLS 2.1.5 branch released 2016-06-28
|
||||
|
||||
Security
|
||||
* Fix missing padding length check in mbedtls_rsa_rsaes_pkcs1_v15_decrypt
|
||||
* Fix missing padding length check in mbedtls_rsa_rsaes_pkcs1_v15_decrypt
|
||||
required by PKCS1 v2.2
|
||||
* Fix a potential integer underflow to buffer overread in
|
||||
* Fix a potential integer underflow to buffer overread in
|
||||
mbedtls_rsa_rsaes_oaep_decrypt. It is not triggerable remotely in
|
||||
SSL/TLS.
|
||||
* Fix potential integer overflow to buffer overflow in
|
||||
|
@ -1460,7 +1460,7 @@ Security
|
|||
Changes
|
||||
* Allow enabling of dummy error_strerror() to support some use-cases
|
||||
* Debug messages about padding errors during SSL message decryption are
|
||||
disabled by default and can be enabled with POLARSSL_SSL_DEBUG_ALL
|
||||
disabled by default and can be enabled with POLARSSL_SSL_DEBUG_ALL
|
||||
* Sending of security-relevant alert messages that do not break
|
||||
interoperability can be switched on/off with the flag
|
||||
POLARSSL_SSL_ALL_ALERT_MESSAGES
|
||||
|
@ -1489,7 +1489,7 @@ Bugfix
|
|||
Changes
|
||||
* Added p_hw_data to ssl_context for context specific hardware acceleration
|
||||
data
|
||||
* During verify trust-CA is only checked for expiration and CRL presence
|
||||
* During verify trust-CA is only checked for expiration and CRL presence
|
||||
|
||||
Bugfixes
|
||||
* Fixed client authentication compatibility
|
||||
|
@ -1787,9 +1787,9 @@ Features
|
|||
with random data (Fixed ticket #10)
|
||||
|
||||
Changes
|
||||
* Debug print of MPI now removes leading zero octets and
|
||||
* Debug print of MPI now removes leading zero octets and
|
||||
displays actual bit size of the value.
|
||||
* x509parse_key() (and as a consequence x509parse_keyfile())
|
||||
* x509parse_key() (and as a consequence x509parse_keyfile())
|
||||
does not zeroize memory in advance anymore. Use rsa_init()
|
||||
before parsing a key or keyfile!
|
||||
|
||||
|
@ -1811,7 +1811,7 @@ Features
|
|||
printing of X509 CRLs from file
|
||||
|
||||
Changes
|
||||
* Parsing of PEM files moved to separate module (Fixes
|
||||
* Parsing of PEM files moved to separate module (Fixes
|
||||
ticket #13). Also possible to remove PEM support for
|
||||
systems only using DER encoding
|
||||
|
||||
|
@ -1954,7 +1954,7 @@ Bug fixes
|
|||
* Fixed HMAC-MD2 by modifying md2_starts(), so that the
|
||||
required HMAC ipad and opad variables are not cleared.
|
||||
(found by code coverage tests)
|
||||
* Prevented use of long long in bignum if
|
||||
* Prevented use of long long in bignum if
|
||||
POLARSSL_HAVE_LONGLONG not defined (found by Giles
|
||||
Bathgate).
|
||||
* Fixed incorrect handling of negative strings in
|
||||
|
@ -1995,7 +1995,7 @@ Bug fixes
|
|||
* Made definition of net_htons() endian-clean for big endian
|
||||
systems (Found by Gernot).
|
||||
* Undefining POLARSSL_HAVE_ASM now also handles prevents asm in
|
||||
padlock and timing code.
|
||||
padlock and timing code.
|
||||
* Fixed an off-by-one buffer allocation in ssl_set_hostname()
|
||||
responsible for crashes and unwanted behaviour.
|
||||
* Added support for Certificate Revocation List (CRL) parsing.
|
||||
|
@ -2169,4 +2169,3 @@ XySSL ChangeLog
|
|||
who maintains the Debian package :-)
|
||||
|
||||
= Version 0.1 released on 2006-11-01
|
||||
|
||||
|
|
Loading…
Reference in a new issue