| version 1.18, 2016/02/03 16:40:02 |
version 1.19, 2016/02/03 17:20:15 |
|
|
| twenty years ago. |
twenty years ago. |
| <li>Added <tt>Certplus CA</tt> root certificate to the default |
<li>Added <tt>Certplus CA</tt> root certificate to the default |
| <tt>cert.pem</tt> file. |
<tt>cert.pem</tt> file. |
| <li>Fixed a leak in <tt>SSL_new</tt> in the error path. |
<li>Fixed a leak in |
| |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=SSL_new&sektion=3">SSL_new(3)</a> |
| |
in the error path. |
| <li>Fixed a memory leak and out-of-bounds access in <tt>OBJ_obj2txt</tt>. |
<li>Fixed a memory leak and out-of-bounds access in <tt>OBJ_obj2txt</tt>. |
| <li>Fixed an up-to 7 byte overflow in RC4 when len is not a multiple of |
<li>Fixed an up-to 7 byte overflow in RC4 when len is not a multiple of |
| <tt>sizeof(RC4_CHUNK)</tt>. |
<tt>sizeof(RC4_CHUNK)</tt>. |
| <li>Added <tt>EVP_aead_chacha20_poly1305_ietf()</tt> which matches the |
<li>Added |
| |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=EVP_AEAD_CTX_init&sektion=3">EVP_aead_chacha20_poly1305(3)</a> |
| |
which matches the |
| <tt>AEAD</tt> construction introduced in RFC 7539, which is different |
<tt>AEAD</tt> construction introduced in RFC 7539, which is different |
| than that already used in TLS with |
than that already used in TLS with |
| <tt>EVP_aead_chacha20_poly1305()</tt>. |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=EVP_AEAD_CTX_init&sektion=3">EVP_aead_chacha20_poly1305(3)</a>. |
| <li>More man pages converted from pod to |
<li>More man pages converted from pod to |
| <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mdoc&sektion=7">mdoc(7)</a> |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mdoc&sektion=7">mdoc(7)</a> |
| format. |
format. |
|
|
| <li>SSLv3 is now permanently removed from the tree. |
<li>SSLv3 is now permanently removed from the tree. |
| <li>The <tt>libtls</tt> API is changed from the 2.2.x series: |
<li>The <tt>libtls</tt> API is changed from the 2.2.x series: |
| <ul> |
<ul> |
| <li>The <tt>tls_read</tt>/<tt>write</tt> functions now work better |
<li>The |
| with external event libraries. |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tls_init&sektion=3">tls_read(3)</a> |
| |
and |
| |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tls_init&sektion=3">tls_write(3)</a> |
| |
functions now work better with external event libraries. |
| <li>Client-side verification is now supported, with the client |
<li>Client-side verification is now supported, with the client |
| supplying the certificate to the server. |
supplying the certificate to the server. |
| <li>Also, when using <tt>tls_connect_fds</tt>, |
<li>Also, when using |
| <tt>tls_connect_socket</tt> or <tt>tls_accept_fds</tt>, |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tls_init&sektion=3">tls_connect_fds(3)</a>, |
| |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tls_init&sektion=3">tls_connect_socket(3)</a> |
| |
or |
| |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tls_init&sektion=3">tls_accept_fds(3)</a>, |
| <tt>libtls</tt> no longer implicitly closes the passed in sockets. |
<tt>libtls</tt> no longer implicitly closes the passed in sockets. |
| The caller is responsible for closing them in this case. |
The caller is responsible for closing them in this case. |
| </ul> |
</ul> |
|
|
| <li>Support always extracting the peer cipher and version with |
<li>Support always extracting the peer cipher and version with |
| <tt>libtls</tt>. |
<tt>libtls</tt>. |
| <li>Added ability to check certificate validity times with |
<li>Added ability to check certificate validity times with |
| <tt>libtls</tt>, <tt>tls_peer_cert_notbefore</tt> and |
<tt>libtls</tt>, |
| <tt>tls_peer_cert_notafter</tt>. |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tls_init&sektion=3">tls_peer_cert_notbefore(3)</a> |
| <li>Changed <tt>tls_connect_servername</tt> to use the first address that |
and |
| resolves with |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tls_init&sektion=3">tls_peer_cert_notafter(3)</a>. |
| |
<li>Changed |
| |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tls_init&sektion=3">tls_connect_servername(3)</a> |
| |
to use the first address that resolves with |
| <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=getaddrinfo&sektion=3">getaddrinfo(3)</a>. |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=getaddrinfo&sektion=3">getaddrinfo(3)</a>. |
| <li>Remove broken conditional <tt>EVP_CHECK_DES_KEY</tt> code |
<li>Remove broken conditional <tt>EVP_CHECK_DES_KEY</tt> code |
| (non-functional since initial commit in 2004). |
(non-functional since initial commit in 2004). |
| <li>Reject too small bits value in <tt>BN_generate_prime_ex()</tt>, |
<li>Reject too small bits value in |
| |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=BN_generate_prime&sektion=3">BN_generate_prime_ex(3)</a>, |
| so that it does not risk becoming negative in |
so that it does not risk becoming negative in |
| <tt>probable_prime_dh_safe()</tt>. |
<tt>probable_prime_dh_safe()</tt>. |
| <li>Changed format of <tt>LIBRESSL_VERSION_NUMBER</tt> to match that of |
<li>Changed format of <tt>LIBRESSL_VERSION_NUMBER</tt> to match that of |
![[BACK]](/icons/back.gif){kind=icon}
Return to 59.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www