===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/59.html,v
retrieving revision 1.18
retrieving revision 1.19
diff -c -r1.18 -r1.19
*** www/59.html 2016/02/03 16:40:02 1.18
--- www/59.html 2016/02/03 17:20:15 1.19
***************
*** 194,207 ****
twenty years ago.
Added Certplus CA root certificate to the default
cert.pem file.
! Fixed a leak in SSL_new in the error path.
Fixed a memory leak and out-of-bounds access in OBJ_obj2txt.
Fixed an up-to 7 byte overflow in RC4 when len is not a multiple of
sizeof(RC4_CHUNK).
! Added EVP_aead_chacha20_poly1305_ietf() which matches the
AEAD construction introduced in RFC 7539, which is different
than that already used in TLS with
! EVP_aead_chacha20_poly1305().
More man pages converted from pod to
mdoc(7)
format.
--- 194,211 ----
twenty years ago.
Added Certplus CA root certificate to the default
cert.pem file.
! Fixed a leak in
! SSL_new(3)
! in the error path.
Fixed a memory leak and out-of-bounds access in OBJ_obj2txt.
Fixed an up-to 7 byte overflow in RC4 when len is not a multiple of
sizeof(RC4_CHUNK).
! Added
! EVP_aead_chacha20_poly1305(3)
! which matches the
AEAD construction introduced in RFC 7539, which is different
than that already used in TLS with
! EVP_aead_chacha20_poly1305(3).
More man pages converted from pod to
mdoc(7)
format.
***************
*** 236,247 ****
SSLv3 is now permanently removed from the tree.
The libtls API is changed from the 2.2.x series:
! - The tls_read/write functions now work better
! with external event libraries.
- Client-side verification is now supported, with the client
supplying the certificate to the server.
!
- Also, when using tls_connect_fds,
! tls_connect_socket or tls_accept_fds,
libtls no longer implicitly closes the passed in sockets.
The caller is responsible for closing them in this case.
--- 240,257 ----
SSLv3 is now permanently removed from the tree.
The libtls API is changed from the 2.2.x series:
! - The
! tls_read(3)
! and
! tls_write(3)
! functions now work better with external event libraries.
- Client-side verification is now supported, with the client
supplying the certificate to the server.
!
- Also, when using
! tls_connect_fds(3),
! tls_connect_socket(3)
! or
! tls_accept_fds(3),
libtls no longer implicitly closes the passed in sockets.
The caller is responsible for closing them in this case.
***************
*** 265,278 ****
Support always extracting the peer cipher and version with
libtls.
Added ability to check certificate validity times with
! libtls, tls_peer_cert_notbefore and
! tls_peer_cert_notafter.
! Changed tls_connect_servername to use the first address that
! resolves with
getaddrinfo(3).
Remove broken conditional EVP_CHECK_DES_KEY code
(non-functional since initial commit in 2004).
! Reject too small bits value in BN_generate_prime_ex(),
so that it does not risk becoming negative in
probable_prime_dh_safe().
Changed format of LIBRESSL_VERSION_NUMBER to match that of
--- 275,292 ----
Support always extracting the peer cipher and version with
libtls.
Added ability to check certificate validity times with
! libtls,
! tls_peer_cert_notbefore(3)
! and
! tls_peer_cert_notafter(3).
! Changed
! tls_connect_servername(3)
! to use the first address that resolves with
getaddrinfo(3).
Remove broken conditional EVP_CHECK_DES_KEY code
(non-functional since initial commit in 2004).
! Reject too small bits value in
! BN_generate_prime_ex(3),
so that it does not risk becoming negative in
probable_prime_dh_safe().
Changed format of LIBRESSL_VERSION_NUMBER to match that of