===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/59.html,v
retrieving revision 1.18
retrieving revision 1.19
diff -u -r1.18 -r1.19
--- www/59.html 2016/02/03 16:40:02 1.18
+++ www/59.html 2016/02/03 17:20:15 1.19
@@ -194,14 +194,18 @@
twenty years ago.
Added Certplus CA root certificate to the default
cert.pem file.
- Fixed a leak in SSL_new in the error path.
+ Fixed a leak in
+ SSL_new(3)
+ in the error path.
Fixed a memory leak and out-of-bounds access in OBJ_obj2txt.
Fixed an up-to 7 byte overflow in RC4 when len is not a multiple of
sizeof(RC4_CHUNK).
- Added EVP_aead_chacha20_poly1305_ietf() which matches the
+ Added
+ EVP_aead_chacha20_poly1305(3)
+ which matches the
AEAD construction introduced in RFC 7539, which is different
than that already used in TLS with
- EVP_aead_chacha20_poly1305().
+ EVP_aead_chacha20_poly1305(3).
More man pages converted from pod to
mdoc(7)
format.
@@ -236,12 +240,18 @@
SSLv3 is now permanently removed from the tree.
The libtls API is changed from the 2.2.x series:
- - The tls_read/write functions now work better
- with external event libraries.
+
- The
+ tls_read(3)
+ and
+ tls_write(3)
+ functions now work better with external event libraries.
- Client-side verification is now supported, with the client
supplying the certificate to the server.
-
- Also, when using tls_connect_fds,
- tls_connect_socket or tls_accept_fds,
+
- Also, when using
+ tls_connect_fds(3),
+ tls_connect_socket(3)
+ or
+ tls_accept_fds(3),
libtls no longer implicitly closes the passed in sockets.
The caller is responsible for closing them in this case.
@@ -265,14 +275,18 @@
Support always extracting the peer cipher and version with
libtls.
Added ability to check certificate validity times with
- libtls, tls_peer_cert_notbefore and
- tls_peer_cert_notafter.
- Changed tls_connect_servername to use the first address that
- resolves with
+ libtls,
+ tls_peer_cert_notbefore(3)
+ and
+ tls_peer_cert_notafter(3).
+ Changed
+ tls_connect_servername(3)
+ to use the first address that resolves with
getaddrinfo(3).
Remove broken conditional EVP_CHECK_DES_KEY code
(non-functional since initial commit in 2004).
- Reject too small bits value in BN_generate_prime_ex(),
+ Reject too small bits value in
+ BN_generate_prime_ex(3),
so that it does not risk becoming negative in
probable_prime_dh_safe().
Changed format of LIBRESSL_VERSION_NUMBER to match that of