=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/59.html,v retrieving revision 1.18 retrieving revision 1.19 diff -u -r1.18 -r1.19 --- www/59.html 2016/02/03 16:40:02 1.18 +++ www/59.html 2016/02/03 17:20:15 1.19 @@ -194,14 +194,18 @@ twenty years ago.
  • Added Certplus CA root certificate to the default cert.pem file. -
  • Fixed a leak in SSL_new in the error path. +
  • Fixed a leak in + SSL_new(3) + in the error path.
  • Fixed a memory leak and out-of-bounds access in OBJ_obj2txt.
  • Fixed an up-to 7 byte overflow in RC4 when len is not a multiple of sizeof(RC4_CHUNK). -
  • Added EVP_aead_chacha20_poly1305_ietf() which matches the +
  • Added + EVP_aead_chacha20_poly1305(3) + which matches the AEAD construction introduced in RFC 7539, which is different than that already used in TLS with - EVP_aead_chacha20_poly1305(). + EVP_aead_chacha20_poly1305(3).
  • More man pages converted from pod to mdoc(7) format. @@ -236,12 +240,18 @@
  • SSLv3 is now permanently removed from the tree.
  • The libtls API is changed from the 2.2.x series: @@ -265,14 +275,18 @@
  • Support always extracting the peer cipher and version with libtls.
  • Added ability to check certificate validity times with - libtls, tls_peer_cert_notbefore and - tls_peer_cert_notafter. -
  • Changed tls_connect_servername to use the first address that - resolves with + libtls, + tls_peer_cert_notbefore(3) + and + tls_peer_cert_notafter(3). +
  • Changed + tls_connect_servername(3) + to use the first address that resolves with getaddrinfo(3).
  • Remove broken conditional EVP_CHECK_DES_KEY code (non-functional since initial commit in 2004). -
  • Reject too small bits value in BN_generate_prime_ex(), +
  • Reject too small bits value in + BN_generate_prime_ex(3), so that it does not risk becoming negative in probable_prime_dh_safe().
  • Changed format of LIBRESSL_VERSION_NUMBER to match that of