| version 1.83, 2017/04/09 15:41:29 |
version 1.84, 2017/04/09 15:47:12 |
|
|
| <li>libtls now always loads CA, key and certificate files at the time the |
<li>libtls now always loads CA, key and certificate files at the time the |
| configuration function is called. This simplifies code and results in |
configuration function is called. This simplifies code and results in |
| a single memory based code path being used to provide data to libssl. |
a single memory based code path being used to provide data to libssl. |
| <li>Add support for OCSP intermediate certificates. |
<li>Added support for OCSP intermediate certificates. |
| <li>Added functions used by stunnel and exim from BoringSSL - this |
<li>Added X509_check_host(), X509_check_email(), X509_check_ip(), and |
| brings in X509_check_host, X509_check_email, X509_check_ip, and |
X509_check_ip_asc() functions, via BoringSSL. |
| X509_check_ip_asc. |
|
| <li>Added initial support for iOS, thanks to Jacob Berkman. |
<li>Added initial support for iOS, thanks to Jacob Berkman. |
| <li>Improved behavior of arc4random on Windows when using memory leak |
<li>Improved behavior of arc4random on Windows when using memory leak |
| analysis software. |
analysis software. |
| <li>Correctly handle an EOF that occurs prior to the TLS handshake |
<li>Correctly handle an EOF that occurs prior to the TLS handshake |
| completing. Reported by Vasily Kolobkov, based on a diff from Marko |
completing. Reported by Vasily Kolobkov, based on a diff from Marko |
| Kreen. |
Kreen. |
| <li>Limit the support of the "backward compatible" ssl2 handshake to |
<li>Limit the support of the "backward compatible" SSLv2 handshake to |
| only be used if TLS 1.0 is enabled. |
only be used if TLS 1.0 is enabled. |
| <li>Fix incorrect results in certain cases on 64-bit systems when |
<li>Fix incorrect results in certain cases on 64-bit systems when |
| BN_mod_word() can return incorrect results. BN_mod_word() now can |
BN_mod_word() can return incorrect results. BN_mod_word() now can |
| return an error condition. Thanks to Brian Smith. |
return an error condition. Thanks to Brian Smith. |
| <li>Added constant-time updates to address CVE-2016-0702 |
<li>Added constant-time updates to address CVE-2016-0702. |
| <li>Fixed undefined behavior in BN_GF2m_mod_arr() |
<li>Fixed undefined behavior in BN_GF2m_mod_arr(). |
| <li>Removed unused Cryptographic Message Support (CMS) |
<li>Removed unused Cryptographic Message Support (CMS). |
| <li>More conversions of long long idioms to time_t |
<li>More conversions of long long idioms to time_t. |
| <li>Improved compatibility by avoiding printing NULL strings with |
<li>Improved compatibility by avoiding printing NULL strings with |
| printf. |
printf. |
| <li>Reverted change that cleans up the EVP cipher context in |
<li>Reverted change that cleans up the EVP cipher context in |
| EVP_EncryptFinal() and EVP_DecryptFinal(). Some software relies on the |
EVP_EncryptFinal() and EVP_DecryptFinal(). Some software relies on the |
| previous behaviour. |
previous behaviour. |
| <li>Avoid unbounded memory growth in libssl, which can be triggered |
<li>Avoid unbounded memory growth in libssl, which can be triggered |
| by a TLS client repeatedly renegotiating and sending OCSP Status |
by a TLS client repeatedly renegotiating and sending OCSP Status |
| Request TLS extensions. |
Request TLS extensions. |
|
|
| <li>Added EVP interface for MD5+SHA1 hashes. |
<li>Added EVP interface for MD5+SHA1 hashes. |
| <li>Improved nc(1) TLS handshake CPU usage and server-side error |
<li>Improved nc(1) TLS handshake CPU usage and server-side error |
| reporting. |
reporting. |
| <li>Add a constant time version of BN_gcd and use it default for |
<li>Added a constant time version of BN_gcd and use it default for |
| BN_gcd to avoid the possibility of sidechannel timing attacks |
BN_gcd to avoid the possibility of sidechannel timing attacks |
| against RSA private key generation - Thanks to Alejandro |
against RSA private key generation - Thanks to Alejandro |
| Cabrera <aldaya@gmail.com> |
Cabrera <aldaya@gmail.com> |
![[BACK]](/icons/back.gif){kind=icon}
Return to 61.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www