===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/61.html,v
retrieving revision 1.83
retrieving revision 1.84
diff -u -r1.83 -r1.84
--- www/61.html 2017/04/09 15:41:29 1.83
+++ www/61.html 2017/04/09 15:47:12 1.84
@@ -733,30 +733,29 @@
libtls now always loads CA, key and certificate files at the time the
configuration function is called. This simplifies code and results in
a single memory based code path being used to provide data to libssl.
- Add support for OCSP intermediate certificates.
- Added functions used by stunnel and exim from BoringSSL - this
- brings in X509_check_host, X509_check_email, X509_check_ip, and
- X509_check_ip_asc.
+ Added support for OCSP intermediate certificates.
+ Added X509_check_host(), X509_check_email(), X509_check_ip(), and
+ X509_check_ip_asc() functions, via BoringSSL.
Added initial support for iOS, thanks to Jacob Berkman.
Improved behavior of arc4random on Windows when using memory leak
analysis software.
Correctly handle an EOF that occurs prior to the TLS handshake
completing. Reported by Vasily Kolobkov, based on a diff from Marko
Kreen.
- Limit the support of the "backward compatible" ssl2 handshake to
+ Limit the support of the "backward compatible" SSLv2 handshake to
only be used if TLS 1.0 is enabled.
Fix incorrect results in certain cases on 64-bit systems when
BN_mod_word() can return incorrect results. BN_mod_word() now can
return an error condition. Thanks to Brian Smith.
- Added constant-time updates to address CVE-2016-0702
- Fixed undefined behavior in BN_GF2m_mod_arr()
- Removed unused Cryptographic Message Support (CMS)
- More conversions of long long idioms to time_t
+ Added constant-time updates to address CVE-2016-0702.
+ Fixed undefined behavior in BN_GF2m_mod_arr().
+ Removed unused Cryptographic Message Support (CMS).
+ More conversions of long long idioms to time_t.
Improved compatibility by avoiding printing NULL strings with
printf.
Reverted change that cleans up the EVP cipher context in
- EVP_EncryptFinal() and EVP_DecryptFinal(). Some software relies on the
- previous behaviour.
+ EVP_EncryptFinal() and EVP_DecryptFinal(). Some software relies on the
+ previous behaviour.
Avoid unbounded memory growth in libssl, which can be triggered
by a TLS client repeatedly renegotiating and sending OCSP Status
Request TLS extensions.
@@ -821,7 +820,7 @@
Added EVP interface for MD5+SHA1 hashes.
Improved nc(1) TLS handshake CPU usage and server-side error
reporting.
- Add a constant time version of BN_gcd and use it default for
+ Added a constant time version of BN_gcd and use it default for
BN_gcd to avoid the possibility of sidechannel timing attacks
against RSA private key generation - Thanks to Alejandro
Cabrera