factotum/libressl-portable
1
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

3.1.4 ChangeLog

Browse Source 
(cherry picked from commit c2d9cb4d7ad2900ebe874e980c9fa828f2ddf39a)
This commit is contained in:
Theo Buehler 2020-08-08 15:56:55 +02:00
parent 9c348f5ffc
commit 2be32881b6
1 changed files with 25 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
ChangeLog
View File

@ -96,6 +96,31 @@ LibreSSL Portable Release Notes:
* Use non-expired certificates first when building a certificate chain. * Use non-expired certificates first when building a certificate chain.
3.1.4 - Interoperability and bug fixes for the TLSv1.3 client:
* Improve client certificate selection to allow EC certificates
instead of only RSA certificates.
* Do not error out if a TLSv1.3 server requests an OCSP response as
part of a certificate request.
* Fix SSL_shutdown behavior to match the legacy stack. The previous
behaviour could cause a hang.
* Fix a memory leak and add a missing error check in the handling of
the key update message.
* Fix a memory leak in tls13_record_layer_set_traffic_key.
* Avoid calling freezero with a negative size if a server sends a
malformed plaintext of all zeroes.
* Ensure that only PSS may be used with RSA in TLSv1.3 in order
to avoid using PKCS1-based signatures.
* Add the P-521 curve to the list of curves supported by default
in the client.
3.1.3 - Bug fix 3.1.3 - Bug fix
* libcrypto may fail to build a valid certificate chain due to * libcrypto may fail to build a valid certificate chain due to