wordsmith some, and include mention of name constraints and bettertle test suite

2020-10-08 08:46:52 -06:00 · 2020-10-08 08:46:52 -06:00 · a8bc7358c2
commit a8bc7358c2
parent b39be4f23e
1 changed files with 12 additions and 5 deletions
--- a/17
+++ b/17
@ -30,12 +30,17 @@ LibreSSL Portable Release Notes:

 3.2.2 - Stable release

-	* This is the first stable release with the new TLSv1.3 implementation
-	  enabled for both server and client. The OpenSSL TLSv1.3 API is not
-	  yet available and will be provided in an upcoming release.
+	* This is the first stable release with the new TLSv1.3
+	  implementation enabled by default for both server and client. The
+ 	  OpenSSL 1.1 TLSv1.3 API is not yet available and will be provided
+	  in an upcoming release.

-	* New X509 certificate chain validator loosely based on Go's X509
-	  validator.
+	* New X509 certificate chain validator that correctly handles
+	  multiple paths through intermediate certificates. Loosely based on
+	  Go's X509 validator.
+
+	* New name constraints verification implementation which passes the
+	  bettertls.com certificate validation check suite.

 	* Improve the handling of BIO_read()/BIO_write() failures in the
 	  TLSv1.3 stack.
@ -94,6 +99,8 @@ LibreSSL Portable Release Notes:

 	* Greatly expanded test coverage via the tlsfuzzer test scripts.

+	* Expanded test coverage via the bettertls certificate test suite.
+
 	* Test interoperability with the Botan TLS client.

 	* Make pthread_mutex static initialisation work on Windows.