diff options
author | Richard Levitte <levitte@openssl.org> | 2003-10-02 14:55:25 +0400 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2003-10-02 14:55:25 +0400 |
commit | 95a64aa4b8a0bfbfa15a65fe325ee09ad3e033ee (patch) | |
tree | 5a539b459673c07e6010efb20f424e1e877d7560 /CHANGES | |
parent | 80be2f484f40c400df739fc8bd804247a2253ddf (diff) |
Recent changes from 0.9.7-stable
Diffstat (limited to 'CHANGES')
-rw-r--r-- | CHANGES | 30 |
1 files changed, 28 insertions, 2 deletions
@@ -2,7 +2,23 @@ OpenSSL CHANGES _______________ - Changes between 0.9.7b and 0.9.7c [xx XXX 2003] + Changes between 0.9.7c and 0.9.7d [xx XXX XXXX] + + *) + + Changes between 0.9.7b and 0.9.7c [30 Sep 2003] + + *) Fix various bugs revealed by running the NISCC test suite: + + Stop out of bounds reads in the ASN1 code when presented with + invalid tags (CAN-2003-0543 and CAN-2003-0544). + + Free up ASN1_TYPE correctly if ANY type is invalid (CAN-2003-0545). + + If verify callback ignores invalid public key errors don't try to check + certificate signature with the NULL public key. + + [Steve Henson] *) New -ignore_err option in ocsp application to stop the server exiting on the first error in a request. @@ -1980,7 +1996,17 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) Clean old EAY MD5 hack from e_os.h. [Richard Levitte] - Changes between 0.9.6j and 0.9.6k [xx XXX 2003] + Changes between 0.9.6j and 0.9.6k [30 Sep 2003] + + *) Fix various bugs revealed by running the NISCC test suite: + + Stop out of bounds reads in the ASN1 code when presented with + invalid tags (CAN-2003-0543 and CAN-2003-0544). + + If verify callback ignores invalid public key errors don't try to check + certificate signature with the NULL public key. + + [Steve Henson] *) In ssl3_accept() (ssl/s3_srvr.c) only accept a client certificate if the server requested one: as stated in TLS 1.0 and SSL 3.0 |