update release notes
This commit is contained in:
Brent Cook
parent
6054891d43
commit
07b9f6c371
22
ChangeLog
22
ChangeLog
@ -28,6 +28,28 @@ history is also available from Git.
|
|||||||
|
|
||||||
LibreSSL Portable Release Notes:
|
LibreSSL Portable Release Notes:
|
||||||
|
|
||||||
|
2.6.2 - Bug fixes
|
||||||
|
|
||||||
|
* Provide a useful error with libtls if there are no OCSP URLs in a
|
||||||
|
peer certificate.
|
||||||
|
|
||||||
|
* Keep track of which keypair is in use by a TLS context, fixing a bug
|
||||||
|
where a TLS server with SNI would only return the OCSP staple for the
|
||||||
|
default keypair. Issue reported by William Graeber and confirmed by
|
||||||
|
Andreas Bartelt.
|
||||||
|
|
||||||
|
* Fixed various issues in the OCSP extension parsing code.
|
||||||
|
The original code incorrectly passes the pointer allocated via
|
||||||
|
CBS_stow() (using malloc()) to a d2i_*() function and then calls
|
||||||
|
free() on the now incremented pointer, most likely resulting in a
|
||||||
|
crash. This issue was reported by Robert Swiecki who found the issue
|
||||||
|
using honggfuzz.
|
||||||
|
|
||||||
|
* If tls_config_parse_protocols() is called with a NULL pointer,
|
||||||
|
return the default protocols instead of crashing - this makes the
|
||||||
|
behaviour more useful and mirrors what we already do in
|
||||||
|
tls_config_set_ciphers() et al.
|
||||||
|
|
||||||
2.6.1 - Code removal, rewrites
|
2.6.1 - Code removal, rewrites
|
||||||
|
|
||||||
* Added a "-T tlscompat" option to nc(1), which enables the use of all
|
* Added a "-T tlscompat" option to nc(1), which enables the use of all
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user