From 7180bed3bb78144e19c1dfe3180b0dd2f426bf60 Mon Sep 17 00:00:00 2001 From: Brent Cook Date: Mon, 26 Oct 2015 05:58:08 -0500 Subject: [PATCH] update changelog for 2.3.1 --- ChangeLog | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/ChangeLog b/ChangeLog index 0241e5b..67f573d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -28,6 +28,38 @@ history is also available from Git. LibreSSL Portable Release Notes: +2.3.1 - ASN.1 and time handling cleanups + + * ASN.1 cleanups and RFC5280 compliance fixes. + + * Time representations switched from 'unsigned long' to 'time_t'. LibreSSL + now checks if the host OS supports 64-bit time_t. + + * Fixed a leak in SSL_new in the error path. + + * Support always extracting the peer cipher and version with libtls. + + * Added ability to check certificate validity times with libtls, + tls_peer_cert_notbefore and tls_peer_cert_notafter. + + * Changed tls_connect_servername to use the first address that resolves with + getaddrinfo(). + + * Remove broken conditional EVP_CHECK_DES_KEY code (non-functional since + initial commit in 2004). + + * Fixed a memory leak and out-of-bounds access in OBJ_obj2txt, reported + by Qualys Security. + + * Fixed an up-to 7 byte overflow in RC4 when len is not a multiple of + sizeof(RC4_CHUNK), reported by Pascal Cuoq . + + * Reject too small bits value in BN_generate_prime_ex(), so that it does + not risk becoming negative in probable_prime_dh_safe(), reported by + Franck Denis. + + * Enable nc(1) builds on more platforms. + 2.3.0 - SSLv3 removed, libtls API changes, portability improvements * SSLv3 is now permanently removed from the tree.