update Changelog
This commit is contained in:
Brent Cook
parent
c957ff63c0
commit
b67d365454
36
ChangeLog
36
ChangeLog
@ -48,7 +48,7 @@ LibreSSL Portable Release Notes:
|
|||||||
|
|
||||||
* Support for alternate chains for certificate verification.
|
* Support for alternate chains for certificate verification.
|
||||||
|
|
||||||
* Code cleanups, CBB conversions, further unification of DTLS/SSL
|
* Code cleanups, CBS conversions, further unification of DTLS/SSL
|
||||||
handshake code, further ASN1 macro expansion and removal.
|
handshake code, further ASN1 macro expansion and removal.
|
||||||
|
|
||||||
* Private symbol are now hidden in libssl and libcryto.
|
* Private symbol are now hidden in libssl and libcryto.
|
||||||
@ -58,6 +58,39 @@ LibreSSL Portable Release Notes:
|
|||||||
|
|
||||||
* Added OCSP stapling support to libtls and netcat.
|
* Added OCSP stapling support to libtls and netcat.
|
||||||
|
|
||||||
|
* Added ocspcheck utility to validate a certificate against its OCSP
|
||||||
|
responder and save the reply for stapling
|
||||||
|
|
||||||
|
* Enhanced regression tests and error handling for libtls.
|
||||||
|
|
||||||
|
* Added explicit constant and non-constant time BN functions,
|
||||||
|
defaulting to constant time wherever possible.
|
||||||
|
|
||||||
|
* Moved many leaked implementation details in public structs behind
|
||||||
|
opaque pointers.
|
||||||
|
|
||||||
|
* Added ticket support to libtls.
|
||||||
|
|
||||||
|
* Added support for setting the supported EC curves via
|
||||||
|
SSL{_CTX}_set1_groups{_list}() - also provide defines for the previous
|
||||||
|
SSL{_CTX}_set1_curves{_list} names. This also changes the default
|
||||||
|
list of curves to be X25519, P-256 and P-384. All other curves must
|
||||||
|
be manually enabled.
|
||||||
|
|
||||||
|
* Added -groups option to openssl(1) s_client for specifying the curves
|
||||||
|
to be used in a colon-separated list.
|
||||||
|
|
||||||
|
* Merged client/server version negotiation code paths into one,
|
||||||
|
reducing much duplicate code.
|
||||||
|
|
||||||
|
* Removed error function codes from libssl and libcrypto.
|
||||||
|
|
||||||
|
* Fixed an issue where a truncated packet could crash via an OOB read.
|
||||||
|
|
||||||
|
* Added SSL_OP_NO_CLIENT_RENEGOTIATION option that disallows
|
||||||
|
client-initiated renegotiation. This is the default for libtls
|
||||||
|
servers.
|
||||||
|
|
||||||
* Avoid a side-channel cache-timing attack that can leak the ECDSA
|
* Avoid a side-channel cache-timing attack that can leak the ECDSA
|
||||||
private keys when signing. This is due to BN_mod_inverse() being
|
private keys when signing. This is due to BN_mod_inverse() being
|
||||||
used without the constant time flag being set. Reported by Cesar
|
used without the constant time flag being set. Reported by Cesar
|
||||||
@ -67,6 +100,7 @@ LibreSSL Portable Release Notes:
|
|||||||
* iOS and MacOS compatibility updates from Simone Basso and Jacob
|
* iOS and MacOS compatibility updates from Simone Basso and Jacob
|
||||||
Berkman.
|
Berkman.
|
||||||
|
|
||||||
|
|
||||||
2.5.0 - New APIs, bug fixes and improvements
|
2.5.0 - New APIs, bug fixes and improvements
|
||||||
|
|
||||||
* libtls now supports ALPN and SNI
|
* libtls now supports ALPN and SNI
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user