diff options
| author | Brent Cook <bcook@openbsd.org> | 2017-01-31 20:55:07 -0600 |
|---|---|---|
| committer | Brent Cook <bcook@openbsd.org> | 2017-01-31 20:55:07 -0600 |
| commit | b67d365454e3d35f775dda738697615094e81c4e (patch) | |
| tree | c84bae2e751923a4e34169d34c52e066fb15bfd9 | |
| parent | c957ff63c00d91da4054dcbeaacf8d6e7b74c44f (diff) | |
| download | portable-b67d365454e3d35f775dda738697615094e81c4e.tar.gz portable-b67d365454e3d35f775dda738697615094e81c4e.tar.bz2 portable-b67d365454e3d35f775dda738697615094e81c4e.zip | |
update Changelogv2.5.1
| -rw-r--r-- | ChangeLog | 36 |
1 files changed, 35 insertions, 1 deletions
| @@ -48,7 +48,7 @@ LibreSSL Portable Release Notes: | |||
| 48 | 48 | ||
| 49 | * Support for alternate chains for certificate verification. | 49 | * Support for alternate chains for certificate verification. |
| 50 | 50 | ||
| 51 | * Code cleanups, CBB conversions, further unification of DTLS/SSL | 51 | * Code cleanups, CBS conversions, further unification of DTLS/SSL |
| 52 | handshake code, further ASN1 macro expansion and removal. | 52 | handshake code, further ASN1 macro expansion and removal. |
| 53 | 53 | ||
| 54 | * Private symbol are now hidden in libssl and libcryto. | 54 | * Private symbol are now hidden in libssl and libcryto. |
| @@ -58,6 +58,39 @@ LibreSSL Portable Release Notes: | |||
| 58 | 58 | ||
| 59 | * Added OCSP stapling support to libtls and netcat. | 59 | * Added OCSP stapling support to libtls and netcat. |
| 60 | 60 | ||
| 61 | * Added ocspcheck utility to validate a certificate against its OCSP | ||
| 62 | responder and save the reply for stapling | ||
| 63 | |||
| 64 | * Enhanced regression tests and error handling for libtls. | ||
| 65 | |||
| 66 | * Added explicit constant and non-constant time BN functions, | ||
| 67 | defaulting to constant time wherever possible. | ||
| 68 | |||
| 69 | * Moved many leaked implementation details in public structs behind | ||
| 70 | opaque pointers. | ||
| 71 | |||
| 72 | * Added ticket support to libtls. | ||
| 73 | |||
| 74 | * Added support for setting the supported EC curves via | ||
| 75 | SSL{_CTX}_set1_groups{_list}() - also provide defines for the previous | ||
| 76 | SSL{_CTX}_set1_curves{_list} names. This also changes the default | ||
| 77 | list of curves to be X25519, P-256 and P-384. All other curves must | ||
| 78 | be manually enabled. | ||
| 79 | |||
| 80 | * Added -groups option to openssl(1) s_client for specifying the curves | ||
| 81 | to be used in a colon-separated list. | ||
| 82 | |||
| 83 | * Merged client/server version negotiation code paths into one, | ||
| 84 | reducing much duplicate code. | ||
| 85 | |||
| 86 | * Removed error function codes from libssl and libcrypto. | ||
| 87 | |||
| 88 | * Fixed an issue where a truncated packet could crash via an OOB read. | ||
| 89 | |||
| 90 | * Added SSL_OP_NO_CLIENT_RENEGOTIATION option that disallows | ||
| 91 | client-initiated renegotiation. This is the default for libtls | ||
| 92 | servers. | ||
| 93 | |||
| 61 | * Avoid a side-channel cache-timing attack that can leak the ECDSA | 94 | * Avoid a side-channel cache-timing attack that can leak the ECDSA |
| 62 | private keys when signing. This is due to BN_mod_inverse() being | 95 | private keys when signing. This is due to BN_mod_inverse() being |
| 63 | used without the constant time flag being set. Reported by Cesar | 96 | used without the constant time flag being set. Reported by Cesar |
| @@ -67,6 +100,7 @@ LibreSSL Portable Release Notes: | |||
| 67 | * iOS and MacOS compatibility updates from Simone Basso and Jacob | 100 | * iOS and MacOS compatibility updates from Simone Basso and Jacob |
| 68 | Berkman. | 101 | Berkman. |
| 69 | 102 | ||
| 103 | |||
| 70 | 2.5.0 - New APIs, bug fixes and improvements | 104 | 2.5.0 - New APIs, bug fixes and improvements |
| 71 | 105 | ||
| 72 | * libtls now supports ALPN and SNI | 106 | * libtls now supports ALPN and SNI |