diff options
| author | Theo Buehler <tb@openbsd.org> | 2026-04-16 14:23:03 +0200 |
|---|---|---|
| committer | Theo Buehler <tb@openbsd.org> | 2026-04-16 14:23:03 +0200 |
| commit | 28f6810732328e36557b5220e51cad7eaba8dea9 (patch) | |
| tree | c51789c0eec0fe5336e03356812c97d5549447ad | |
| parent | 0e49605df08028305aa63db3ebffe855638bda61 (diff) | |
| download | portable-28f6810732328e36557b5220e51cad7eaba8dea9.tar.gz portable-28f6810732328e36557b5220e51cad7eaba8dea9.tar.bz2 portable-28f6810732328e36557b5220e51cad7eaba8dea9.zip | |
ChangeLog: add SAN dNSName fixv4.3.0
| -rw-r--r-- | ChangeLog | 3 |
1 files changed, 3 insertions, 0 deletions
| @@ -119,6 +119,9 @@ LibreSSL Portable Release Notes: | |||
| 119 | - Add missing length checks before BIO_new_mem_buf() in libtls. | 119 | - Add missing length checks before BIO_new_mem_buf() in libtls. |
| 120 | - Improve libtls error reporting consistency, avoid reporting | 120 | - Improve libtls error reporting consistency, avoid reporting |
| 121 | unrelated errnos. | 121 | unrelated errnos. |
| 122 | - Fix SAN dNSName constraints: instead of substring matching, | ||
| 123 | match exactly and allow zero or more components in front of | ||
| 124 | the candidate. | ||
| 122 | * Reliability fix | 125 | * Reliability fix |
| 123 | - Fix off-by-one error in the X.509 verifier depth checking. This can | 126 | - Fix off-by-one error in the X.509 verifier depth checking. This can |
| 124 | lead to a 4-byte overwrite on heap allocated memory for clients | 127 | lead to a 4-byte overwrite on heap allocated memory for clients |