diff options
author | Brent Cook <bcook@openbsd.org> | 2015-02-22 18:06:46 -0600 |
---|---|---|
committer | Brent Cook <bcook@openbsd.org> | 2015-02-22 18:06:46 -0600 |
commit | 2c5ac47db473503689bec13671b1c5e67133ac33 (patch) | |
tree | 278c7b427f6e28d60d1c6124273293eb7ab33714 /ChangeLog | |
parent | 329df39a13555f998da6181c4230acb8f4a4386a (diff) | |
download | portable-2c5ac47db473503689bec13671b1c5e67133ac33.tar.gz portable-2c5ac47db473503689bec13671b1c5e67133ac33.tar.bz2 portable-2c5ac47db473503689bec13671b1c5e67133ac33.zip |
Update initial changelog for 2.1.4
Diffstat (limited to 'ChangeLog')
-rw-r--r-- | ChangeLog | 39 |
1 files changed, 39 insertions, 0 deletions
@@ -28,6 +28,45 @@ history is also available from Git. | |||
28 | 28 | ||
29 | LibreSSL Portable Release Notes: | 29 | LibreSSL Portable Release Notes: |
30 | 30 | ||
31 | 2.1.4 - Security and feature updates | ||
32 | * Improvements to libtls: | ||
33 | |||
34 | * a new API for loading CA chains directly from memory instead of a | ||
35 | file, allowing verification with privilege separation in a chroot | ||
36 | without direct access to CA certificate files. | ||
37 | |||
38 | * Ciphers default to TLSv1.2 with AEAD and PFS. | ||
39 | |||
40 | * Improved error handling and message generation | ||
41 | |||
42 | * New APIs and improved documentation | ||
43 | |||
44 | * Added X509_STORE_load_mem API for loading certificates from memory. | ||
45 | This facilitates accessing certificates from a chrooted environment. | ||
46 | |||
47 | * New AEAD "MAC alias" allows configuring TLSv1.2 AEAD ciphers by | ||
48 | using 'TLSv1.2+AEAD' as the cipher selection string. | ||
49 | |||
50 | * Dead and disabled code removal including MD5, Netscape workarounds, | ||
51 | non-POSIX IO, SCTP, RFC 3779 support, many #if 0 sections, and more. | ||
52 | |||
53 | * ASN1 macro maze expanded to aid reading and searching the code. | ||
54 | |||
55 | * NULL pointer asserts removed in favor of letting the OS/signal | ||
56 | handler catch them. | ||
57 | |||
58 | * Refactored argument handling in openssl(1) for consistency and | ||
59 | maintainability. | ||
60 | |||
61 | * New openssl(1) command 'certhash' replaces the c_rehash script. | ||
62 | |||
63 | * Support for building with OPENSSL_NO_DEPRECATED | ||
64 | |||
65 | * Dozens of issues found with the Coverity scanner fixed. | ||
66 | |||
67 | * Server-side support for TLS_FALLBACK_SCSV for compatibility with | ||
68 | various auditor and vulnerability scanners. | ||
69 | |||
31 | 2.1.3 - Security update and OS support improvements | 70 | 2.1.3 - Security update and OS support improvements |
32 | * Fixed various memory leaks in DTLS, including fixes for | 71 | * Fixed various memory leaks in DTLS, including fixes for |
33 | CVE-2015-0206. | 72 | CVE-2015-0206. |