aboutsummaryrefslogtreecommitdiff
path: root/ChangeLog
diff options
context:
space:
mode:
authorBrent Cook <bcook@openbsd.org>2017-01-09 03:58:26 -0600
committerBrent Cook <bcook@openbsd.org>2017-01-09 03:58:26 -0600
commit7acb28a3e740dabae159494fcd60cce76e2544f0 (patch)
tree151ff133d0f1e364666d4d80f332e6f5c5790e9e /ChangeLog
parentc691459502efc76b7fa4478b461ba7ab6c0d48cb (diff)
downloadportable-7acb28a3e740dabae159494fcd60cce76e2544f0.tar.gz
portable-7acb28a3e740dabae159494fcd60cce76e2544f0.tar.bz2
portable-7acb28a3e740dabae159494fcd60cce76e2544f0.zip
update Changelog
Diffstat (limited to 'ChangeLog')
-rw-r--r--ChangeLog39
1 files changed, 39 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index 2e3fdc6..9381899 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -28,6 +28,45 @@ history is also available from Git.
28 28
29LibreSSL Portable Release Notes: 29LibreSSL Portable Release Notes:
30 30
312.5.1 - Bug and security fixes, new features, documentation updates
32
33 * X509_cmp_time() now passes a malformed GeneralizedTime field as an
34 error. Reported by Theofilos Petsios.
35
36 * Detect zero-length encrypted session data early, instead of when
37 malloc(0) fails or the HMAC check fails. Noted independently by
38 jsing@ and Kurt Cancemi.
39
40 * Check for and handle failure of HMAC_{Update,Final} or
41 EVP_DecryptUpdate().
42
43 * Massive update and normalization of manpages, conversion to
44 mandoc format. Many pages were rewritten for clarity and accuracy.
45 Portable doc links are up-to-date with a new conversion tool.
46
47 * Curve25519 Key Exchange support.
48
49 * Support for alternate chains for certificate verification.
50
51 * Code cleanups, CBB conversions, further unification of DTLS/SSL
52 handshake code, further ASN1 macro expansion and removal.
53
54 * Private symbol are now hidden in libssl and libcryto.
55
56 * Friendly certificate verification error messages in libtls, peer
57 verification is now always enabled.
58
59 * Added OSCP stapling support to libtls and netcat.
60
61 * Avoid a side-channel cache-timing attack that can leak the ECDSA
62 private keys when signing. This is due to BN_mod_inverse() being
63 used without the constant time flag being set. Reported by Cesar
64 Pereida Garcia and Billy Brumley (Tampere University of Technology).
65 The fix was developed by Cesar Pereida Garcia.
66
67 * iOS and MacOS compatibility updates from Simone Basso and Jacob
68 Berkman.
69
312.5.0 - New APIs, bug fixes and improvements 702.5.0 - New APIs, bug fixes and improvements
32 71
33 * libtls now supports ALPN and SNI 72 * libtls now supports ALPN and SNI