diff options
| author | Bob Beck <beck@openbsd.org> | 2020-10-08 08:46:52 -0600 |
|---|---|---|
| committer | Bob Beck <beck@openbsd.org> | 2020-10-08 08:46:52 -0600 |
| commit | a8bc7358c271fa5491155f6eb57d3f3a392c8ec7 (patch) | |
| tree | 5aeaf89f2b0aa21c638e12746a67319ae13c06a3 /ChangeLog | |
| parent | b39be4f23e75fd5ba4a376996deaec75ca0b5fdd (diff) | |
| download | portable-a8bc7358c271fa5491155f6eb57d3f3a392c8ec7.tar.gz portable-a8bc7358c271fa5491155f6eb57d3f3a392c8ec7.tar.bz2 portable-a8bc7358c271fa5491155f6eb57d3f3a392c8ec7.zip | |
wordsmith some, and include mention of name constraints and bettertle test suite
Diffstat (limited to 'ChangeLog')
| -rw-r--r-- | ChangeLog | 17 |
1 files changed, 12 insertions, 5 deletions
| @@ -30,12 +30,17 @@ LibreSSL Portable Release Notes: | |||
| 30 | 30 | ||
| 31 | 3.2.2 - Stable release | 31 | 3.2.2 - Stable release |
| 32 | 32 | ||
| 33 | * This is the first stable release with the new TLSv1.3 implementation | 33 | * This is the first stable release with the new TLSv1.3 |
| 34 | enabled for both server and client. The OpenSSL TLSv1.3 API is not | 34 | implementation enabled by default for both server and client. The |
| 35 | yet available and will be provided in an upcoming release. | 35 | OpenSSL 1.1 TLSv1.3 API is not yet available and will be provided |
| 36 | in an upcoming release. | ||
| 36 | 37 | ||
| 37 | * New X509 certificate chain validator loosely based on Go's X509 | 38 | * New X509 certificate chain validator that correctly handles |
| 38 | validator. | 39 | multiple paths through intermediate certificates. Loosely based on |
| 40 | Go's X509 validator. | ||
| 41 | |||
| 42 | * New name constraints verification implementation which passes the | ||
| 43 | bettertls.com certificate validation check suite. | ||
| 39 | 44 | ||
| 40 | * Improve the handling of BIO_read()/BIO_write() failures in the | 45 | * Improve the handling of BIO_read()/BIO_write() failures in the |
| 41 | TLSv1.3 stack. | 46 | TLSv1.3 stack. |
| @@ -94,6 +99,8 @@ LibreSSL Portable Release Notes: | |||
| 94 | 99 | ||
| 95 | * Greatly expanded test coverage via the tlsfuzzer test scripts. | 100 | * Greatly expanded test coverage via the tlsfuzzer test scripts. |
| 96 | 101 | ||
| 102 | * Expanded test coverage via the bettertls certificate test suite. | ||
| 103 | |||
| 97 | * Test interoperability with the Botan TLS client. | 104 | * Test interoperability with the Botan TLS client. |
| 98 | 105 | ||
| 99 | * Make pthread_mutex static initialisation work on Windows. | 106 | * Make pthread_mutex static initialisation work on Windows. |