diff options
author | Bob Beck <beck@openbsd.org> | 2020-10-08 08:46:52 -0600 |
---|---|---|
committer | Bob Beck <beck@openbsd.org> | 2020-10-08 08:46:52 -0600 |
commit | a8bc7358c271fa5491155f6eb57d3f3a392c8ec7 (patch) | |
tree | 5aeaf89f2b0aa21c638e12746a67319ae13c06a3 /ChangeLog | |
parent | b39be4f23e75fd5ba4a376996deaec75ca0b5fdd (diff) | |
download | portable-a8bc7358c271fa5491155f6eb57d3f3a392c8ec7.tar.gz portable-a8bc7358c271fa5491155f6eb57d3f3a392c8ec7.tar.bz2 portable-a8bc7358c271fa5491155f6eb57d3f3a392c8ec7.zip |
wordsmith some, and include mention of name constraints and bettertle test suite
Diffstat (limited to 'ChangeLog')
-rw-r--r-- | ChangeLog | 17 |
1 files changed, 12 insertions, 5 deletions
@@ -30,12 +30,17 @@ LibreSSL Portable Release Notes: | |||
30 | 30 | ||
31 | 3.2.2 - Stable release | 31 | 3.2.2 - Stable release |
32 | 32 | ||
33 | * This is the first stable release with the new TLSv1.3 implementation | 33 | * This is the first stable release with the new TLSv1.3 |
34 | enabled for both server and client. The OpenSSL TLSv1.3 API is not | 34 | implementation enabled by default for both server and client. The |
35 | yet available and will be provided in an upcoming release. | 35 | OpenSSL 1.1 TLSv1.3 API is not yet available and will be provided |
36 | in an upcoming release. | ||
36 | 37 | ||
37 | * New X509 certificate chain validator loosely based on Go's X509 | 38 | * New X509 certificate chain validator that correctly handles |
38 | validator. | 39 | multiple paths through intermediate certificates. Loosely based on |
40 | Go's X509 validator. | ||
41 | |||
42 | * New name constraints verification implementation which passes the | ||
43 | bettertls.com certificate validation check suite. | ||
39 | 44 | ||
40 | * Improve the handling of BIO_read()/BIO_write() failures in the | 45 | * Improve the handling of BIO_read()/BIO_write() failures in the |
41 | TLSv1.3 stack. | 46 | TLSv1.3 stack. |
@@ -94,6 +99,8 @@ LibreSSL Portable Release Notes: | |||
94 | 99 | ||
95 | * Greatly expanded test coverage via the tlsfuzzer test scripts. | 100 | * Greatly expanded test coverage via the tlsfuzzer test scripts. |
96 | 101 | ||
102 | * Expanded test coverage via the bettertls certificate test suite. | ||
103 | |||
97 | * Test interoperability with the Botan TLS client. | 104 | * Test interoperability with the Botan TLS client. |
98 | 105 | ||
99 | * Make pthread_mutex static initialisation work on Windows. | 106 | * Make pthread_mutex static initialisation work on Windows. |