whitespace, typos and a repeated entry

author: Theo Buehler <tb@openbsd.org> 2020-05-29 05:59:10 +0200
committer: Theo Buehler <tb@openbsd.org> 2020-05-29 05:59:10 +0200
commit: 8b0ba4244e4bc9fd56366a26695978882216161d (patch)
tree: 40e71c05c2eb5b7fc354026e6dcc408ca819c3ca /ChangeLog
parent: fcd9da32e8014dd9155d6653d364dbfb31e015b3 (diff)
download: portable-8b0ba4244e4bc9fd56366a26695978882216161d.tar.gz
portable-8b0ba4244e4bc9fd56366a26695978882216161d.tar.bz2
portable-8b0ba4244e4bc9fd56366a26695978882216161d.zip
1 files changed, 15 insertions, 20 deletions
diff --git a/ChangeLog b/ChangeLog
index 5e69fa9..c6d290f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -31,20 +31,20 @@ LibreSSL Portable Release Notes:
 3.2.0 - Development release
        * Improve length checks in record layer and provide appropritate
-        alerts for for violations of record layer limits.
+          alerts for for violations of record layer limits.
        * Enforce in the server that SNI hostnames be correctly formed as
-        per RFC 6066 and RFC 5890, responding with illegal paramerter for
+          per RFC 6066 and RFC 5890, responding with illegal parameter for
-        a nonconformant host name.
+          a nonconformant host name.
        * Modify openssl(1) to clear SSL_MODE_AUTO_RETRY appropriately in
-        various commands.
+          various commands.
        * Modify io behavior so that SSL_MODE_AUTO_RETRY is the default
-        similar to new OpenSSL releases.
+          similar to new OpenSSL releases.
        * Support SSL_MODE_AUTO_RETRY in TLS 1.3 to allow the automatic
-        retry of handshake messages.
+          retry of handshake messages.
        * Add tlsfuzzer based regression tests.
@@ -52,34 +52,29 @@ LibreSSL Portable Release Notes:
          to send ocsp staples for leaf certificates.
        * Send correct alerts when handling failed key share extensions
-        on the TLS 1.3 server.
+          on the TLS 1.3 server.
        * Various compatibility fixes for TLS 1.3 to 1.2 fallback for
-        switching from the new to legacy stacks.
+          switching from the new to legacy stacks.
        * Support TLS 1.3 options in the openssl(1) command.
        * Enable TLS 1.3 server side in addition to client by default.
-        with this change tls13 is handled entirely on the new stack
+          with this change tls13 is handled entirely on the new stack
-        and state machine, with fallback to the legacy stack and
+          and state machine, with fallback to the legacy stack and
-        state machine for older versions.
+          state machine for older versions.
        * Many alert cleanups in TLS 1.3 to provide expected alerts
-        in failure conditions.
+          in failure conditions.
        * Modify "openssl x509" to display invalid certificate times as
-        invalid, and correctly deal with the failing return case from
+          invalid, and correctly deal with the failing return case from
-        x509_time_cmp so that a certificate with an invalid NotAfter does
+          x509_time_cmp so that a certificate with an invalid NotAfter does
-        not appear valid.
+          not appear valid.
        * Support sending dummy change_cipher_spec records for middlebox
          compatibility.
-        * Added a test harness to run tlsfuzzer's test scripts against
-          the TLSv1.3 server.  These test scripts exhibited numerous
-          corner cases that were dealt with incorrectly. Fixed several
-          instances of missing or incorrect alerts.
        * Ensure only PSS may be used with RSA in tls 1.3
        * The client must advertise exactly the "null" compression method
author	Theo Buehler <tb@openbsd.org>	2020-05-29 05:59:10 +0200
committer	Theo Buehler <tb@openbsd.org>	2020-05-29 05:59:10 +0200
commit	8b0ba4244e4bc9fd56366a26695978882216161d (patch)
tree	40e71c05c2eb5b7fc354026e6dcc408ca819c3ca /ChangeLog
parent	fcd9da32e8014dd9155d6653d364dbfb31e015b3 (diff)
download	portable-8b0ba4244e4bc9fd56366a26695978882216161d.tar.gz portable-8b0ba4244e4bc9fd56366a26695978882216161d.tar.bz2 portable-8b0ba4244e4bc9fd56366a26695978882216161d.zip

diff --git a/ChangeLog b/ChangeLog index 5e69fa9..c6d290f 100644 --- a/ChangeLog +++ b/ChangeLog
@@ -31,20 +31,20 @@ LibreSSL Portable Release Notes:
31	3.2.0 - Development release	31	3.2.0 - Development release
32		32
33	* Improve length checks in record layer and provide appropritate	33	* Improve length checks in record layer and provide appropritate
34	alerts for for violations of record layer limits.	34	alerts for for violations of record layer limits.
35		35
36	* Enforce in the server that SNI hostnames be correctly formed as	36	* Enforce in the server that SNI hostnames be correctly formed as
37	per RFC 6066 and RFC 5890, responding with illegal paramerter for	37	per RFC 6066 and RFC 5890, responding with illegal parameter for
38	a nonconformant host name.	38	a nonconformant host name.
39		39
40	* Modify openssl(1) to clear SSL_MODE_AUTO_RETRY appropriately in	40	* Modify openssl(1) to clear SSL_MODE_AUTO_RETRY appropriately in
41	various commands.	41	various commands.
42		42
43	* Modify io behavior so that SSL_MODE_AUTO_RETRY is the default	43	* Modify io behavior so that SSL_MODE_AUTO_RETRY is the default
44	similar to new OpenSSL releases.	44	similar to new OpenSSL releases.
45		45
46	* Support SSL_MODE_AUTO_RETRY in TLS 1.3 to allow the automatic	46	* Support SSL_MODE_AUTO_RETRY in TLS 1.3 to allow the automatic
47	retry of handshake messages.	47	retry of handshake messages.
48		48
49	* Add tlsfuzzer based regression tests.	49	* Add tlsfuzzer based regression tests.
50		50
@@ -52,34 +52,29 @@ LibreSSL Portable Release Notes:
52	to send ocsp staples for leaf certificates.	52	to send ocsp staples for leaf certificates.
53		53
54	* Send correct alerts when handling failed key share extensions	54	* Send correct alerts when handling failed key share extensions
55	on the TLS 1.3 server.	55	on the TLS 1.3 server.
56		56
57	* Various compatibility fixes for TLS 1.3 to 1.2 fallback for	57	* Various compatibility fixes for TLS 1.3 to 1.2 fallback for
58	switching from the new to legacy stacks.	58	switching from the new to legacy stacks.
59		59
60	* Support TLS 1.3 options in the openssl(1) command.	60	* Support TLS 1.3 options in the openssl(1) command.
61		61
62	* Enable TLS 1.3 server side in addition to client by default.	62	* Enable TLS 1.3 server side in addition to client by default.
63	with this change tls13 is handled entirely on the new stack	63	with this change tls13 is handled entirely on the new stack
64	and state machine, with fallback to the legacy stack and	64	and state machine, with fallback to the legacy stack and
65	state machine for older versions.	65	state machine for older versions.
66		66
67	* Many alert cleanups in TLS 1.3 to provide expected alerts	67	* Many alert cleanups in TLS 1.3 to provide expected alerts
68	in failure conditions.	68	in failure conditions.
69		69
70	* Modify "openssl x509" to display invalid certificate times as	70	* Modify "openssl x509" to display invalid certificate times as
71	invalid, and correctly deal with the failing return case from	71	invalid, and correctly deal with the failing return case from
72	x509_time_cmp so that a certificate with an invalid NotAfter does	72	x509_time_cmp so that a certificate with an invalid NotAfter does
73	not appear valid.	73	not appear valid.
74		74
75	* Support sending dummy change_cipher_spec records for middlebox	75	* Support sending dummy change_cipher_spec records for middlebox
76	compatibility.	76	compatibility.
77		77
78	* Added a test harness to run tlsfuzzer's test scripts against
79	the TLSv1.3 server. These test scripts exhibited numerous
80	corner cases that were dealt with incorrectly. Fixed several
81	instances of missing or incorrect alerts.
82
83	* Ensure only PSS may be used with RSA in tls 1.3	78	* Ensure only PSS may be used with RSA in tls 1.3
84		79
85	* The client must advertise exactly the "null" compression method	80	* The client must advertise exactly the "null" compression method