3.1.4 ChangeLog

(cherry picked from commit c2d9cb4d7ad2900ebe874e980c9fa828f2ddf39a)
author: Theo Buehler <tb@openbsd.org> 2020-08-08 15:56:55 +0200
committer: Theo Buehler <tb@openbsd.org> 2020-08-21 21:04:36 +0200
commit: 2be32881b63192043be8603f926688caf2966a37 (patch)
tree: d4339706a9e8a867111327b9752707651c95eefb /ChangeLog
parent: 9c348f5ffc8e675ed479a9a6eaef701a5206e60c (diff)
download: portable-2be32881b63192043be8603f926688caf2966a37.tar.gz
portable-2be32881b63192043be8603f926688caf2966a37.tar.bz2
portable-2be32881b63192043be8603f926688caf2966a37.zip
1 files changed, 25 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index f381520..88a421d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -96,6 +96,31 @@ LibreSSL Portable Release Notes:
        * Use non-expired certificates first when building a certificate chain.
+3.1.4 - Interoperability and bug fixes for the TLSv1.3 client:
+        * Improve client certificate selection to allow EC certificates
+          instead of only RSA certificates.
+        * Do not error out if a TLSv1.3 server requests an OCSP response as
+          part of a certificate request.
+        * Fix SSL_shutdown behavior to match the legacy stack.  The previous
+          behaviour could cause a hang.
+        * Fix a memory leak and add a missing error check in the handling of
+          the key update message.
+        * Fix a memory leak in tls13_record_layer_set_traffic_key.
+        * Avoid calling freezero with a negative size if a server sends a
+          malformed plaintext of all zeroes.
+        * Ensure that only PSS may be used with RSA in TLSv1.3 in order
+          to avoid using PKCS1-based signatures.
+        * Add the P-521 curve to the list of curves supported by default
+          in the client.
 3.1.3 - Bug fix
        * libcrypto may fail to build a valid certificate chain due to
author	Theo Buehler <tb@openbsd.org>	2020-08-08 15:56:55 +0200
committer	Theo Buehler <tb@openbsd.org>	2020-08-21 21:04:36 +0200
commit	2be32881b63192043be8603f926688caf2966a37 (patch)
tree	d4339706a9e8a867111327b9752707651c95eefb /ChangeLog
parent	9c348f5ffc8e675ed479a9a6eaef701a5206e60c (diff)
download	portable-2be32881b63192043be8603f926688caf2966a37.tar.gz portable-2be32881b63192043be8603f926688caf2966a37.tar.bz2 portable-2be32881b63192043be8603f926688caf2966a37.zip

diff --git a/ChangeLog b/ChangeLog index f381520..88a421d 100644 --- a/ChangeLog +++ b/ChangeLog
@@ -96,6 +96,31 @@ LibreSSL Portable Release Notes:
96		96
97	* Use non-expired certificates first when building a certificate chain.	97	* Use non-expired certificates first when building a certificate chain.
98		98
		99	3.1.4 - Interoperability and bug fixes for the TLSv1.3 client:
		100
		101	* Improve client certificate selection to allow EC certificates
		102	instead of only RSA certificates.
		103
		104	* Do not error out if a TLSv1.3 server requests an OCSP response as
		105	part of a certificate request.
		106
		107	* Fix SSL_shutdown behavior to match the legacy stack. The previous
		108	behaviour could cause a hang.
		109
		110	* Fix a memory leak and add a missing error check in the handling of
		111	the key update message.
		112
		113	* Fix a memory leak in tls13_record_layer_set_traffic_key.
		114
		115	* Avoid calling freezero with a negative size if a server sends a
		116	malformed plaintext of all zeroes.
		117
		118	* Ensure that only PSS may be used with RSA in TLSv1.3 in order
		119	to avoid using PKCS1-based signatures.
		120
		121	* Add the P-521 curve to the list of curves supported by default
		122	in the client.
		123
99	3.1.3 - Bug fix	124	3.1.3 - Bug fix
100		125
101	* libcrypto may fail to build a valid certificate chain due to	126	* libcrypto may fail to build a valid certificate chain due to