diff options
Diffstat (limited to 'CHANGES')
| -rw-r--r-- | CHANGES | 24 |
1 files changed, 23 insertions, 1 deletions
@@ -434,7 +434,29 @@ whose return value is often ignored. [Steve Henson] - Changes between 1.0.2a and 1.0.2b [xx XXX xxxx] + Changes between 1.0.2c and 1.0.2d [xx XXX xxxx] + + *) Alternate chains certificate forgery + + During certificate verfification, OpenSSL will attempt to find an + alternative certificate chain if the first attempt to build such a chain + fails. An error in the implementation of this logic can mean that an + attacker could cause certain checks on untrusted certificates to be + bypassed, such as the CA flag, enabling them to use a valid leaf + certificate to act as a CA and "issue" an invalid certificate. + + This issue was reported to OpenSSL by Adam Langley/David Benjamin + (Google/BoringSSL). + [Matt Caswell] + + Changes between 1.0.2b and 1.0.2c [12 Jun 2015] + + *) Fix HMAC ABI incompatibility. The previous version introduced an ABI + incompatibility in the handling of HMAC. The previous ABI has now been + restored. + [Matt Caswell] + + Changes between 1.0.2a and 1.0.2b [11 Jun 2015] *) Malformed ECParameters causes infinite loop |