Correct indentation and labelling in ChangeLog

This commit is contained in:
Hanno Becker 2017-07-26 11:49:40 +01:00
parent 745bcf454f
commit 01a0e07e9d

View file

@ -4,13 +4,13 @@ mbed TLS ChangeLog (Sorted per branch, date)
Security
* Fix authentication bypass in SSL/TLS: when auth_mode is set to optional,
mbedtls_ssl_get_verify_result() would incorrectly return 0 when the peer's
X.509 certificate chain had more than MBEDTLS_X509_MAX_INTERMEDIATE_CA
(default: 8) intermediates, even when it was not trusted. Could be
triggered remotely on both sides. (With auth_mode set to required
(default), the handshake was correctly aborted.)
mbedtls_ssl_get_verify_result() would incorrectly return 0 when the peer's
X.509 certificate chain had more than MBEDTLS_X509_MAX_INTERMEDIATE_CA
(default: 8) intermediates, even when it was not trusted. Could be
triggered remotely on both sides. (With auth_mode set to required
(default), the handshake was correctly aborted.)
Changes
API changes
* Certificate verification functions now set flags to -1 in case the full
chain was not verified due to an internal error (including in the verify
callback) or chain length limitations.
@ -271,7 +271,7 @@ Security
* Fix potential integer overflow to buffer overflow in
mbedtls_rsa_rsaes_pkcs1_v15_encrypt and mbedtls_rsa_rsaes_oaep_encrypt
(not triggerable remotely in (D)TLS).
* Fix a potential integer underflow to buffer overread in
* Fix a potential integer underflow to buffer overread in
mbedtls_rsa_rsaes_oaep_decrypt. It is not triggerable remotely in
SSL/TLS.
@ -291,7 +291,7 @@ Bugfix
* Fix an issue that caused valid certificates to be rejected whenever an
expired or not yet valid certificate was parsed before a valid certificate
in the trusted certificate list.
* Fix bug in mbedtls_x509_crt_parse that caused trailing extra data in the
* Fix bug in mbedtls_x509_crt_parse that caused trailing extra data in the
buffer after DER certificates to be included in the raw representation.
* Fix issue that caused a hang when generating RSA keys of odd bitlength
* Fix bug in mbedtls_rsa_rsaes_pkcs1_v15_encrypt that made null pointer
@ -1547,7 +1547,7 @@ Security
Changes
* Allow enabling of dummy error_strerror() to support some use-cases
* Debug messages about padding errors during SSL message decryption are
disabled by default and can be enabled with POLARSSL_SSL_DEBUG_ALL
disabled by default and can be enabled with POLARSSL_SSL_DEBUG_ALL
* Sending of security-relevant alert messages that do not break
interoperability can be switched on/off with the flag
POLARSSL_SSL_ALL_ALERT_MESSAGES
@ -1576,7 +1576,7 @@ Bugfix
Changes
* Added p_hw_data to ssl_context for context specific hardware acceleration
data
* During verify trust-CA is only checked for expiration and CRL presence
* During verify trust-CA is only checked for expiration and CRL presence
Bugfixes
* Fixed client authentication compatibility
@ -1874,9 +1874,9 @@ Features
with random data (Fixed ticket #10)
Changes
* Debug print of MPI now removes leading zero octets and
* Debug print of MPI now removes leading zero octets and
displays actual bit size of the value.
* x509parse_key() (and as a consequence x509parse_keyfile())
* x509parse_key() (and as a consequence x509parse_keyfile())
does not zeroize memory in advance anymore. Use rsa_init()
before parsing a key or keyfile!
@ -1898,7 +1898,7 @@ Features
printing of X509 CRLs from file
Changes
* Parsing of PEM files moved to separate module (Fixes
* Parsing of PEM files moved to separate module (Fixes
ticket #13). Also possible to remove PEM support for
systems only using DER encoding
@ -2041,7 +2041,7 @@ Bug fixes
* Fixed HMAC-MD2 by modifying md2_starts(), so that the
required HMAC ipad and opad variables are not cleared.
(found by code coverage tests)
* Prevented use of long long in bignum if
* Prevented use of long long in bignum if
POLARSSL_HAVE_LONGLONG not defined (found by Giles
Bathgate).
* Fixed incorrect handling of negative strings in
@ -2082,7 +2082,7 @@ Bug fixes
* Made definition of net_htons() endian-clean for big endian
systems (Found by Gernot).
* Undefining POLARSSL_HAVE_ASM now also handles prevents asm in
padlock and timing code.
padlock and timing code.
* Fixed an off-by-one buffer allocation in ssl_set_hostname()
responsible for crashes and unwanted behaviour.
* Added support for Certificate Revocation List (CRL) parsing.
@ -2256,4 +2256,3 @@ XySSL ChangeLog
who maintains the Debian package :-)
= Version 0.1 released on 2006-11-01