diff options
| author | Jung-uk Kim <jkim@FreeBSD.org> | 2015-07-09 16:41:34 +0000 |
|---|---|---|
| committer | Jung-uk Kim <jkim@FreeBSD.org> | 2015-07-09 16:41:34 +0000 |
| commit | c07d7b3a386974c338492659291008bed07948e6 (patch) | |
| tree | 4a088fbc0af7599e38a1d2eec27cb4a34e6b18ae /CHANGES | |
| parent | 15533bcc3525a52ecfe00631bc36167d65c6b187 (diff) | |
| download | src-c07d7b3a386974c338492659291008bed07948e6.tar.gz src-c07d7b3a386974c338492659291008bed07948e6.zip | |
Import OpenSSL 1.0.1p.vendor/openssl/1.0.1p
Notes
Notes:
svn path=/vendor-crypto/openssl/dist/; revision=285327
svn path=/vendor-crypto/openssl/1.0.1p/; revision=285328; tag=vendor/openssl/1.0.1p
Diffstat (limited to 'CHANGES')
| -rw-r--r-- | CHANGES | 15 |
1 files changed, 15 insertions, 0 deletions
@@ -2,6 +2,21 @@ OpenSSL CHANGES _______________ + Changes between 1.0.1o and 1.0.1p [9 Jul 2015] + + *) Alternate chains certificate forgery + + During certificate verfification, OpenSSL will attempt to find an + alternative certificate chain if the first attempt to build such a chain + fails. An error in the implementation of this logic can mean that an + attacker could cause certain checks on untrusted certificates to be + bypassed, such as the CA flag, enabling them to use a valid leaf + certificate to act as a CA and "issue" an invalid certificate. + + This issue was reported to OpenSSL by Adam Langley/David Benjamin + (Google/BoringSSL). + [Matt Caswell] + Changes between 1.0.1n and 1.0.1o [12 Jun 2015] *) Fix HMAC ABI incompatibility. The previous version introduced an ABI |