diff options
| author | Jack Lloyd <[email protected]> | 2021-05-09 06:56:09 -0400 |
|---|---|---|
| committer | Jack Lloyd <[email protected]> | 2021-05-09 06:56:09 -0400 |
| commit | edafe58c053414af212effe32dd31d7cdc6fa828 (patch) | |
| tree | 58a5f7512c1008806d1b7baee63c2981cd1a89bb | |
| parent | 925a86a368ac69475d7af5cfcf3b22135766efc6 (diff) | |
Update news3.0.0-alpha0
| -rw-r--r-- | news.rst | 11 |
1 files changed, 11 insertions, 0 deletions
@@ -47,6 +47,17 @@ Version 3.0.0, Not Yet Released * Add support for hashing onto an elliptic curve using the SSWU technique of draft-irtf-cfrg-hash-to-curve (GH #2726) +* DNS names in name constraints were compared with case sensitivity, which + could cause valid certificates to be rejected. (GH #2738 #2735) + +* X.509 name constraint extensions were rejected if non-critical. RFC 5280 + requires conforming CAs issue such extensions as critical, but not all + certificates are compliant, and all other known implementations do not + require this. (GH #2738 #2736) + +* X.509 name constraints were incorrectly applied to the certificate which + included the constraint. (GH #2738 #2737) + * Use constant-time code instead of table lookups when computing parity bits (GH #2560), choosing ASN.1 string type (GH #2559) and when converting to/from the bcrypt variant of base64 (GH #2561) |