aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2017-12-20 09:52:27 -0500
committerJack Lloyd <[email protected]>2017-12-20 09:52:27 -0500
commit3be143169362a3da6d997dcc0ca2cdd61dcbec93 (patch)
tree5482de843efabdc45635136ed253affa3482dd89
parentc556cac5b6fc366502ed7f255fcc99918ce152c8 (diff)
Update news
-rw-r--r--news.rst22
1 files changed, 19 insertions, 3 deletions
diff --git a/news.rst b/news.rst
index 791ae4977..6731f2e01 100644
--- a/news.rst
+++ b/news.rst
@@ -31,7 +31,23 @@ Version 2.4.0, Not Yet Released
``Private_Key::fingerprint_private`` should be used if this is required.
(GH #1357)
-* XMSS signatures now are multithreaded for improved performance (GH #1267)
+* ECC certificates generated by Botan used an invalid encoding for the
+ parameters field, which was rejected by some certificate validation libraries
+ notably BouncyCastle. (GH #1367)
+
+* Loading an ECC key which used OID encoding for the domain parameters, then
+ saving it, would result in a key using the explicit parameters encoding.
+ Now the OID encoding is retained. (GH #1365)
+
+* Correct various problems in certificate path validation that arose when
+ multiple paths could be constructed leading to a trusted root but due to
+ other constraints only some of them validated. (GH #1363)
+
+* It is now possible for certificate validation to return warning indicators,
+ such as that the distinguished name is not within allowed limits or that a
+ certificate with a negative serial number was observed. (GH #1363 #1359)
+
+* XMSS signatures now are multi-threaded for improved performance (GH #1267)
* Fix a bug that caused the TLS peer cert list to be empty on a resumed session.
(GH #1303 #1342)
@@ -44,7 +60,7 @@ Version 2.4.0, Not Yet Released
Found with tlsfuzzer. (GH #1316)
* Fix several bugs related to sending the wrong TLS alert type in various error
- scenarious, caught with tlsfuzzer.
+ scenarios, caught with tlsfuzzer.
* Add support for a ``tls_http_server`` command line utility which responds to
simple GET requests. This is useful for testing against a browser, or various
@@ -110,7 +126,7 @@ Version 2.4.0, Not Yet Released
custom implementations of signature schemes, eg when offloading the
computations to another device. (GH #1332)
-* Use a direct calculation for calender computations instead of relying on
+* Use a direct calculation for calendar computations instead of relying on
non-portable operating system interfaces. (GH #1336)
* Fix a bug in the amalgamation generation which could cause build failures on