Add check for path validation result in Credentials_Manager. GH #324

author: Jack Lloyd <[email protected]> 2015-11-04 14:31:59 -0500
committer: Jack Lloyd <[email protected]> 2015-11-04 14:31:59 -0500
commit: 7049b8e541b032e42ab0b4007a344bd14918bdcc (patch)
tree: 45d30ee973d2b88c56b30fcd0c4fb4a09ad345b5 /doc/news.rst
parent: d475735cbe21d9d0dd3f39fb936cdaac8ef56e30 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/doc/news.rst b/doc/news.rst
index 58f58c14a..7a96db195 100644
--- a/doc/news.rst
+++ b/doc/news.rst
@@ -4,6 +4,12 @@ Release Notes
 Version 1.11.24, Not Yet Released
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
+* When the bugs affecting X.509 path validation were fixed in 1.11.23, a check
+  in Credentials_Manager::verify_certificate_chain was accidentally removed
+  which caused path validation failures not to be signaled to the TLS layer.
+  Thus in 1.11.23 certificate authentication in TLS is bypassed.
+  Reported by Florent Le Coz in GH #324
+
 * Fixed an endian dependency in McEliece key generation which caused
   keys to be generated differently on big and little endian systems,
   even when using a deterministic PRNG with the same seed.
author	Jack Lloyd <[email protected]>	2015-11-04 14:31:59 -0500
committer	Jack Lloyd <[email protected]>	2015-11-04 14:31:59 -0500
commit	7049b8e541b032e42ab0b4007a344bd14918bdcc (patch)
tree	45d30ee973d2b88c56b30fcd0c4fb4a09ad345b5 /doc/news.rst
parent	d475735cbe21d9d0dd3f39fb936cdaac8ef56e30 (diff)