diff options
author | lloyd <[email protected]> | 2014-04-13 15:48:12 +0000 |
---|---|---|
committer | lloyd <[email protected]> | 2014-04-13 15:48:12 +0000 |
commit | c30ff3c1b1308346de33397ab282d1f2831d0936 (patch) | |
tree | ad9a1b1d321c44300853a61b74b4458a24c00ed7 /doc/relnotes | |
parent | cff39226ba13a7d77ca55f7712d3f67242b95a4e (diff) |
Deindent to avoid github mangling
Diffstat (limited to 'doc/relnotes')
-rw-r--r-- | doc/relnotes/1_11_9.rst | 70 |
1 files changed, 34 insertions, 36 deletions
diff --git a/doc/relnotes/1_11_9.rst b/doc/relnotes/1_11_9.rst index 9bbeb1ba4..a18a0b49d 100644 --- a/doc/relnotes/1_11_9.rst +++ b/doc/relnotes/1_11_9.rst @@ -1,39 +1,37 @@ Version 1.11.9, 2014-04-10 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - * Fix a bug in primality testing introduced in 1.8.3 which caused - only a single random base, rather than a sequence of random bases, - to be used in the Miller-Rabin test. This increased the probability - that a non-prime would be accepted, for instance a 1024 bit number - would be incorrectly classed as prime with probability around - 2^-40. Reported by Jeff Marrison. - - * X.509 path validation now returns a set of all errors that occurred - during validation, rather than immediately returning the first - detected error. This prevents a seemingly innocuous error (such as - an expired certificate) from hiding an obviously serious error - (such as an invalid signature). The Certificate_Status_Code enum is - now ordered by severity, and the most severe error is returned by - Path_Validation_Result::result(). The entire set of status codes is - available with the new all_statuses call. - - * Fixed a bug in OCSP response decoding which would cause an error - when attempting to decode responses from some widely used - responders. - - * An implementation of HMAC_DRBG RNG from NIST SP800-90A has been - added. Like the X9.31 PRNG implementation, it uses another - underlying RNG for seeding material. - - * An implementation of the RFC 6979 deterministic nonce generator has - been added. - - * Fix a bug in certificate path validation which prevented successful - validation if intermediate certificates were presented out of order. - - * Fix a bug introduced in 1.11.5 which could cause crashes or other - incorrect behavior when a cipher mode filter was followed in the - pipe by another filter, and that filter had a non-empty start_msg. - - * The types.h header now uses stdint.h rather than cstdint to avoid - problems with Clang on OS X. +* Fix a bug in primality testing introduced in 1.8.3 which caused + only a single random base, rather than a sequence of random bases, + to be used in the Miller-Rabin test. This increased the probability + that a non-prime would be accepted. Reported by Jeff Marrison. + +* X.509 path validation now returns a set of all errors that occurred + during validation, rather than immediately returning the first + detected error. This prevents a seemingly innocuous error (such as + an expired certificate) from hiding an obviously serious error + (such as an invalid signature). The Certificate_Status_Code enum is + now ordered by severity, and the most severe error is returned by + Path_Validation_Result::result(). The entire set of status codes is + available with the new all_statuses call. + +* Fixed a bug in OCSP response decoding which would cause an error + when attempting to decode responses from some widely used + responders. + +* An implementation of HMAC_DRBG RNG from NIST SP800-90A has been + added. Like the X9.31 PRNG implementation, it uses another + underlying RNG for seeding material. + +* An implementation of the RFC 6979 deterministic nonce generator has + been added. + +* Fix a bug in certificate path validation which prevented successful + validation if intermediate certificates were presented out of order. + +* Fix a bug introduced in 1.11.5 which could cause crashes or other + incorrect behavior when a cipher mode filter was followed in the + pipe by another filter, and that filter had a non-empty start_msg. + +* The types.h header now uses stdint.h rather than cstdint to avoid + problems with Clang on OS X. |