aboutsummaryrefslogtreecommitdiffstats
path: root/doc/relnotes
diff options
context:
space:
mode:
authorlloyd <[email protected]>2014-04-13 15:48:12 +0000
committerlloyd <[email protected]>2014-04-13 15:48:12 +0000
commitc30ff3c1b1308346de33397ab282d1f2831d0936 (patch)
treead9a1b1d321c44300853a61b74b4458a24c00ed7 /doc/relnotes
parentcff39226ba13a7d77ca55f7712d3f67242b95a4e (diff)
Deindent to avoid github mangling
Diffstat (limited to 'doc/relnotes')
-rw-r--r--doc/relnotes/1_11_9.rst70
1 files changed, 34 insertions, 36 deletions
diff --git a/doc/relnotes/1_11_9.rst b/doc/relnotes/1_11_9.rst
index 9bbeb1ba4..a18a0b49d 100644
--- a/doc/relnotes/1_11_9.rst
+++ b/doc/relnotes/1_11_9.rst
@@ -1,39 +1,37 @@
Version 1.11.9, 2014-04-10
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Fix a bug in primality testing introduced in 1.8.3 which caused
- only a single random base, rather than a sequence of random bases,
- to be used in the Miller-Rabin test. This increased the probability
- that a non-prime would be accepted, for instance a 1024 bit number
- would be incorrectly classed as prime with probability around
- 2^-40. Reported by Jeff Marrison.
-
- * X.509 path validation now returns a set of all errors that occurred
- during validation, rather than immediately returning the first
- detected error. This prevents a seemingly innocuous error (such as
- an expired certificate) from hiding an obviously serious error
- (such as an invalid signature). The Certificate_Status_Code enum is
- now ordered by severity, and the most severe error is returned by
- Path_Validation_Result::result(). The entire set of status codes is
- available with the new all_statuses call.
-
- * Fixed a bug in OCSP response decoding which would cause an error
- when attempting to decode responses from some widely used
- responders.
-
- * An implementation of HMAC_DRBG RNG from NIST SP800-90A has been
- added. Like the X9.31 PRNG implementation, it uses another
- underlying RNG for seeding material.
-
- * An implementation of the RFC 6979 deterministic nonce generator has
- been added.
-
- * Fix a bug in certificate path validation which prevented successful
- validation if intermediate certificates were presented out of order.
-
- * Fix a bug introduced in 1.11.5 which could cause crashes or other
- incorrect behavior when a cipher mode filter was followed in the
- pipe by another filter, and that filter had a non-empty start_msg.
-
- * The types.h header now uses stdint.h rather than cstdint to avoid
- problems with Clang on OS X.
+* Fix a bug in primality testing introduced in 1.8.3 which caused
+ only a single random base, rather than a sequence of random bases,
+ to be used in the Miller-Rabin test. This increased the probability
+ that a non-prime would be accepted. Reported by Jeff Marrison.
+
+* X.509 path validation now returns a set of all errors that occurred
+ during validation, rather than immediately returning the first
+ detected error. This prevents a seemingly innocuous error (such as
+ an expired certificate) from hiding an obviously serious error
+ (such as an invalid signature). The Certificate_Status_Code enum is
+ now ordered by severity, and the most severe error is returned by
+ Path_Validation_Result::result(). The entire set of status codes is
+ available with the new all_statuses call.
+
+* Fixed a bug in OCSP response decoding which would cause an error
+ when attempting to decode responses from some widely used
+ responders.
+
+* An implementation of HMAC_DRBG RNG from NIST SP800-90A has been
+ added. Like the X9.31 PRNG implementation, it uses another
+ underlying RNG for seeding material.
+
+* An implementation of the RFC 6979 deterministic nonce generator has
+ been added.
+
+* Fix a bug in certificate path validation which prevented successful
+ validation if intermediate certificates were presented out of order.
+
+* Fix a bug introduced in 1.11.5 which could cause crashes or other
+ incorrect behavior when a cipher mode filter was followed in the
+ pipe by another filter, and that filter had a non-empty start_msg.
+
+* The types.h header now uses stdint.h rather than cstdint to avoid
+ problems with Clang on OS X.