diff options
| author | Jack Lloyd <[email protected]> | 2021-05-09 08:51:25 -0400 |
|---|---|---|
| committer | Jack Lloyd <[email protected]> | 2021-05-09 08:51:25 -0400 |
| commit | 24c9b0f3dc75b85e696f8edbe24a9958e3ee93a8 (patch) | |
| tree | c6bfdb616aec4fab649da741793a95006e6784ab /news.rst | |
| parent | 8f03527d3bfec45d9ef51cf8a95795b069b00e2a (diff) | |
Update news
Diffstat (limited to 'news.rst')
| -rw-r--r-- | news.rst | 11 |
1 files changed, 11 insertions, 0 deletions
@@ -15,6 +15,17 @@ Version 2.18.1, Not Yet Released which uses thousands separators (pt_BR was reported as having this issue). (GH #2732 #2730 #2237) +* DNS names in name constraints were compared with case sensitivity, which + could cause valid certificates to be rejected. (GH #2739 #2735) + +* X.509 name constraint extensions were rejected if non-critical. RFC 5280 + requires conforming CAs issue such extensions as critical, but not all + certificates are compliant, and all other known implementations do not + require this. (GH #2739 #2736) + +* X.509 name constraints were incorrectly applied to the certificate which + included the constraint. (GH #2739 #2737) + Version 2.18.0, 2021-04-15 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ |