diff options
author | Jack Lloyd <[email protected]> | 2017-12-20 09:52:27 -0500 |
---|---|---|
committer | Jack Lloyd <[email protected]> | 2017-12-20 09:52:27 -0500 |
commit | 3be143169362a3da6d997dcc0ca2cdd61dcbec93 (patch) | |
tree | 5482de843efabdc45635136ed253affa3482dd89 /news.rst | |
parent | c556cac5b6fc366502ed7f255fcc99918ce152c8 (diff) |
Update news
Diffstat (limited to 'news.rst')
-rw-r--r-- | news.rst | 22 |
1 files changed, 19 insertions, 3 deletions
@@ -31,7 +31,23 @@ Version 2.4.0, Not Yet Released ``Private_Key::fingerprint_private`` should be used if this is required. (GH #1357) -* XMSS signatures now are multithreaded for improved performance (GH #1267) +* ECC certificates generated by Botan used an invalid encoding for the + parameters field, which was rejected by some certificate validation libraries + notably BouncyCastle. (GH #1367) + +* Loading an ECC key which used OID encoding for the domain parameters, then + saving it, would result in a key using the explicit parameters encoding. + Now the OID encoding is retained. (GH #1365) + +* Correct various problems in certificate path validation that arose when + multiple paths could be constructed leading to a trusted root but due to + other constraints only some of them validated. (GH #1363) + +* It is now possible for certificate validation to return warning indicators, + such as that the distinguished name is not within allowed limits or that a + certificate with a negative serial number was observed. (GH #1363 #1359) + +* XMSS signatures now are multi-threaded for improved performance (GH #1267) * Fix a bug that caused the TLS peer cert list to be empty on a resumed session. (GH #1303 #1342) @@ -44,7 +60,7 @@ Version 2.4.0, Not Yet Released Found with tlsfuzzer. (GH #1316) * Fix several bugs related to sending the wrong TLS alert type in various error - scenarious, caught with tlsfuzzer. + scenarios, caught with tlsfuzzer. * Add support for a ``tls_http_server`` command line utility which responds to simple GET requests. This is useful for testing against a browser, or various @@ -110,7 +126,7 @@ Version 2.4.0, Not Yet Released custom implementations of signature schemes, eg when offloading the computations to another device. (GH #1332) -* Use a direct calculation for calender computations instead of relying on +* Use a direct calculation for calendar computations instead of relying on non-portable operating system interfaces. (GH #1336) * Fix a bug in the amalgamation generation which could cause build failures on |