aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--doc/security.rst8
-rw-r--r--news.rst11
2 files changed, 10 insertions, 9 deletions
diff --git a/doc/security.rst b/doc/security.rst
index 96ce0698d..faefca7d5 100644
--- a/doc/security.rst
+++ b/doc/security.rst
@@ -1,4 +1,6 @@
+.. highlight:: none
+
Security
========================================
@@ -167,9 +169,9 @@ Advisories
Otherwise valid certificates using wildcards would be accepted as matching
certain hostnames that should they should not according to RFC 6125. For
- example a certificate issued for '*.example.com' should match
- 'foo.example.com' but not 'example.com' or 'bar.foo.example.com'. Previously
- Botan would accept such a certificate as valid for 'bar.foo.example.com'.
+ example a certificate issued for ``*.example.com`` should match
+ ``foo.example.com`` but not ``example.com`` or ``bar.foo.example.com``. Previously
+ Botan would accept such a certificate as also valid for ``bar.foo.example.com``.
RFC 6125 also requires that when matching a X.509 certificate against a DNS
name, the CN entry is only compared if no subjectAlternativeName entry is
diff --git a/news.rst b/news.rst
index bf4ef521e..58fb0d6a2 100644
--- a/news.rst
+++ b/news.rst
@@ -652,7 +652,7 @@ Version 1.11.27, 2016-02-01
* Add Blake2b hash function. GH #413
-* Use m_ prefix on all member variables. GH #398 and #407
+* Use ``m_`` prefix on all member variables. GH #398 and #407
* Use final qualifier on many classes. GH #408
@@ -833,8 +833,8 @@ Version 1.11.23, 2015-10-26
* CVE-2015-7826: X.509 path validation violated RFC 6125 and would accept
certificates which should not validate under those rules. In particular botan
would accept wildcard certificates as matching in situations where it should
- not (for example it would erroneously accept '*.example.com' as a valid
- wildcard for 'foo.bar.example.com')
+ not (for example it would erroneously accept ``*.example.com`` as a valid
+ wildcard for ``foo.bar.example.com``)
* CVE-2015-7827: The routines for decoding PKCS #1 encryption and OAEP blocks
have been rewritten to run without secret indexes or branches. These
@@ -2046,9 +2046,8 @@ in Python 3.1 has been fixed (Bugzilla 157).
The exception catching syntax of configure.py has been changed to the
Python 3.x syntax. This syntax also works with Python 2.6 and 2.7, but
not with any earlier Python 2 release. A simple search and replace
-will allow running it under Python 2.5::
-
- perl -pi -e 's/except (.*) as (.*):/except $1, $2:/g' configure.py
+will allow running it under Python 2.5:
+``perl -pi -e 's/except (.*) as (.*):/except $1, $2:/g' configure.py``
Note that Python 2.4 is not supported at all.