aboutsummaryrefslogtreecommitdiffstats
path: root/doc/relnotes
diff options
context:
space:
mode:
Diffstat (limited to 'doc/relnotes')
-rw-r--r--doc/relnotes/1_11_9.rst9
1 files changed, 9 insertions, 0 deletions
diff --git a/doc/relnotes/1_11_9.rst b/doc/relnotes/1_11_9.rst
index 8d9f17666..de88987eb 100644
--- a/doc/relnotes/1_11_9.rst
+++ b/doc/relnotes/1_11_9.rst
@@ -1,6 +1,15 @@
Version 1.11.9, Not Yet Released
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+ * X.509 path validation now returns a set of all errors that occurred
+ during validation, rather than immediately returning the first
+ detected error. This prevents a seemingly innocuous error (such as
+ an expired certificate) from hiding an obviously serious error
+ (such as an invalid signature). The Certificate_Status_Code enum is
+ now ordered by severity, and the most severe error is returned by
+ Path_Validation_Result::result(). The entire set of status codes is
+ available with the new all_statuses call.
+
* Fixed a bug in OCSP response decoding which would cause an error
when attempting to decode responses from some widely used
responders.