Version 1.11.9, 2014-04-10 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Fix a bug in primality testing introduced in 1.8.3 which caused only a single random base, rather than a sequence of random bases, to be used in the Miller-Rabin test. This increased the probability that a non-prime would be accepted. Reported by Jeff Marrison. * X.509 path validation now returns a set of all errors that occurred during validation, rather than immediately returning the first detected error. This prevents a seemingly innocuous error (such as an expired certificate) from hiding an obviously serious error (such as an invalid signature). The Certificate_Status_Code enum is now ordered by severity, and the most severe error is returned by Path_Validation_Result::result(). The entire set of status codes is available with the new all_statuses call. * Fixed a bug in OCSP response decoding which would cause an error when attempting to decode responses from some widely used responders. * An implementation of HMAC_DRBG RNG from NIST SP800-90A has been added. Like the X9.31 PRNG implementation, it uses another underlying RNG for seeding material. * An implementation of the RFC 6979 deterministic nonce generator has been added. * Fix a bug in certificate path validation which prevented successful validation if intermediate certificates were presented out of order. * Fix a bug introduced in 1.11.5 which could cause crashes or other incorrect behavior when a cipher mode filter was followed in the pipe by another filter, and that filter had a non-empty start_msg. * The types.h header now uses stdint.h rather than cstdint to avoid problems with Clang on OS X.