diff options
author | Jung-uk Kim <jkim@FreeBSD.org> | 2015-07-09 17:07:45 +0000 |
---|---|---|
committer | Jung-uk Kim <jkim@FreeBSD.org> | 2015-07-09 17:07:45 +0000 |
commit | 45c1772ea0e3d87c882c93c895534314998ce551 (patch) | |
tree | 8d10fc72dd2b2fa9b34ff167b059ca5cf5402917 /crypto/openssl/CHANGES | |
parent | d177f49f6f47414bf8ecd07d6fb4714eb24384f9 (diff) | |
parent | c07d7b3a386974c338492659291008bed07948e6 (diff) | |
download | src-45c1772ea0e3d87c882c93c895534314998ce551.tar.gz src-45c1772ea0e3d87c882c93c895534314998ce551.zip |
Notes
Diffstat (limited to 'crypto/openssl/CHANGES')
-rw-r--r-- | crypto/openssl/CHANGES | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/crypto/openssl/CHANGES b/crypto/openssl/CHANGES index 759b2a7bbaff..2e888f7b0c28 100644 --- a/crypto/openssl/CHANGES +++ b/crypto/openssl/CHANGES @@ -2,6 +2,21 @@ OpenSSL CHANGES _______________ + Changes between 1.0.1o and 1.0.1p [9 Jul 2015] + + *) Alternate chains certificate forgery + + During certificate verfification, OpenSSL will attempt to find an + alternative certificate chain if the first attempt to build such a chain + fails. An error in the implementation of this logic can mean that an + attacker could cause certain checks on untrusted certificates to be + bypassed, such as the CA flag, enabling them to use a valid leaf + certificate to act as a CA and "issue" an invalid certificate. + + This issue was reported to OpenSSL by Adam Langley/David Benjamin + (Google/BoringSSL). + [Matt Caswell] + Changes between 1.0.1n and 1.0.1o [12 Jun 2015] *) Fix HMAC ABI incompatibility. The previous version introduced an ABI |