aboutsummaryrefslogtreecommitdiff
path: root/crypto/openssl/CHANGES
diff options
context:
space:
mode:
authorJung-uk Kim <jkim@FreeBSD.org>2015-07-09 17:07:45 +0000
committerJung-uk Kim <jkim@FreeBSD.org>2015-07-09 17:07:45 +0000
commit45c1772ea0e3d87c882c93c895534314998ce551 (patch)
tree8d10fc72dd2b2fa9b34ff167b059ca5cf5402917 /crypto/openssl/CHANGES
parentd177f49f6f47414bf8ecd07d6fb4714eb24384f9 (diff)
parentc07d7b3a386974c338492659291008bed07948e6 (diff)
downloadsrc-45c1772ea0e3d87c882c93c895534314998ce551.tar.gz
src-45c1772ea0e3d87c882c93c895534314998ce551.zip
Notes
Diffstat (limited to 'crypto/openssl/CHANGES')
-rw-r--r--crypto/openssl/CHANGES15
1 files changed, 15 insertions, 0 deletions
diff --git a/crypto/openssl/CHANGES b/crypto/openssl/CHANGES
index 759b2a7bbaff..2e888f7b0c28 100644
--- a/crypto/openssl/CHANGES
+++ b/crypto/openssl/CHANGES
@@ -2,6 +2,21 @@
OpenSSL CHANGES
_______________
+ Changes between 1.0.1o and 1.0.1p [9 Jul 2015]
+
+ *) Alternate chains certificate forgery
+
+ During certificate verfification, OpenSSL will attempt to find an
+ alternative certificate chain if the first attempt to build such a chain
+ fails. An error in the implementation of this logic can mean that an
+ attacker could cause certain checks on untrusted certificates to be
+ bypassed, such as the CA flag, enabling them to use a valid leaf
+ certificate to act as a CA and "issue" an invalid certificate.
+
+ This issue was reported to OpenSSL by Adam Langley/David Benjamin
+ (Google/BoringSSL).
+ [Matt Caswell]
+
Changes between 1.0.1n and 1.0.1o [12 Jun 2015]
*) Fix HMAC ABI incompatibility. The previous version introduced an ABI
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-30 18:23:32 +0000