diff options
| author | Mike DePaulo <mikedep333@gmail.com> | 2015-07-10 08:56:32 -0400 |
|---|---|---|
| committer | Mike DePaulo <mikedep333@gmail.com> | 2015-07-26 11:34:07 -0400 |
| commit | 9ece505c5ca92218e41adedfa6d8c47574bd9271 (patch) | |
| tree | fbb27f113769b94dafa26ab43a5843c7e7454fb6 /openssl/CHANGES | |
| parent | 6d650329125473a3b773f03f2fb704a094d92b55 (diff) | |
| download | vcxsrv-9ece505c5ca92218e41adedfa6d8c47574bd9271.tar.gz vcxsrv-9ece505c5ca92218e41adedfa6d8c47574bd9271.tar.bz2 vcxsrv-9ece505c5ca92218e41adedfa6d8c47574bd9271.zip | |
Update openssl: 1.0.2c -> 1.0.2d
Diffstat (limited to 'openssl/CHANGES')
| -rw-r--r-- | openssl/CHANGES | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/openssl/CHANGES b/openssl/CHANGES index 4cbf61ddf..5d4c23436 100644 --- a/openssl/CHANGES +++ b/openssl/CHANGES @@ -2,6 +2,21 @@ OpenSSL CHANGES _______________ + Changes between 1.0.2c and 1.0.2d [9 Jul 2015] + + *) Alternate chains certificate forgery + + During certificate verfification, OpenSSL will attempt to find an + alternative certificate chain if the first attempt to build such a chain + fails. An error in the implementation of this logic can mean that an + attacker could cause certain checks on untrusted certificates to be + bypassed, such as the CA flag, enabling them to use a valid leaf + certificate to act as a CA and "issue" an invalid certificate. + + This issue was reported to OpenSSL by Adam Langley/David Benjamin + (Google/BoringSSL). + [Matt Caswell] + Changes between 1.0.2b and 1.0.2c [12 Jun 2015] *) Fix HMAC ABI incompatibility. The previous version introduced an ABI |