diff options
author | Matt Caswell <matt@openssl.org> | 2015-07-02 15:38:32 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2015-07-09 09:31:25 +0100 |
commit | 5627e0f77d333b3d6d2f87b0cc616a062cf54aeb (patch) | |
tree | ab6b18a3a6bc01c47b26a0bb58f3977b7b71bae4 | |
parent | 9dee5244e1d879ee94b203e618202be91936ff71 (diff) |
Update CHANGES and NEWS for the new release
Reviewed-by: Stephen Henson <steve@openssl.org>
-rw-r--r-- | CHANGES | 13 | ||||
-rw-r--r-- | NEWS | 2 |
2 files changed, 13 insertions, 2 deletions
@@ -4,7 +4,18 @@ Changes between 1.0.2c and 1.0.2d [xx XXX xxxx] - *) + *) Alternate chains certificate forgery + + During certificate verfification, OpenSSL will attempt to find an + alternative certificate chain if the first attempt to build such a chain + fails. An error in the implementation of this logic can mean that an + attacker could cause certain checks on untrusted certificates to be + bypassed, such as the CA flag, enabling them to use a valid leaf + certificate to act as a CA and "issue" an invalid certificate. + + This issue was reported to OpenSSL by Adam Langley/David Benjamin + (Google/BoringSSL). + [Matt Caswell] Changes between 1.0.2b and 1.0.2c [12 Jun 2015] @@ -7,7 +7,7 @@ Major changes between OpenSSL 1.0.2c and OpenSSL 1.0.2d [under development] - o + o Alternate chains certificate forgery (CVE-2015-1793) Major changes between OpenSSL 1.0.2b and OpenSSL 1.0.2c [12 Jun 2015] |