diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2009-06-15 15:01:00 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2009-06-15 15:01:00 +0000 |
| commit | 31db43df0859210a32af3708df08f0149c46ede0 (patch) | |
| tree | 3287605ec579c747e3444a1a5aad43e3a3e8209c /CHANGES | |
| parent | 512cab0128e9f3ff21ddcc1a13f514c0982abd42 (diff) | |
Update from 0.9.8-stable.
Diffstat (limited to 'CHANGES')
| -rw-r--r-- | CHANGES | 5 |
1 files changed, 5 insertions, 0 deletions
@@ -793,6 +793,11 @@ Changes between 0.9.8k and 0.9.8l [xx XXX xxxx] + *) Don't check self signed certificate signatures in X509_verify_cert(): + it just wastes time without adding any security. As a useful side effect + self signed root CAs with non-FIPS digests are now usable in FIPS mode. + [Steve Henson] + *) In dtls1_process_out_of_seq_message() the check if the current message is already buffered was missing. For every new message was memory allocated, allowing an attacker to perform an denial of service attack |