diff options
author | Emilia Kasper <emilia@openssl.org> | 2017-02-17 19:00:15 +0100 |
---|---|---|
committer | Emilia Kasper <emilia@openssl.org> | 2017-02-24 17:37:08 +0100 |
commit | 80770da39ebba0101079477611b7ce2f426653c5 (patch) | |
tree | df2d381df58d8d0e9ad68dead17ea96c1ad17ddb /CHANGES | |
parent | b169c0ec40408566270fb638bcbfab01a0d2dc60 (diff) |
X509 time: tighten validation per RFC 5280
- Reject fractional seconds
- Reject offsets
- Check that the date/time digits are in valid range.
- Add documentation for X509_cmp_time
GH issue 2620
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Diffstat (limited to 'CHANGES')
-rw-r--r-- | CHANGES | 5 |
1 files changed, 5 insertions, 0 deletions
@@ -4,6 +4,11 @@ Changes between 1.1.0e and 1.1.1 [xx XXX xxxx] + *) Certificate time validation (X509_cmp_time) enforces stricter + compliance with RFC 5280. Fractional seconds and timezone offsets + are no longer allowed. + [Emilia Käsper] + *) Add support for SipHash [Todd Short] |