diff options
-rw-r--r-- | CHANGES | 7 | ||||
-rw-r--r-- | NEWS | 4 | ||||
-rw-r--r-- | doc/man3/SSL_get_error.pod | 12 |
3 files changed, 22 insertions, 1 deletions
@@ -9,6 +9,13 @@ Changes between 1.1.1e and 1.1.1f [xx XXX xxxx] + *) Revert the change of EOF detection while reading in libssl to avoid + regressions in applications depending on the current way of reporting + the EOF. As the existing method is not fully accurate the change to + reporting the EOF via SSL_ERROR_SSL is kept on the current development + branch and will be present in the 3.0 release. + [Tomas Mraz] + *) Revised BN_generate_prime_ex to not avoid factors 3..17863 in p-1 when primes for RSA keys are computed. Since we previously always generated primes == 2 (mod 3) for RSA keys, @@ -7,12 +7,14 @@ Major changes between OpenSSL 1.1.1e and OpenSSL 1.1.1f [under development] - o + o Revert the unexpected EOF reporting via SSL_ERROR_SSL Major changes between OpenSSL 1.1.1d and OpenSSL 1.1.1e [17 Mar 2020] o Fixed an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli (CVE-2019-1551) + o Properly detect unexpected EOF while reading in libssl and report + it via SSL_ERROR_SSL Major changes between OpenSSL 1.1.1c and OpenSSL 1.1.1d [10 Sep 2019] diff --git a/doc/man3/SSL_get_error.pod b/doc/man3/SSL_get_error.pod index 97320a6c15..6ef6f7d4c5 100644 --- a/doc/man3/SSL_get_error.pod +++ b/doc/man3/SSL_get_error.pod @@ -155,6 +155,18 @@ connection and SSL_shutdown() must not be called. =back +=head1 BUGS + +The B<SSL_ERROR_SYSCALL> with B<errno> value of 0 indicates unexpected EOF from +the peer. This will be properly reported as B<SSL_ERROR_SSL> with reason +code B<SSL_R_UNEXPECTED_EOF_WHILE_READING> in the OpenSSL 3.0 release because +it is truly a TLS protocol error to terminate the connection without +a SSL_shutdown(). + +The issue is kept unfixed in OpenSSL 1.1.1 releases because many applications +which choose to ignore this protocol error depend on the existing way of +reporting the error. + =head1 SEE ALSO L<ssl(7)> |