diff options
| author | Richard Levitte <levitte@openssl.org> | 2004-11-29 11:57:00 +0000 |
|---|---|---|
| committer | Richard Levitte <levitte@openssl.org> | 2004-11-29 11:57:00 +0000 |
| commit | 5022e4ecdf228dd79c9fc355a7b5047adbf9d414 (patch) | |
| tree | c877b7da82db357a2ea14748abe1bcd6ee597700 /CHANGES | |
| parent | 30b415b0765b465e71262d051b7b16b604a855be (diff) | |
| download | openssl-5022e4ecdf228dd79c9fc355a7b5047adbf9d414.tar.gz | |
Document the change.
Diffstat (limited to 'CHANGES')
| -rw-r--r-- | CHANGES | 16 |
1 files changed, 15 insertions, 1 deletions
@@ -743,7 +743,21 @@ differing sizes. [Richard Levitte] - Changes between 0.9.7d and 0.9.7e [XX xxx XXXX] + Changes between 0.9.7e and 0.9.7f [XX xxx XXXX] + + *) Make an explicit check during certificate validation to see that + the CA setting in each certificate on the chain is correct. As a + side effect always do the following basic checks on extensions, + not just when there's an associated purpose to the check: + + - if there is an unhandled critical extension (unless the user + has chosen to ignore this fault) + - if the path length has been exceeded (if one is set at all) + - that certain extensions fit the associated purpose (if one has + been given) + [Richard Levitte] + + Changes between 0.9.7d and 0.9.7e [25 Oct 2004] *) Avoid a race condition when CRLs are checked in a multi threaded environment. This would happen due to the reordering of the revoked |