OpenSSL v0.9.6.j Release Notes
Release Date: 2003-09-30 // over 20 years ago-
- Fix various bugs revealed by running the NISCC test suite:
Stop out of bounds reads in the ASN1 code when presented with invalid tags (CVE-2003-0543 and CVE-2003-0544).
If verify callback ignores invalid public key errors don't try to check certificate signature with the NULL public key.
Steve Henson
- In ssl3_accept() (ssl/s3_srvr.c) only accept a client certificate if the server requested one: as stated in TLS 1.0 and SSL 3.0 specifications.
Steve Henson
- In ssl3_get_client_hello() (ssl/s3_srvr.c), tolerate additional extra data after the compression methods not only for TLS 1.0 but also for SSL 3.0 (as required by the specification).
Bodo Moeller; problem pointed out by Matthias Loepfe
- Change X509_certificate_type() to mark the key as exported/exportable when it's 512 bits long, not 512 bytes.
Richard Levitte