OpenSSL v0.9.6.j

Version Release Notes from September 30, 2003 (over 20 years ago)

« Changelog History

OpenSSL v0.9.6.j Release Notes

Release Date: 2003-09-30 // over 20 years ago

- Fix various bugs revealed by running the NISCC test suite:
Stop out of bounds reads in the ASN1 code when presented with invalid tags (CVE-2003-0543 and CVE-2003-0544).

If verify callback ignores invalid public key errors don't try to check certificate signature with the NULL public key.

Steve Henson
- In ssl3_accept() (ssl/s3_srvr.c) only accept a client certificate if the server requested one: as stated in TLS 1.0 and SSL 3.0 specifications.
Steve Henson
- In ssl3_get_client_hello() (ssl/s3_srvr.c), tolerate additional extra data after the compression methods not only for TLS 1.0 but also for SSL 3.0 (as required by the specification).
Bodo Moeller; problem pointed out by Matthias Loepfe
- Change X509_certificate_type() to mark the key as exported/exportable when it's 512 bits long, not 512 bytes.
Richard Levitte

Awesome C++ is part of the LibHunt network. Terms. Privacy Policy.