OpenSSL v0.9.7.b Release Notes
Release Date: 2003-09-30 // over 20 years ago-
- Fix various bugs revealed by running the NISCC test suite:
Stop out of bounds reads in the ASN1 code when presented with invalid tags (CVE-2003-0543 and CVE-2003-0544).
Free up ASN1_TYPE correctly if ANY type is invalid [CVE-2003-0545][].
If verify callback ignores invalid public key errors don't try to check certificate signature with the NULL public key.
Steve Henson
- New -ignore_err option in ocsp application to stop the server exiting on the first error in a request.
Steve Henson
- In ssl3_accept() (ssl/s3_srvr.c) only accept a client certificate if the server requested one: as stated in TLS 1.0 and SSL 3.0 specifications.
Steve Henson
- In ssl3_get_client_hello() (ssl/s3_srvr.c), tolerate additional extra data after the compression methods not only for TLS 1.0 but also for SSL 3.0 (as required by the specification).
Bodo Moeller; problem pointed out by Matthias Loepfe
- Change X509_certificate_type() to mark the key as exported/exportable when it's 512 bits long, not 512 bytes.
Richard Levitte
- Change AES_cbc_encrypt() so it outputs exact multiple of blocks during encryption.
Richard Levitte
- Various fixes to base64 BIO and non blocking I/O. On write flushes were not handled properly if the BIO retried. On read data was not being buffered properly and had various logic bugs. This also affects blocking I/O when the data being decoded is a certain size.
Steve Henson
- Various S/MIME bugfixes and compatibility changes: output correct application/pkcs7 MIME type if PKCS7_NOOLDMIMETYPE is set. Tolerate some broken signatures. Output CR+LF for EOL if PKCS7_CRLFEOL is set (this makes opening of files as .eml work). Correctly handle very long lines in MIME parser.
Steve Henson