From f3046efb2475c86485ff919794c2b1bf6a517112 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 28 Jan 2015 14:13:30 +0000 Subject: [PATCH] Re-categorize changelog entry --- ChangeLog | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 9fa3d30cd..517b45e7f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -54,6 +54,10 @@ Bugfix * Fix assembly selection for MIPS64 (thanks to James Cowgill). * ssl_get_verify_result() now works even if the handshake was aborted due to a failed verification (found by Fredrik Axelsson). + * Skip writing and parsing signature_algorithm extension if none of the + key exchanges enabled needs certificates. This fixes a possible interop + issue with some servers when a zero-length extension was sent. (Reported + by Peter Dettman.) Changes * Use deterministic nonces for AEAD ciphers in TLS by default (possible to @@ -62,8 +66,6 @@ Changes * ssl_set_own_cert() now returns an error on key-certificate mismatch. * Forbid repeated extensions in X.509 certificates. * debug_print_buf() now prints a text view in addition to hexadecimal. - * Skip writing and parsing signature_algorithm extension if none of the - key exchanges enabled needs certificates. * A specific error is now returned when there are ciphersuites in common but none of them is usable due to external factors such as no certificate with a suitable (extended)KeyUsage or curve or no PSK set.