diff options
author | Damien Miller <djm@mindrot.org> | 2014-07-02 12:48:30 +1000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2014-07-02 12:48:30 +1000 |
commit | 2cd7929250cf9e9f658d70dcd452f529ba08c942 (patch) | |
tree | 5e3e72d4ec41cb05af0d8d39799e6c0c8ccb3a78 /ChangeLog | |
parent | 99db840ee8dbbd2b3fbc6c45d0ee2f6a65e96898 (diff) |
- djm@cvs.openbsd.org 2014/06/24 00:52:02
[krl.c]
fix bug in KRL generation: multiple consecutive revoked certificate
serial number ranges could be serialised to an invalid format.
Readers of a broken KRL caused by this bug will fail closed, so no
should-have-been-revoked key will be accepted.
Diffstat (limited to 'ChangeLog')
-rw-r--r-- | ChangeLog | 7 |
1 files changed, 7 insertions, 0 deletions
@@ -17,6 +17,13 @@ | |||
17 | the corresponding ssh_put_bignum functions create. This fixes the | 17 | the corresponding ssh_put_bignum functions create. This fixes the |
18 | use of 16384-bit RSA keys (bug reported by Eivind Evensen). | 18 | use of 16384-bit RSA keys (bug reported by Eivind Evensen). |
19 | ok djm@ | 19 | ok djm@ |
20 | - djm@cvs.openbsd.org 2014/06/24 00:52:02 | ||
21 | [krl.c] | ||
22 | fix bug in KRL generation: multiple consecutive revoked certificate | ||
23 | serial number ranges could be serialised to an invalid format. | ||
24 | |||
25 | Readers of a broken KRL caused by this bug will fail closed, so no | ||
26 | should-have-been-revoked key will be accepted. | ||
20 | 27 | ||
21 | 20140618 | 28 | 20140618 |
22 | - (tim) [openssh/session.c] Work around to get chroot sftp working on UnixWare | 29 | - (tim) [openssh/session.c] Work around to get chroot sftp working on UnixWare |