diff options
| author | Damien Miller <djm@mindrot.org> | 2014-07-02 12:48:30 +1000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2014-07-02 12:48:30 +1000 |
| commit | 2cd7929250cf9e9f658d70dcd452f529ba08c942 (patch) | |
| tree | 5e3e72d4ec41cb05af0d8d39799e6c0c8ccb3a78 /ChangeLog | |
| parent | 99db840ee8dbbd2b3fbc6c45d0ee2f6a65e96898 (diff) | |
- djm@cvs.openbsd.org 2014/06/24 00:52:02
[krl.c]
fix bug in KRL generation: multiple consecutive revoked certificate
serial number ranges could be serialised to an invalid format.
Readers of a broken KRL caused by this bug will fail closed, so no
should-have-been-revoked key will be accepted.
Diffstat (limited to 'ChangeLog')
| -rw-r--r-- | ChangeLog | 7 |
1 files changed, 7 insertions, 0 deletions
| @@ -17,6 +17,13 @@ | |||
| 17 | the corresponding ssh_put_bignum functions create. This fixes the | 17 | the corresponding ssh_put_bignum functions create. This fixes the |
| 18 | use of 16384-bit RSA keys (bug reported by Eivind Evensen). | 18 | use of 16384-bit RSA keys (bug reported by Eivind Evensen). |
| 19 | ok djm@ | 19 | ok djm@ |
| 20 | - djm@cvs.openbsd.org 2014/06/24 00:52:02 | ||
| 21 | [krl.c] | ||
| 22 | fix bug in KRL generation: multiple consecutive revoked certificate | ||
| 23 | serial number ranges could be serialised to an invalid format. | ||
| 24 | |||
| 25 | Readers of a broken KRL caused by this bug will fail closed, so no | ||
| 26 | should-have-been-revoked key will be accepted. | ||
| 20 | 27 | ||
| 21 | 20140618 | 28 | 20140618 |
| 22 | - (tim) [openssh/session.c] Work around to get chroot sftp working on UnixWare | 29 | - (tim) [openssh/session.c] Work around to get chroot sftp working on UnixWare |