PolarSSL 1.3.7 发布,SSL 加密库

发布于 2014年05月10日
收藏 2

轻量级SSL库PolarSSL发布1.3.7.2014-05-03。上个版本2014-04-11的1.3.6。遗留产品线1.2.10 很多应用已支持PolarSSL如hiawatha,OpenVPN,Monkey 相对OpenSSL漏洞频出,这种趋势可能会更明显。

此版本包括了一些小的 bug 修复和改进,不会影响现有的 API。


  • Debug module improvements

  • run-time capabilities checking

  • AES-NI improvements

  • deprecation of POLARSSL_CONFIG_OPTIONS

  • support for more Attribute Types from IETX PKIX (RFC 5280)

  • re-prioritization of RC4 ciphersuite

Bug 修复:

  • Only iterate over actual certificates in ssl_write_certificate_request() (found by Matthew Page)

  • Typos in platform.c and pkcs11.c (found by Daniel Phillips and Steffan Karger)

  • cert_write app should use subject of issuer certificate as issuer of cert

  • Fix false reject in padding check in ssl_decrypt_buf() for CBC ciphersuites, for full SSL frames of data.

  • Improve interoperability by not writing extension length in ClientHello / ServerHello when no extensions are present (found by Matthew Page)

  • rsa_check_pubkey() now allows an E up to N.

  • On OpenBSD, use arc4random_buf() instead of rand() to prevent warnings

  • mpi_fill_random() was creating numbers larger than requested on big-endian platform when size was not an integer number of limbs

  • Fix dependencies issues in X.509 test suite.

  • Some parts of ssl_tls.c were compiled even when the module was disabled.

  • Fix detection of DragonflyBSD in net.c (found by Markus Pfeiffer)

  • Fix detection of Clang on some Apple platforms with CMake (found by Barry K. Nathan)

更多内容请看发行说明和 Changelog。建议 PolarSSL 1.3.6 的用户更新。


转载请注明:文章转载自 开源中国社区 [http://www.oschina.net]
本文标题:PolarSSL 1.3.7 发布,SSL 加密库