Fix embarrassing X.509 bug introduced in 9533765

commit: 8c045ef8e4a01177df2f76fa4040a951e42ae471 [log] [tgz]
author: Manuel Pégourié-Gonnard <mpg@elzevir.fr> Tue Apr 08 11:55:03 2014 +0200
committer: Manuel Pégourié-Gonnard <mpg@elzevir.fr> Tue Apr 08 11:55:03 2014 +0200
tree: 86b34f8973937295b75fc53cc8708f857e5274a5
parent: 95a0d118a901462450c1f5ce5616e93c9d1095f4 [diff] [blame]
diff --git a/ChangeLog b/ChangeLog
index 23f7762..5fe77e4 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -8,6 +8,10 @@
 Security
    * Avoid potential timing leak in ecdsa_sign() by blinding modular division.
      (Found by Watson Ladd.)
+   * The notAfter date of some certificates was no longer checked since 1.3.5.
+     This affects certificates in the user-supplied chain except the top
+     certificate. If the user-supplied chain contains only one certificates,
+     it is not affected (ie, its notAfter date is properly checked).
 
 Bugfix
    * The length of various ClientKeyExchange messages was not properly checked.
commit	8c045ef8e4a01177df2f76fa4040a951e42ae471	[log] [tgz]
author	Manuel Pégourié-Gonnard <mpg@elzevir.fr>	Tue Apr 08 11:55:03 2014 +0200
committer	Manuel Pégourié-Gonnard <mpg@elzevir.fr>	Tue Apr 08 11:55:03 2014 +0200
tree	86b34f8973937295b75fc53cc8708f857e5274a5
parent	95a0d118a901462450c1f5ce5616e93c9d1095f4 [diff] [blame]