Reject certs and CRLs from the future

commit: 9533765b252ed3f86adba4152c8900a86933ce96 [log] [tgz]
author: Manuel Pégourié-Gonnard <mpg@elzevir.fr> Mon Mar 10 13:15:18 2014 +0100
committer: Manuel Pégourié-Gonnard <mpg@elzevir.fr> Thu Mar 13 19:25:06 2014 +0100
tree: bb8bac3cd453efba408a74eeeb651b9eb36952fb
parent: 6304f786e05bb57a63f9905e504376686a017357 [diff] [blame]
diff --git a/ChangeLog b/ChangeLog
index 6995003..9ce5b83 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -18,6 +18,7 @@
    * Forbid change of server certificate during renegotiation to prevent
      "triple handshake" attack when authentication mode is optional (the
      attack was already impossible when authentication is required).
+   * Check notBefore timestamp of certificates and CRLs from the future.
 
 Bugfix
    * ecp_gen_keypair() does more tries to prevent failure because of
commit	9533765b252ed3f86adba4152c8900a86933ce96	[log] [tgz]
author	Manuel Pégourié-Gonnard <mpg@elzevir.fr>	Mon Mar 10 13:15:18 2014 +0100
committer	Manuel Pégourié-Gonnard <mpg@elzevir.fr>	Thu Mar 13 19:25:06 2014 +0100
tree	bb8bac3cd453efba408a74eeeb651b9eb36952fb
parent	6304f786e05bb57a63f9905e504376686a017357 [diff] [blame]