Google Git
Sign in
pigweed/third_party/github/ARMmbed/mbedtls/9533765b252ed3f86adba4152c8900a86933ce96^!/./ChangeLog
commit
9533765b252ed3f86adba4152c8900a86933ce96
[log]
author
Manuel Pégourié-Gonnard <mpg@elzevir.fr>
Mon Mar 10 13:15:18 2014 +0100
committer
Manuel Pégourié-Gonnard <mpg@elzevir.fr>
Thu Mar 13 19:25:06 2014 +0100
tree
bb8bac3cd453efba408a74eeeb651b9eb36952fb
parent
6304f786e05bb57a63f9905e504376686a017357 [diff] [blame]
Reject certs and CRLs from the future

diff --git a/ChangeLog b/ChangeLog
index 6995003..9ce5b83 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -18,6 +18,7 @@
    * Forbid change of server certificate during renegotiation to prevent
      "triple handshake" attack when authentication mode is optional (the
      attack was already impossible when authentication is required).
+   * Check notBefore timestamp of certificates and CRLs from the future.
 
 Bugfix
    * ecp_gen_keypair() does more tries to prevent failure because of