The SSL session cache module (ssl_cache) now also retains peer_cert information (not the entire chain) The real peer certificate is copied into a x509_buf in the ssl_cache_entry and reinstated upon cache retrieval. The information about the rest of the certificate chain is lost in the process. As the handshake (and certificate verification) has already been performed, no issue is foreseen.

commit: e81beda60f1e9931314b270b4cc82dd10eb91d2f [log] [tgz]
author: Paul Bakker <p.j.bakker@polarssl.org> Wed Mar 06 17:40:46 2013 +0100
committer: Paul Bakker <p.j.bakker@polarssl.org> Wed Mar 06 18:01:03 2013 +0100
tree: 0256b407f388af1b4f608a5516ebd0a8626cfa6f
parent: a35aa54967e3b1b9ba7630e9cf6ddd8560aa3db7 [diff] [blame]
diff --git a/ChangeLog b/ChangeLog
index 8d9d51f..74a5c21 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -16,6 +16,8 @@
      or rsa_rsaes_oaep_decrypt()
    * Re-added handling for SSLv2 Client Hello when the define
      POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO is set
+   * The SSL session cache module (ssl_cache) now also retains peer_cert
+     information (not the entire chain)
 
 Security
    * Removed further timing differences during SSL message decryption in
commit	e81beda60f1e9931314b270b4cc82dd10eb91d2f	[log] [tgz]
author	Paul Bakker <p.j.bakker@polarssl.org>	Wed Mar 06 17:40:46 2013 +0100
committer	Paul Bakker <p.j.bakker@polarssl.org>	Wed Mar 06 18:01:03 2013 +0100
tree	0256b407f388af1b4f608a5516ebd0a8626cfa6f
parent	a35aa54967e3b1b9ba7630e9cf6ddd8560aa3db7 [diff] [blame]