Add missing credit for set_hostname issue

Correctly credit Daniel Stenberg for reporting the problem with mbedtls_ssl_set_hostname(). Signed-off-by: David Horstmann <david.horstmann@arm.com>
2025-09-22 12:00:35 -04:00 · 2025-03-25 14:01:40 +00:00 · 2025-03-25 14:01:40 +00:00 · 70807520ec
commit 70807520ec
parent 0c0f5f200f
1 changed files with 1 additions and 0 deletions
--- a/1
+++ b/1
@ -35,6 +35,7 @@ Security
     The library will now prevent the handshake and return
     MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
     if mbedtls_ssl_set_hostname() has not been called.
+     Reported by Daniel Stenberg.
     CVE-2025-27809
   * Zeroize a temporary heap buffer used in psa_key_derivation_output_key()
     when deriving an ECC key pair.