cuberite/polarssl
1
0
Fork 0
mirror of https://github.com/cuberite/polarssl.git synced 2025-09-08 14:49:59 -04:00
Code Issues Packages Projects Releases Wiki Activity

changelog: document the enforced check on x509 serial setting

Browse Source 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
This commit is contained in:
Valerio Setti 2023-01-13 08:41:15 +01:00
parent 5b787142a9
commit 8cf549d047
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
ChangeLog.d/improve_x509_cert_writing_serial_number_management.txt Normal file
View File

@ -0,0 +1,5 @@
Bugfix
* mbedtls_x509write_crt_set_serial() now explicitly rejects serial numbers
whose binary representation is longer than 20 bytes. This was already
forbidden by the standard (RFC5280 - section 4.1.2.2) and now it's being
enforced also at code level.