轻量级SSL库PolarSSL发布1.3.7.2014-05-03。上个版本2014-04-11的1.3.6。遗留产品线1.2.10 很多应用已支持PolarSSL如hiawatha,OpenVPN,Monkey 相对OpenSSL漏洞频出,这种趋势可能会更明显。
此版本包括了一些小的 bug 修复和改进,不会影响现有的 API。
新特性:
Debug module improvements
run-time capabilities checking
AES-NI improvements
deprecation of POLARSSL_CONFIG_OPTIONS
support for more Attribute Types from IETX PKIX (RFC 5280)
re-prioritization of RC4 ciphersuite
Bug 修复:
Only iterate over actual certificates in ssl_write_certificate_request() (found by Matthew Page)
Typos in platform.c and pkcs11.c (found by Daniel Phillips and Steffan Karger)
cert_write app should use subject of issuer certificate as issuer of cert
Fix false reject in padding check in ssl_decrypt_buf() for CBC ciphersuites, for full SSL frames of data.
Improve interoperability by not writing extension length in ClientHello / ServerHello when no extensions are present (found by Matthew Page)
rsa_check_pubkey() now allows an E up to N.
On OpenBSD, use arc4random_buf() instead of rand() to prevent warnings
mpi_fill_random() was creating numbers larger than requested on big-endian platform when size was not an integer number of limbs
Fix dependencies issues in X.509 test suite.
Some parts of ssl_tls.c were compiled even when the module was disabled.
Fix detection of DragonflyBSD in net.c (found by Markus Pfeiffer)
Fix detection of Clang on some Apple platforms with CMake (found by Barry K. Nathan)
更多内容请看发行说明和 Changelog。建议 PolarSSL 1.3.6 的用户更新。
项目主页:https://polarssl.org/tech-updates/releases/polarssl-1.3.7-released
下载地址:https://polarssl.org/download/polarssl-1.3.7-gpl.tg
来自:开源中国社区
