mbed TLS 2.1.0 发布,此版本遵循 Apache 2.0 协议。此版本是首次作为 mbed OS 的 yotta module。
因为某些项目只能使用 GPL 协议,所以同时提供 Apache 协议和 GPL 协议的 mbed TLS 版本。
此版本主要改进如下:
新特性
* Added support for yotta as a build system.
* Primary open source license changed to Apache 2.0 license.
Bug 修复
* Fix segfault in the benchmark program when benchmarking DHM.
* Fix build error with CMake and pre-4.5 versions of GCC (found by Hugo
Leisink).
* Fix bug when parsing a ServerHello without extensions (found by David
Sears).
* Fix bug in CMake lists that caused libmbedcrypto.a not to be installed
(found by Benoit Lecocq).
* Fix bug in Makefile that caused libmbedcrypto and libmbedx509 not to be
installed (found by Rawi666).
* Fix compile error with armcc 5 with --gnu option.
* Fix bug in Makefile that caused programs not to be installed correctly
(found by robotanarchy) (#232).
* Fix bug in Makefile that prevented from installing without building the
tests (found by robotanarchy) (#232).
* Fix missing -static-libgcc when building shared libraries for Windows
with make.
* Fix link error when building shared libraries for Windows with make.
* Fix error when loading libmbedtls.so.
* Fix bug in mbedtls_ssl_conf_default() that caused the default preset to
be always used (found by dcb314) (#235)
* Fix bug in mbedtls_rsa_public() and mbedtls_rsa_private() that could
result trying to unlock an unlocked mutex on invalid input (found by
Fredrik Axelsson) (#257)
* Fix -Wshadow warnings (found by hnrkp) (#240)
* Fix memory corruption on client with overlong PSK identity, around
SSL_MAX_CONTENT_LEN or higher - not triggerrable remotely (found by
Aleksandrs Saveljevs) (#238)
* Fix unused function warning when using MBEDTLS_MDx_ALT or
MBEDTLS_SHAxxx_ALT (found by Henrik) (#239)
* Fix memory corruption in pkey programs (found by yankuncheng) (#210)
改进
* The PEM parser now accepts a trailing space at end of lines (#226).
* It is now possible to #include a user-provided configuration file at the
end of the default config.h by defining MBEDTLS_USER_CONFIG_FILE on the
compiler's command line.
* When verifying a certificate chain, if an intermediate certificate is
trusted, no later cert is checked. (suggested by hannes-landeholm)
(#220).
* Prepend a "thread identifier" to debug messages (issue pointed out by
Hugo Leisink) (#210).
* Add mbedtls_ssl_get_max_frag_len() to query the current maximum fragment
length.
PolarSSL 源码,也许是最小巧的ssl代码库。高效、便于移植和集成。尤其适合嵌入式应用。
目前 PolarSSL 已经被 ARM 公司收购,并改名为 mbed TLS。许可证也由 GPL 改为 Apache。
软件详情:https://tls.mbed.org/tech-updates/releases/mbedtls-2.1.0-released-under-apache
下载地址:https://tls.mbed.org/download/mbedtls-2.1.0-apache.tgz
来自:开源中国社区
