As well as normal reviews, responding to user queries, wiki user requests, OMC business, handling security reports, etc., key activities this month:
- Attended a number of meetings re FIPS - Fixed a bug in 1.1.0/1.0.2 which can result in an invalid CertificateRequest message being sent - Reviewed lots of issues with respect to the 1.1.1 milestone - Fixed no_tls1_2, no-psk - Implemented changes to avoid GOST sigalg usage in TLSv1.3 - Fixed some issues found by Coverity - Implemented changes so that unexpected early data is tolerated (skipped) by default - Improved consistency between 1.1.0 and 1.1.1 in s_server where a PSK identity doesn't match - Updated run-checker to run a GOST test - Investigated problems on android with pthread_atfork - Fixed some TLSv1.3 session issues - Fixed a mem leak in the ticket test - Ensured that we skip the GOST test when DSA or CMS or disabled (because GOST requires those symbols) - Implemented stricter checking of key OIDs against the sig alg - Fixed a bug where we incorrectly skipped over early_data sent after an HRR - Updated the early data documentation to describe some scenarios where the connection could abort - Prepared the PR for updated the TLSv1.3 code to the final RFC version - Updated the TLSv1.3 test vectors to match those in the latest test vectors document - Added validation of the legacy_version field for TLSv1.3 - Implemented a fix allowing both prime and binary curves in SM2. This later changed into a more generic fix that removed some prime/binary curve specific functions in preference for generic ones - Removed testing of no-md5 from run-checker since it is not a valid option - Fixed some TLSv1.3 alert issues A slightly shorter list this month due to holidays. Matt _______________________________________________ openssl-project mailing list [email protected] https://mta.openssl.org/mailman/listinfo/openssl-project
