Fix spelling and formatting consistency
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
This commit is contained in:
parent
4abd7c2545
commit
05d5f81c20
@ -2,7 +2,7 @@
|
||||
|
||||
This guide details the steps required to migrate from Mbed TLS version 2.x to
|
||||
Mbed TLS version 3.0 or greater. Unlike normal releases, Mbed TLS 3.0 breaks
|
||||
compatibility with previous versions, so users (and alt implementors) might
|
||||
compatibility with previous versions, so users (and alt implementers) might
|
||||
need to change their own code in order to make it work with Mbed TLS 3.0.
|
||||
|
||||
Here's the list of breaking changes; each entry should help you answer these
|
||||
@ -178,7 +178,7 @@ The macros `MBEDTLS_DHM_RFC5114_MODP_2048_P`, `MBEDTLS_DHM_RFC5114_MODP_2048_G`,
|
||||
`MBEDTLS_DHM_RFC3526_MODP_4096_P `and `MBEDTLS_DHM_RFC3526_MODP_4096_G` were
|
||||
removed. The primes from RFC 5114 are deprecated because their derivation is not
|
||||
documented and therefore their usage constitutes a security risk; they are fully
|
||||
removed from the library. Please use parameters from RFC3526 (still in the
|
||||
removed from the library. Please use parameters from RFC 3526 (still in the
|
||||
library, only in binary form) or RFC 7919 (also available in the library) or
|
||||
other trusted sources instead.
|
||||
|
||||
@ -580,13 +580,13 @@ extension if it contains any unsupported certificate policies.
|
||||
### Remove `MBEDTLS_X509_CHECK_*_KEY_USAGE` options from `mbedtls_config.h`
|
||||
|
||||
This change affects users who have chosen the configuration options to disable the
|
||||
library's verification of the `keyUsage` and `extendedKeyUsage` fields of x509
|
||||
library's verification of the `keyUsage` and `extendedKeyUsage` fields of X.509
|
||||
certificates.
|
||||
|
||||
The `MBEDTLS_X509_CHECK_KEY_USAGE` and `MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE`
|
||||
configuration options are removed and the X509 code now behaves as if they were
|
||||
configuration options are removed and the X.509 code now behaves as if they were
|
||||
always enabled. It is consequently not possible anymore to disable at compile
|
||||
time the verification of the `keyUsage` and `extendedKeyUsage` fields of X509
|
||||
time the verification of the `keyUsage` and `extendedKeyUsage` fields of X.509
|
||||
certificates.
|
||||
|
||||
The verification of the `keyUsage` and `extendedKeyUsage` fields is important,
|
||||
|
Loading…
Reference in New Issue
Block a user