Add ChangeLog entry for the security issue

2017-06-26 11:30:01 +02:00 · 2017-06-26 11:30:01 +02:00 · ee98109af5
commit ee98109af5
parent 81bb6b6acf
1 changed files with 8 additions and 0 deletions
--- a/8
+++ b/8
@ -2,6 +2,14 @@ mbed TLS ChangeLog (Sorted per branch, date)

 = mbed TLS 2.y.z released YYYY-MM-DD

+Security
+   * Fix authentication bypass in SSL/TLS: when auth_mode is set to optional,
+   mbedtls_ssl_get_verify_result() would incorrectly return 0 when the peer's
+   X.509 certificate chain had more than MBEDTLS_X509_MAX_INTERMEDIATE_CA
+   (default: 8) intermediates, even when it was not trusted. Could be
+   trigerred remotely on both sides. (With auth_mode set to required
+   (default), the handshake was correctly aborted.)
+
 Changes
   * Certificate verification functions now set flags to -1 in case the full
     chain was not verified due to an internal error (including in the verify