Changes between 1.1.1e and 1.1.1f [xx XXX xxxx]
+ *) Revert the change of EOF detection while reading in libssl to avoid
+ regressions in applications depending on the current way of reporting
+ the EOF. As the existing method is not fully accurate the change to
+ reporting the EOF via SSL_ERROR_SSL is kept on the current development
+ branch and will be present in the 3.0 release.
+ [Tomas Mraz]
+
*) Revised BN_generate_prime_ex to not avoid factors 3..17863 in p-1
when primes for RSA keys are computed.
Since we previously always generated primes == 2 (mod 3) for RSA keys,
Major changes between OpenSSL 1.1.1e and OpenSSL 1.1.1f [under development]
- o
+ o Revert the unexpected EOF reporting via SSL_ERROR_SSL
Major changes between OpenSSL 1.1.1d and OpenSSL 1.1.1e [17 Mar 2020]
o Fixed an overflow bug in the x64_64 Montgomery squaring procedure
used in exponentiation with 512-bit moduli (CVE-2019-1551)
+ o Properly detect unexpected EOF while reading in libssl and report
+ it via SSL_ERROR_SSL
Major changes between OpenSSL 1.1.1c and OpenSSL 1.1.1d [10 Sep 2019]
=back
+=head1 BUGS
+
+The B<SSL_ERROR_SYSCALL> with B<errno> value of 0 indicates unexpected EOF from
+the peer. This will be properly reported as B<SSL_ERROR_SSL> with reason
+code B<SSL_R_UNEXPECTED_EOF_WHILE_READING> in the OpenSSL 3.0 release because
+it is truly a TLS protocol error to terminate the connection without
+a SSL_shutdown().
+
+The issue is kept unfixed in OpenSSL 1.1.1 releases because many applications
+which choose to ignore this protocol error depend on the existing way of
+reporting the error.
+
=head1 SEE ALSO
L<ssl(7)>
projects / oweals / openssl.git / commitdiff