From 5022e4ecdf228dd79c9fc355a7b5047adbf9d414 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Mon, 29 Nov 2004 11:57:00 +0000 Subject: [PATCH] Document the change. --- CHANGES | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index 1227d35e2b..47ffdcfded 100644 --- a/CHANGES +++ b/CHANGES @@ -743,7 +743,21 @@ differing sizes. [Richard Levitte] - Changes between 0.9.7d and 0.9.7e [XX xxx XXXX] + Changes between 0.9.7e and 0.9.7f [XX xxx XXXX] + + *) Make an explicit check during certificate validation to see that + the CA setting in each certificate on the chain is correct. As a + side effect always do the following basic checks on extensions, + not just when there's an associated purpose to the check: + + - if there is an unhandled critical extension (unless the user + has chosen to ignore this fault) + - if the path length has been exceeded (if one is set at all) + - that certain extensions fit the associated purpose (if one has + been given) + [Richard Levitte] + + Changes between 0.9.7d and 0.9.7e [25 Oct 2004] *) Avoid a race condition when CRLs are checked in a multi threaded environment. This would happen due to the reordering of the revoked -- 2.25.1