x509: CRL: reject unsupported critical extensions

commit: 5a9f46e57c8a8ee073e12a2f28cdde1ef136cb57 [log] [tgz]
author: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Tue Mar 13 11:53:30 2018 +0100
committer: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Wed Mar 14 09:24:12 2018 +0100
tree: f371c90144531ebd5c980b6d09706fb876031dec
parent: 1a6ddb43827d87c687e835689f3d8632e5530115 [diff] [blame]
diff --git a/ChangeLog b/ChangeLog
index 932e280..20ff7aa 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -2,6 +2,10 @@
 
 = mbed TLS x.x.x branch released xxxx-xx-xx
 
+Security
+   * Fix CRL parsing to reject CRLs containing unsupported critical
+     extensions. Found by Falko Strenzke and Evangelos Karatsiolis.
+
 Features
    * Extend PKCS#8 interface by introducing support for the entire SHA
      algorithms family when encrypting private keys using PKCS#5 v2.0.
commit	5a9f46e57c8a8ee073e12a2f28cdde1ef136cb57	[log] [tgz]
author	Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	Tue Mar 13 11:53:30 2018 +0100
committer	Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	Wed Mar 14 09:24:12 2018 +0100
tree	f371c90144531ebd5c980b6d09706fb876031dec
parent	1a6ddb43827d87c687e835689f3d8632e5530115 [diff] [blame]