Improve ChangeLog description of X509 MD5 changes

commit: 6d61e9751bff93d996f679114e7b3a8f628d6bc8 [log] [tgz]
author: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Fri Jun 09 14:52:09 2017 +0200
committer: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Fri Jun 09 14:52:09 2017 +0200
tree: ddcf4b40d549e0268d580081bb608fab92b76b40
parent: 7d810939b50f6e4ffc44fd285e30e5fdc968f5be [diff]
diff --git a/ChangeLog b/ChangeLog
index 9ae1a41..7bed278 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -11,7 +11,7 @@
    * Wipe stack buffers in RSA private key operations
      (rsa_rsaes_pkcs1_v15_decrypt(), rsa_rsaes_oaep_decrypt).
      Found by Laurent Simon.
-    Tighten parsing of RSA PKCS#1 v1.5 signatures, to avoid a
+   * Tighten parsing of RSA PKCS#1 v1.5 signatures, to avoid a
      potential Bleichenbacher/BERserk-style attack.
    * Remove support for X509 certificates signed with MD5.
      Issue raised by Harm Verhagen
@@ -36,6 +36,9 @@
    * Clarify ECDSA documentation and improve the sample code to avoid
      misunderstandings and potentially dangerous use of the API. Pointed out
      by Jean-Philippe Aumasson.
+   * Add new config.h flag POLARSSL_X509_MIN_VERIFY_MD_ALG to set the minimum
+     hash accepted when verifying certificate chains. Defaults to SHA1, which
+     means SHA1 is accepted but MD5 and below are rejected.
 
 = mbed TLS 1.3.19 branch released 2017-03-08
commit	6d61e9751bff93d996f679114e7b3a8f628d6bc8	[log] [tgz]
author	Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	Fri Jun 09 14:52:09 2017 +0200
committer	Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	Fri Jun 09 14:52:09 2017 +0200
tree	ddcf4b40d549e0268d580081bb608fab92b76b40
parent	7d810939b50f6e4ffc44fd285e30e5fdc968f5be [diff]