commit 70807520ec5e905cf1bb49296dc92a7638a03e42
author David Horstmann <david.horstmann@arm.com> Tue Mar 25 14:01:40 2025 +0000
committer David Horstmann <david.horstmann@arm.com> Tue Mar 25 16:01:30 2025 +0000
tree b81284785440c71d32929576629983f79cdf31cb
parent 0c0f5f200f58e1ea93aadf3e3c1e57fd1fd83128

Add missing credit for set_hostname issue

Correctly credit Daniel Stenberg for reporting the problem with
mbedtls_ssl_set_hostname().

Signed-off-by: David Horstmann <david.horstmann@arm.com>

ChangeLog

diff --git a/ChangeLog b/ChangeLog
index e673c70..5cadd2b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -35,6 +35,7 @@
      The library will now prevent the handshake and return
      MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
      if mbedtls_ssl_set_hostname() has not been called.
+     Reported by Daniel Stenberg.
      CVE-2025-27809
    * Zeroize a temporary heap buffer used in psa_key_derivation_output_key()
      when deriving an ECC key pair.