x509: CRL: reject unsupported critical extensions

commit: fd3e4fbae75049810379e0845580402502629d68 [log] [tgz]
author: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Tue Mar 13 11:53:30 2018 +0100
committer: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Wed Mar 14 09:15:02 2018 +0100
tree: 8ea6535c81b3e641913cd00efc298888e50f3f84
parent: f3ada4adb00723a540a77de88a2831313b443190 [diff] [blame]
diff --git a/ChangeLog b/ChangeLog
index cfe27f3..0b3dacd 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -17,6 +17,8 @@
      implementation allowed an offline 2^80 brute force attack on the
      HMAC key of a single, uninterrupted connection (with no
      resumption of the session).
+   * Fix CRL parsing to reject CRLs containing unsupported critical
+     extensions. Found by Falko Strenzke and Evangelos Karatsiolis.
 
 Features
    * Extend PKCS#8 interface by introducing support for the entire SHA
commit	fd3e4fbae75049810379e0845580402502629d68	[log] [tgz]
author	Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	Tue Mar 13 11:53:30 2018 +0100
committer	Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	Wed Mar 14 09:15:02 2018 +0100
tree	8ea6535c81b3e641913cd00efc298888e50f3f84
parent	f3ada4adb00723a540a77de88a2831313b443190 [diff] [blame]