mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2024-12-29 09:21:19 +00:00
19 lines
1.1 KiB
Plaintext
19 lines
1.1 KiB
Plaintext
|
Bugfix
|
||
|
* Fixed a regression introduced in 3.6.0 where the CA callback set with
|
||
|
mbedtls_ssl_conf_ca_cb() would stop working when connections were
|
||
|
upgraded to TLS 1.3. Fixed by adding support for the CA callback with TLS
|
||
|
1.3.
|
||
|
* Fixed a regression introduced in 3.6.0 where clients that relied on
|
||
|
optional/none authentication mode, by calling mbedtls_ssl_conf_authmode()
|
||
|
with MBEDTLS_SSL_VERIFY_OPTIONAL or MBEDTLS_SSL_VERIFY_NONE, would stop
|
||
|
working when connections were upgraded to TLS 1.3. Fixed by adding
|
||
|
support for optional/none with TLS 1.3 as well. Note that the TLS 1.3
|
||
|
standard makes server authentication mandatory; users are advised not to
|
||
|
use authmode none, and to carefully check the results when using optional
|
||
|
mode.
|
||
|
* Fixed a regression introduced in 3.6.0 where context-specific certificate
|
||
|
verify callbacks, set with mbedtls_ssl_set_verify() as opposed to
|
||
|
mbedtls_ssl_conf_verify(), would stop working when connections were
|
||
|
upgraded to TLS 1.3. Fixed by adding support for context-specific verify
|
||
|
callback in TLS 1.3.
|