diff options
-rw-r--r-- | ChangeLog | 4 | ||||
-rw-r--r-- | NEWS | 7 |
2 files changed, 11 insertions, 0 deletions
@@ -1,3 +1,7 @@ +Sun Jun 10 10:27:34 2012 Martin Bosslet <Martin.Bosslet@googlemail.com> + + * NEWS: Add note about the new private key export behavior. + Sun Jun 10 10:24:51 2012 Tanaka Akira <akr@fsij.org> * process.c (rb_exec_async_signal_safe): exported. @@ -131,6 +131,13 @@ with all sufficient information, see the ChangeLog file. also allows to programmatically decline (client) renegotiation attempts. * Support for "0/n" splitting of records as BEAST mitigation via OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS. + * OpenSSL requires passwords for decrypting PEM-encoded files to be at least + four characters long. This led to awkward situations where an export with + a password with fewer than four characters was possible, but accessing the + file afterwards failed. OpenSSL::PKey::RSA, OpenSSL::PKey::DSA and + OpenSSL::PKey::EC therefore now enforce the same check when exporting a + private key to PEM with a password - it has to be at least four characters + long. === Language changes === Compatibility issues (excluding feature bug fixes) |