mbed TLS 2.1.1,mbed TLS 1.3.13 和 PolarSSL 1.2.16 发布,都是维护版本,主要修复了一些 bug 和安全问题。 安全问题 Florian Weimar from Red Hat published on Lenstra's RSA-CRT attach for PKCS#1 v1.5 signatures Fabian Foerg of Gotham Digital Science found a possible client-side NULL pointer dereference, using the AFL Fuzzer. 改进 mbed TLS 1.3.13 在信任中间证书的情况下可以接收一个证书链。 mbed TLS 2.1.1 修改了一个 API 调用原型 (mbedtls_ssl_conf_cert_profile()) 。 Bug 修复 Setting SSL_MIN_DHM_BYTES in config.h had no effect (overriden in ssl.h) (found by Fabio Solari) (#256) Fix bug in mbedtls_rsa_public() and mbedtls_rsa_private() that could result trying to unlock an unlocked mutex on invalid input (found by Fredrik Axelsson) (#257) Fix -Wshadow warnings (found by hnrkp) (#240) Fix unused function warning when using MBEDTLS_MDx_ALT or MBEDTLS_SHAxxx_ALT (found by Henrik) (#239) Fix memory corruption in pkey programs (found by yankuncheng) (#210) Fix memory corruption on client with overlong PSK identity, around SSL_MAX_CONTENT_LEN or higher - not triggerrable remotely (found by Aleksandrs Saveljevs) (#238) Fix off-by-one error in parsing Supported Point Format extension that caused some handshakes to fail. 下载 mbedtls-2.1.1-apache.tgz mbedtls-2.1.1-gpl.tgz mbedtls-1.3.13-gpl.tgz polarssl-1.2.16-gpl.tgz 详细改进内容请看发行说明。 mbed TLS 2.1.1/1.3.13/PolarSSL 1.2.16 发布下载地址
