From: Lutz Jänicke <jaenicke@openssl.org>
Date: Wed, 29 Nov 2000 18:06:18 +0000 (+0000)
Subject: Log security relevant change.
X-Git-Tag: OpenSSL_0_9_6a-beta1~107^2~115
X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=c6a926d9e27af13da1108b821db5e508e4a19cbe

Log security relevant change.
---

diff --git a/CHANGES b/CHANGES
index a469186a27..684280d835 100644
--- a/CHANGES
+++ b/CHANGES
@@ -3,6 +3,12 @@
 
  Changes between 0.9.6 and 0.9.7  [xx XXX 2000]
 
+  *) Store verify_result within SSL_SESSION also for client side to
+     avoid potential security hole. (Re-used sessions on the client side
+     always resulted in verify_result==X509_V_OK, not using the original
+     result of the server certificate verification.)
+     [Lutz Jaenicke]
+
   *) Make BN_mod_inverse faster by explicitly handling small quotients
      in the Euclid loop. (Speed gain about 20% for small moduli [256 or
      512 bits], about 30% for larger ones [1024 or 2048 bits].)