PolarSSL is now part of ARM Official announcement and rebranded as mbed TLS.

PolarSSL 1.2.12 released

Description

PolarSSL 1.2.12 has been released!

This release is a back-port of all bug fixes and security fixes that are in the 1.3 branch and are relevant for the 1.2 branch.

Security

Most important is the security fix that has been back-ported to the 1.2 branch. PolarSSL 1.2.12 fixes a remotely-triggerable memory leak that was found by the Codenomicon Defensics tool.

Changes

Important changes in this release include:

  • X.509 certificates with more than one AttributeTypeAndValue per RelativeDistinguishedName are not accepted any more.
  • ssl_read() now returns POLARSSL_ERR_NET_WANT_READ rather than POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE on harmless alerts.
  • Accept spaces at end of line or end of buffer in base64_decode().

Bug fixes

Fixes include:

  • Fix potential bad read in parsing ServerHello (found by Adrien Vialletelle).
  • ssl_close_notify() could send more than one message in some circumstances with non-blocking I/O.
  • x509_crt_parse() did not increase total_failed on PEM error
  • Fix compiler warnings on iOS (found by Sander Niemeijer).
  • Don't print uninitialised buffer in ssl_mail_client (found by Marc Abel).
  • Fix net_accept() regarding non-blocking sockets (found by Luca Pesce).
  • ssl_read() could return non-application data records on server while renegotation was pending, and on client when a HelloRequest was received.
  • Fix warnings from Clang's scan-build (contributed by Alfred Klomp).

Who should update

We advise users of PolarSSL to update if they:

  • use any branch other than the 1.3 branch.

Download links

Get your copy here: polarssl-1.2.12-gpl.tgz

Hashes

The hashes for polarssl-1.2.12-gpl.tgz are:

SHA-1  : 78cb31a960e4fffaefe7b838f7869072d1e15929
SHA-256: 63dd60e78d25c438648607bb177b063dcf5fbf3ced9ee794fcb165d101940131

Like this?

Section:
Releases

Author:


Published:


Last updated:
Oct 24, 2014

Sharing:


Want to stay up to date?