PolarSSL 1.2.12 has been released!
This release is a back-port of all bug fixes and security fixes that are in the 1.3 branch and are relevant for the 1.2 branch.
Most important is the security fix that has been back-ported to the 1.2 branch. PolarSSL 1.2.12 fixes a remotely-triggerable memory leak that was found by the Codenomicon Defensics tool.
Important changes in this release include:
- X.509 certificates with more than one AttributeTypeAndValue per RelativeDistinguishedName are not accepted any more.
ssl_read()now returns POLARSSL_ERR_NET_WANT_READ rather than POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE on harmless alerts.
- Accept spaces at end of line or end of buffer in
- Fix potential bad read in parsing ServerHello (found by Adrien Vialletelle).
ssl_close_notify()could send more than one message in some circumstances with non-blocking I/O.
x509_crt_parse()did not increase total_failed on PEM error
- Fix compiler warnings on iOS (found by Sander Niemeijer).
- Don't print uninitialised buffer in ssl_mail_client (found by Marc Abel).
net_accept()regarding non-blocking sockets (found by Luca Pesce).
ssl_read()could return non-application data records on server while renegotation was pending, and on client when a HelloRequest was received.
- Fix warnings from Clang's scan-build (contributed by Alfred Klomp).
Who should update
We advise users of PolarSSL to update if they:
- use any branch other than the 1.3 branch.
Get your copy here: polarssl-1.2.12-gpl.tgz
The hashes for polarssl-1.2.12-gpl.tgz are:
SHA-1 : 78cb31a960e4fffaefe7b838f7869072d1e15929 SHA-256: 63dd60e78d25c438648607bb177b063dcf5fbf3ced9ee794fcb165d101940131