Mbed TLS is now part of TrustedFirmware.org.

PolarSSL 1.2.12 released


PolarSSL 1.2.12 has been released!

This release is a back-port of all bug fixes and security fixes that are in the 1.3 branch and are relevant for the 1.2 branch.


Most important is the security fix that has been back-ported to the 1.2 branch. PolarSSL 1.2.12 fixes a remotely-triggerable memory leak that was found by the Codenomicon Defensics tool.


Important changes in this release include:

  • X.509 certificates with more than one AttributeTypeAndValue per RelativeDistinguishedName are not accepted any more.
  • ssl_read() now returns POLARSSL_ERR_NET_WANT_READ rather than POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE on harmless alerts.
  • Accept spaces at end of line or end of buffer in base64_decode().

Bug fixes

Fixes include:

  • Fix potential bad read in parsing ServerHello (found by Adrien Vialletelle).
  • ssl_close_notify() could send more than one message in some circumstances with non-blocking I/O.
  • x509_crt_parse() did not increase total_failed on PEM error
  • Fix compiler warnings on iOS (found by Sander Niemeijer).
  • Don't print uninitialised buffer in ssl_mail_client (found by Marc Abel).
  • Fix net_accept() regarding non-blocking sockets (found by Luca Pesce).
  • ssl_read() could return non-application data records on server while renegotation was pending, and on client when a HelloRequest was received.
  • Fix warnings from Clang's scan-build (contributed by Alfred Klomp).

Who should update

We advise users of PolarSSL to update if they:

  • use any branch other than the 1.3 branch.

Download links

Get your copy here: polarssl-1.2.12-gpl.tgz


The hashes for polarssl-1.2.12-gpl.tgz are:

SHA-1  : 78cb31a960e4fffaefe7b838f7869072d1e15929
SHA-256: 63dd60e78d25c438648607bb177b063dcf5fbf3ced9ee794fcb165d101940131

Like this?




Last updated:
Oct 24, 2014


Want to stay up to date?

To sign up for Mbed TLS news, log in to or create an Mbed account and update your marketing preferences.