This bug fix release patches a few small issues. CertificateRequest Handshake messages are now correctly handled in the future, if a new version of TLS sees the light. An SSL client now correctly handles a CertificateRequest message sent in TLS 1.1 or earlier that has an empty Distinguished Names list. In addition a memory leak when performing PKCS#1 v2.1 operations (RSA_PKCS_V21) has been handled.
One small API function was added, called ssl_handshake_step() to allow an application to handle the handshake in single steps.
Who should update
Our advice for users of the PolarSSL 1.2 branch is to update:
- in order to prevent handshake failures when servers request a certificate without a DN list
- when PKCS#1 v2.1 operations (RSA_PKCS_V21) are used
Get your copy here: polarssl-1.2.4-gpl.tgz
The hashes for polarssl-1.2.4-gpl.tgz are:
SHA-1 : 75690f234392e2d663abd66750a9e87ee627e3e8 SHA-256: 7b9c9f4b8dca37af7e497712c82e70e4c528e22b31d7d78e7a53a6b7f238be1f