Correct indentation and labelling in ChangeLog
diff --git a/ChangeLog b/ChangeLog
index 9f2384b..ba58a25 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -27,13 +27,13 @@
Security
* Fix authentication bypass in SSL/TLS: when auth_mode is set to optional,
- ssl_get_verify_result() would incorrectly return 0 when the peer's
- X.509 certificate chain had more than POLARSSL_X509_MAX_INTERMEDIATE_CA
- (default: 8) intermediates, even when it was not trusted. Could be
- triggered remotely on both sides. (With auth_mode set to required
- (default), the handshake was correctly aborted.)
+ ssl_get_verify_result() would incorrectly return 0 when the peer's
+ X.509 certificate chain had more than POLARSSL_X509_MAX_INTERMEDIATE_CA
+ (default: 8) intermediates, even when it was not trusted. Could be
+ triggered remotely on both sides. (With auth_mode set to required
+ (default), the handshake was correctly aborted.)
-Changes
+API Changes
* Certificate verification functions now set flags to -1 in case the full
chain was not verified due to an internal error (including in the verify
callback) or chain length limitations.
@@ -190,9 +190,9 @@
= mbed TLS 1.3.17 branch 2016-06-28
Security
- * Fix missing padding length check in mbedtls_rsa_rsaes_pkcs1_v15_decrypt
+ * Fix missing padding length check in mbedtls_rsa_rsaes_pkcs1_v15_decrypt
required by PKCS1 v2.2
- * Fix a potential integer underflow to buffer overread in
+ * Fix a potential integer underflow to buffer overread in
mbedtls_rsa_rsaes_oaep_decrypt. It is not triggerable remotely in
SSL/TLS.
* Fix potential integer overflow to buffer overflow in
@@ -1223,7 +1223,7 @@
Changes
* Allow enabling of dummy error_strerror() to support some use-cases
* Debug messages about padding errors during SSL message decryption are
- disabled by default and can be enabled with POLARSSL_SSL_DEBUG_ALL
+ disabled by default and can be enabled with POLARSSL_SSL_DEBUG_ALL
* Sending of security-relevant alert messages that do not break
interoperability can be switched on/off with the flag
POLARSSL_SSL_ALL_ALERT_MESSAGES
@@ -1252,7 +1252,7 @@
Changes
* Added p_hw_data to ssl_context for context specific hardware acceleration
data
- * During verify trust-CA is only checked for expiration and CRL presence
+ * During verify trust-CA is only checked for expiration and CRL presence
Bugfixes
* Fixed client authentication compatibility
@@ -1550,9 +1550,9 @@
with random data (Fixed ticket #10)
Changes
- * Debug print of MPI now removes leading zero octets and
+ * Debug print of MPI now removes leading zero octets and
displays actual bit size of the value.
- * x509parse_key() (and as a consequence x509parse_keyfile())
+ * x509parse_key() (and as a consequence x509parse_keyfile())
does not zeroize memory in advance anymore. Use rsa_init()
before parsing a key or keyfile!
@@ -1574,7 +1574,7 @@
printing of X509 CRLs from file
Changes
- * Parsing of PEM files moved to separate module (Fixes
+ * Parsing of PEM files moved to separate module (Fixes
ticket #13). Also possible to remove PEM support for
systems only using DER encoding
@@ -1717,7 +1717,7 @@
* Fixed HMAC-MD2 by modifying md2_starts(), so that the
required HMAC ipad and opad variables are not cleared.
(found by code coverage tests)
- * Prevented use of long long in bignum if
+ * Prevented use of long long in bignum if
POLARSSL_HAVE_LONGLONG not defined (found by Giles
Bathgate).
* Fixed incorrect handling of negative strings in
@@ -1758,7 +1758,7 @@
* Made definition of net_htons() endian-clean for big endian
systems (Found by Gernot).
* Undefining POLARSSL_HAVE_ASM now also handles prevents asm in
- padlock and timing code.
+ padlock and timing code.
* Fixed an off-by-one buffer allocation in ssl_set_hostname()
responsible for crashes and unwanted behaviour.
* Added support for Certificate Revocation List (CRL) parsing.
@@ -1932,4 +1932,3 @@
who maintains the Debian package :-)
= Version 0.1 released on 2006-11-01
-