Fix missing check for RSA key length on EE certs - also adapt tests to use lesser requirement for compatibility with old testing material

commit: 93080dfacf6f6ec7a7fbd37e3622b5fabd69d28a [log] [tgz]
author: Manuel Pégourié-Gonnard <mpg2@elzevir.fr> Fri Oct 23 14:08:48 2015 +0200
committer: Manuel Pégourié-Gonnard <mpg2@elzevir.fr> Wed Oct 28 13:22:32 2015 +0100
tree: 65f49c6b28c74631ee1e94c50ce3d5e9bea369ae
parent: 94c5e3c6548646a7d43e8d84de6331f500670e5b [diff] [blame]
diff --git a/ChangeLog b/ChangeLog
index 5ba081c..d786dfa 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -9,6 +9,10 @@
      ECHD-ECDSA if the only key exchange. Multiple reports. #310
    * Fix bug causing some handshakes to fail due to some non-fatal alerts not
      begin properly ignored. Found by mancha and Kasom Koht-arsa, #308
+   * mbedtls_x509_crt_verify(_with_profile)() now also checks the key type and
+     size/curve against the profile. Before that, there was no way to set a
+     minimum key size for end-entity certificates with RSA keys. Found by
+     Matthew Page.
 
 Changes
    * Improved performance of mbedtls_ecp_muladd() when one of the scalars is 1
commit	93080dfacf6f6ec7a7fbd37e3622b5fabd69d28a	[log] [tgz]
author	Manuel Pégourié-Gonnard <mpg2@elzevir.fr>	Fri Oct 23 14:08:48 2015 +0200
committer	Manuel Pégourié-Gonnard <mpg2@elzevir.fr>	Wed Oct 28 13:22:32 2015 +0100
tree	65f49c6b28c74631ee1e94c50ce3d5e9bea369ae
parent	94c5e3c6548646a7d43e8d84de6331f500670e5b [diff] [blame]