| Manuel Pégourié-Gonnard | b721ccc | 2024-08-20 22:00:02 +0200 | [diff] [blame] | 1 | Bugfix |
| 2 | * Fixed a regression introduced in 3.6.0 where the CA callback set with |
| 3 | mbedtls_ssl_conf_ca_cb() would stop working when connections were |
| 4 | upgraded to TLS 1.3. Fixed by adding support for the CA callback with TLS |
| 5 | 1.3. |
| 6 | * Fixed a regression introduced in 3.6.0 where clients that relied on |
| 7 | optional/none authentication mode, by calling mbedtls_ssl_conf_authmode() |
| 8 | with MBEDTLS_SSL_VERIFY_OPTIONAL or MBEDTLS_SSL_VERIFY_NONE, would stop |
| 9 | working when connections were upgraded to TLS 1.3. Fixed by adding |
| 10 | support for optional/none with TLS 1.3 as well. Note that the TLS 1.3 |
| 11 | standard makes server authentication mandatory; users are advised not to |
| 12 | use authmode none, and to carefully check the results when using optional |
| 13 | mode. |
| 14 | * Fixed a regression introduced in 3.6.0 where context-specific certificate |
| 15 | verify callbacks, set with mbedtls_ssl_set_verify() as opposed to |
| 16 | mbedtls_ssl_conf_verify(), would stop working when connections were |
| 17 | upgraded to TLS 1.3. Fixed by adding support for context-specific verify |
| 18 | callback in TLS 1.3. |