1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
|
Versions 1.5.8
--------------
Checking whether CA is root leads to (minor) memory leak
Versions 1.5.7 and previous
---------------------------
Bug in OpenSSL leads to a spurious "unable to get local issuer certificate"
error when verifying end-entity certificates signed by a CA not containing
Digital Signature. Workaround implemented in 1.5.8.
Version 1.5.6 and previous
--------------------------
Unknown policy language (=restricted) proxies where classified as limited.
Legacy proxies with empty subject were not properly recognized.
Version 1.5.5
-------------
Serial number printing leads to (minor) memory leak
Version 1.5.3 and previous
--------------------------
Malformed certificate chains (CA -> EEC -> RFC -> GT3 -> RFC -> ...) were
tolerated in these version because the detection was not fully complete. It is
now and we can safely enable strict checking.
Version 1.4.12 and 1.5.0, 1.5.1, 1.5.2 and 1.5.3 (support is introduced since 1.5.4)
------------------------------------------------------------------------------------
The RFC proxy certificates are treated as regular RFC proxies. There is no
distinction provided between the delegation, impersonation, limited and the
other one.
Version 1.4.11
--------------
There is a possibility that the CA certificates need to be filter when they are
given as a STACK_OF(X509) * input, before starting the evaluation.
Version 1.4.10
--------------
See 1.4.9, as it still applies
Version 1.4.9
-------------
The verify-proxy plugins fails to verify Terena eScience Personal certificate chains deeper then 5 certificates. 5 is ok, 6 is not.
|
