Skip to content

AWS-LC-FIPS-2.0.11

Compare
Choose a tag to compare
@samuel40791765 samuel40791765 released this 31 May 17:36
· 1911 commits to main since this release
93177de

What's Changed

  • Add DRAFT 2.0.0 fips security policy by @justsmth in #1598

  • Backport X509 certificate verification optimizations to AWS-LC-FIPS-2.x by @samuel40791765 in #1611

    • 31d5dce: Stop using time_t internally. For publicly exposed and used
      inputs that rely on time_t, _posix versions are added to
      support providing times as an int64_t, and internal
      use is changed to use the _posix version.
    • 4e32cc5: When looking for the issuer of a certificate, if the current
      certificate candidate is expired, X509_verify_cert will
      continue searching for a valid cert. An expired certificate is
      only returned if no valid certificates are found. This lets
      AWS-LC gain feature parity with OpenSSL 1.1.1.
    • 9bed1c9: Tweak test introduced by 4e32cc5.
  • AWS-LC-FIPS-2.0.11 release preparation by @samuel40791765 in #1614

Full Changelog: AWS-LC-FIPS-2.0.10...AWS-LC-FIPS-2.0.11