GnuTLS: Fix client detection of server reject of client cert under TLS1.3

[exim.git] / doc / doc-txt / ChangeLog

diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index e2dd71b2b055b522887fa883998c6403d215101d..867a1d8abf716a8d8e19a0b6f0e869229266945f 100644 (file)
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -5,6 +5,20 @@ affect Exim's operation, with an unchanged configuration file.  For new
 options, and new features, see the NewStuff file next to this ChangeLog.
 
 
 options, and new features, see the NewStuff file next to this ChangeLog.
 
 

+Since version 4.92
+------------------
+
+JH/06 Fix buggy handling of autoreply bounce_return_size_limit, and a possible
+      buffer overrun for (non-chunking) other transports.
+
+JH/07 GnuTLS: Our use of late (post-handshake) certificate verification, under
+      TLS1.3, means that a server rejecting a client certificate is not visible
+      to the client until the first read of encrypted data (typically the
+      response to EHLO).  Add detection for that case and treat it as a failed
+      TLS connection attempt, so that the normal retry-in-clear can work (if
+      suitably configured).
+
+

 Exim version 4.92
 -----------------
 
 Exim version 4.92
 -----------------
 


@@ -191,6 +205,9 @@ JH/41 Fix the loop reading a message header line to check for integer overflow,
       and more-often against header_maxsize.  Previously a crafted message could
       induce a crash of the recive process; now the message is cleanly rejected.
 
       and more-often against header_maxsize.  Previously a crafted message could
       induce a crash of the recive process; now the message is cleanly rejected.
 

+JH/42 Bug 2366: Fix the behaviour of the dkim_verify_signers option.  It had
+      been totally disabled for all of 4.91.  Discovery and fix by "Mad Alex".
+

 
 Exim version 4.91
 -----------------
 
 Exim version 4.91
 -----------------