github wolfSSL/wolfssl v4.8.1-stable
wolfSSL Release 4.8.1 (July 16, 2021)
on GitHub

latest releases: WCv6.0.0-RC2, WCv6.0.0-RC1, v5.2.1-stable-OS_Seed-HdrOnly...
3 years ago

wolfSSL Release 4.8.1 (July 16, 2021)

Release 4.8.1 of wolfSSL embedded TLS has an OCSP vulnerability fix:

Vulnerabilities

  • [High] OCSP verification issue when response is for a certificate with no relation to the chain in question BUT that response contains the NoCheck extension which effectively disables ALL verification of that one cert. Users who should upgrade to 4.8.1 are TLS client users doing OCSP, TLS server users doing mutual auth with OCSP, and CertManager users doing OCSP independent of TLS. Thanks to Jan Nauber, Marco Smeets, Werner Rueschenbaum and Alissa Kim of Volkswagen Infotainment for the report.
Check out latest releases or
releases around wolfSSL/wolfssl v4.8.1-stable

Don't miss a new wolfssl release

NewReleases is sending notifications on new releases.

Get notifications