Merge remote-tracking branch 'origin/pr/2526' into mbedtls-2.16

* origin/pr/2526: Update library version to 2.16.1
2026-01-07 06:59:19 +01:00 · 2019-03-26 15:27:56 +00:00 · 2019-03-26 15:27:56 +00:00 · f2357f8903
commit f2357f8903
parent cef29a2fd0 9f4f8eec93
6 changed files with 33 additions and 27 deletions
--- a/38
+++ b/38
@ -2,6 +2,28 @@ mbed TLS ChangeLog (Sorted per branch, date)

 = mbed TLS 2.x.x branch released xxxx-xx-xx

+Bugfix
+   * Server's RSA certificate in certs.c was SHA-1 signed. In the default
+     mbedTLS configuration only SHA-2 signed certificates are accepted.
+     This certificate is used in the demo server programs, which lead the
+     client programs to fail at the peer's certificate verification
+     due to an unacceptable hash signature. The certificate has been
+     updated to one that is SHA-256 signed. Fix contributed by
+     Illya Gerasymchuk.
+   * Fix private key DER output in the key_app_writer example. File contents
+     were shifted by one byte, creating an invalid ASN.1 tag. Fixed by
+     Christian Walther in #2239.
+
+Changes
+   * Return from various debugging routines immediately if the
+     provided SSL context is unset.
+   * Remove dead code from bignum.c in the default configuration.
+     Found by Coverity, reported and fixed by Peter Kolbus (Garmin). Fixes #2309.
+   * Add test for minimal value of MBEDTLS_MPI_WINDOW_SIZE to all.sh.
+     Contributed by Peter Kolbus (Garmin).
+
+= mbed TLS 2.16.1 branch released 2019-03-19
+
 Features
   * Add MBEDTLS_REMOVE_3DES_CIPHERSUITES to allow removing 3DES ciphersuites
     from the default list (enabled by default). See
@ -37,16 +59,6 @@ Bugfix
     extensions in CSRs and CRTs that caused these bitstrings to not be encoded
     correctly as trailing zeroes were not accounted for as unused bits in the
     leading content octet. Fixes #1610.
-   * Server's RSA certificate in certs.c was SHA-1 signed. In the default
-     mbedTLS configuration only SHA-2 signed certificates are accepted.
-     This certificate is used in the demo server programs, which lead the
-     client programs to fail at the peer's certificate verification
-     due to an unacceptable hash signature. The certificate has been
-     updated to one that is SHA-256 signed. Fix contributed by
-     Illya Gerasymchuk.
-   * Fix private key DER output in the key_app_writer example. File contents
-     were shifted by one byte, creating an invalid ASN.1 tag. Fixed by
-     Christian Walther in #2239.

 Changes
   * Include configuration file in all header files that use configuration,
@ -62,12 +74,6 @@ Changes
     been disabled for lack of a sufficiently recent version of GnuTLS on the CI.
   * Ciphersuites based on 3DES now have the lowest priority by default when
     they are enabled.
-   * Return from various debugging routines immediately if the
-     provided SSL context is unset.
-   * Remove dead code from bignum.c in the default configuration.
-     Found by Coverity, reported and fixed by Peter Kolbus (Garmin). Fixes #2309.
-   * Add test for minimal value of MBEDTLS_MPI_WINDOW_SIZE to all.sh.
-     Contributed by Peter Kolbus (Garmin).

 = mbed TLS 2.16.0 branch released 2018-12-21