Manualshelf

Release Notes

ManualsBrandsDell ManualsBSAFEBSAFE Micro Edition Suite
16171819202122232425
Known Issues 21
RSA BSAFE Micro Edition Suite 4.4 Release Notes
BSFMES-1591 If a certificate chain being verified contains certificates from multiple
authorities with distinct OCSP servers, only the first OCSP server
found is used. The server cannot give a definitive answer on behalf of
certification authorities for which it is not delegated to answer for,
and so cannot reject invalidated certificates.
BSFMES-1581 An application callback set by
R_CERT_STORE_set_compare_cb() is passed incompatible data
for the R_CERT_STORE_FIND parameter and can only use the
set_class, prim, sec, is_present, and flags fields of the
structure. All other fields are corrupted and should not be used by the
callback function.
BSFMES-1538 Resumption of a TLS session with the Server Name Indication (SNI)
TLS extension cannot compare its hostlist the original hostlist
because the original cached session does not contain the SNI hostlist
data. In this case, the server pursues a full negotiation.
BSFMES-1537 R_CRL_get_error() and R_CERT_get_error() return error
codes for which there are no functions available to process them. The
error codes must be decoded by the application.
BSFMES-1536 A handshake between a client and a TLS server fails if the client is
using the Certificate URL extension and does not send a client
certificate.
BSFMES-1522 The CMS signed data message version might not be correct if the
message contains attribute certificate data.
BSFMES-1521 R_CM_get_info() with R_CM_INFO_DATA does not duplicate the
internal data when the flag, R_FLAG_SHARE_NONE, is used on a
CMS signed data message.
BSFMES-1501 CMS EnvelopedData does not fully support the
OriginatorInfo field and therefore might contain the incorrect
version number for the message.
BSFMES-1494 TLS session ticket extensions (RFC 5077) are not handled correctly.
BSFMES-1454 R_SSL_set_peer_cert_chain() fails to check if the duplication
of the R_STACK structure of certificates succeeds.
BSFMES-1452 The memory allocation model for
R_TLS_EXT_client_url_get_entry() is not consistent with
the rest of the library.
BSFMES-1410 CRL processing does not check RFC 5280 compliance of the CRL
distribution point extension.
BSFMES-1402 R_OCSP_CTX_INFO_HASH_ALG only supports a restricted set of
digest algorithms.
Table 5 Known Issues (continued)
ID Description