Merge pull request #10092 from davidhorstmann-arm/add-missing-credit-3.6

[3.6] Add missing credit for `set_hostname` issue
2026-05-09 11:14:26 +02:00 · 2025-03-27 09:11:21 +00:00
parent a1dd7fa1f2 70807520ec
commit 3623414113
1 changed files with 1 additions and 0 deletions
--- a/1
+++ b/1
@@ -35,6 +35,7 @@ Security
     The library will now prevent the handshake and return
     MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
     if mbedtls_ssl_set_hostname() has not been called.
+     Reported by Daniel Stenberg.
     CVE-2025-27809
   * Zeroize a temporary heap buffer used in psa_key_derivation_output_key()
     when deriving an ECC key pair.