Add missing credit for set_hostname issue

Correctly credit Daniel Stenberg for reporting the problem with mbedtls_ssl_set_hostname(). Signed-off-by: David Horstmann <david.horstmann@arm.com>
2026-05-05 01:23:39 +02:00 · 2025-03-25 14:01:40 +00:00
parent 0c0f5f200f
commit 70807520ec
1 changed files with 1 additions and 0 deletions
--- a/1
+++ b/1
@@ -35,6 +35,7 @@ Security
     The library will now prevent the handshake and return
     MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
     if mbedtls_ssl_set_hostname() has not been called.
+     Reported by Daniel Stenberg.
     CVE-2025-27809
   * Zeroize a temporary heap buffer used in psa_key_derivation_output_key()
     when deriving an ECC key pair.