From d95313eb794f13bf43af3f0cbcc31491a5091fd2 Mon Sep 17 00:00:00 2001
From: Jeremy Harris <jgh146exb@wizmail.org>
Date: Thu, 7 Apr 2022 21:16:48 +0100
Subject: Openssl client: ocsp stapling on resumed seesion

---
 doc/doc-txt/ChangeLog | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'doc/doc-txt/ChangeLog')

diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 3b1aa2664..239731436 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -121,6 +121,11 @@ JH/27 Support the PIPECONNECT facility in the smtp transport when the helo_data
       Previously any use of the local address in the EHLO name disabled
       PIPECONNECT, the common case being to use the rDNS of it.
 
+JH/28 OpenSSL: fix transport-required OCSP stapling verification under session
+      resumption. Previously verify failed because no certificate status is
+      passed on the wire for the restarted session. Fix by using the recorded
+      ocsp status of the stored session for the new connection.
+
 
 Exim version 4.95
 -----------------
-- 
cgit v1.2.3