- Fix an issue which allowed a client without a cert to connect despite setting verify_mode to CERT_REQUIRED (CVE-2025-15346):
A vulnerability in the handling of verify_mode = CERT_REQUIRED in the wolfssl Python package (wolfssl-py) causes client certificate requirements to not be fully enforced. Because the WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT flag was not included, the behavior effectively matched CERT_OPTIONAL: a peer certificate was verified if presented, but connections were incorrectly authenticated when no client certificate was provided. This results in improper authentication, allowing attackers to bypass mutual TLS (mTLS) client authentication by omitting a client certificate during the TLS handshake. Thanks to Matan Radomski from Microsoft for the report. * Update wolfSSL to version 5.8.4
- Update wolfSSL to version 5.8.2
- Update wolfSSL to version 5.7.4
- SSLSocket: support version() version
- support disabling secure renegotiation
- Update wolfSSL to version 5.7.2
- Fix segfault issue with TLS v1.3
- Update expired example certs
- Update wolfSSL to version 5.6.6
- Update wolfSSL to version 5.6.0
- Update wolfSSL to version 5.5.4
- Fix TLSv1.3 support
- Disable oldtls support
- Add changelog
- Adding support for CRL and DTLS
- Fix alert history code
- Update wolfSSL to version 5.5.3
- Update to wolfSSL 5.4.0 C library
- Add GitHub Actions support and remove Travis CI support
- Update to wolfSSL 5.3.0
- Build completely refactored to be more Python-like and easier to use
- Add support for wolfSSL ctx password callback
- Raise error when wolfSSL_write() returns 0
- Update example certs to match main wolfSSL ones