Hand-picked backport of #912, fixes #741

author: Jeff Forcier <jeff@bitprophet.org> 2017-06-06 17:35:49 -0700
committer: Jeff Forcier <jeff@bitprophet.org> 2017-06-06 17:35:49 -0700
commit: 86688c1b9d37dd75f99b6eefb00200a1abb4cf51 (patch)
tree: 5949d4db4e4a4f4070d52c5cc20a83f3d413b152 /sites/www/changelog.rst
parent: d6e57d34bafb65c6ce62a022d1b509f35cf82d49 (diff)
1 files changed, 10 insertions, 0 deletions
diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst
index 9aead611..e4aa5261 100644
--- a/sites/www/changelog.rst
+++ b/sites/www/changelog.rst
@@ -2,6 +2,16 @@
 Changelog
 =========
 
+* :bug:`741` (also :issue:`809`, :issue:`772`; all via :issue:`912`) Writing
+  encrypted/password-protected private key files was silently broken since 2.0
+  due to an incorrect API call; this has been fixed.
+
+  Includes a directly related fix, namely adding the ability to read
+  ``AES-256-CBC`` ciphered private keys (which is now what we tend to write out
+  as it is Cryptography's default private key cipher.)
+
+  Thanks to ``@virlos`` for the original report, Chris Harris and ``@ibuler``
+  for initial draft PRs, and ``@jhgorrell`` for the final patch.
 * :bug:`983` Move ``sha1`` above the now-arguably-broken ``md5`` in the list of
   preferred MAC algorithms, as an incremental security improvement for users
   whose target systems offer both. Credit: Pierce Lopez.
author	Jeff Forcier <jeff@bitprophet.org>	2017-06-06 17:35:49 -0700
committer	Jeff Forcier <jeff@bitprophet.org>	2017-06-06 17:35:49 -0700
commit	86688c1b9d37dd75f99b6eefb00200a1abb4cf51 (patch)
tree	5949d4db4e4a4f4070d52c5cc20a83f3d413b152 /sites/www/changelog.rst
parent	d6e57d34bafb65c6ce62a022d1b509f35cf82d49 (diff)