Changes between 0.9.8f and 0.9.9 [xx XXX xxxx]
+ *) Update ssl code to support digests other than SHA1+MD5 for handshake
+ MAC.
+
+ [Victor B. Wagner <vitus@cryptocom.ru>]
+
*) Add RFC4507 support to OpenSSL. This includes the corrections in
RFC4507bis. The encrypted ticket format is an encrypted encoded
SSL_SESSION structure, that way new session features are automatically
supported.
- If a client application caches session in an SSL_SESSION support it
- should automatically be supported because an extension includes the
- ticket in the structure. The SSL_CTX structure automatically generates
- keys for ticket protection in servers so again support should be possible
+ If a client application caches session in an SSL_SESSION structure
+ support is transparent because tickets are now stored in the encoded
+ SSL_SESSION.
+
+ The SSL_CTX structure automatically generates keys for ticket
+ protection in servers so again support should be possible
with no application modification.
If a client or server wishes to disable RFC4507 support then the option
Add a TLS extension debugging callback to allow the contents of any client
or server extensions to be examined.
+
+ This work was sponsored by Google.
[Steve Henson]
*) Final changes to avoid use of pointer pointer casts in OpenSSL.
*) Initial incomplete changes to avoid need for function casts in OpenSSL
some compilers (gcc 4.2 and later) reject their use. Safestack is
- reimplemented using inline functions: tests show that these calls are
- typically optimized away by compilers so they have no additional overhead.
- Update ASN1 to avoid use of legacy functions.
+ reimplemented. Update ASN1 to avoid use of legacy functions.
[Steve Henson]
*) Win32/64 targets are linked with Winsock2.