Convert casted X509_INFO stacks to type-safe STACK_OF(X509_INFO).

[openssl.git] / CHANGES

diff --git a/CHANGES b/CHANGES
index 34908a34873f6855ffc9464bbd5be47dcd5b7d4f..18cc5f0d4a92dd41d5f33a33af19bddd4a06c8af 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -5,6 +5,15 @@
 
  Changes between 0.9.2b and 0.9.3
 
+  *) Convert casted X509_INFO stacks to type-safe STACK_OF(X509_INFO).
+     [Ralf S. Engelschall]
+
+  *) New function SSL_CTX_use_certificate_chain_file that sets the
+     "extra_cert"s in addition to the certificate.  (This makes sense
+     only for "PEM" format files, as chains as a whole are not
+     DER-encoded.)
+     [Bodo Moeller]
+
   *) Support verify_depth from the SSL API.
      x509_vfy.c had what can be considered an off-by-one-error:
      Its depth (which was not part of the external interface)
@@ -12,6 +21,12 @@
      now it really counts the depth.
      [Bodo Moeller]
 
+  *) Bugfix in crypto/x509/x509_cmp.c: The SSLerr macro was used
+     instead of X509err, which often resulted in confusing error
+     messages since the error codes are not globally unique
+     (e.g. an alleged error in ssl3_accept when a certificate
+     didn't match the private key).
+
   *) New function SSL_CTX_set_session_id_context that allows to set a default
      value (so that you don't need SSL_set_session_id_context for each
      connection using the SSL_CTX).