Changes between 0.9.7 and 0.9.8 [xx XXX 2002]
- *) Make -nameopt work fully for req and add -reqopt switch.
- [Michael Bell <michael.bell@rz.hu-berlin.de>, Steve Henson]
+ *) Let 'openssl req' fail if an argument to '-newkey' is not
+ recognized instead of using RSA as a default.
+ [Bodo Moeller]
*) Add support for ECC-based ciphersuites from draft-ietf-tls-ecc-01.txt.
As these are not official, they are not included in "ALL";
[Nils Larsch <nla@trustcenter.de>]
*) Include some named elliptic curves, and add OIDs from X9.62,
- SECG, and WAP/WTLS. The curves can be obtained from the new
+ SECG, and WAP/WTLS. Each curve can be obtained from the new
function
- EC_GROUP_new_by_nid()
+ EC_GROUP_new_by_nid(),
+ and the list of available named curves can be obtained with
+ EC_get_builtin_curves().
Also add a 'curve_name' member to EC_GROUP objects, which can be
accessed via
EC_GROUP_set_nid()
Changes between 0.9.6g and 0.9.7 [XX xxx 2002]
+ *) Make -nameopt work fully for req and add -reqopt switch.
+ [Michael Bell <michael.bell@rz.hu-berlin.de>, Steve Henson]
+
*) The "block size" for block ciphers in CFB and OFB mode should be 1.
[Steve Henson, reported by Yngve Nysaeter Pettersen <yngve@opera.com>]
Changes between 0.9.6g and 0.9.6h [xx XXX xxxx]
+ *) Don't impose a 16-byte length minimum on session IDs in ssl/s3_clnt.c
+ (the SSL 3.0 and TLS 1.0 specifications allow any length up to 32 bytes).
+ [Bodo Moeller]
+
+ *) Fix initialization code race conditions in
+ SSLv23_client_method(), SSLv23_server_method(),
+ SSLv2_client_method(), SSLv2_server_method(),
+ SSLv3_client_method(), SSLv3_server_method(),
+ TLSv1_client_method(), TLSv1_server_method().
+ [Patrick McCormick <patrick@tellme.com>, Bodo Moeller]
+
*) Reorder cleanup sequence in SSL_CTX_free(): only remove the ex_data after
the cached sessions are flushed, as the remove_cb() might use ex_data
contents. Bug found by Sam Varshavchik <mrsam@courier-mta.com>