*) applies to 0.9.6a/0.9.6b/0.9.6c and 0.9.7
+) applies to 0.9.7 only
+ +) Rationalise EVP so it can be extended: don't include a union of
+ cipher/digest structures, add init/cleanup functions. This also reduces
+ the number of header dependencies.
+ [Ben Laurie]
+
+ +) Make DES key schedule conform to the usual scheme, as well as correcting
+ its structure.
+ [Ben Laurie]
+
+ +) Enhanced support for IA-64 Unix platforms (well, Linux and HP-UX).
+ [Andy Polyakov]
+
+ *) Modified SSL library such that the verify_callback that has been set
+ specificly for an SSL object with SSL_set_verify() is actually being
+ used. Before the change, a verify_callback set with this function was
+ ignored and the verify_callback() set in the SSL_CTX at the time of
+ the call was used. New function X509_STORE_CTX_set_verify_cb() introduced
+ to allow the necessary settings.
+ [Lutz Jaenicke]
+
+) Initial reduction of linker bloat: the use of some functions, such as
PEM causes large amounts of unused functions to be linked in due to
poor organisation. For example pem_all.c contains every PEM function
functions prevents this.
[Steve Henson]
- *) Initialize static variable in crypto/dsa/dsa_lib.c explicitely to
- NULL, as at least on Solaris 8 this seems not to be done automatically
- (in contradiction to the requirements of the C standard).
- This made problems when used from OpenSSH.
+ *) Initialize static variable in crypto/dsa/dsa_lib.c and crypto/dh/dh_lib.c
+ explicitely to NULL, as at least on Solaris 8 this seems not always to be
+ done automatically (in contradiction to the requirements of the C
+ standard). This made problems when used from OpenSSH.
[Lutz Jaenicke]
- *) In crypto/dh/dh_key.c, change generate_key() (the default
- implementation of DH_generate_key()) so that a new key is
- generated each time DH_generate_key() is used on a DH object.
-
- Previously, DH_generate_key() did not change existing keys
- -- but ssl/s3_srvr.c always expected it to do so (in effect,
- SSL_OP_SINGLE_DH_USE was ignored in servers reusing the same SSL
- object for multiple connections; however, each new SSL object
- created from an SSL_CTX got its own key).
- [Bodo Moeller]
-
*) In OpenSSL 0.9.6a and 0.9.6b, crypto/dh/dh_key.c ignored
dh->length and always used