Send the right CAs to the client.

[openssl.git] / CHANGES

diff --git a/CHANGES b/CHANGES
index 7ab80cf2494dda3c7394643870e774b1c1c47a81..2a8877ac3efaddd4aa5192f63957d07eb6de1f10 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -5,8 +5,42 @@
 
  Changes between 0.9.1c and 0.9.2
 
+  *) s_server should send the CAfile as acceptable CAs, not its own cert.
+     [Bodo Moeller <3moeller@informatik.uni-hamburg.de>]
+
+  *) Don't blow it for numeric -newkey arguments to apps/req.
+     [Bodo Moeller <3moeller@informatik.uni-hamburg.de>]
+
+  *) Temp key "for export" tests were wrong in s3_srvr.c.
+     [Anonymous <nobody@replay.com>]
+
+  *) Add prototype for temp key callback functions
+     SSL_CTX_set_tmp_{rsa,dh}_callback().
+     [Ben Laurie]
+
+  *) Make DH_free() tolerate being passed a NULL pointer (like RSA_free() and
+     DSA_free()). Make X509_PUBKEY_set() check for errors in d2i_PublicKey().
+     [Steve Henson]
+
+  *) X509_name_add_entry() freed the wrong thing after an error.
+     [Arne Ansper <arne@ats.cyber.ee>]
+
+  *) rsa_eay.c would attempt to free a NULL context.
+     [Arne Ansper <arne@ats.cyber.ee>]
+
+  *) BIO_s_socket() had a broken should_retry() on Windoze.
+     [Arne Ansper <arne@ats.cyber.ee>]
+
+  *) BIO_f_buffer() didn't pass on BIO_CTRL_FLUSH.
+     [Arne Ansper <arne@ats.cyber.ee>]
+
+  *) Make sure the already existing X509_STORE->depth variable is initialized
+     in X509_STORE_new(), but document the fact that this variable is still
+     unused in the certificate verification process.
+     [Ralf S. Engelschall]
+
   *) Fix the various library and apps files to free up pkeys obtained from
-     EVP_PUBKEY_get() et al. Also allow x509.c to handle netscape extensions.
+     X509_PUBKEY_get() et al. Also allow x509.c to handle netscape extensions.
      [Steve Henson]
 
   *) Fix reference counting in X509_PUBKEY_get(). This makes