Support verify_depth from the SSL API without need for user-defined

[openssl.git] / CHANGES

diff --git a/CHANGES b/CHANGES
index 574940416c0b4662919e0ca5c2ee71937c088d7c..34908a34873f6855ffc9464bbd5be47dcd5b7d4f 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -5,6 +5,21 @@
 
  Changes between 0.9.2b and 0.9.3
 
+  *) Support verify_depth from the SSL API.
+     x509_vfy.c had what can be considered an off-by-one-error:
+     Its depth (which was not part of the external interface)
+     was actually counting the number of certificates in a chain;
+     now it really counts the depth.
+     [Bodo Moeller]
+
+  *) New function SSL_CTX_set_session_id_context that allows to set a default
+     value (so that you don't need SSL_set_session_id_context for each
+     connection using the SSL_CTX).
+     [Bodo Moeller]
+
+  *) OAEP decoding bug fix.
+     [Ulf Möller]
+
   *) Support INSTALL_PREFIX for package builders, as proposed by
      David Harris.
      [Bodo Moeller]