Constify code about X509_VERIFY_PARAM

[openssl.git] / CHANGES

diff --git a/CHANGES b/CHANGES
index fb4e7a53db8428183f0ac836d0884cdfe7177899..38b025a599bab180a208d8acb8e585d972ae411f 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -2,10 +2,28 @@
  OpenSSL CHANGES
  _______________
 
- Changes between 1.0.2h and 1.1.0  [xx XXX xxxx]
+ Changes between 1.1.0 and 1.1.1 [xx XXX xxxx]
 
-  *) Because of the SWEET32 attack, 3DES cipher suites have been disabled by
-     default like RC4.  See the RC4 item below to re-enable both.
+  *)
+
+  *) 'openssl passwd' can now produce SHA256 and SHA512 based output,
+     using the algorithm defined in
+     https://www.akkadia.org/drepper/SHA-crypt.txt
+     [Richard Levitte]
+
+ Changes between 1.0.2h and 1.1.0  [25 Aug 2016]
+
+  *) Windows command-line tool supports UTF-8 opt-in option for arguments
+     and console input. Setting OPENSSL_WIN32_UTF8 environment variable
+     (to any value) allows Windows user to access PKCS#12 file generated
+     with Windows CryptoAPI and protected with non-ASCII password, as well
+     as files generated under UTF-8 locale on Linux also protected with
+     non-ASCII password.
+     [Andy Polyakov]
+
+  *) To mitigate the SWEET32 attack (CVE-2016-2183), 3DES cipher suites
+     have been disabled by default and removed from DEFAULT, just like RC4.
+     See the RC4 item below to re-enable both.
      [Rich Salz]
 
   *) The method for finding the storage location for the Windows RAND seed file
@@ -865,10 +883,6 @@
      combination: call this in fips_test_suite.
      [Steve Henson]
 
-  *) Add support for Dual EC DRBG from SP800-90. Update DRBG algorithm test
-     and POST to handle Dual EC cases.
-     [Steve Henson]
-
   *) Add support for canonical generation of DSA parameter 'g'. See 
      FIPS 186-3 A.2.3.