Changes between 0.9.8a and 0.9.9 [xx XXX xxxx]
- *) Add support for TLS extensions, specifically for the HostName extension
- so far. The SSL_SESSION, SSL_CTX, and SSL data structures now have new
- members for HostName support.
+ *) Add initial support for TLS extensions, specifically for the server_name
+ extension so far. The SSL_SESSION, SSL_CTX, and SSL data structures now
+ have new members for a host name. The SSL data structure has an
+ additional member SSL_CTX *initial_ctx so that new sessions can be
+ stored in that context to allow for session resumption, even after the
+ SSL has been switched to a new SSL_CTX in reaction to a client's
+ server_name extension.
New functions (subject to change):
SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG
- SSL_CTX_set_tlsext_servername_arg()
SSL_CTRL_SET_TLSEXT_HOSTNAME - SSL_set_tlsext_hostname()
- SSL_CTRL_GET_TLSEXT_HOSTNAME [similar to SSL_get_servername()]
- SSL_CTRL_SET_TLSEXT_SERVERNAME_DONE
- - SSL_set_tlsext_servername_done()
- openssl s_client has a new '-servername' option.
+ openssl s_client has a new '-servername ...' option.
- openssl s_server has new options '-servername', '-cert2', and '-key2'
- (subject to change); this allows testing the HostName extension for a
- specific single host name ('-cert' and '-key' remain fallbacks for
- handshakes without HostName negotiation).
+ openssl s_server has new options '-servername_host ...', '-cert2 ...',
+ '-key2 ...', '-servername_fatal' (subject to change). This allows
+ testing the HostName extension for a specific single host name ('-cert'
+ and '-key' remain fallbacks for handshakes without HostName
+ negotiation). If the unrecogninzed_name alert has to be sent, this by
+ default is a warning; it becomes fatal with the '-servername_fatal'
+ option.
[Peter Sylvester, Remy Allais, Christophe Renou]
Changes between 0.9.8a and 0.9.8b [XX xxx XXXX]
+ *) Link in manifests for VC++ if needed.
+ [Austin Ziegler <halostatue@gmail.com>]
+
*) Update support for ECC-based TLS ciphersuites according to
draft-ietf-tls-ecc-12.txt with proposed changes.
[Douglas Stebila]