Ignore zero length constructed segments.

[openssl.git] / CHANGES

diff --git a/CHANGES b/CHANGES
index 67c92f822fee9c91b8c6d4b34bd21ddac421bd79..4ad548107254167607c5858f1ba60d5cdf0607ee 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -4,9 +4,13 @@
 
  Changes between 0.9.8a and 0.9.9  [xx XXX xxxx]
 
-  *) Add support for TLS extensions, specifically for the HostName extension
-     so far.  The SSL_SESSION, SSL_CTX, and SSL data structures now have new
-     members for HostName support.
+  *) Add initial support for TLS extensions, specifically for the server_name
+     extension so far.  The SSL_SESSION, SSL_CTX, and SSL data structures now
+     have new members for a host name.  The SSL data structure has an
+     additional member SSL_CTX *initial_ctx so that new sessions can be
+     stored in that context to allow for session resumption, even after the
+     SSL has been switched to a new SSL_CTX in reaction to a client's
+     server_name extension.
 
      New functions (subject to change):
 
@@ -21,16 +25,16 @@
          SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG
                                       - SSL_CTX_set_tlsext_servername_arg()
          SSL_CTRL_SET_TLSEXT_HOSTNAME           - SSL_set_tlsext_hostname()
-         SSL_CTRL_GET_TLSEXT_HOSTNAME     [similar to SSL_get_servername()]
-         SSL_CTRL_SET_TLSEXT_SERVERNAME_DONE
-                                         - SSL_set_tlsext_servername_done()
 
-     openssl s_client has a new '-servername' option.
+     openssl s_client has a new '-servername ...' option.
 
-     openssl s_server has new options '-servername', '-cert2', and '-key2'
-     (subject to change); this allows testing the HostName extension for a
-     specific single host name ('-cert' and '-key' remain fallbacks for
-     handshakes without HostName negotiation).
+     openssl s_server has new options '-servername_host ...', '-cert2 ...',
+     '-key2 ...', '-servername_fatal' (subject to change).  This allows
+     testing the HostName extension for a specific single host name ('-cert'
+     and '-key' remain fallbacks for handshakes without HostName
+     negotiation).  If the unrecogninzed_name alert has to be sent, this by
+     default is a warning; it becomes fatal with the '-servername_fatal'
+     option.
 
      [Peter Sylvester,  Remy Allais, Christophe Renou]
 
@@ -113,6 +117,9 @@
 
  Changes between 0.9.8a and 0.9.8b  [XX xxx XXXX]
 
+  *) Link in manifests for VC++ if needed.
+     [Austin Ziegler <halostatue@gmail.com>]
+
   *) Update support for ECC-based TLS ciphersuites according to
      draft-ietf-tls-ecc-12.txt with proposed changes.
      [Douglas Stebila]