Allow client certificate lists > 16kB ("Douglas E. Engert" <deengert@anl.gov>.)

[openssl.git] / CHANGES

diff --git a/CHANGES b/CHANGES
index a7c43b96f41480f950a7e5dcee43627d40c549be..4d560e66ddf901121dbb30dc02c64cdaa83f5a10 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -12,6 +12,32 @@
          *) applies to 0.9.6a/0.9.6b/0.9.6c and 0.9.7
          +) applies to 0.9.7 only
 
+  *) s3_srvr.c: allow sending of large client certificate lists (> 16 kB).
+     This function was broken, as the check for a new client hello message
+     to handle SGC did not allow these large messages.
+     (Tracked down by "Douglas E. Engert" <deengert@anl.gov>.)
+     [Lutz Jaenicke]
+
+  *) Add alert descriptions for TLSv1 to SSL_alert_desc_string[_long]().
+     [Lutz Jaenicke]
+
+  +) Add EVP test program.
+     [Ben Laurie]
+
+  +) Add symmetric cipher support to ENGINE. Expect the API to change!
+     [Ben Laurie]
+
+  +) New CRL functions: X509_CRL_set_version(), X509_CRL_set_issuer_name()
+     X509_CRL_set_lastUpdate(), X509_CRL_set_nextUpdate(), X509_CRL_sort(),
+     X509_REVOKED_set_serialNumber(), and X509_REVOKED_set_revocationDate().
+     These allow a CRL to be built without having to access X509_CRL fields
+     directly. Modify 'ca' application to use new functions.
+     [Steve Henson]
+
+  *) Fix buggy behaviour of BIO_get_num_renegotiates() and BIO_ctrl()
+     for BIO_C_GET_WRITE_BUF_SIZE ("Stephen Hinton" <shinton@netopia.com>).
+     [Lutz Jaenicke]
+
   *) Rework the configuration and shared library support for Tru64 Unix.
      The configuration part makes use of modern compiler features and
      still retains old compiler behavior for those that run older versions