Changes between 1.0.0 and 1.1.0 [xx XXX xxxx]
+ *) Add Next Protocol Negotiation,
+ http://tools.ietf.org/html/draft-agl-tls-nextprotoneg-00. Can be
+ disabled with a no-npn flag to config or Configure. Code donated
+ by Google.
+ [Adam Langley <agl@google.com> and Ben Laurie]
+
+ *) Use type ossl_ssize_t instad of ssize_t which isn't available on
+ all platforms. Move ssize_t definition from e_os.h to the public
+ header file e_os2.h as it now appears in public header file cms.h
+ [Steve Henson]
+
*) New function OPENSSL_gmtime_diff to find the difference in days
and seconds between two tm structures. This will be used to provide
additional functionality for ASN1_TIME.
whose return value is often ignored.
[Steve Henson]
- Changes between 1.0.0 and 1.0.1 [xx XXX xxxx]
+ Changes between 1.0.0a and 1.0.1 [xx XXX xxxx]
+
+ *) Add call to ENGINE_register_all_complete() to
+ ENGINE_load_builtin_engines(), so some implementations get used
+ automatically instead of needing explicit application support.
+ [Steve Henson]
*) Add support for TLS key exporter as described in RFC5705.
[Robin Seggelmann <seggelmann@fh-muenster.de>, Steve Henson]
Add command line options to s_client/s_server.
[Steve Henson]
- Changes between 1.0.0 and 1.0.0a [xx XXX xxxx]
-
+ Changes between 1.0.0a and 1.0.0b [xx XXX xxxx]
+
+ *) Fix WIN32 build system to correctly link an ENGINE directory into
+ a DLL.
+ [Steve Henson]
+
+ Changes between 1.0.0 and 1.0.0a [01 Jun 2010]
+
*) Check return value of int_rsa_verify in pkey_rsa_verifyrecover
(CVE-2010-1633)
[Steve Henson, Peter-Michael Hager <hager@dortmund.net>]
- Changes between 0.9.8n and 1.0.0 [xx XXX xxxx]
+ Changes between 0.9.8n and 1.0.0 [29 Mar 2010]
*) Add "missing" function EVP_CIPHER_CTX_copy(). This copies a cipher
context. The operation can be customised via the ctrl mechanism in
*) Change 'Configure' script to enable Camellia by default.
[NTT]
- Changes between 0.9.8n and 0.9.8o [xx XXX xxxx]
+ Changes between 0.9.8n and 0.9.8o [01 Jun 2010]
+
+ [NB: OpenSSL 0.9.8o and later 0.9.8 patch levels were released after
+ OpenSSL 1.0.0.]
*) Correct a typo in the CMS ASN1 module which can result in invalid memory
access or freeing data twice (CVE-2010-0742)
SSL_library_init and not OpenSSL_add_all_algorithms() will fail.
[Steve Henson]
+ *) VMS fixes:
+ Reduce copying into .apps and .test in makevms.com
+ Don't try to use blank CA certificate in CA.com
+ Allow use of C files from original directories in maketests.com
+ [Steven M. Schweda" <sms@antinode.info>]
+
Changes between 0.9.8m and 0.9.8n [24 Mar 2010]
*) When rejecting SSL/TLS records due to an incorrect version number, never
- OpenSSL 0.9.8f if 'short' is longer than 16 bits,
the previous behavior could result in a read attempt at NULL when
receiving specific incorrect SSL/TLS records once record payload
- protection is active. (CVE-2010-####)
- [Bodo Moeller, Adam Langley]
+ protection is active. (CVE-2010-0740)
+ [Bodo Moeller, Adam Langley <agl@chromium.org>]
*) Fix for CVE-2010-0433 where some kerberos enabled versions of OpenSSL
could be crashed if the relevant tables were not present (e.g. chrooted).