Add support for CRLs partitioned by reason code.

[openssl.git] / CHANGES

diff --git a/CHANGES b/CHANGES
index 15ad43999041ec60a1aa6a125eb3890218f30830..6e1bf9c0a4a220410e977e93a989bc8494f4449b 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -4,10 +4,27 @@
 
  Changes between 0.9.8i and 0.9.9  [xx XXX xxxx]
 
+  *) Support for CRLs partitioned by reason code. Reorganise CRL processing
+     code and add additional score elements. Validate alternate CRL paths
+     as part of the CRL checking and indicate a new error "CRL path validation
+     error" in this case. Applications wanting additional details can use
+     the verify callback and check the new "parent" field. If this is not
+     NULL CRL path validation is taking place. Existing applications wont
+     see this because it requires extended CRL support which is off by
+     default.
+
+     This work was sponsored by Google.
+     [Steve Henson]
+
+  *) Support for freshest CRL extension.
+
+     This work was sponsored by Google.
+     [Steve Henson]
+
   *) Initial indirect CRL support. Currently only supported in the CRLs
      passed directly and not via lookup. Process certificate issuer
      CRL entry extension and lookup CRL entries by bother issuer name
-     and serial number. Check and proces CRL issuer entry in IDP extension.
+     and serial number. Check and process CRL issuer entry in IDP extension.
 
      This work was sponsored by Google.
      [Steve Henson]