+ Changes between 1.0.1 and 1.1.0 [xx XXX xxxx]
+
+ *) If a candidate issuer certificate is already part of the constructed
+ path ignore it: new debug notification X509_V_ERR_PATH_LOOP for this case.
+ [Steve Henson]
+
+ *) Improve forward-security support: add functions
+
+ void SSL_CTX_set_not_resumable_session_callback(SSL_CTX *ctx, int (*cb)(SSL *ssl, int is_forward_secure))
+ void SSL_set_not_resumable_session_callback(SSL *ssl, int (*cb)(SSL *ssl, int is_forward_secure))
+
+ for use by SSL/TLS servers; the callback function will be called whenever a
+ new session is created, and gets to decide whether the session may be
+ cached to make it resumable (return 0) or not (return 1). (As by the
+ SSL/TLS protocol specifications, the session_id sent by the server will be
+ empty to indicate that the session is not resumable; also, the server will
+ not generate RFC 4507 (RFC 5077) session tickets.)
+
+ A simple reasonable callback implementation is to return is_forward_secure.
+ This parameter will be set to 1 or 0 depending on the ciphersuite selected
+ by the SSL/TLS server library, indicating whether it can provide forward
+ security.
+ [Emilia Käsper <emilia.kasper@esat.kuleuven.be> (Google)]
+
+ *) Add Next Protocol Negotiation,
+ http://tools.ietf.org/html/draft-agl-tls-nextprotoneg-00. Can be
+ disabled with a no-npn flag to config or Configure. Code donated
+ by Google.
+ [Adam Langley <agl@google.com> and Ben Laurie]
+
+ *) Use type ossl_ssize_t instad of ssize_t which isn't available on
+ all platforms. Move ssize_t definition from e_os.h to the public
+ header file e_os2.h as it now appears in public header file cms.h
+ [Steve Henson]
+
+ *) New function OPENSSL_gmtime_diff to find the difference in days
+ and seconds between two tm structures. This will be used to provide
+ additional functionality for ASN1_TIME.
+ [Steve Henson]
+
+ *) New -sigopt option to the ca, req and x509 utilities. Additional
+ signature parameters can be passed using this option and in
+ particular PSS.
+ [Steve Henson]
+
+ *) Add RSA PSS signing function. This will generate and set the
+ appropriate AlgorithmIdentifiers for PSS based on those in the
+ corresponding EVP_MD_CTX structure. No application support yet.
+ [Steve Henson]
+
+ *) Support for companion algorithm specific ASN1 signing routines.
+ New function ASN1_item_sign_ctx() signs a pre-initialised
+ EVP_MD_CTX structure and sets AlgorithmIdentifiers based on
+ the appropriate parameters.
+ [Steve Henson]
+
+ *) Add new algorithm specific ASN1 verification initialisation function
+ to EVP_PKEY_ASN1_METHOD: this is not in EVP_PKEY_METHOD since the ASN1
+ handling will be the same no matter what EVP_PKEY_METHOD is used.
+ Add a PSS handler to support verification of PSS signatures: checked
+ against a number of sample certificates.
+ [Steve Henson]
+
+ *) Add signature printing for PSS. Add PSS OIDs.
+ [Steve Henson, Martin Kaiser <lists@kaiser.cx>]
+
+ *) Add algorithm specific signature printing. An individual ASN1 method
+ can now print out signatures instead of the standard hex dump.
+
+ More complex signatures (e.g. PSS) can print out more meaningful
+ information. Include DSA version that prints out the signature
+ parameters r, s.
+ [Steve Henson]
+
+ *) Add -trusted_first option which attempts to find certificates in the
+ trusted store even if an untrusted chain is also supplied.
+ [Steve Henson]
+
+ *) Initial experimental support for explicitly trusted non-root CAs.
+ OpenSSL still tries to build a complete chain to a root but if an
+ intermediate CA has a trust setting included that is used. The first
+ setting is used: whether to trust or reject.
+ [Steve Henson]
+
+ *) New -verify_name option in command line utilities to set verification
+ parameters by name.
+ [Steve Henson]
+
+ *) Initial CMAC implementation. WARNING: EXPERIMENTAL, API MAY CHANGE.
+ Add CMAC pkey methods.
+ [Steve Henson]
+
+ *) Experiemental regnegotiation in s_server -www mode. If the client
+ browses /reneg connection is renegotiated. If /renegcert it is
+ renegotiated requesting a certificate.
+ [Steve Henson]
+
+ *) Add an "external" session cache for debugging purposes to s_server. This
+ should help trace issues which normally are only apparent in deployed
+ multi-process servers.
+ [Steve Henson]
+
+ *) Experiemental password based recipient info support for CMS library:
+ implementing RFC3211.
+ [Steve Henson]
+
+ *) Split password based encryption into PBES2 and PBKDF2 functions. This
+ neatly separates the code into cipher and PBE sections and is required
+ for some algorithms that split PBES2 into separate pieces (such as
+ password based CMS).
+ [Steve Henson]
+
+ *) Extensive audit of libcrypto with DEBUG_UNUSED. Fix many cases where
+ return value is ignored. NB. The functions RAND_add(), RAND_seed(),
+ BIO_set_cipher() and some obscure PEM functions were changed so they
+ can now return an error. The RAND changes required a change to the
+ RAND_METHOD structure.
+ [Steve Henson]
+
+ *) New macro __owur for "OpenSSL Warn Unused Result". This makes use of
+ a gcc attribute to warn if the result of a function is ignored. This
+ is enable if DEBUG_UNUSED is set. Add to several functions in evp.h
+ whose return value is often ignored.
+ [Steve Henson]
+
+ Changes between 1.0.0c and 1.0.1 [xx XXX xxxx]
+
+ *) Add functions to copy EVP_PKEY_METHOD and retrieve flags and id.
+ [Steve Henson]
+
+ *) Add EC_GFp_nistp224_method(), a 64-bit optimized implementation for
+ elliptic curve NIST-P224 with constant-time single point multiplication on
+ typical inputs. EC_GROUP_new_by_curve_name() will automatically use this
+ (while EC_GROUP_new_curve_GFp() currently won't and prefers the more
+ flexible implementations).
+
+ The implementation requires support for the nonstandard type __uint128_t,
+ and so is disabled by default. To include this in your build of OpenSSL,
+ use -DEC_NISTP224_64_GCC_128 on the Configure (or config) command line,
+ and run "make depend" (or "make update").
+ [Emilia Käsper <emilia.kasper@esat.kuleuven.be> (Google)]
+
+ *) Permit abbreviated handshakes when renegotiating using the function
+ SSL_renegotiate_abbreviated().
+ [Robin Seggelmann <seggelmann@fh-muenster.de>]
+
+ *) Add call to ENGINE_register_all_complete() to
+ ENGINE_load_builtin_engines(), so some implementations get used
+ automatically instead of needing explicit application support.
+ [Steve Henson]
+
+ *) Add support for TLS key exporter as described in RFC5705.
+ [Robin Seggelmann <seggelmann@fh-muenster.de>, Steve Henson]
+
+ *) Initial TLSv1.1 support. Since TLSv1.1 is very similar to TLS v1.0 only
+ a few changes are required:
+
+ Add SSL_OP_NO_TLSv1_1 flag.
+ Add TLSv1_1 methods.
+ Update version checking logic to handle version 1.1.
+ Add explicit IV handling (ported from DTLS code).
+ Add command line options to s_client/s_server.
+ [Steve Henson]
+
+ Changes between 1.0.0c and 1.0.0d [xx XXX xxxx]
+
+ *) Fix bug in string printing code: if *any* escaping is enabled we must
+ escape the escape character (backslash) or the resulting string is
+ ambiguous.
+ [Steve Henson]
+
+ Changes between 1.0.0b and 1.0.0c [2 Dec 2010]
+
+ *) Fixed J-PAKE implementation error, originally discovered by
+ Sebastien Martini, further info and confirmation from Stefan
+ Arentz and Feng Hao. Note that this fix is a security fix. CVE-2010-4252
+ [Ben Laurie]
+
+ Changes between 1.0.0a and 1.0.0b [16 Nov 2010]
+
+ *) Fix extension code to avoid race conditions which can result in a buffer
+ overrun vulnerability: resumed sessions must not be modified as they can
+ be shared by multiple threads. CVE-2010-3864
+
+ *) Fix WIN32 build system to correctly link an ENGINE directory into
+ a DLL.
+ [Steve Henson]
+
+ Changes between 1.0.0 and 1.0.0a [01 Jun 2010]
+
+ *) Check return value of int_rsa_verify in pkey_rsa_verifyrecover
+ (CVE-2010-1633)
+ [Steve Henson, Peter-Michael Hager <hager@dortmund.net>]
+
+ Changes between 0.9.8n and 1.0.0 [29 Mar 2010]
+
+ *) Add "missing" function EVP_CIPHER_CTX_copy(). This copies a cipher
+ context. The operation can be customised via the ctrl mechanism in
+ case ENGINEs want to include additional functionality.
+ [Steve Henson]
+
+ *) Tolerate yet another broken PKCS#8 key format: private key value negative.
+ [Steve Henson]
+
+ *) Add new -subject_hash_old and -issuer_hash_old options to x509 utility to
+ output hashes compatible with older versions of OpenSSL.
+ [Willy Weisz <weisz@vcpc.univie.ac.at>]
+
+ *) Fix compression algorithm handling: if resuming a session use the
+ compression algorithm of the resumed session instead of determining
+ it from client hello again. Don't allow server to change algorithm.
+ [Steve Henson]
+
+ *) Add load_crls() function to apps tidying load_certs() too. Add option
+ to verify utility to allow additional CRLs to be included.
+ [Steve Henson]
+
+ *) Update OCSP request code to permit adding custom headers to the request:
+ some responders need this.
+ [Steve Henson]
+
+ *) The function EVP_PKEY_sign() returns <=0 on error: check return code
+ correctly.
+ [Julia Lawall <julia@diku.dk>]