Changes between 1.0.1 and 1.1.0 [xx XXX xxxx]
+ *) If a candidate issuer certificate is already part of the constructed
+ path ignore it: new debug notification X509_V_ERR_PATH_LOOP for this case.
+ [Steve Henson]
+
*) Improve forward-security support: add functions
void SSL_CTX_set_not_resumable_session_callback(SSL_CTX *ctx, int (*cb)(SSL *ssl, int is_forward_secure))
whose return value is often ignored.
[Steve Henson]
- Changes between 1.0.0b and 1.0.1 [xx XXX xxxx]
+ Changes between 1.0.0c and 1.0.1 [xx XXX xxxx]
+
+ *) Add functions to copy EVP_PKEY_METHOD and retrieve flags and id.
+ [Steve Henson]
*) Add EC_GFp_nistp224_method(), a 64-bit optimized implementation for
elliptic curve NIST-P224 with constant-time single point multiplication on
Add command line options to s_client/s_server.
[Steve Henson]
- Changes between 1.0.0a and 1.0.0b [xx XXX xxxx]
+ Changes between 1.0.0c and 1.0.0d [xx XXX xxxx]
+
+ *) Fix bug in string printing code: if *any* escaping is enabled we must
+ escape the escape character (backslash) or the resulting string is
+ ambiguous.
+ [Steve Henson]
+
+ Changes between 1.0.0b and 1.0.0c [2 Dec 2010]
+
+ *) Fixed J-PAKE implementation error, originally discovered by
+ Sebastien Martini, further info and confirmation from Stefan
+ Arentz and Feng Hao. Note that this fix is a security fix. CVE-2010-4252
+ [Ben Laurie]
+
+ Changes between 1.0.0a and 1.0.0b [16 Nov 2010]
*) Fix extension code to avoid race conditions which can result in a buffer
overrun vulnerability: resumed sessions must not be modified as they can