Changes between 0.9.7 and 0.9.8 [xx XXX 2002]
+ *) Change default behaviour of 'openssl asn1parse' so that more
+ information is visible when viewing, e.g., a certificate:
+
+ Modify asn1_parse2 (crypto/asn1/asn1_par.c) so that in non-'dump'
+ mode the content of non-printable OCTET STRINGs is output in a
+ style similar to INTEGERs, but with '[HEX DUMP]' prepended to
+ avoid the appearance of a printable string.
+ [Nils Larsch <nla@trustcenter.de>]
+
*) Add 'asn1_flag' and 'asn1_form' member to EC_GROUP with access
functions
EC_GROUP_set_asn1_flag()
*) Add ECDSA in new directory crypto/ecdsa/.
- Add applications 'openssl ecdsaparam' and 'openssl ecdsa'
- (these are variants of 'openssl dsaparam' and 'openssl dsa').
+ Add applications 'openssl ecparam' and 'openssl ecdsa'
+ (these are based on 'openssl dsaparam' and 'openssl dsa').
ECDSA support is also included in various other files across the
library. Most notably,
EC_GROUP_get_nid()
[Nils Larsch <nla@trustcenter.de, Bodo Moeller]
- Changes between 0.9.6d and 0.9.7 [XX xxx 2002]
+ Changes between 0.9.6e and 0.9.7 [XX xxx 2002]
+
+ *) Add appropriate support for separate platform-dependent build
+ directories. The recommended way to make a platform-dependent
+ build directory is the following (tested on Linux), maybe with
+ some local tweaks:
+
+ # Place yourself outside of the OpenSSL source tree. In
+ # this example, the environment variable OPENSSL_SOURCE
+ # is assumed to contain the absolute OpenSSL source directory.
+ mkdir -p objtree/`uname -s`-`uname -r`-`uname -m`
+ cd objtree/`uname -s`-`uname -r`-`uname -m`
+ (cd $OPENSSL_SOURCE; find . -type f -o -type l) | while read F; do
+ mkdir -p `dirname $F`
+ ln -s $OPENSSL_SOURCE/$F $F
+ done
+
+ To be absolutely sure not to disturb the source tree, a "make clean"
+ is a good thing. If it isn't successfull, don't worry about it,
+ it probably means the source directory is very clean.
+ [Richard Levitte]
*) Make sure any ENGINE control commands make local copies of string
pointers passed to them whenever necessary. Otherwise it is possible
handle the new API. Currently only ECB, CBC modes supported. Add new
AES OIDs.
- Add TLS AES ciphersuites as described in the "AES Ciphersuites
- for TLS" draft-ietf-tls-ciphersuite-06.txt. As these are not yet
- official, they are not enabled by default and are not even part
- of the "ALL" ciphersuite alias; for now, they must be explicitly
- requested by specifying the new "AESdraft" ciphersuite alias. If
- you want the default ciphersuite list plus the new ciphersuites,
- use "DEFAULT:AESdraft:@STRENGTH".
- [Ben Laurie, Steve Henson, Bodo Moeller]
+ Add TLS AES ciphersuites as described in RFC3268, "Advanced
+ Encryption Standard (AES) Ciphersuites for Transport Layer
+ Security (TLS)". (In beta versions of OpenSSL 0.9.7, these were
+ not enabled by default and were not part of the "ALL" ciphersuite
+ alias because they were not yet official; they could be
+ explicitly requested by specifying the "AESdraft" ciphersuite
+ group alias. In the final release of OpenSSL 0.9.7, the group
+ alias is called "AES" and is part of "ALL".)
+ [Ben Laurie, Steve Henson, Bodo Moeller]
*) New function OCSP_copy_nonce() to copy nonce value (if present) from
request to response.
Changes between 0.9.6d and 0.9.6e [XX xxx XXXX]
+ *) Fix cipher selection routines: ciphers without encryption had no flags
+ for the cipher strength set and where therefore not handled correctly
+ by the selection routines (PR #130).
+ [Lutz Jaenicke]
+
*) Fix EVP_dsa_sha macro.
[Nils Larsch]