Changes between 1.0.x and 1.1.0 [xx XXX xxxx]
+ *) Extend CMS code to support RSA-PSS signatures and RSA-OAEP for
+ enveloped data.
+ [Steve Henson]
+
+ *) Extended RSA OAEP support via EVP_PKEY API. Options to specify digest,
+ MGF1 digest and OAEP label.
+ [Steve Henson]
+
+ *) Add callbacks for arbitrary TLS extensions.
+ [Trevor Perrin <trevp@trevp.net> and Ben Laurie]
+
+ *) Support for DTLS 1.2. This adds two sets of DTLS methods: DTLS_*_method()
+ supports both DTLS 1.2 and 1.0 and should use whatever version the peer
+ supports and DTLSv1_2_*_method() which supports DTLS 1.2 only.
+ [Steve Henson]
+
+ *) Make openssl verify return errors.
+ [Chris Palmer <palmer@google.com> and Ben Laurie]
+
+ *) Fix OCSP checking.
+ [Rob Stradling <rob.stradling@comodo.com> and Ben Laurie]
+
*) New option -crl_download in several openssl utilities to download CRLs
from CRLDP extension in certificates.
[Steve Henson]
[Steve Henson]
*) New functions to check a hostname email or IP address against a
- certificate. Add options to s_client, s_server and x509 utilities
- to print results of checks against a certificate.
+ certificate. Add options x509 utility to print results of checks against
+ a certificate.
[Steve Henson]
*) Add -rev test option to s_server to just reverse order of characters