Update of linux-ppc. Contributed by MATSUURA Takanori

[openssl.git] / CHANGES

diff --git a/CHANGES b/CHANGES
index 0325df3e82e9051335a3e5db1e487ef14c93b97b..97ba972b39e9302f8027c3f6dd55213bbdffe7aa 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -3,6 +3,30 @@
 
  Changes between 0.9.6 and 0.9.7  [xx XXX 2000]
 
+  *) New function OCSP_parse_url(). This splits up a URL into its host,
+     port and path components: primarily to parse OCSP URLs. New -url
+     option to ocsp utility.
+     [Steve Henson]
+
+  *) New nonce behavior. The return value of OCSP_check_nonce() now 
+     reflects the various checks performed. Applications can decide
+     whether to tolerate certain situations such as an absent nonce
+     in a response when one was present in a request: the ocsp application
+     just prints out a warning. New function OCSP_add1_basic_nonce()
+     this is to allow responders to include a nonce in a response even if
+     the request is nonce-less.
+     [Steve Henson]
+
+  *) Use the cached encoding of an X509_NAME structure rather than
+     copying it. This is apparently the reason for the libsafe "errors"
+     but the code is actually correct.
+     [Steve Henson]
+
+  *) Disable stdin buffering in load_cert (apps/apps.c) so that no certs are
+     skipped when using openssl x509 multiple times on a single input file,
+     e.g. "(openssl x509 -out cert1; openssl x509 -out cert2) <certs".
+     [Bodo Moeller]
+
   *) Make ASN1_UTCTIME_set_string() and ASN1_GENERALIZEDTIME_set_string()
      set string type: to handle setting ASN1_TIME structures. Fix ca
      utility to correctly initialize revocation date of CRLs.