Changes between 0.9.8a and 0.9.9 [xx XXX xxxx]
+ *) Add RFC 3161 compliant time stamp request creation, response generation
+ and response verification functionality.
+ [Zoltán Glózik <zglozik@opentsa.org>, The OpenTSA Project]
+
*) Add initial support for TLS extensions, specifically for the server_name
extension so far. The SSL_SESSION, SSL_CTX, and SSL data structures now
have new members for a host name. The SSL data structure has an
SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG
- SSL_CTX_set_tlsext_servername_arg()
SSL_CTRL_SET_TLSEXT_HOSTNAME - SSL_set_tlsext_hostname()
- SSL_CTRL_SET_TLSEXT_SERVERNAME_DONE
- - SSL_set_tlsext_servername_done()
- openssl s_client has a new '-servername' option.
+ openssl s_client has a new '-servername ...' option.
- openssl s_server has new options '-servername', '-cert2', and '-key2'
- (subject to change); this allows testing the HostName extension for a
- specific single host name ('-cert' and '-key' remain fallbacks for
- handshakes without HostName negotiation).
+ openssl s_server has new options '-servername_host ...', '-cert2 ...',
+ '-key2 ...', '-servername_fatal' (subject to change). This allows
+ testing the HostName extension for a specific single host name ('-cert'
+ and '-key' remain fallbacks for handshakes without HostName
+ negotiation). If the unrecogninzed_name alert has to be sent, this by
+ default is a warning; it becomes fatal with the '-servername_fatal'
+ option.
[Peter Sylvester, Remy Allais, Christophe Renou]
Changes between 0.9.8a and 0.9.8b [XX xxx XXXX]
+ *) Link in manifests for VC++ if needed.
+ [Austin Ziegler <halostatue@gmail.com>]
+
*) Update support for ECC-based TLS ciphersuites according to
draft-ietf-tls-ecc-12.txt with proposed changes.
[Douglas Stebila]