Changes between 0.9.4 and 0.9.5 [xx XXX 1999]
+ *) Merge the functionality of "dh" and "gendh" programs into a new program
+ "dhparam". The old programs are retained for now but will handle DH keys
+ (instead of parameters) in future.
+ [Steve Henson]
+
+ *) Apply Lutz Jaenicke's 56bit cipher patch. This should fix the problems
+ with cipher ordering and the new EXPORT1024 ciphers. Only two minor
+ changes have been made, the error reason codes have been altered and the
+ @STRENGTH sorting behaviour changed so eNULL ciphers are also sorted
+ (if present).
+
+ One other addition: the "ciphers" program didn't check the return code
+ of SSL_CTX_set_cipher_list().
+ [Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE> modified by Steve Henson]
+
+ *) Minor change to 'x509' utility. The -CAcreateserial option now uses 1
+ for the first serial number and places 2 in the serial number file. This
+ avoids problems when the root CA is created with serial number zero and
+ the first user certificate has the same issuer name and serial number
+ as the root CA.
+ [Steve Henson]
+
*) Fixes to X509_ATTRIBUTE utilities, change the 'req' program so it uses
the new code. Add documentation for this stuff.
[Steve Henson]
(1 = ok, 0 = not seeded). Also an error is recorded on the thread's
error queue. New function RAND_pseudo_bytes() generates output that is
guaranteed to be unique but not unpredictable.
- (TO DO: always check the result of RAND_bytes when it is used in the
- library, or use RAND_pseudo_bytes instead, because leaving the
- error in the error queue but reporting success in a function that
- uses RAND_bytes could confuse things considerably.)
[Ulf Möller]
*) Do more iterations of Rabin-Miller probable prime test (specifically,