Changes between 0.9.8j and 0.9.9 [xx XXX xxxx]
+ *) Enhance the hash format used for certificate directory links. The new
+ form uses the canonical encoding (meaning equivalent names will work
+ even if they aren't identical) and uses SHA1 instead of MD5. This form
+ is incompatible with the older format and as a result c_rehash should
+ be used to rebuild symbolic links.
+ [Steve Henson]
+
+ *) Make PKCS#8 the default write format for private keys, replacing the
+ traditional format. This form is standardised, more secure and doesn't
+ include an implicit MD5 dependency.
+ [Steve Henson]
+
+ *) Add a $gcc_devteam_warn option to Configure. The idea is that any code
+ committed to OpenSSL should pass this lot as a minimum.
+ [Steve Henson]
+
*) Add session ticket override functionality for use by EAP-FAST.
[Jouni Malinen <j@w1.fi>]
*) Change 'Configure' script to enable Camellia by default.
[NTT]
- Changes between 0.9.8i and 0.9.8j [xx XXX xxxx]
+ Changes between 0.9.8j and 0.9.8k [xx XXX xxxx]
- *) Allow the CHIL engine to be loaded, whether the application is
- multithreaded or not. (This does not release the developer from the
- obligation to set up the dynamic locking callbacks.)
- [Sander Temme <sander@temme.net>]
+ *) New -hex option for openssl rand.
+ [Matthieu Herrb]
- *) Update Configure code and WIN32 build scripts to support experimental
- code. This is surrounded by OPENSSL_EXPERIMENTAL_FOO and not compiled
- in by default. Using the configuration option "enable-experimental-foo"
- enables it. Use this option for JPAKE.
+ *) Print out UTF8String and NumericString when parsing ASN1.
[Steve Henson]
+ *) Support NumericString type for name components.
+ [Steve Henson]
+
+ *) Allow CC in the environment to override the automatically chosen
+ compiler. Note that nothing is done to ensure flags work with the
+ chosen compiler.
+ [Ben Laurie]
+
+ Changes between 0.9.8i and 0.9.8j [07 Jan 2009]
+
+ *) Properly check EVP_VerifyFinal() and similar return values
+ (CVE-2008-5077).
+ [Ben Laurie, Bodo Moeller, Google Security Team]
+
+ *) Enable TLS extensions by default.
+ [Ben Laurie]
+
+ *) Allow the CHIL engine to be loaded, whether the application is
+ multithreaded or not. (This does not release the developer from the
+ obligation to set up the dynamic locking callbacks.)
+ [Sander Temme <sander@temme.net>]
+
*) Use correct exit code if there is an error in dgst command.
[Steve Henson; problem pointed out by Roland Dirlewanger]
- *) Add JPAKE support, including demo authentication in s_client and
- s_server.
+ *) Tweak Configure so that you need to say "experimental-jpake" to enable
+ JPAKE, and need to use -DOPENSSL_EXPERIMENTAL_JPAKE in applications.
+ [Bodo Moeller]
+
+ *) Add experimental JPAKE support, including demo authentication in
+ s_client and s_server.
[Ben Laurie]
*) Set the comparison function in v3_addr_canonize().
projects / openssl.git / blobdiff