_______________
- Changes between 0.9.1c and 0.9.2
+ Changes between 0.9.1c and 0.9.2b
+
+ *) Make SSL_get_peer_cert_chain() work in servers. Unfortunately, it still
+ doesn't work when the session is reused. Coming soon!
+ [Ben Laurie]
+
+ *) Fix a security hole, that allows sessions to be reused in the wrong
+ context thus bypassing client cert protection! All software that uses
+ client certs and session caches in multiple contexts NEEDS PATCHING to
+ allow session reuse! A fuller solution is in the works.
+ [Ben Laurie, problem pointed out by Holger Reif, Bodo Moeller (and ???)]
+
+ *) Some more source tree cleanups (removed obsolete files
+ crypto/bf/asm/bf586.pl, test/test.txt and crypto/sha/asm/f.s; changed
+ permission on "config" script to be executable) and a fix for the INSTALL
+ document.
+ [Ulf Moeller <ulf@fitug.de>]
+
+ *) Remove some legacy and erroneous uses of malloc, free instead of
+ Malloc, Free.
+ [Lennart Bang <lob@netstream.se>, with minor changes by Steve]
+
+ *) Make rsa_oaep_test return non-zero on error.
+ [Ulf Moeller <ulf@fitug.de>]
+
+ *) Add support for native Solaris shared libraries. Configure
+ solaris-sparc-sc4-pic, make, then run shlib/solaris-sc4.sh. It'd be nice
+ if someone would make that last step automatic.
+ [Matthias Loepfe <Matthias.Loepfe@AdNovum.CH>]
+
+ *) ctx_size was not built with the right compiler during "make links". Fixed.
+ [Ben Laurie]
+
+ *) Change the meaning of 'ALL' in the cipher list. It now means "everything
+ except NULL ciphers". This means the default cipher list will no longer
+ enable NULL ciphers. They need to be specifically enabled e.g. with
+ the string "DEFAULT:eNULL".
+ [Steve Henson]
*) Fix to RSA private encryption routines: if p < q then it would
occasionally produce an invalid result. This will only happen with
unsigned to signed types: this was killing the Win32 compile.
[Steve Henson]
- *) Add new certificate file to stack functions, SSL_add_cert_file_to_stack()
- and SSL_add_cert_dir_to_stack(). These largely supplant
- SSL_load_client_CA_file(), and can be used to add multiple certs easily to
- a stack (usually this is then handed to SSL_CTX_set_client_CA_list()).
+ *) Add new certificate file to stack functions,
+ SSL_add_dir_cert_subjects_to_stack() and
+ SSL_add_file_cert_subjects_to_stack(). These largely supplant
+ SSL_load_client_CA_file(), and can be used to add multiple certs easily
+ to a stack (usually this is then handed to SSL_CTX_set_client_CA_list()).
This means that Apache-SSL and similar packages don't have to mess around
to add as many CAs as they want to the preferred list.
[Ben Laurie]