*) applies to 0.9.6a/0.9.6b/0.9.6c and 0.9.7
+) applies to 0.9.7 only
+ +) Add EVP test program.
+ [Ben Laurie]
+
+ +) Add symmetric cipher support to ENGINE. Expect the API to change!
+ [Ben Laurie]
+
+ +) New CRL functions: X509_CRL_set_version(), X509_CRL_set_issuer_name()
+ X509_CRL_set_lastUpdate(), X509_CRL_set_nextUpdate(), X509_CRL_sort(),
+ X509_REVOKED_set_serialNumber(), and X509_REVOKED_set_revocationDate().
+ These allow a CRL to be built without having to access X509_CRL fields
+ directly. Modify 'ca' application to use new functions.
+ [Steve Henson]
+
+ *) Fix buggy behaviour of BIO_get_num_renegotiates() and BIO_ctrl()
+ for BIO_C_GET_WRITE_BUF_SIZE ("Stephen Hinton" <shinton@netopia.com>).
+ [Lutz Jaenicke]
+
+ *) Rework the configuration and shared library support for Tru64 Unix.
+ The configuration part makes use of modern compiler features and
+ still retains old compiler behavior for those that run older versions
+ of the OS. The shared library support part includes a variant that
+ uses the RPATH feature, and is available through the speciel
+ configuration target "alpha-cc-rpath", which will never be selected
+ automatically.
+ [Tim Mooney <mooney@dogbert.cc.ndsu.NoDak.edu> via Richard Levitte]
+
+ *) In ssl3_get_key_exchange (ssl/s3_clnt.c), call ssl3_get_message()
+ with the same message size as in ssl3_get_certificate_request().
+ Otherwise, if no ServerKeyExchange message occurs, CertificateRequest
+ messages might inadvertently be reject as too long.
+ [Petr Lampa <lampa@fee.vutbr.cz>]
+
+ +) Move SSL_OP_TLS_ROLLBACK_BUG out of the SSL_OP_ALL list of recommended
+ bug workarounds. Rollback attack detection is a security feature.
+ The problem will only arise on OpenSSL servers when TLSv1 is not
+ available (sslv3_server_method() or SSL_OP_NO_TLSv1).
+ Software authors not wanting to support TLSv1 will have special reasons
+ for their choice and can explicitly enable this option.
+ [Bodo Moeller, Lutz Jaenicke]
+
+ +) Rationalise EVP so it can be extended: don't include a union of
+ cipher/digest structures, add init/cleanup functions. This also reduces
+ the number of header dependencies.
+ [Ben Laurie]
+
+ +) Make DES key schedule conform to the usual scheme, as well as
+ correcting its structure. This means that calls to DES functions
+ now have to pass a pointer to a des_key_schedule instead of a
+ plain des_key_schedule (which was actually always a pointer
+ anyway).
+ [Ben Laurie]
+
+ +) Enhanced support for IA-64 Unix platforms (well, Linux and HP-UX).
+ [Andy Polyakov]
+
+ *) Modified SSL library such that the verify_callback that has been set
+ specificly for an SSL object with SSL_set_verify() is actually being
+ used. Before the change, a verify_callback set with this function was
+ ignored and the verify_callback() set in the SSL_CTX at the time of
+ the call was used. New function X509_STORE_CTX_set_verify_cb() introduced
+ to allow the necessary settings.
+ [Lutz Jaenicke]
+
+ +) Initial reduction of linker bloat: the use of some functions, such as
+ PEM causes large amounts of unused functions to be linked in due to
+ poor organisation. For example pem_all.c contains every PEM function
+ which has a knock on effect of linking in large amounts of (unused)
+ ASN1 code. Grouping together similar functions and splitting unrelated
+ functions prevents this.
+ [Steve Henson]
+
+ *) Initialize static variable in crypto/dsa/dsa_lib.c and crypto/dh/dh_lib.c
+ explicitely to NULL, as at least on Solaris 8 this seems not always to be
+ done automatically (in contradiction to the requirements of the C
+ standard). This made problems when used from OpenSSH.
+ [Lutz Jaenicke]
+
+ *) In OpenSSL 0.9.6a and 0.9.6b, crypto/dh/dh_key.c ignored
+ dh->length and always used
+
+ BN_rand_range(priv_key, dh->p).
+
+ BN_rand_range() is not necessary for Diffie-Hellman, and this
+ specific range makes Diffie-Hellman unnecessarily inefficient if
+ dh->length (recommended exponent length) is much smaller than the
+ length of dh->p. We could use BN_rand_range() if the order of
+ the subgroup was stored in the DH structure, but we only have
+ dh->length.
+
+ So switch back to
+
+ BN_rand(priv_key, l, ...)
+
+ where 'l' is dh->length if this is defined, or BN_num_bits(dh->p)-1
+ otherwise.
+ [Bodo Moeller]
+
*) In
RSA_eay_public_encrypt
the clients preferred ciphersuites and rather use its own preferences.
Should help to work around M$ SGC (Server Gated Cryptography) bug in
Internet Explorer by ensuring unchanged hash method during stepup.
+ (Also replaces the broken/deactivated SSL_OP_NON_EXPORT_FIRST option.)
[Lutz Jaenicke]
+) Make mkdef.pl recognise all DECLARE_ASN1 macros, change rijndael
default is static libraries only, and the OpenSSL programs
are always statically linked for now, but there are
preparations for dynamic linking in place.
- This has been tested on Linux and True64.
+ This has been tested on Linux and Tru64.
[Richard Levitte]
*) Randomness polling function for Win9x, as described in: