Initial support for delta CRLs. If "use deltas" flag is set attempt to find

[openssl.git] / CHANGES

diff --git a/CHANGES b/CHANGES
index 15ad43999041ec60a1aa6a125eb3890218f30830..f7427dd0ea3d4236effaf1d5e00e2e93d3c5aebc 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -4,10 +4,33 @@
 
  Changes between 0.9.8i and 0.9.9  [xx XXX xxxx]
 
+  *) Delta CRL support. New use deltas option which will attempt to locate
+     and search any appropriate delta CRLs available.
+
+     This work was sponsored by Google.
+     [Steve Henson]
+
+  *) Support for CRLs partitioned by reason code. Reorganise CRL processing
+     code and add additional score elements. Validate alternate CRL paths
+     as part of the CRL checking and indicate a new error "CRL path validation
+     error" in this case. Applications wanting additional details can use
+     the verify callback and check the new "parent" field. If this is not
+     NULL CRL path validation is taking place. Existing applications wont
+     see this because it requires extended CRL support which is off by
+     default.
+
+     This work was sponsored by Google.
+     [Steve Henson]
+
+  *) Support for freshest CRL extension.
+
+     This work was sponsored by Google.
+     [Steve Henson]
+
   *) Initial indirect CRL support. Currently only supported in the CRLs
      passed directly and not via lookup. Process certificate issuer
      CRL entry extension and lookup CRL entries by bother issuer name
-     and serial number. Check and proces CRL issuer entry in IDP extension.
+     and serial number. Check and process CRL issuer entry in IDP extension.
 
      This work was sponsored by Google.
      [Steve Henson]