### Major changes between OpenSSL 3.0 and OpenSSL 3.1 [under development]
- *
+ * Subject or issuer names in X.509 objects are now displayed as UTF-8 strings
+ by default.
OpenSSL 3.0
-----------
-### Major changes between OpenSSL 1.1.1 and OpenSSL 3.0 [under development]
+### Major changes between OpenSSL 3.0.0 and OpenSSL 3.0.1
+ * Fixed invalid handling of X509_verify_cert() internal errors in libssl
+ ([CVE-2021-4044])
+ * Allow fetching an operation from the provider that owns an unexportable key
+ as a fallback if that is still allowed by the property query.
+
+### Major changes between OpenSSL 1.1.1 and OpenSSL 3.0.0
* Enhanced 'openssl list' with many new options.
- * Added migration guide to man7
- * Implemented support for fully "pluggable" TLSv1.3 groups
- * Added suport for Kernel TLS (KTLS)
+ * Added migration guide to man7.
+ * Implemented support for fully "pluggable" TLSv1.3 groups.
+ * Added suport for Kernel TLS (KTLS).
* Changed the license to the Apache License v2.0.
* Moved all variations of the EVP ciphers CAST5, BF, IDEA, SEED, RC2,
RC4, RC5, and DES to the legacy provider.
* Remove the `RAND_DRBG` API.
* Deprecated the `ENGINE` API.
* Added `OSSL_LIB_CTX`, a libcrypto library context.
+ * Added various `_ex` functions to the OpenSSL API that support using
+ a non-default `OSSL_LIB_CTX`.
* Interactive mode is removed from the 'openssl' program.
* The X25519, X448, Ed25519, Ed448, SHAKE128 and SHAKE256 algorithms are
included in the FIPS provider.
* All of the low-level DH, DSA, ECDH, ECDSA and RSA public key functions
have been deprecated.
* SSL 3, TLS 1.0, TLS 1.1, and DTLS 1.0 only work at security level 0.
+ * Added providers, a new pluggability concept that will replace the
+ ENGINE API and ENGINE implementations.
OpenSSL 1.1.1
-------------
projects / openssl.git / blobdiff