X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=CHANGES;h=1110d9e13a654a72798abc5fe38648a8322469b7;hp=405c314c4c36da61d3348878ed5874aa3f2e77de;hb=45da1efcdb822d8ff992e13d5a1600fa62c96c6d;hpb=1dded7f7e8e9f737ef9d7e3c3ef165a78fd7fa1d

diff --git a/CHANGES b/CHANGES
index 405c314c4c..1110d9e13a 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,45 @@
 
  Changes between 1.0.1 and 1.0.2 [xx XXX xxxx]
 
+  *) Fixes and wildcard matching support to hostname and email checking
+     functions. Add manual page.
+     [Florian Weimer (Red Hat Product Security Team)]
+
+  *) New functions to check a hostname email or IP address against a
+     certificate. Add options x509 utility to print results of checks against
+     a certificate.
+     [Steve Henson]
+
+  *) Fix OCSP checking.
+     [Rob Stradling <rob.stradling@comodo.com> and Ben Laurie]
+
+  *) Backport support for partial chain verification: if an intermediate
+     certificate is explicitly trusted (using -addtrust option to x509
+     utility for example) the verification is sucessful even if the chain
+     is not complete.
+     The OCSP checking fix depends on this backport.
+     [Steve Henson and Rob Stradling <rob.stradling@comodo.com>]
+
+  *) Add -trusted_first option which attempts to find certificates in the
+     trusted store even if an untrusted chain is also supplied.
+     [Steve Henson]
+
+  *) MIPS assembly pack updates: support for MIPS32r2 and SmartMIPS ASE,
+     platform support for Linux and Android.
+     [Andy Polyakov]
+
+  *) Call OCSP Stapling callback after ciphersuite has been chosen, so
+     the right response is stapled. Also change current certificate to
+     the certificate actually sent.
+     See http://rt.openssl.org/Ticket/Display.html?id=2836.
+     [Rob Stradling <rob.stradling@comodo.com>]
+
+  *) Support for linux-x32, ILP32 environment in x86_64 framework.
+     [Andy Polyakov]
+
+  *) RFC 5878 support.
+     [Emilia Kasper, Adam Langley, Ben Laurie (Google)]
+
   *) Experimental multi-implementation support for FIPS capable OpenSSL.
      When in FIPS mode the approved implementations are used as normal,
      when not in FIPS mode the internal unapproved versions are used instead.
@@ -61,6 +100,9 @@
 
  Changes between 1.0.1c and 1.0.1d [xx XXX xxxx]
 
+  *) Make openssl verify return errors.
+     [Chris Palmer <palmer@google.com> and Ben Laurie]
+
   *) Fix possible deadlock when decoding public keys.
      [Steve Henson]