X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=CHANGES;h=28b0e29514820d71de2addb4c3f832b9387f6afc;hp=4c3f5beb15746008efd6e2346e1a458d2ed3d1ef;hb=5d727078ac8c16ccc0d987234c168a589a2ab767;hpb=e14f4aab0a0940d46045562bad9b0ce0f32ecb21 diff --git a/CHANGES b/CHANGES index 4c3f5beb15..28b0e29514 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,50 @@ Changes between 0.9.7e and 0.9.8 [xx XXX xxxx] + *) Add processing of proxy certificates (see RFC 3820). This work was + sponsored by KTH (The Royal Institute of Technology in Stockholm) and + EGEE (Enabling Grids for E-science in Europe). + [Richard Levitte] + + *) RC4 performance overhaul on modern architectures/implementations, such + as Intel P4, IA-64 and AMD64. + [Andy Polyakov] + + *) New utility extract-section.pl. This can be used specify an alternative + section number in a pod file instead of having to treat each file as + a separate case in Makefile. This can be done by adding two lines to the + pod file: + + =for comment openssl_section:XXX + + The blank line is mandatory. + + [Steve Henson] + + *) New arguments -certform, -keyform and -pass for s_client and s_server + to allow alternative format key and certificate files and passphrase + sources. + [Steve Henson] + + *) New structure X509_VERIFY_PARAM which combines current verify parameters, + update associated structures and add various utility functions. + + Add new policy related verify parameters, include policy checking in + standard verify code. Enhance 'smime' application with extra parameters + to support policy checking and print out. + [Steve Henson] + + *) Add a new engine to support VIA PadLock ACE extensions in the VIA C3 + Nehemiah processors. These extensions support AES encryption in hardware + as well as RNG (though RNG support is currently disabled). + [Michal Ludvig , with help from Andy Polyakov] + + *) Deprecate BN_[get|set]_params() functions (they were ignored internally). + [Geoff Thorpe] + + *) New FIPS 180-2 algorithms, SHA-224/-256/-384/-512 are implemented. + [Andy Polyakov and a number of other people] + *) Improved PowerPC platform support. Most notably BIGNUM assembler implementation contributed by IBM. [Suresh Chari, Peter Waltenberg, Andy Polyakov] @@ -704,7 +748,50 @@ differing sizes. [Richard Levitte] - Changes between 0.9.7d and 0.9.7e [XX xxx XXXX] + Changes between 0.9.7e and 0.9.7f [XX xxx XXXX] + + *) Prompt for pass phrases when appropriate for PKCS12 input format. + [Steve Henson] + + *) Add lots of checks for memory allocation failure, error codes to indicate + failure and freeing up memory if a failure occurs. + [Nauticus Networks SSL Team , Steve Henson] + + *) Add new -passin argument to dgst. + [Steve Henson] + + *) Perform some character comparisons of different types in X509_NAME_cmp: + this is needed for some certificates that reencode DNs into UTF8Strings + (in violation of RFC3280) and can't or wont issue name rollover + certificates. + [Steve Henson] + + *) Make an explicit check during certificate validation to see that + the CA setting in each certificate on the chain is correct. As a + side effect always do the following basic checks on extensions, + not just when there's an associated purpose to the check: + + - if there is an unhandled critical extension (unless the user + has chosen to ignore this fault) + - if the path length has been exceeded (if one is set at all) + - that certain extensions fit the associated purpose (if one has + been given) + [Richard Levitte] + + Changes between 0.9.7d and 0.9.7e [25 Oct 2004] + + *) Avoid a race condition when CRLs are checked in a multi threaded + environment. This would happen due to the reordering of the revoked + entries during signature checking and serial number lookup. Now the + encoding is cached and the serial number sort performed under a lock. + Add new STACK function sk_is_sorted(). + [Steve Henson] + + *) Add Delta CRL to the extension code. + [Steve Henson] + + *) Various fixes to s3_pkt.c so alerts are sent properly. + [David Holmes ] *) Reduce the chances of duplicate issuer name and serial numbers (in violation of RFC3280) using the OpenSSL certificate creation utilities.