X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=CHANGES;h=403568adc0d52f8acce5c806987b153d2f9acd96;hp=0c745b64a72ce0d36d41d04c4d9efa77562fa482;hb=5782ceb2983b9e998b858474224fc011d6f0bd39;hpb=0b33bc65cd1bde346eae5b25d6f2d693c115b901 diff --git a/CHANGES b/CHANGES index 0c745b64a7..403568adc0 100644 --- a/CHANGES +++ b/CHANGES @@ -3,6 +3,85 @@ Changes between 0.9.6 and 0.9.7 [xx XXX 2000] + *) New OCSP utility. Allows OCSP requests to be generated or + read. The request can be sent to a responder and the output + parsed, outputed or printed in text form. Not complete yet: + still needs to check the OCSP response validity. + [Steve Henson] + + *) New subcommands for 'openssl ca': + 'openssl ca -status ' prints the status of the cert with + the given serial number (according to the index file). + 'openssl ca -updatedb' updates the expiry status of certificates + in the index file. + [Massimiliano Pala ] + + *) New '-newreq-nodes' command option to CA.pl. This is like + '-newreq', but calls 'openssl req' with the '-nodes' option + so that the resulting key is not encrypted. + [Damien Miller ] + + *) New configuration for the GNU Hurd. + [Jonathan Bartlett via Richard Levitte] + + *) Initial code to implement OCSP basic response verify. This + is currently incomplete. Currently just finds the signer's + certificate and verifies the signature on the response. + [Steve Henson] + + *) New SSLeay_version code SSLEAY_DIR to determine the compiled-in + value of OPENSSLDIR. This is available via the new '-d' option + to 'openssl version', and is also included in 'openssl version -a'. + [Bodo Moeller] + + *) Fix C code generated by 'openssl dsaparam -C': If a BN_bin2bn + call failed, free the DSA structure. + [Bodo Moeller] + + *) Allowing defining memory allocation callbacks that will be given + file name and line number information in additional arguments + (a const char* and an int). The basic functionality remains, as + well as the original possibility to just replace malloc(), + realloc() and free() by functions that do not know about these + additional arguments. To register and find out the current + settings for extended allocation functions, the following + functions are provided: + + CRYPTO_set_mem_ex_functions + CRYPTO_set_locked_mem_ex_functions + CRYPTO_get_mem_ex_functions + CRYPTO_get_locked_mem_ex_functions + + These work the same way as CRYPTO_set_mem_functions and friends. + CRYPTO_get_[locked_]mem_functions now writes 0 where such an + extended allocation function is enabled. + Similarly, CRYPTO_get_[locked_]mem_ex_functions writes 0 where + a conventional allocation function is enabled. + [Richard Levitte, Bodo Moeller] + + *) Fix to uni2asc() to cope with zero length Unicode strings. + These are present in some PKCS#12 files. + [Steve Henson] + + *) Finish off removing the remaining LHASH function pointer casts. + There should no longer be any prototype-casting required when using + the LHASH abstraction, and any casts that remain are "bugs". See + the callback types and macros at the head of lhash.h for details + (and "OBJ_cleanup" in crypto/objects/obj_dat.c as an example). + [Geoff Thorpe] + + *) Add automatic query of EGD sockets in RAND_poll() for the unix variant. + If an EGD or PRNGD is running and enough entropy is returned, automatic + seeding like with /dev/[u]random will be performed. + Positions tried are: /etc/entropy, /var/run/egd-pool. + [Lutz Jaenicke] + + *) Change the Unix RAND_poll() variant to be able to poll several + random devices and only read data for a small fragment of time + to avoid hangs. Also separate out the Unix variant to it's own + file, rand_unix.c. For VMS, there's a currently-empty rand_vms.c. + [Richard Levitte] + *) Move OCSP client related routines to ocsp_cl.c. These provide utility functions which an application needing to issue a request to an OCSP responder and analyse the