X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=CHANGES;h=4fc69e1b2145eaf0793e73d08112ce5105362492;hp=0a383b44f21aa4f80387ce91276b3cd8c202a57f;hb=1c56e95e284c44f0b6c05e9d629b6af76e434a7e;hpb=19f6c524bf78e37ab27cbc53d36655ca709b9675

diff --git a/CHANGES b/CHANGES
index 0a383b44f2..4fc69e1b21 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,37 @@
 
  Changes between 0.9.8f and 0.9.9  [xx XXX xxxx]
 
+  *) Add RFC4507 support to OpenSSL. This includes the corrections in
+     RFC4507bis. The encrypted ticket format is an encrypted encoded
+     SSL_SESSION structure, that way new session features are automatically
+     supported.
+
+     If a client application caches session in an SSL_SESSION structure
+     support is transparent because tickets are now stored in the encoded
+     SSL_SESSION.
+     
+     The SSL_CTX structure automatically generates keys for ticket
+     protection in servers so again support should be possible
+     with no application modification.
+
+     If a client or server wishes to disable RFC4507 support then the option
+     SSL_OP_NO_TICKET can be set.
+
+     Add a TLS extension debugging callback to allow the contents of any client
+     or server extensions to be examined.
+
+     This work was sponsored by Google.
+     [Steve Henson]
+
+  *) Final changes to avoid use of pointer pointer casts in OpenSSL.
+     OpenSSL should now compile cleanly on gcc 4.2
+     [Peter Hartley <pdh@utter.chaos.org.uk>, Steve Henson]
+
+  *) Update SSL library to use new EVP_PKEY MAC API. Include generic MAC
+     support including streaming MAC support: this is required for GOST
+     ciphersuite support.
+     [Victor B. Wagner <vitus@cryptocom.ru>, Steve Henson]
+
   *) Add option -stream to use PKCS#7 streaming in smime utility. New
      function i2d_PKCS7_bio_stream() and PEM_write_PKCS7_bio_stream()
      to output in BER and PEM format.
@@ -88,10 +119,10 @@
      [Nils Larsch]
 
   *) Initial incomplete changes to avoid need for function casts in OpenSSL
-     when OPENSSL_NO_FCAST is set: some compilers (gcc 4.2 and later) reject
-     their use. Safestack is reimplemented using inline functions: tests show
-     that these calls are typically optimized away by compilers so they have
-     no additional overhead. Update ASN1 to avoid use of legacy functions. 
+     some compilers (gcc 4.2 and later) reject their use. Safestack is
+     reimplemented using inline functions: tests show that these calls are
+     typically optimized away by compilers so they have no additional overhead.
+     Update ASN1 to avoid use of legacy functions. 
      [Steve Henson]
 
   *) Win32/64 targets are linked with Winsock2.
@@ -501,6 +532,9 @@
 
  Changes between 0.9.8e and 0.9.8f  [xx XXX xxxx]
 
+  *) Mitigate attack on final subtraction in Montgomery reduction.
+     [Andy Polyakov]
+
   *) Fix crypto/ec/ec_mult.c to work properly with scalars of value 0
      (which previously caused an internal error).
      [Bodo Moeller]