X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=CHANGES;h=a9284d67e3e0771c7d916a76edfc22022c32f2c7;hp=fe98cddc6910c7955253fdc05622e8541a7eec1f;hb=18e503f30facd53d5be24a7d84f1a9456652e399;hpb=6727565a84ce174df591317218e1c5934357f732

diff --git a/CHANGES b/CHANGES
index fe98cddc69..a9284d67e3 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,32 @@
 
  Changes between 0.9.8k and 1.0  [xx XXX xxxx]
 
+  *) Update OCSP request code to permit adding custom headers to the request:
+     some responders need this.
+     [Steve Henson]
+
+  *) Extensive audit of libcrypto with DEBUG_UNUSED. Fix many cases where
+     return value is ignored. NB. The functions RAND_add(), RAND_seed(),
+     BIO_set_cipher() and some obscure PEM functions were changed so they
+     can now return an error. The RAND changes required a change to the
+     RAND_METHOD structure.
+     [Steve Henson]
+
+  *) New macro __owur for "OpenSSL Warn Unused Result". This makes use of
+     a gcc attribute to warn if the result of a function is ignored. This
+     is enable if DEBUG_UNUSED is set. Add to several functions in evp.h
+     whose return value is often ignored. 
+     [Steve Henson]
+
+  *) The function EVP_PKEY_sign() returns <=0 on error: check return code
+     correctly.
+     [Julia Lawall <julia@diku.dk>]
+
+  *) Update verify callback code in apps/s_cb.c and apps/verify.c, it
+     needlessly dereferenced structures, used obsolete functions and
+     didn't handle all updated verify codes correctly.
+     [Steve Henson]
+
   *) Delete MD2 from algorithm tables. This follows the recommendation in 
      several standards that it is not used in new applications due to
      several cryptographic weaknesses. The algorithm is also disabled in
@@ -814,6 +840,16 @@
 
  Changes between 0.9.8k and 0.9.8l  [xx XXX xxxx]
 
+  *) The functions ENGINE_ctrl(), OPENSSL_isservice(),
+     CMS_get1_RecipientRequest() and RAND_bytes() can return <=0 on error
+     fixes for a few places where the return code is not checked
+     correctly.
+     [Julia Lawall <julia@diku.dk>]
+
+  *) Add --strict-warnings option to Configure script to include devteam
+     warnings in other configurations.
+     [Steve Henson]
+
   *) Add support for --libdir option and LIBDIR variable in makefiles. This
      makes it possible to install openssl libraries in locations which 
      have names other than "lib", for example "/usr/lib64" which some