X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=CHANGES;h=bbd173a15f00780746c465d2d88fdc1a0a89a235;hp=c969141757f078f83a832bbde193b9a869c17f18;hb=b1051789d633be573b07cf3ffd623973bfc6c0fb;hpb=37a7cd1a11827af12801a535ad9b17bdca96caeb

diff --git a/CHANGES b/CHANGES
index c969141757..bbd173a15f 100644
--- a/CHANGES
+++ b/CHANGES
@@ -12,6 +12,59 @@
          *) applies to 0.9.6a/0.9.6b/0.9.6c and 0.9.7
          +) applies to 0.9.7 only
 
+  +) Make it possible to replace the underlying "ERR" functions such that the
+     global state (2 LHASH tables and 2 locks) is only used by the "default"
+     implementation. This change also adds two functions to "get" and "set"
+     the implementation prior to it being automatically set the first time
+     any other ERR function takes place. Ie. an application can call "get",
+     pass the return value to a module it has just loaded, and that module
+     can call its own "set" function using that value. This means the
+     module's "ERR" operations will use (and modify) the error state in the
+     application and not in its own statically linked copy of OpenSSL code.
+     [Geoff Thorpe]
+
+  +) Give DH, DSA, and RSA types their own "**_up()" function to increment
+     reference counts. This performs normal REF_PRINT/REF_CHECK macros on
+     the operation, and provides a more encapsulated way for external code
+     (crypto/evp/ and ssl/) to do this. Also changed the evp and ssl code
+     to use these functions rather than manually incrementing the counts.
+     [Geoff Thorpe]
+
+  *) s3_srvr.c: allow sending of large client certificate lists (> 16 kB).
+     This function was broken, as the check for a new client hello message
+     to handle SGC did not allow these large messages.
+     (Tracked down by "Douglas E. Engert" <deengert@anl.gov>.)
+     [Lutz Jaenicke]
+
+  *) Add alert descriptions for TLSv1 to SSL_alert_desc_string[_long]().
+     [Lutz Jaenicke]
+
+  +) Add EVP test program.
+     [Ben Laurie]
+
+  +) Add symmetric cipher support to ENGINE. Expect the API to change!
+     [Ben Laurie]
+
+  +) New CRL functions: X509_CRL_set_version(), X509_CRL_set_issuer_name()
+     X509_CRL_set_lastUpdate(), X509_CRL_set_nextUpdate(), X509_CRL_sort(),
+     X509_REVOKED_set_serialNumber(), and X509_REVOKED_set_revocationDate().
+     These allow a CRL to be built without having to access X509_CRL fields
+     directly. Modify 'ca' application to use new functions.
+     [Steve Henson]
+
+  *) Fix buggy behaviour of BIO_get_num_renegotiates() and BIO_ctrl()
+     for BIO_C_GET_WRITE_BUF_SIZE ("Stephen Hinton" <shinton@netopia.com>).
+     [Lutz Jaenicke]
+
+  *) Rework the configuration and shared library support for Tru64 Unix.
+     The configuration part makes use of modern compiler features and
+     still retains old compiler behavior for those that run older versions
+     of the OS.  The shared library support part includes a variant that
+     uses the RPATH feature, and is available through the speciel
+     configuration target "alpha-cc-rpath", which will never be selected
+     automatically.
+     [Tim Mooney <mooney@dogbert.cc.ndsu.NoDak.edu> via Richard Levitte]
+
   *) In ssl3_get_key_exchange (ssl/s3_clnt.c), call ssl3_get_message()
      with the same message size as in ssl3_get_certificate_request().
      Otherwise, if no ServerKeyExchange message occurs, CertificateRequest
@@ -1978,7 +2031,7 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
      default is static libraries only, and the OpenSSL programs
      are always statically linked for now, but there are
      preparations for dynamic linking in place.
-     This has been tested on Linux and True64.
+     This has been tested on Linux and Tru64.
      [Richard Levitte]
 
   *) Randomness polling function for Win9x, as described in: