X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=CHANGES;h=fd7e2d3bbf2cccc1020e01ca50ba601aea5db8bb;hp=fb55d68918dc49929dca6a1acfabdf826164664d;hb=b2e7419a1d453bf39dbe38620a10069ec799da65;hpb=36f554d43c51796aa0395e6cf087bb3c4ebb730c

diff --git a/CHANGES b/CHANGES
index fb55d68918..fd7e2d3bbf 100644
--- a/CHANGES
+++ b/CHANGES
@@ -3,6 +3,46 @@
 
  Changes between 0.9.6 and 0.9.7  [xx XXX 2000]
 
+  *) Make mkdef.pl parse some of the ASN1 macros and add apropriate
+     entries for variables.
+
+  *) Add functionality to apps/openssl.c for detecting locking
+     problems: As the program is single-threaded, all we have
+     to do is register a locking callback using an array for
+     storing which locks are currently held by the program.
+
+     Fix a deadlock in CRYPTO_mem_leaks() that was detected in
+     apps/openssl.c.
+     [Bodo Moeller]
+
+  *) Use a lock around the call to CRYPTO_get_ex_new_index() in
+     SSL_get_ex_data_X509_STORE_idx(), which is used in
+     ssl_verify_cert_chain() and thus can be called at any time
+     during TLS/SSL handshakes so that thread-safety is essential.
+     Unfortunately, the ex_data design is not at all suited
+     for multi-threaded use, so it probably should be abolished.
+     [Bodo Moeller]
+
+  *) Added Broadcom "ubsec" ENGINE to OpenSSL.
+     [Broadcom, tweaked and integrated by Geoff Thorpe]
+
+  *) Move common extension printing code to new function
+     X509V3_print_extensions(). Reorganise OCSP print routines and
+     implement some needed OCSP ASN1 functions. Add OCSP extensions.
+     [Steve Henson]
+
+  *) New function X509_signature_print() to remove duplication in some
+     print routines.
+     [Steve Henson]
+
+  *) Add a special meaning when SET OF and SEQUENCE OF flags are both
+     set (this was treated exactly the same as SET OF previously). This
+     is used to reorder the STACK representing the structure to match the
+     encoding. This will be used to get round a problem where a PKCS7
+     structure which was signed could not be verified because the STACK
+     order did not reflect the encoded order.
+     [Steve Henson]
+
   *) Reimplement the OCSP ASN1 module using the new code.
      [Steve Henson]
 
@@ -76,8 +116,9 @@
 
   *) Disable ssl2_peek and ssl3_peek (i.e., both implementations
      of SSL_peek) because they both are completely broken.
-     They will be fixed RSN by adding an additional 'peek' parameter
-     to the internal read functions.
+     For fixing this, the internal read functions now have an additional
+     'peek' parameter, but the actual peek functionality has not
+     yet been implemented.
      [Bodo Moeller]
 
   *) New function BN_kronecker.