X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=NEWS;h=1cd2d92630a46b1e4c42a3ee5478dc22bbb4f9ae;hp=9ac1b8319b3812ae620be690bd77fd194dcace3c;hb=51ac0cfe440353d45fa1baf81f22c0548bb1ca0e;hpb=6d9ca500d829f5458cfd81ef8818469409b942c7 diff --git a/NEWS b/NEWS index 9ac1b8319b..1cd2d92630 100644 --- a/NEWS +++ b/NEWS @@ -5,6 +5,57 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. + Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.7: + + o New library section OCSP. + o Complete haul-over of the ASN.1 library section. + + Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.6a: + + o Security fix: change behavior of OpenSSL to avoid using + environment variables when running as root. + o Security fix: check the result of RSA-CRT to reduce the + possibility of deducing the private key from an incorrectly + calculated signature. + o Security fix: prevent Bleichenbacher's DSA attack. + o Security fix: Zero the premaster secret after deriving the + master secret in DH ciphersuites. + o Reimplement SSL_peek(), which had various problems. + o Compatibility fix: the function des_encrypt() renamed to + des_encrypt1() to avoid clashes with some Unixen libc. + o Bug fixes for Win32, HP/UX and Irix. + o Bug fixes in BIGNUM, SSL, PKCS#7, PKCS#12, X.509, CONF and + memory checking routines. + o Bug fixes for RSA operations in threaded enviroments. + o Bug fixes in misc. openssl applications. + o Remove a few potential memory leaks. + o Add tighter checks of BIGNUM routines. + o Shared library support has been reworked for generality. + o More documentation. + o New function BN_rand_range(). + o Add "-rand" option to openssl s_client and s_server. + + Major changes between OpenSSL 0.9.5a and OpenSSL 0.9.6: + + o Some documentation for BIO and SSL libraries. + o Enhanced chain verification using key identifiers. + o New sign and verify options to 'dgst' application. + o Support for DER and PEM encoded messages in 'smime' application. + o New 'rsautl' application, low level RSA utility. + o MD4 now included. + o Bugfix for SSL rollback padding check. + o Support for external crypto devices. + o Enhanced EVP interface. + + Major changes between OpenSSL 0.9.5 and OpenSSL 0.9.5a: + + o Bug fixes for Win32, SuSE Linux, NeXTSTEP and FreeBSD 2.2.8 + o Shared library support for HPUX and Solaris-gcc + o Support of Linux/IA64 + o Assembler support for Mingw32 + o New 'rand' application + o New way to check for existence of algorithms from scripts + Major changes between OpenSSL 0.9.4 and OpenSSL 0.9.5: o S/MIME support in new 'smime' command @@ -13,7 +64,7 @@ o Fixes to make s_client, s_server work under Windows o Support for multiple fieldnames in SPKACs o New SPKAC command line utilty and associated library functions - o Options to allow passwords to be passed on command line or environment + o Options to allow passwords to be obtained from various sources o New public key PEM format and options to handle it o Many other fixes and enhancements to command line utilities o Usable certificate chain verification @@ -22,16 +73,22 @@ o Support of authority information access extension o Extensions in certificate requests o Simplified X509 name and attribute routines - o Initial incomplete support for international character sets + o Initial (incomplete) support for international character sets o New DH_METHOD, DSA_METHOD and enhanced RSA_METHOD o Read only memory BIOs and simplified creation function + o TLS/SSL protocol bugfixes: Accept TLS 'client hello' in SSL 3.0 + record; allow fragmentation and interleaving of handshake and other + data o TLS/SSL code now "tolerates" MS SGC + o Work around for Netscape client certificate hang bug o RSA_NULL option that removes RSA patent code but keeps other RSA functionality o Memory leak detection now allows applications to add extra information via a per-thread stack o PRNG robustness improved + o EGD support o BIGNUM library bug fixes + o Faster DSA parameter generation o Enhanced support for Alpha Linux o Experimental MacOS support