Changes between 1.0.1 and 1.1.0 [xx XXX xxxx]
+ *) New flag in ciphers: EVP_CIPH_FLAG_CUSTOM_CIPHER. This means the
+ underlying do_cipher function handles all cipher semantics itself
+ including padding and finalisation. This is useful if (for example)
+ an ENGINE cipher handles block padding itself. The behaviour of
+ do_cipher is subtly changed if this flag is set: the return value
+ is the number of characters written to the output buffer (zero is
+ no longer an error code) or a negative error code. Also if the
+ input buffer is NULL and length 0 finalisation should be performed.
+ [Steve Henson]
+
*) If a candidate issuer certificate is already part of the constructed
path ignore it: new debug notification X509_V_ERR_PATH_LOOP for this case.
[Steve Henson]
Add command line options to s_client/s_server.
[Steve Henson]
- Changes between 1.0.0b and 1.0.0c [xx XXX xxxx]
+ Changes between 1.0.0c and 1.0.0d [xx XXX xxxx]
+
+ *) Fix bug in string printing code: if *any* escaping is enabled we must
+ escape the escape character (backslash) or the resulting string is
+ ambiguous.
+ [Steve Henson]
+
+ Changes between 1.0.0b and 1.0.0c [2 Dec 2010]
+
+ *) Disable code workaround for ancient and obsolete Netscape browsers
+ and servers: an attacker can use it in a ciphersuite downgrade attack.
+ Thanks to Martin Rex for discovering this bug. CVE-2010-4180
+ [Steve Henson]
*) Fixed J-PAKE implementation error, originally discovered by
Sebastien Martini, further info and confirmation from Stefan
*) Fix extension code to avoid race conditions which can result in a buffer
overrun vulnerability: resumed sessions must not be modified as they can
be shared by multiple threads. CVE-2010-3864
+ [Steve Henson]
*) Fix WIN32 build system to correctly link an ENGINE directory into
a DLL.