X-Git-Url: https://git.openssl.org/gitweb/?a=blobdiff_plain;f=CHANGES;h=2235c937e3358940dc645e16f4d41fbb86190e45;hb=4a66b7e0b235298716664e570e44428a0e54d196;hp=d6c65ca759e7ef4113847885b41dce5c8d946f45;hpb=88fce97953e0bdafbe8f8538f074cb778777bb9c;p=openssl.git diff --git a/CHANGES b/CHANGES index d6c65ca759..2235c937e3 100644 --- a/CHANGES +++ b/CHANGES @@ -3,7 +3,155 @@ _______________ - Changes between 0.9.1c and 0.9.1d + Changes between 0.9.1c and 0.9.2 + + *) CAST-128 was incorrectly implemented for short keys. The C version has + been fixed, but is untested. The assembler versions are also fixed, but + new assembler HAS NOT BEEN GENERATED FOR WIN32 - the Makefile needs fixing + to regenerate it if needed. + [Ben Laurie, reported (with fix for C version) by Jun-ichiro itojun + Hagino ] + + *) File was opened incorrectly in randfile.c. + [Ulf Möller ] + + *) Beginning of support for GeneralizedTime. d2i, i2d, check and print + functions. Also ASN1_TIME suite which is a CHOICE of UTCTime or + GeneralizedTime. ASN1_TIME is the proper type used in certificates et + al: it's just almost always a UTCTime. Note this patch adds new error + codes so do a "make errors" if there are problems. + [Steve Henson] + + *) Correct Linux 1 recognition in config. + [Ulf Möller ] + + *) Remove pointless MD5 hash when using DSA keys in ca. + [Anonymous ] + + *) Generate an error if given an empty string as a cert directory. Also + generate an error if handed NULL (previously returned 0 to indicate an + error, but didn't set one). + [Ben Laurie, reported by Anonymous ] + + *) Add prototypes to SSL methods. Make SSL_write's buffer const, at last. + [Ben Laurie] + + *) Fix the dummy function BN_ref_mod_exp() in rsaref.c to have the correct + parameters. This was causing a warning which killed off the Win32 compile. + [Steve Henson] + + *) Remove C++ style comments from crypto/bn/bn_local.h. + [Neil Costigan ] + + *) The function OBJ_txt2nid was broken. It was supposed to return a nid + based on a text string, looking up short and long names and finally + "dot" format. The "dot" format stuff didn't work. Added new function + OBJ_txt2obj to do the same but return an ASN1_OBJECT and rewrote + OBJ_txt2nid to use it. OBJ_txt2obj can also return objects even if the + OID is not part of the table. + [Steve Henson] + + *) Add prototypes to X509 lookup/verify methods, fixing a bug in + X509_LOOKUP_by_alias(). + [Ben Laurie] + + *) Sort openssl functions by name. + [Ben Laurie] + + *) Get the gendsa program working (hopefully) and add it to app list. Remove + encryption from sample DSA keys (in case anyone is interested the password + was "1234"). + [Steve Henson] + + *) Make _all_ *_free functions accept a NULL pointer. + [Frans Heymans ] + + *) If a DH key is generated in s3_srvr.c, don't blow it by trying to use + NULL pointers. + [Anonymous ] + + *) s_server should send the CAfile as acceptable CAs, not its own cert. + [Bodo Moeller <3moeller@informatik.uni-hamburg.de>] + + *) Don't blow it for numeric -newkey arguments to apps/req. + [Bodo Moeller <3moeller@informatik.uni-hamburg.de>] + + *) Temp key "for export" tests were wrong in s3_srvr.c. + [Anonymous ] + + *) Add prototype for temp key callback functions + SSL_CTX_set_tmp_{rsa,dh}_callback(). + [Ben Laurie] + + *) Make DH_free() tolerate being passed a NULL pointer (like RSA_free() and + DSA_free()). Make X509_PUBKEY_set() check for errors in d2i_PublicKey(). + [Steve Henson] + + *) X509_name_add_entry() freed the wrong thing after an error. + [Arne Ansper ] + + *) rsa_eay.c would attempt to free a NULL context. + [Arne Ansper ] + + *) BIO_s_socket() had a broken should_retry() on Windoze. + [Arne Ansper ] + + *) BIO_f_buffer() didn't pass on BIO_CTRL_FLUSH. + [Arne Ansper ] + + *) Make sure the already existing X509_STORE->depth variable is initialized + in X509_STORE_new(), but document the fact that this variable is still + unused in the certificate verification process. + [Ralf S. Engelschall] + + *) Fix the various library and apps files to free up pkeys obtained from + X509_PUBKEY_get() et al. Also allow x509.c to handle netscape extensions. + [Steve Henson] + + *) Fix reference counting in X509_PUBKEY_get(). This makes + demos/maurice/example2.c work, amongst others, probably. + [Steve Henson and Ben Laurie] + + *) First cut of a cleanup for apps/. First the `ssleay' program is now named + `openssl' and second, the shortcut symlinks for the `openssl ' + are no longer created. This way we have a single and consistent command + line interface `openssl ', similar to `cvs '. + [Ralf S. Engelschall, Paul Sutton and Ben Laurie] + + *) ca.c: move test for DSA keys inside #ifndef NO_DSA. Make pubkey + BIT STRING wrapper always have zero unused bits. + [Steve Henson] + + *) Add CA.pl, perl version of CA.sh, add extended key usage OID. + [Steve Henson] + + *) Make the top-level INSTALL documentation easier to understand. + [Paul Sutton] + + *) Makefiles updated to exit if an error occurs in a sub-directory + make (including if user presses ^C) [Paul Sutton] + + *) Make Montgomery context stuff explicit in RSA data structure. + [Ben Laurie] + + *) Fix build order of pem and err to allow for generated pem.h. + [Ben Laurie] + + *) Fix renumbering bug in X509_NAME_delete_entry(). + [Ben Laurie] + + *) Enhanced the err-ins.pl script so it makes the error library number + global and can add a library name. This is needed for external ASN1 and + other error libraries. + [Steve Henson] + + *) Fixed sk_insert which never worked properly. + [Steve Henson] + + *) Fix ASN1 macros so they can handle indefinite length construted + EXPLICIT tags. Some non standard certificates use these: they can now + be read in. + [Steve Henson] *) Merged the various old/obsolete SSLeay documentation files (doc/xxx.doc) into a single doc/ssleay.txt bundle. This way the information is still