X-Git-Url: https://git.openssl.org/gitweb/?a=blobdiff_plain;f=CHANGES;h=ff4dfc3620df9cd7b96afc82c7a26742efe981c5;hb=4146aa6b42631ededda98f57b4fb4a436bc8b510;hp=326b5cf7a1dfbb3f90df067b5980d6a3ab385942;hpb=0983760dfce8f6accfa257163dcfce9624dce373;p=openssl.git

diff --git a/CHANGES b/CHANGES
index 326b5cf7a1..ff4dfc3620 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,14 +4,37 @@
 
  Changes between 0.9.4 and 0.9.5  [xx XXX 1999]
 
+  *) Fixes to X509_ATTRIBUTE utilities, change the 'req' program so it uses
+     the new code. Add documentation for this stuff.
+     [Steve Henson]
+
+  *) Changes to X509_ATTRIBUTE utilities. These have been renamed from
+     X509_*() to X509at_*() on the grounds that they don't handle X509
+     structures and behave in an analagous way to the X509v3 functions:
+     they shouldn't be called directly but wrapper functions should be used
+     instead.
+
+     So we also now have some wrapper functions that call the X509at functions
+     when passed certificate requests. (TO DO: similar things can be done with
+     PKCS#7 signed and unsigned attributes, PKCS#12 attributes and a few other
+     things. Some of these need some d2i or i2d and print functionality
+     because they handle more complex structures.)
+     [Steve Henson]
+
+  *) Add missing #ifndefs that caused missing symbols when building libssl
+     as a shared library without RSA.  Use #ifndef NO_SSL2 instead of
+     NO_RSA in ssl/s2*.c. 
+     [Kris Kennaway <kris@hub.freebsd.org>, modified by Ulf Möller]
+
   *) Precautions against using the PRNG uninitialized: RAND_bytes() now
      has a return value which indicates the quality of the random data
      (1 = ok, 0 = not seeded).  Also an error is recorded on the thread's
-     error queue.
+     error queue. New function RAND_pseudo_bytes() generates output that is
+     guaranteed to be unique but not unpredictable.
      (TO DO: always check the result of RAND_bytes when it is used in the
-     library, because leaving the error in the error queue but reporting
-     success in a function that uses RAND_bytes could confuse things
-     considerably.)
+     library, or use RAND_pseudo_bytes instead, because leaving the
+     error in the error queue but reporting success in a function that
+     uses RAND_bytes could confuse things considerably.)
      [Ulf Möller]
 
   *) Do more iterations of Rabin-Miller probable prime test (specifically,