OpenSSL 3.0
-----------
-### Changes between 1.1.1 and 3.0 alpha 8 [5 Nov 2020]
+### Changes between 1.1.1 and 3.0 [xx XXX xxxx]
* Add support for AES Key Wrap inverse ciphers to the EVP layer.
The algorithms are:
*Richard Levitte*
+ * Added several checks to X509_verify_cert() according to requirements in
+ RFC 5280 in case `X509_V_FLAG_X509_STRICT` is set
+ (which may be done by using the CLI option `-x509_strict`):
+ * The basicConstraints of CA certificates must be marked critical.
+ * CA certificates must explicitly include the keyUsage extension.
+ * If a pathlenConstraint is given the key usage keyCertSign must be allowed.
+ * The issuer name of any certificate must not be empty.
+ * The subject name of CA certs, certs with keyUsage crlSign,
+ and certs without subjectAlternativeName must not be empty.
+ * If a subjectAlternativeName extension is given it must not be empty.
+ * The signatureAlgorithm field and the cert signature must be consistent.
+ * Any given authorityKeyIdentifier and any given subjectKeyIdentifier
+ must not be marked critical.
+ * The authorityKeyIdentifier must be given for X.509v3 certs
+ unless they are self-signed.
+ * The subjectKeyIdentifier must be given for all X.509v3 CA certs.
+
+ *David von Oheimb*
+
+ * Certificate verification using X509_verify_cert() meanwhile rejects EC keys
+ with explicit curve parameters (specifiedCurve) as required by RFC 5480.
+
+ *Tomas Mraz*
+
* For built-in EC curves, ensure an EC_GROUP built from the curve name is
used even when parsing explicit parameters, when loading a encoded key
or calling `EC_GROUP_new_from_ecpkparameters()`/