New function X509V3_add_i2d() this is used for

[openssl.git] / CHANGES

diff --git a/CHANGES b/CHANGES
index fecbe653fa8895df372abd34c67cc83a369d2023..167048fa6ad037ef03a2ab91061c79012572b735 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -3,30 +3,42 @@
 
  Changes between 0.9.6 and 0.9.7  [xx XXX 2000]
 
+  *) New function X509V3_add1_i2d(). This automatically encodes and
+     adds an extension. Its behaviour can be customised with various
+     flags to append, replace or delete. Various wrappers added for
+     certifcates and CRLs.
+     [Steve Henson]
+
+  *) Fix to avoid calling the underlying ASN1 print routine when
+     an extension cannot be parsed. Correct a typo in the
+     OCSP_SERVICELOC extension. Tidy up print OCSP format.
+     [Steve Henson]
+
   *) Increase s2->wbuf allocation by one byte in ssl2_new (ssl/s2_lib.c).
      Otherwise do_ssl_write (ssl/s2_pkt.c) will write beyond buffer limits
      when writing a 32767 byte record.
      [Bodo Moeller; problem reported by Eric Day <eday@concentric.net>]
 
   *) In RSA_eay_public_{en,ed}crypt and RSA_eay_mod_exp (rsa_eay.c),
-     obtain lock CRYPTO_LOCK_RSA before creating BN_MONT_CTX
-     structures and setting rsa->_method_mod_{n,p,q}.
+     obtain lock CRYPTO_LOCK_RSA before setting rsa->_method_mod_{n,p,q}.
 
      (RSA objects have a reference count access to which is protected
      by CRYPTO_LOCK_RSA [see rsa_lib.c, s3_srvr.c, ssl_cert.c, ssl_rsa.c],
      so they are meant to be shared between threads.)
-     [patch submitted by "Reddie, Steven" <Steven.Reddie@ca.com>]
+     [Bodo Moeller, Geoff Thorpe; original patch submitted by
+     "Reddie, Steven" <Steven.Reddie@ca.com>]
 
   *) Make mkdef.pl parse some of the ASN1 macros and add apropriate
      entries for variables.
+     [Steve Henson]
+
+  *) Fix a deadlock in CRYPTO_mem_leaks().
+     [Bodo Moeller]
 
   *) Add functionality to apps/openssl.c for detecting locking
      problems: As the program is single-threaded, all we have
      to do is register a locking callback using an array for
      storing which locks are currently held by the program.
-
-     Fix a deadlock in CRYPTO_mem_leaks() that was detected in
-     apps/openssl.c.
      [Bodo Moeller]
 
   *) Use a lock around the call to CRYPTO_get_ex_new_index() in
@@ -66,7 +78,11 @@
      [Steve Henson]
 
   *) Merge in replacement ASN1 code from the ASN1 branch. This almost
-     completely replaces the old ASN1 functionality.
+     completely replaces the old ASN1 functionality with a table driven
+     encoder and decoder which interprets an ASN1_ITEM structure describing
+     the ASN1 module. Compatibility with the existing ASN1 API (i2d,d2i) is
+     largely maintained. Almost all of the old asn1_mac.h macro based ASN1
+     has also been converted to the new form.
      [Steve Henson]
 
   *) Change BN_mod_exp_recp so that negative moduli are tolerated