Changes between 0.9.8b and 0.9.9 [xx XXX xxxx]
+ *) Store a "canonical" representation of X509_NAME structure (ASN1 Name)
+ this maps equivalent X509_NAME structures into a consistent structure.
+ Name comparison can then be performed rapidly using memcmp().
+ [Steve Henson]
+
+ *) Non-blocking OCSP request processing. Add -timeout option to ocsp
+ utility.
+ [Steve Henson]
+
+ *) Allow digests to supply their own micalg string for S/MIME type using
+ the ctrl EVP_MD_CTRL_MICALG.
+ [Steve Henson]
+
+ *) During PKCS7 signing pass the PKCS7 SignerInfo structure to the
+ EVP_PKEY_METHOD before and after signing via the EVP_PKEY_CTRL_PKCS7_SIGN
+ ctrl. It can then customise the structure before and/or after signing
+ if necessary.
+ [Steve Henson]
+
+ *) New function OBJ_add_sigid() to allow application defined signature OIDs
+ to be added to OpenSSLs internal tables. New function OBJ_sigid_free()
+ to free up any added signature OIDs.
+ [Steve Henson]
+
+ *) New functions EVP_CIPHER_do_all(), EVP_CIPHER_do_all_sorted(),
+ EVP_MD_do_all() and EVP_MD_do_all_sorted() to enumerate internal
+ digest and cipher tables. New options added to openssl utility:
+ list-message-digest-algorithms and list-cipher-algorithms.
+ [Steve Henson]
+
+ *) In addition to the numerical (unsigned long) thread ID, provide
+ for a pointer (void *) thread ID. This helps accomodate systems
+ that do not provide an unsigned long thread ID. OpenSSL assumes
+ it is in the same thread iff both the numerical and the pointer
+ thread ID agree; so applications are just required to define one
+ of them appropriately (e.g., by using a pointer to a per-thread
+ memory object malloc()ed by the application for the pointer-type
+ thread ID). Exactly analoguous to the existing functions
+
+ void CRYPTO_set_id_callback(unsigned long (*func)(void));
+ unsigned long (*CRYPTO_get_id_callback(void))(void);
+ unsigned long CRYPTO_thread_id(void);
+
+ we now have additional functions
+
+ void CRYPTO_set_idptr_callback(void *(*func)(void));
+ void *(*CRYPTO_get_idptr_callback(void))(void);
+ void *CRYPTO_thread_idptr(void);
+
+ also in <openssl/crypto.h>. The default value for
+ CRYPTO_thread_idptr() if the application has not provided its own
+ callback is &errno.
+ [Bodo Moeller]
+
*) Change the array representation of binary polynomials: the list
of degrees of non-zero coefficients is now terminated with -1.
Previously it was terminated with 0, which was also part of the
Changes between 0.9.8b and 0.9.8c [xx XXX xxxx]
- *) Disable "ECCdraft" ciphersuites (which were not part of the "ALL"
- alias). These are now excluded from compilation by default, since
- OpenSSL 0.9.9[-dev] should be used for TLS with elliptic curves.
+ *) Change the Unix randomness entropy gathering to use poll() when
+ possible instead of select(), since the latter has some
+ undesirable limitations.
+ [Darryl Miles via Richard Levitte and Bodo Moeller]
+
+ *) Disable "ECCdraft" ciphersuites more thoroughly. Now special
+ treatment in ssl/ssl_ciph.s makes sure that these ciphersuites
+ cannot be implicitly activated as part of, e.g., the "AES" alias.
+ However, please upgrade to OpenSSL 0.9.9[-dev] for
+ non-experimental use of the ECC ciphersuites to get TLS extension
+ support, which is required for curve and point format negotiation
+ to avoid potential handshake problems.
[Bodo Moeller]
*) Disable rogue ciphersuites:
Changes between 0.9.7j and 0.9.7k [xx XXX xxxx]
+ *) Change the Unix randomness entropy gathering to use poll() when
+ possible instead of select(), since the latter has some
+ undesirable limitations.
+ [Darryl Miles via Richard Levitte and Bodo Moeller]
+
*) Disable rogue ciphersuites:
- SSLv2 0x08 0x00 0x80 ("RC4-64-MD5")