Add CHANGES entry for Kerberos removal

[openssl.git] / CHANGES

diff --git a/CHANGES b/CHANGES
index 5dd7d8d81bf4586bbf3d45fb57d8e90c1dd69629..337b9b1364460b2ec00ac8cde51b73191ad4bb0c 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -3,6 +3,15 @@
  _______________
 
  Changes between 1.0.2 and 1.1.0  [xx XXX xxxx]
+  *) Support for Kerberos ciphersuites in TLS (RFC2712) has been removed. This
+     code and the associated standard is no longer considered fit-for-purpose.
+     [Matt Caswell]
+
+  *) Added HTTP GET support to the ocsp command.
+     [Rich Salz]
+
+  *) RAND_pseudo_bytes has been deprecated. Users should use RAND_bytes instead.
+     [Matt Caswell]
 
   *) Added support for TLS extended master secret from
      draft-ietf-tls-session-hash-03.txt. Thanks for Alfredo Pironti for an
@@ -37,6 +46,9 @@
      done while fixing the error code for the key-too-small case.
      [Annie Yousar <a.yousar@informatik.hu-berlin.de>]
 
+  *) CA.sh has been removmed; use CA.pl instead.
+     [Rich Salz]
+
   *) Removed old DES API.
      [Rich Salz]
 
@@ -71,6 +83,11 @@
         Remove all but one '#ifdef undef' which is to be looked at.
      [Rich Salz]
 
+  *) Clean up calling of xxx_free routines.
+        Just like free(), fix most of the xxx_free routines to accept
+        NULL.  Remove the non-null checks from callers.  Save much code.
+     [Rich Salz]
+
   *) Experimental support for a new, fast, unbiased prime candidate generator,
      bn_probable_prime_dh_coprime(). Not currently used by any prime generator.
      [Felix Laurie von Massenbach <felix@erbridge.co.uk>]
@@ -7593,7 +7610,7 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
      [Bodo Moeller; problems reported by Anders Gertz <gertz@epact.se>]     
 
   *) Correct util/mkdef.pl to be selective about disabled algorithms.
-     Previously, it would create entries for disableed algorithms no
+     Previously, it would create entries for disabled algorithms no
      matter what.
      [Richard Levitte]