projects / openssl.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
New OCSP response verify option OCSP_TRUSTOTHER
[openssl.git] / CHANGES
diff --git a/CHANGES b/CHANGES
index 52409a97d4c2bdf0f7593606e5a48b7e56bc72db..4665120efde1e61173dc011db58850b6833d66b2 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -3,6 +3,15 @@
 
  Changes between 0.9.6 and 0.9.7  [xx XXX 2000]
 
+  *) New OCSP verify flag OCSP_TRUSTOTHER. When set the "other" certificates
+     passed by the function are trusted implicitly. If any of them signed the
+     reponse then it is assumed to be valid and is not verified.
+     [Steve Henson]
+
+  *) Zero the premaster secret after deriving the master secret in
+     DH ciphersuites.
+     [Steve Henson]
+
   *) In PKCS7_set_type() initialise content_type in PKCS7_ENC_CONTENT
      to data. This was previously part of the PKCS7 ASN1 code. This
      was causing problems with OpenSSL created PKCS#12 and PKCS#7 structures.
Unnamed repository; edit this file 'description' to name the repository.