*) applies to 0.9.6a/0.9.6b/0.9.6c and 0.9.7
+) applies to 0.9.7 only
+ +) Add '-noemailDN' option to 'openssl ca'. This prevents inclusion
+ of the e-mail address in the DN (i.e., it will go into a certificate
+ extension only). The new configuration file option 'email_in_dn = no'
+ has the same effect.
+ [Massimiliano Pala madwolf@openca.org]
+
+ *) Change ssl23_get_client_hello (ssl/s23_srvr.c) behaviour when
+ faced with a pathologically small ClientHello fragment that does
+ not contain client_version: Instead of aborting with an error,
+ simply choose the highest available protocol version (i.e.,
+ TLS 1.0 unless it is disabled). In practice, ClientHello
+ messages are never sent like this, but this change gives us
+ strictly correct behaviour at least for TLS.
+ [Bodo Moeller]
+
+ +) Change all functions with names starting with des_ to be starting
+ with DES_ instead. This because there are increasing clashes with
+ libdes and other des libraries that are currently used by other
+ projects. The old libdes interface is provided, as well as crypt(),
+ if openssl/des_old.h is included. Note that crypt() is no longer
+ declared in openssl/des.h.
+
+ NOTE: This is a major break of an old API into a new one. Software
+ authors are encouraged to switch to the DES_ style functions. Some
+ time in the future, des_old.h and the libdes compatibility functions
+ will be completely removed.
+ [Richard Levitte]
+
+ *) Fix SSL handshake functions and SSL_clear() such that SSL_clear()
+ never resets s->method to s->ctx->method when called from within
+ one of the SSL handshake functions.
+ [Bodo Moeller; problem pointed out by Niko Baric]
+
+ +) Test for certificates which contain unsupported critical extensions.
+ If such a certificate is found during a verify operation it is
+ rejected by default: this behaviour can be overridden by either
+ handling the new error X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION or
+ by setting the verify flag X509_V_FLAG_IGNORE_CRITICAL. A new function
+ X509_supported_extension() has also been added which returns 1 if a
+ particular extension is supported.
+ [Steve Henson]
+
+ +) New functions/macros
+
+ SSL_CTX_set_msg_callback(ctx, cb)
+ SSL_CTX_set_msg_callback_arg(ctx, arg)
+ SSL_set_msg_callback(ssl, cb)
+ SSL_set_msg_callback_arg(ssl, arg)
+
+ to request calling a callback function
+
+ void cb(int write_p, int version, int content_type,
+ const void *buf, size_t len, SSL *ssl, void *arg)
+
+ whenever a protocol message has been completely received
+ (write_p == 0) or sent (write_p == 1). Here 'version' is the
+ protocol version according to which the SSL library interprets
+ the current protocol message (SSL2_VERSION, SSL3_VERSION, or
+ TLS1_VERSION). 'content_type' is 0 in the case of SSL 2.0, or
+ the content type as defined in the SSL 3.0/TLS 1.0 protocol
+ specification (change_cipher_spec(20), alert(21), handshake(22)).
+ 'buf' and 'len' point to the actual message, 'ssl' to the
+ SSL object, and 'arg' is the application-defined value set by
+ SSL[_CTX]_set_msg_callback_arg().
+
+ 'openssl s_client' and 'openssl s_server' have new '-msg' options
+ to enable a callback that displays all protocol messages.
+
+ TODO: SSL 2.0, doc/ssl/, doc/apps/
+ [Bodo Moeller]
+
+ *) In ssl3_get_client_hello (ssl/s3_srvr.c), generate a fatal alert
+ (sent using the client's version number) if client_version is
+ smaller than the protocol version in use. Also change
+ ssl23_get_client_hello (ssl/s23_srvr.c) to select TLS 1.0 if
+ the client demanded SSL 3.0 but only TLS 1.0 is enabled; then
+ the client will at least see that alert.
+ [Bodo Moeller]
+
+) Modify the behaviour of EVP cipher functions in similar way to digests
to retain compatibility with existing code.
[Steve Henson]
+) Modify the behaviour of EVP_DigestInit() and EVP_DigestFinal() to retain
- compatibility with existing code. In particular the 'ctx' parameter is
- not assumed to be valid before the call to EVP_DigestInit() and it is tidied
- up after a call to EVP_DigestFinal(). A new function EVP_DigestFinal_ex()
- but does not free up the ctx. Also change function EVP_MD_CTX_copy() to
- assume the destination is uninitialized: EVP_MD_CTX_copy_ex() do assumes
- the destiation is valid. Also modify all the OpenSSL digest calls to call
- EVP_DigestInit_ex(), EVP_DigestFinal_ex() and EVP_MD_CTX_copy_ex().
+ compatibility with existing code. In particular the 'ctx' parameter does
+ not have to be to be initialized before the call to EVP_DigestInit() and
+ it is tidied up after a call to EVP_DigestFinal(). New function
+ EVP_DigestFinal_ex() which does not tidy up the ctx. Similarly function
+ EVP_MD_CTX_copy() changed to not require the destination to be
+ initialized valid and new function EVP_MD_CTX_copy_ex() added which
+ requires the destination to be valid.
+
+ Modify all the OpenSSL digest calls to use EVP_DigestInit_ex(),
+ EVP_DigestFinal_ex() and EVP_MD_CTX_copy_ex().
[Steve Henson]
+) Change ssl3_get_message (ssl/s3_both.c) and the functions using it