Add a bunch of SSL_xxx() functions for configuring the temporary RSA and DH

[openssl.git] / CHANGES

diff --git a/CHANGES b/CHANGES
index 7bca0f54740b89cf3b8f73df9e58869d31796a63..6b4b174435222c48d7ed7bf4f90f2ec215b23817 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -5,6 +5,24 @@
 
  Changes between 0.9.1c and 0.9.2
 
+  *) Add a bunch of SSL_xxx() functions for configuring the temporary RSA and
+     DH private keys and/or callback functions which directly correspond to
+     their SSL_CTX_xxx() counterparts but work on a per-connection basis. This
+     is needed for applications which have to configure certificates on a
+     per-connection basis (e.g. Apache+mod_ssl) instead of a per-context basis
+     (e.g. s_server). 
+        For the RSA certificate situation is makes no difference, but
+     for the DSA certificate situation this fixes the "no shared cipher"
+     problem where the OpenSSL cipher selection procedure failed because the
+     temporary keys were not overtaken from the context and the API provided
+     no way to reconfigure them. 
+        The new functions now let applications reconfigure the stuff and they
+     are in detail: SSL_need_tmp_RSA, SSL_set_tmp_rsa, SSL_set_tmp_dh,
+     SSL_set_tmp_rsa_callback and SSL_set_tmp_dh_callback.  Additionally a new
+     non-public-API function ssl_cert_instantiate() is used as a helper
+     function and also to reduce code redundancy inside ssl_rsa.c.
+     [Ralf S. Engelschall]
+
   *) Move s_server -dcert and -dkey options out of the undocumented feature
      area because they are useful for the DSA situation and should be
      recognized by the users.