d2i_PublicKey (crypto/asn1/d2i_pu.c) have been modified to make
them suitable for ECDSA where domain parameters must be
extracted before the specific public key.
- [Nils Larsch <nla@trustcenter.de]
+ [Nils Larsch <nla@trustcenter.de>]
*) Add reference counting for EC_GROUP objects.
- [Nils Larsch <nla@trustcenter.de]
+ [Nils Larsch <nla@trustcenter.de>]
*) Include some named elliptic curves. These can be obtained from
the new functions
*) applies to 0.9.6a ... 0.9.6d and 0.9.7
+) applies to 0.9.7 only
+ +) Fix the 'app_verify_callback' interface so that the user-defined
+ argument is actually passed to the callback: In the
+ SSL_CTX_set_cert_verify_callback() prototype, the callback
+ declaration has been changed from
+ int (*cb)()
+ into
+ int (*cb)(X509_STORE_CTX *,void *);
+ in ssl_verify_cert_chain (ssl/ssl_cert.c), the call
+ i=s->ctx->app_verify_callback(&ctx)
+ has been changed into
+ i=s->ctx->app_verify_callback(&ctx, s->ctx->app_verify_arg).
+
+ To update applications using SSL_CTX_set_cert_verify_callback(),
+ a dummy argument can be added to their callback functions.
+ [D. K. Smetters <smetters@parc.xerox.com>]
+
+ +) Added the '4758cca' ENGINE to support IBM 4758 cards.
+ [Maurice Gittens <maurice@gittens.nl>, touchups by Geoff Thorpe]
+
+ *) Fix bug in SSL_clear(): bad sessions were not removed (found by
+ Yoram Zahavi <YoramZ@gilian.com>).
+ [Lutz Jaenicke]
+
+ +) Add and OPENSSL_LOAD_CONF define which will cause
+ OpenSSL_add_all_algorithms() to load the openssl.cnf config file.
+ This allows older applications to transparently support certain
+ OpenSSL features: such as crypto acceleration and dynamic ENGINE loading.
+ Two new functions OPENSSL_add_all_algorithms_noconf() which will never
+ load the config file and OPENSSL_add_all_algorithms_conf() which will
+ always load it have also been added.
+ [Steve Henson]
+
+ +) Config modules support in openssl utility.
+
+ Most commands now load modules from the config file,
+ though in a few (such as version) this isn't done
+ because it couldn't be used for anything.
+
+ In the case of ca and req the config file used is
+ the same as the utility itself: that is the -config
+ command line option can be used to specify an
+ alternative file.
+ [Steve Henson]
+
+ +) Move default behaviour from OPENSSL_config(). If appname is NULL
+ use "openssl_conf" if filename is NULL use default openssl config file.
+ [Steve Henson]
+
+ +) Add an argument to OPENSSL_config() to allow the use of an alternative
+ config section name. Add a new flag to tolerate a missing config file
+ and move code to CONF_modules_load_file().
+ [Steve Henson]
+
*) Add information about CygWin 1.3 and on, and preserve proper
configuration for the versions before that.
[Corinna Vinschen <vinschen@redhat.com> and Richard Levitte]