Changes between 1.1.0e and 1.1.1 [xx XXX xxxx]
+ *) Fragmented SSL/TLS alerts are no longer accepted. An alert message is 2
+ bytes long. In theory it is permissible in SSLv3 - TLSv1.2 to fragment such
+ alerts across multiple records (some of which could be empty). In practice
+ it make no sense to send an empty alert record, or to fragment one. TLSv1.3
+ prohibts this altogether and other libraries (BoringSSL, NSS) do not
+ support this at all. Supporting it adds significant complexity to the
+ record layer, and its removal is unlikely to cause inter-operability
+ issues.
+ [Matt Caswell]
+
+ *) Add the ASN.1 types INT32, UINT32, INT64, UINT64 and variants prefixed
+ with Z. These are meant to replace LONG and ZLONG and to be size safe.
+ The use of LONG and ZLONG is discouraged and scheduled for deprecation
+ in OpenSSL 1.2.0.
+ [Richard Levitte]
+
*) Add the 'z' and 'j' modifiers to BIO_printf() et al formatting string,
'z' is to be used for [s]size_t, and 'j' - with [u]int64_t.
[Richard Levitte, Andy Polyakov]
platform rather than 'mingw'.
[Richard Levitte]
+ *) The functions X509_STORE_add_cert and X509_STORE_add_crl return
+ success if they are asked to add an object which already exists
+ in the store. This change cascades to other functions which load
+ certificates and CRLs.
+ [Paul Dale]
+
*) x86_64 assembly pack: annotate code with DWARF CFI directives to
facilitate stack unwinding even from assembly subroutines.
[Andy Polyakov]
*) Add support for ARIA
[Paul Dale]
+ *) s_client will now send the Server Name Indication (SNI) extension by
+ default unless the new "-noservername" option is used. The server name is
+ based on the host provided to the "-connect" option unless overridden by
+ using "-servername".
+ [Matt Caswell]
+
*) Add support for SipHash
[Todd Short]
projects / openssl.git / blobdiff