Fix some obvious bugs in the PKCS#7 library handling. It didn't try to

[openssl.git] / CHANGES

diff --git a/CHANGES b/CHANGES
index a3a90ddc39c1d367f777a49abbe97c8a0cb30ca6..a07070573042b04abe17eb5ff3910657138f5677 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -3,7 +3,26 @@
  _______________
 
 
- Changes between 0.9.2b and 0.9.3
+ Changes between 0.9.2b and 0.9.3  [XX May 1999]
+                                   [I suggest using the same format for the
+                                   date as in opensslv.h.  0.9.1c used
+                                   hyphens in the date, so I wrote
+                                   [23-Dec-1998] down below; but in later
+                                   versions, these hyphens are gone.]
+
+  *) Reorganise the PKCS#7 library and get rid of some of the more obvious
+     problems: find RecipientInfo structure that matches recipient certificate
+     and initialise the ASN1 structures properly based on passed cipher.
+     [Steve Henson]
+
+  *) Belatedly make the BN tests actually check the results.
+     [Ben Laurie]
+
+  *) Fix the encoding and decoding of negative ASN1 INTEGERS and conversion
+     to and from BNs: it was completely broken. New compilation option
+     NEG_PUBKEY_BUG to allow for some broken certificates that encode public
+     key elements as negative integers.
+     [Steve Henson]
 
   *) Reorganize and speed up MD5.
      [Andy Polyakov <appro@fy.chalmers.se>]
@@ -50,11 +69,12 @@
      Changing settings for an SSL_CTX *ctx after having done s = SSL_new(ctx)
      does not influence s as it used to.
      
-     Projected further changes:
      In order to clean up things more thoroughly, inside SSL_SESSION
-     we should not use CERT any longer, but a new structure SESS_CERT
-     that holds per-session data, and CERT should hold only those
-     values that can have meaningful defaults in an SSL_CTX.
+     we don't use CERT any longer, but a new structure SESS_CERT
+     that holds per-session data (if available); currently, this is
+     the peer's certificate chain and, for clients, the server's certificate
+     and temporary key.  CERT holds only those values that can have
+     meaningful defaults in an SSL_CTX.
      [Bodo Moeller]
 
   *) New function X509V3_EXT_i2d() to create an X509_EXTENSION structure
@@ -362,7 +382,8 @@
      so they no longer are missing under -DNOPROTO. 
      [Soren S. Jorvang <soren@t.dk>]
 
- Changes between 0.9.1c and 0.9.2b
+
+ Changes between 0.9.1c and 0.9.2b  [22 Mar 1999]
 
   *) Make SSL_get_peer_cert_chain() work in servers. Unfortunately, it still
      doesn't work when the session is reused. Coming soon!
@@ -1029,7 +1050,8 @@
   *) Generate Makefile.ssl from Makefile.org (to keep CVS happy).
      [Ben Laurie]
 
- Changes between 0.9.1b and 0.9.1c
+
+ Changes between 0.9.1b and 0.9.1c  [23-Dec-1998]
 
   *) Added OPENSSL_VERSION_NUMBER to crypto/crypto.h and 
      changed SSLeay to OpenSSL in version strings.
@@ -1089,7 +1111,8 @@
      summer 1998.
      [The OpenSSL Project]
  
- Changes between 0.9.0b and 0.9.1b
+
+ Changes between 0.9.0b and 0.9.1b  [not released]
 
   *) Updated a few CA certificates under certs/
      [Eric A. Young]