Missing line 0.9.6b release and IA-64 patch advertisement:-)

[openssl.git] / CHANGES

diff --git a/CHANGES b/CHANGES
index 3581aa7ad68812ba3be11b4b32ccbbfc8db619ca..b1929cace8fb341b664a70f03d9d6bd4115ed168 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -12,6 +12,35 @@
          *) applies to 0.9.6a/0.9.6b and 0.9.7
          +) applies to 0.9.7 only
 
+  +) Add initial OCSP responder support to ocsp application. The
+     revocation information is handled using the text based index
+     use by the ca application. The responder can either handle
+     requests generated internally, supplied in files (for example
+     via a CGI script) or using an internal minimal server.
+     [Steve Henson]
+
+  +) Add configuration choices to get zlib compression for TLS.
+     [Richard Levitte]
+
+  +) Changes to Kerberos SSL for RFC 2712 compliance:
+     1.  Implemented real KerberosWrapper, instead of just using
+         KRB5 AP_REQ message.  [Thanks to Simon Wilkinson <sxw@sxw.org.uk>]
+     2.  Implemented optional authenticator field of KerberosWrapper.
+
+     Added openssl-style ASN.1 macros for Kerberos ticket, ap_req,
+     and authenticator structs; see crypto/krb5/.
+
+     Generalized Kerberos calls to support multiple Kerberos libraries.
+     [Vern Staats <staatsvr@asc.hpc.mil>,
+      Jeffrey Altman <jaltman@columbia.edu>
+      via Richard Levitte]
+
+  +) Cause 'openssl speed' to use fully hard-coded DSA keys as it
+     already does with RSA. testdsa.h now has 'priv_key/pub_key'
+     values for each of the key sizes rather than having just
+     parameters (and 'speed' generating keys each time).
+     [Geoff Thorpe]
+
   -) OpenSSL 0.9.6b released [9 July 2001]
 
   *) Change ssleay_rand_bytes (crypto/rand/md_rand.c)