Document MD2 deprecation.

[openssl.git] / CHANGES

diff --git a/CHANGES b/CHANGES
index b886dbfeecfa8aa856837781d3ef366510dd9d46..b9490b1870add976fedd15bcd0f81f9552b2c04f 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,12 @@
 
  Changes between 0.9.8k and 1.0  [xx XXX xxxx]
 
+  *) Delete MD2 from algorithm tables. This follows the recommendation in 
+     several standards that it is not used in new applications due to
+     several cryptographic weaknesses. The algorithm is also disabled in
+     the default configuration.
+     [Steve Henson]
+
   *) In BIO_pop() and BIO_push() use the ctrl argument (which was NULL) to
      indicate the initial BIO being pushed or popped. This makes it possible
      to determine whether the BIO is the one explicitly called or as a result
@@ -808,6 +814,15 @@
 
  Changes between 0.9.8k and 0.9.8l  [xx XXX xxxx]
 
+  *) Add compression id to {d2i,i2d}_SSL_SESSION so it is correctly saved
+     and restored.
+     [Steve Henson]
+
+  *) Fix the server certificate chain building code to use X509_verify_cert(),
+     it used to have an ad-hoc builder which was unable to cope with anything
+     other than a simple chain.
+     [David Woodhouse <dwmw2@infradead.org>, Steve Henson]
+
   *) Don't check self signed certificate signatures in X509_verify_cert()
      by default (a flag can override this): it just wastes time without
      adding any security. As a useful side effect self signed root CAs