_______________
Changes between 1.0.2f and 1.1.0 [xx XXX xxxx]
+ *) Added support for auto-initialisation and de-initialisation of the library.
+ OpenSSL no longer requires explicit init or deinit routines to be called,
+ except in certain circumstances. See the
+ OPENSSL_INIT_crypto_library_start() and OPENSSL_INIT_ssl_library_start()
+ man pages for further information.
+ [Matt Caswell]
+
+ *) The arguments to the DTLSv1_listen function have changed. Specifically the
+ "peer" argument is now expected to be a BIO_ADDR object.
+
+ *) Rewrite of BIO networking library. The BIO library lacked consistent
+ support of IPv6, and adding it required some more extensive
+ modifications. This introduces the BIO_ADDR and BIO_ADDRINFO types,
+ which hold all types of addresses and chains of address information.
+ It also introduces a new API, with functions like BIO_socket,
+ BIO_connect, BIO_listen, BIO_lookup and a rewrite of BIO_accept.
+ The source/sink BIOs BIO_s_connect, BIO_s_accept and BIO_s_datagram
+ have been adapted accordingly.
+ [Richard Levitte]
+
+ *) RSA_padding_check_PKCS1_type_1 now accepts inputs with and without
+ the leading 0-byte.
+ [Emilia Käsper]
+
+ *) CRIME protection: disable compression by default, even if OpenSSL is
+ compiled with zlib enabled. Applications can still enable compression
+ by calling SSL_CTX_clear_options(ctx, SSL_OP_NO_COMPRESSION), or by
+ using the SSL_CONF library to configure compression.
+ [Emilia Käsper]
*) The signature of the session callback configured with
SSL_CTX_sess_set_get_cb was changed. The read-only input buffer
*) New option -sigopt to dgst utility. Update dgst to use
EVP_Digest{Sign,Verify}*. These two changes make it possible to use
- alternative signing paramaters such as X9.31 or PSS in the dgst
+ alternative signing parameters such as X9.31 or PSS in the dgst
utility.
[Steve Henson]
unofficial, and the ID has long expired.
[Bodo Moeller]
- *) Fix RSA blinding Heisenbug (problems sometimes occured on
+ *) Fix RSA blinding Heisenbug (problems sometimes occurred on
dual-core machines) and other potential thread-safety issues.
[Bodo Moeller]
unofficial, and the ID has long expired.
[Bodo Moeller]
- *) Fix RSA blinding Heisenbug (problems sometimes occured on
+ *) Fix RSA blinding Heisenbug (problems sometimes occurred on
dual-core machines) and other potential thread-safety issues.
[Bodo Moeller]
*) Added support for proxy certificates according to RFC 3820.
Because they may be a security thread to unaware applications,
- they must be explicitely allowed in run-time. See
+ they must be explicitly allowed in run-time. See
docs/HOWTO/proxy_certificates.txt for further information.
[Richard Levitte]
*) Fix ssl/s3_enc.c, ssl/t1_enc.c and ssl/s3_pkt.c so that we don't
reveal whether illegal block cipher padding was found or a MAC
- verification error occured. (Neither SSLerr() codes nor alerts
+ verification error occurred. (Neither SSLerr() codes nor alerts
are directly visible to potential attackers, but the information
may leak via logfiles.)
*) Bugfix: ssl23_get_client_hello did not work properly when called in
state SSL23_ST_SR_CLNT_HELLO_B, i.e. when the first 7 bytes of
a SSLv2-compatible client hello for SSLv3 or TLSv1 could be read,
- but a retry condition occured while trying to read the rest.
+ but a retry condition occurred while trying to read the rest.
[Bodo Moeller]
*) The PKCS7_ENC_CONTENT_new() function was setting the content type as
projects / openssl.git / blobdiff