Changes between 0.9.4 and 0.9.5 [xx XXX 1999]
+ *) Fixes to X509_ATTRIBUTE utilities, change the 'req' program so it uses
+ the new code. Add documentation for this stuff.
+ [Steve Henson]
+
+ *) Changes to X509_ATTRIBUTE utilities. These have been renamed from
+ X509_*() to X509at_*() on the grounds that they don't handle X509
+ structures and behave in an analagous way to the X509v3 functions:
+ they shouldn't be called directly but wrapper functions should be used
+ instead.
+
+ So we also now have some wrapper functions that call the X509at functions
+ when passed certificate requests. (TO DO: similar things can be done with
+ PKCS#7 signed and unsigned attributes, PKCS#12 attributes and a few other
+ things. Some of these need some d2i or i2d and print functionality
+ because they handle more complex structures.)
+ [Steve Henson]
+
+ *) Add missing #ifndefs that caused missing symbols when building libssl
+ as a shared library without RSA. Use #ifndef NO_SSL2 instead of
+ NO_RSA in ssl/s2*.c.
+ [Kris Kennaway <kris@hub.freebsd.org>, modified by Ulf Möller]
+
*) Precautions against using the PRNG uninitialized: RAND_bytes() now
has a return value which indicates the quality of the random data
(1 = ok, 0 = not seeded). Also an error is recorded on the thread's
- error queue.
+ error queue. New function RAND_pseudo_bytes() generates output that is
+ guaranteed to be unique but not unpredictable.
(TO DO: always check the result of RAND_bytes when it is used in the
- library, because leaving the error in the error queue but reporting
- success in a function that uses RAND_bytes could confuse things
- considerably.)
+ library, or use RAND_pseudo_bytes instead, because leaving the
+ error in the error queue but reporting success in a function that
+ uses RAND_bytes could confuse things considerably.)
[Ulf Möller]
*) Do more iterations of Rabin-Miller probable prime test (specifically,