X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=CHANGES;h=18cc5f0d4a92dd41d5f33a33af19bddd4a06c8af;hp=89bdc84b5cf040b56c49ba04522d4d8bb7828251;hb=20b85fdd7644aa940e50a158a1b2c8010bb36443;hpb=dd1462fd1870af118fd781e5d316d6a7e8d75446

diff --git a/CHANGES b/CHANGES
index 89bdc84b5c..18cc5f0d4a 100644
--- a/CHANGES
+++ b/CHANGES
@@ -5,6 +5,28 @@
 
  Changes between 0.9.2b and 0.9.3
 
+  *) Convert casted X509_INFO stacks to type-safe STACK_OF(X509_INFO).
+     [Ralf S. Engelschall]
+
+  *) New function SSL_CTX_use_certificate_chain_file that sets the
+     "extra_cert"s in addition to the certificate.  (This makes sense
+     only for "PEM" format files, as chains as a whole are not
+     DER-encoded.)
+     [Bodo Moeller]
+
+  *) Support verify_depth from the SSL API.
+     x509_vfy.c had what can be considered an off-by-one-error:
+     Its depth (which was not part of the external interface)
+     was actually counting the number of certificates in a chain;
+     now it really counts the depth.
+     [Bodo Moeller]
+
+  *) Bugfix in crypto/x509/x509_cmp.c: The SSLerr macro was used
+     instead of X509err, which often resulted in confusing error
+     messages since the error codes are not globally unique
+     (e.g. an alleged error in ssl3_accept when a certificate
+     didn't match the private key).
+
   *) New function SSL_CTX_set_session_id_context that allows to set a default
      value (so that you don't need SSL_set_session_id_context for each
      connection using the SSL_CTX).