X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=CHANGES;h=213927b375aabe768cec9d8e2242a36e4fa2f04f;hp=41e23dc9cac6c98a16c9347b44f0ba2d82903899;hb=3ebbe8853f0597bc859d6fad5206229aff3ce784;hpb=e710de12ce27e5f1620eee974b1a45cfb7139ada diff --git a/CHANGES b/CHANGES index 41e23dc9ca..213927b375 100644 --- a/CHANGES +++ b/CHANGES @@ -2,7 +2,31 @@ OpenSSL CHANGES _______________ - Changes between 0.9.8i and 0.9.9 [xx XXX xxxx] + Changes between 0.9.8j and 0.9.9 [xx XXX xxxx] + + *) Add session ticket override functionality for use by EAP-FAST. + [Jouni Malinen ] + + *) Modify HMAC functions to return a value. Since these can be implemented + in an ENGINE errors can occur. + [Steve Henson] + + *) Type-checked OBJ_bsearch_ex. + [Ben Laurie] + + *) Type-checked OBJ_bsearch. Also some constification necessitated + by type-checking. Still to come: TXT_DB, bsearch(?), + OBJ_bsearch_ex, qsort, CRYPTO_EX_DATA, ASN1_VALUE, ASN1_STRING, + CONF_VALUE. + [Ben Laurie] + + *) New function OPENSSL_gmtime_adj() to add a specific number of days and + seconds to a tm structure directly, instead of going through OS + specific date routines. This avoids any issues with OS routines such + as the year 2038 bug. New *_adj() functions for ASN1 time structures + and X509_time_adj_ex() to cover the extended range. The existing + X509_time_adj() is still usable and will no longer have any date issues. + [Steve Henson] *) Delta CRL support. New use deltas option which will attempt to locate and search any appropriate delta CRLs available. @@ -703,7 +727,42 @@ *) Change 'Configure' script to enable Camellia by default. [NTT] - Changes between 0.9.8h and 0.9.8i [xx XXX xxxx] + Changes between 0.9.8i and 0.9.8j [xx XXX xxxx] + + *) Allow the CHIL engine to be loaded, whether the application is + multithreaded or not. (This does not release the developer from the + obligation to set up the dynamic locking callbacks.) + [Sander Temme ] + + *) Use correct exit code if there is an error in dgst command. + [Steve Henson; problem pointed out by Roland Dirlewanger] + + *) Tweak Configure so that you need to say "experimental-jpake" to enable + JPAKE, and need to use -DOPENSSL_EXPERIMENTAL_JPAKE in applications. + [Bodo Moeller] + + *) Add experimental JPAKE support, including demo authentication in + s_client and s_server. + [Ben Laurie] + + *) Set the comparison function in v3_addr_canonize(). + [Rob Austein ] + + *) Add support for XMPP STARTTLS in s_client. + [Philip Paeps ] + + *) Change the server-side SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG behavior + to ensure that even with this option, only ciphersuites in the + server's preference list will be accepted. (Note that the option + applies only when resuming a session, so the earlier behavior was + just about the algorithm choice for symmetric cryptography.) + [Bodo Moeller] + + Changes between 0.9.8h and 0.9.8i [15 Sep 2008] + + *) Fix a state transitition in s3_srvr.c and d1_srvr.c + (was using SSL3_ST_CW_CLNT_HELLO_B, should be ..._ST_SW_SRVR_...). + [Nagendra Modadugu] *) The fix in 0.9.8c that supposedly got rid of unsafe double-checked locking was incomplete for RSA blinding, @@ -731,6 +790,10 @@ [Neel Mehta, Bodo Moeller] + *) Allow engines to be "soft loaded" - i.e. optionally don't die if + the load fails. Useful for distros. + [Ben Laurie and the FreeBSD team] + *) Add support for Local Machine Keyset attribute in PKCS#12 files. [Steve Henson] @@ -749,11 +812,11 @@ This work was sponsored by Logica. [Steve Henson] ->>> Note: this change doesn't apply to the 0.9.9-dev branch (yet). - *) Allow engines to be "soft loaded" - i.e. optionally don't die if - the load fails. Useful for distros. - [Ben Laurie and the FreeBSD team] -<<< + *) Fix bug in X509_ATTRIBUTE creation: dont set attribute using + ASN1_TYPE_set1 if MBSTRING flag set. This bug would crash certain + attribute creation routines such as certifcate requests and PKCS#12 + files. + [Steve Henson] Changes between 0.9.8g and 0.9.8h [28 May 2008]