X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=CHANGES;h=2c1daddf2bb724f74d88e6ea5d505224dabf7005;hp=f799225c8bba3b3af4dd21c489fe7a5073d629bf;hb=450ea83495f8da9d9331da7a724514158d618a6f;hpb=850815cb6e6e83dbf588f9faf8ae50a2c29b6acf diff --git a/CHANGES b/CHANGES index f799225c8b..2c1daddf2b 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,60 @@ Changes between 0.9.8b and 0.9.9 [xx XXX xxxx] + *) Store a "canonical" representation of X509_NAME structure (ASN1 Name) + this maps equivalent X509_NAME structures into a consistent structure. + Name comparison can then be performed rapidly using memcmp(). + [Steve Henson] + + *) Non-blocking OCSP request processing. Add -timeout option to ocsp + utility. + [Steve Henson] + + *) Allow digests to supply their own micalg string for S/MIME type using + the ctrl EVP_MD_CTRL_MICALG. + [Steve Henson] + + *) During PKCS7 signing pass the PKCS7 SignerInfo structure to the + EVP_PKEY_METHOD before and after signing via the EVP_PKEY_CTRL_PKCS7_SIGN + ctrl. It can then customise the structure before and/or after signing + if necessary. + [Steve Henson] + + *) New function OBJ_add_sigid() to allow application defined signature OIDs + to be added to OpenSSLs internal tables. New function OBJ_sigid_free() + to free up any added signature OIDs. + [Steve Henson] + + *) New functions EVP_CIPHER_do_all(), EVP_CIPHER_do_all_sorted(), + EVP_MD_do_all() and EVP_MD_do_all_sorted() to enumerate internal + digest and cipher tables. New options added to openssl utility: + list-message-digest-algorithms and list-cipher-algorithms. + [Steve Henson] + + *) In addition to the numerical (unsigned long) thread ID, provide + for a pointer (void *) thread ID. This helps accomodate systems + that do not provide an unsigned long thread ID. OpenSSL assumes + it is in the same thread iff both the numerical and the pointer + thread ID agree; so applications are just required to define one + of them appropriately (e.g., by using a pointer to a per-thread + memory object malloc()ed by the application for the pointer-type + thread ID). Exactly analoguous to the existing functions + + void CRYPTO_set_id_callback(unsigned long (*func)(void)); + unsigned long (*CRYPTO_get_id_callback(void))(void); + unsigned long CRYPTO_thread_id(void); + + we now have additional functions + + void CRYPTO_set_idptr_callback(void *(*func)(void)); + void *(*CRYPTO_get_idptr_callback(void))(void); + void *CRYPTO_thread_idptr(void); + + also in . The default value for + CRYPTO_thread_idptr() if the application has not provided its own + callback is &errno. + [Bodo Moeller] + *) Change the array representation of binary polynomials: the list of degrees of non-zero coefficients is now terminated with -1. Previously it was terminated with 0, which was also part of the @@ -315,9 +369,18 @@ Changes between 0.9.8b and 0.9.8c [xx XXX xxxx] - *) Disable "ECCdraft" ciphersuites (which were not part of the "ALL" - alias). These are now excluded from compilation by default, since - OpenSSL 0.9.9[-dev] should be used for TLS with elliptic curves. + *) Change the Unix randomness entropy gathering to use poll() when + possible instead of select(), since the latter has some + undesirable limitations. + [Darryl Miles via Richard Levitte and Bodo Moeller] + + *) Disable "ECCdraft" ciphersuites more thoroughly. Now special + treatment in ssl/ssl_ciph.s makes sure that these ciphersuites + cannot be implicitly activated as part of, e.g., the "AES" alias. + However, please upgrade to OpenSSL 0.9.9[-dev] for + non-experimental use of the ECC ciphersuites to get TLS extension + support, which is required for curve and point format negotiation + to avoid potential handshake problems. [Bodo Moeller] *) Disable rogue ciphersuites: @@ -1261,6 +1324,11 @@ Changes between 0.9.7j and 0.9.7k [xx XXX xxxx] + *) Change the Unix randomness entropy gathering to use poll() when + possible instead of select(), since the latter has some + undesirable limitations. + [Darryl Miles via Richard Levitte and Bodo Moeller] + *) Disable rogue ciphersuites: - SSLv2 0x08 0x00 0x80 ("RC4-64-MD5")