X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=CHANGES;h=4874d87bd99e16db554a1fe787c7d3b5e7340b26;hp=ca65bafaad9eda22c5cfa10a36d8469553340b69;hb=a331a305e9c9c5353bd42db6dbda78a418285708;hpb=316e6a66f2c4f28f8705636921825c467a5ceef3

diff --git a/CHANGES b/CHANGES
index ca65bafaad..4874d87bd9 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,19 @@
 
  Changes between 0.9.5a and 0.9.6  [xx XXX 2000]
 
+  *) Make PKCS#12 code work with no password. The PKCS#12 spec
+     is a little unclear about how a blank password is handled.
+     Since the password in encoded as a BMPString with terminating
+     double NULL a zero length password would end up as just the
+     double NULL. However no password at all is different and is
+     handled differently in the PKCS#12 key generation code. NS
+     treats a blank password as zero length. MSIE treats it as no
+     password on export: but it will try both on import. We now do
+     the same: PKCS12_parse() tries zero length and no password if
+     the password is set to "" or NULL (NULL is now a valid password:
+     it wasn't before) as does the pkcs12 application.
+     [Steve Henson]
+
   *) Bugfixes in apps/x509.c: Avoid a memory leak; and don't use
      perror when PEM_read_bio_X509_REQ fails, the error message must
      be obtained from the error queue.