X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=CHANGES;h=491f85efbb1876bd939497603df26257b8d6ee67;hp=72c78eac1b3bc6e90b26ef0ab10d6ee094fc4a51;hb=72257204bd2a88773461150765dfd0e0a428ee86;hpb=076fc55527a1499391fa6de109c8387895199ee9 diff --git a/CHANGES b/CHANGES index 72c78eac1b..491f85efbb 100644 --- a/CHANGES +++ b/CHANGES @@ -2,7 +2,46 @@ OpenSSL CHANGES _______________ - Changes between 1.1.0e and 1.1.1 [xx XXX xxxx] + This is a high-level summary of the most important changes. + For a full list of changes, see the git commit log; for example, + https://github.com/openssl/openssl/commits/ and pick the appropriate + release branch. + + Changes between 1.1.0f and 1.1.1 [xx XXX xxxx] + + *) Removed BSD cryptodev engine. + [Rich Salz] + + *) Add a build target 'build_all_generated', to build all generated files + and only that. This can be used to prepare everything that requires + things like perl for a system that lacks perl and then move everything + to that system and do the rest of the build there. + [Richard Levitte] + + *) In the UI interface, make it possible to duplicate the user data. This + can be used by engines that need to retain the data for a longer time + than just the call where this user data is passed. + [Richard Levitte] + + *) Ignore the '-named_curve auto' value for compatibility of applications + with OpenSSL 1.0.2. + [Tomas Mraz ] + + *) Fragmented SSL/TLS alerts are no longer accepted. An alert message is 2 + bytes long. In theory it is permissible in SSLv3 - TLSv1.2 to fragment such + alerts across multiple records (some of which could be empty). In practice + it make no sense to send an empty alert record, or to fragment one. TLSv1.3 + prohibts this altogether and other libraries (BoringSSL, NSS) do not + support this at all. Supporting it adds significant complexity to the + record layer, and its removal is unlikely to cause inter-operability + issues. + [Matt Caswell] + + *) Add the ASN.1 types INT32, UINT32, INT64, UINT64 and variants prefixed + with Z. These are meant to replace LONG and ZLONG and to be size safe. + The use of LONG and ZLONG is discouraged and scheduled for deprecation + in OpenSSL 1.2.0. + [Richard Levitte] *) Add the 'z' and 'j' modifiers to BIO_printf() et al formatting string, 'z' is to be used for [s]size_t, and 'j' - with [u]int64_t. @@ -16,6 +55,12 @@ platform rather than 'mingw'. [Richard Levitte] + *) The functions X509_STORE_add_cert and X509_STORE_add_crl return + success if they are asked to add an object which already exists + in the store. This change cascades to other functions which load + certificates and CRLs. + [Paul Dale] + *) x86_64 assembly pack: annotate code with DWARF CFI directives to facilitate stack unwinding even from assembly subroutines. [Andy Polyakov] @@ -37,6 +82,12 @@ *) Add support for ARIA [Paul Dale] + *) s_client will now send the Server Name Indication (SNI) extension by + default unless the new "-noservername" option is used. The server name is + based on the host provided to the "-connect" option unless overridden by + using "-servername". + [Matt Caswell] + *) Add support for SipHash [Todd Short] @@ -61,6 +112,17 @@ issues, has been replaced to always returns NULL. [Rich Salz] + Changes between 1.1.0e and 1.1.0f [25 May 2017] + + *) Have 'config' recognise 64-bit mingw and choose 'mingw64' as the target + platform rather than 'mingw'. + [Richard Levitte] + + *) Remove the VMS-specific reimplementation of gmtime from crypto/o_times.c. + VMS C's RTL has a fully up to date gmtime() and gmtime_r() since V7.1, + which is the minimum version we support. + [Richard Levitte] + Changes between 1.1.0d and 1.1.0e [16 Feb 2017] *) Encrypt-Then-Mac renegotiation crash