X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=CHANGES;h=4f05a8911a26d46627e3cdbf6fbb346903b9ff4c;hp=ffc8c511ee34b4e902f780bd0c8456175dbe62cc;hb=e42633140e98c7c07a5bc013127e1e6a251995ed;hpb=d56349a2aa0ef13487a230949990ed42421b4bc9 diff --git a/CHANGES b/CHANGES index ffc8c511ee..4f05a8911a 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,88 @@ Changes between 0.9.8a and 0.9.9 [xx XXX xxxx] + *) Transfer public key printing routines to EVP_PKEY_ASN1_METHOD. New + functions EVP_PKEY_print_public(), EVP_PKEY_print_private(), + EVP_PKEY_print_param() to print public key data from an EVP_PKEY + structure. + [Steve Henson] + + *) Initial support for pluggable public key ASN1. + De-spaghettify the public key ASN1 handling. Move public and private + key ASN1 handling to a new EVP_PKEY_ASN1_METHOD structure. Relocate + algorithm specific handling to a single module within the relevant + algorithm directory. Add functions to allow (near) opaque processing + of public and private key structures. + [Steve Henson] + + *) Implement the Supported Point Formats Extension for + ECC ciphersuites from draft-ietf-tls-ecc-12.txt. + [Douglas Stebila] + + *) Add initial support for RFC 4279 PSK TLS ciphersuites. Add members + for the psk identity [hint] and the psk callback functions to the + SSL_SESSION, SSL and SSL_CTX structure. + + New ciphersuites: + PSK-RC4-SHA, PSK-3DES-EDE-CBC-SHA, PSK-AES128-CBC-SHA, + PSK-AES256-CBC-SHA + + New functions: + SSL_CTX_use_psk_identity_hint + SSL_get_psk_identity_hint + SSL_get_psk_identity + SSL_use_psk_identity_hint + + [Mika Kousa and Pasi Eronen of Nokia Corporation] + + *) Add RFC 3161 compliant time stamp request creation, response generation + and response verification functionality. + [Zoltán Glózik , The OpenTSA Project] + + *) Add initial support for TLS extensions, specifically for the server_name + extension so far. The SSL_SESSION, SSL_CTX, and SSL data structures now + have new members for a host name. The SSL data structure has an + additional member SSL_CTX *initial_ctx so that new sessions can be + stored in that context to allow for session resumption, even after the + SSL has been switched to a new SSL_CTX in reaction to a client's + server_name extension. + + New functions (subject to change): + + SSL_get_servername() + SSL_get_servername_type() + SSL_set_SSL_CTX() + + New CTRL codes and macros (subject to change): + + SSL_CTRL_SET_TLSEXT_SERVERNAME_CB + - SSL_CTX_set_tlsext_servername_callback() + SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG + - SSL_CTX_set_tlsext_servername_arg() + SSL_CTRL_SET_TLSEXT_HOSTNAME - SSL_set_tlsext_hostname() + + openssl s_client has a new '-servername ...' option. + + openssl s_server has new options '-servername_host ...', '-cert2 ...', + '-key2 ...', '-servername_fatal' (subject to change). This allows + testing the HostName extension for a specific single host name ('-cert' + and '-key' remain fallbacks for handshakes without HostName + negotiation). If the unrecogninzed_name alert has to be sent, this by + default is a warning; it becomes fatal with the '-servername_fatal' + option. + + [Peter Sylvester, Remy Allais, Christophe Renou] + + *) Whirlpool hash implementation is added. + [Andy Polyakov] + + *) BIGNUM code on 64-bit SPARCv9 targets is switched from bn(64,64) to + bn(64,32). Because of instruction set limitations it doesn't have + any negative impact on performance. This was done mostly in order + to make it possible to share assembler modules, such as bn_mul_mont + implementations, between 32- and 64-bit builds without hassle. + [Andy Polyakov] + *) Disable rogue ciphersuites: - SSLv2 0x08 0x00 0x80 ("RC4-64-MD5") @@ -73,8 +155,13 @@ Changes between 0.9.8a and 0.9.8b [XX xxx XXXX] + *) Link in manifests for VC++ if needed. + [Austin Ziegler ] + *) Update support for ECC-based TLS ciphersuites according to - draft-ietf-tls-ecc-12.txt with proposed changes. + draft-ietf-tls-ecc-12.txt with proposed changes (but without + TLS extensions, which are supported starting with the 0.9.9 + branch, not in the OpenSSL 0.9.8 branch). [Douglas Stebila] *) New functions EVP_CIPHER_CTX_new() and EVP_CIPHER_CTX_free() to support