X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=CHANGES;h=77da92da4a2760791f61e20703a7b5eb414f5750;hp=b886dbfeecfa8aa856837781d3ef366510dd9d46;hb=d2f6d28298725bcf23effb8048e6676f32b5d6ba;hpb=a5f78bf3ba24e1486a6885b302580bb9d59c83e5

diff --git a/CHANGES b/CHANGES
index b886dbfeec..77da92da4a 100644
--- a/CHANGES
+++ b/CHANGES
@@ -808,6 +808,11 @@
 
  Changes between 0.9.8k and 0.9.8l  [xx XXX xxxx]
 
+  *) Fix the server certificate chain building code to use X509_verify_cert(),
+     it used to have an ad-hoc builder which was unable to cope with anything
+     other than a simple chain.
+     [David Woodhouse <dwmw2@infradead.org>, Steve Henson]
+
   *) Don't check self signed certificate signatures in X509_verify_cert()
      by default (a flag can override this): it just wastes time without
      adding any security. As a useful side effect self signed root CAs