X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=CHANGES;h=a3292d244d8b2c75698407c39aaab63f221ddeac;hp=556aa5f3429c481372987c61e08466cbab61041e;hb=496da8b91861134e63b8b999385aba3fb7f46d5c;hpb=ff43e2e1557962794f773dd9243d6ffdbf4db1aa

diff --git a/CHANGES b/CHANGES
index 556aa5f342..a3292d244d 100644
--- a/CHANGES
+++ b/CHANGES
@@ -11,6 +11,42 @@
          *) applies to 0.9.6a (/0.9.6b) and 0.9.7
          +) applies to 0.9.7 only
 
+
+  +) New random seeder for OpenVMS, using the system process statistics
+     that are easily reachable.
+     [Richard Levitte]
+
+  +) Windows apparently can't transparently handle global
+     variables defined in DLLs. Initialisations such as:
+
+        const ASN1_ITEM *it = &ASN1_INTEGER_it;
+
+     wont compile. This is used by the any applications that need to
+     delcare their own ASN1 modules. This was fixed by adding the option
+     EXPORT_VAR_AS_FN to all Win32 platforms, although this isn't strictly
+     needed for static libraries under Win32.
+     [Steve Henson]
+
+  +) New functions X509_PURPOSE_set() and X509_TRUST_set() to handle
+     setting of purpose and trust fields. New X509_STORE trust and
+     purpose functions and tidy up setting in other SSL functions.
+     [Steve Henson]
+
+  +) Add copies of X509_STORE_CTX fields and callbacks to X509_STORE
+     structure. These are inherited by X509_STORE_CTX when it is 
+     initialised. This allows various defaults to be set in the
+     X509_STORE structure (such as flags for CRL checking and custom
+     purpose or trust settings) for functions which only use X509_STORE_CTX
+     internally such as S/MIME.
+
+     Modify X509_STORE_CTX_purpose_inherit() so it only sets purposes and
+     trust settings if they are not set in X509_STORE. This allows X509_STORE
+     purposes and trust (in S/MIME for example) to override any set by default.
+
+     Add command line options for CRL checking to smime, s_client and s_server
+     applications.
+     [Steve Henson]
+
   +) Initial CRL based revocation checking. If the CRL checking flag(s)
      are set then the CRL is looked up in the X509_STORE structure and
      its validity and signature checked, then if the certificate is found
@@ -782,9 +818,12 @@
      [Geoff Thorpe]
 
   +) Add automatic query of EGD sockets in RAND_poll() for the unix variant.
-     If an EGD or PRNGD is running and enough entropy is returned, automatic
-     seeding like with /dev/[u]random will be performed.
-     Positions tried are: /etc/entropy, /var/run/egd-pool.
+     If /dev/[u]random devices are not available or do not return enough
+     entropy, EGD style sockets (served by EGD or PRNGD) will automatically
+     be queried.
+     The locations /var/run/egd-pool, /dev/egd-pool, /etc/egd-pool, and
+     /etc/entropy will be queried once each in this sequence, quering stops
+     when enough entropy was collected without querying more sockets.
      [Lutz Jaenicke]
 
   +) Change the Unix RAND_poll() variant to be able to poll several