X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=CHANGES;h=b1fa3bbcecbc8beba25b656b7de9371950aa8076;hp=9a5890c047c79775c36dcc0eb04d6e7e66b77812;hb=3dcc1ffc52892466bad09052d99e1b56b708f74f;hpb=0b903ec01835c1c2f75830a5fbbcc84dd947e260

diff --git a/CHANGES b/CHANGES
index 9a5890c047..b1fa3bbcec 100644
--- a/CHANGES
+++ b/CHANGES
@@ -3,7 +3,188 @@
  _______________
 
 
- Changes between 0.9.1c and 0.9.2
+ Changes between 0.9.2b and 0.9.3
+
+  *) New config option to avoid instructions that are illegal on the 80386.
+     The default code is faster, but requires at least a 486.
+     [Ulf Möller]
+  
+  *) Got rid of old SSL2_CLIENT_VERSION (inconsistently used) and
+     SSL2_SERVER_VERSION (not used at all) macros, which are now the
+     same as SSL2_VERSION anyway.
+     [Bodo Moeller]
+
+  *) New "-showcerts" option for s_client.
+     [Bodo Moeller]
+
+  *) Still more PKCS#12 integration. Add pkcs12 application to openssl
+     application. Various cleanups and fixes.
+     [Steve Henson]
+
+  *) More PKCS#12 integration. Add new pkcs12 directory with Makefile.ssl and
+     modify error routines to work internally. Add error codes and PBE init
+     to library startup routines.
+     [Steve Henson]
+
+  *) Further PKCS#12 integration. Added password based encryption, PKCS#8 and
+     packing functions to asn1 and evp. Changed function names and error
+     codes along the way.
+     [Steve Henson]
+
+  *) PKCS12 integration: and so it begins... First of several patches to
+     slowly integrate PKCS#12 functionality into OpenSSL. Add PKCS#12
+     objects to objects.h
+     [Steve Henson]
+
+  *) Add a new 'indent' option to some X509V3 extension code. Initial ASN1
+     and display support for Thawte strong extranet extension.
+     [Steve Henson]
+
+  *) Add LinuxPPC support.
+     [Jeff Dubrule <igor@pobox.org>]
+
+  *) Get rid of redundant BN file bn_mulw.c, and rename bn_div64 to
+     bn_div_words in alpha.s.
+     [Hannes Reinecke <H.Reinecke@hw.ac.uk> and Ben Laurie]
+
+  *) Make sure the RSA OAEP test is skipped under -DRSAref because
+     OAEP isn't supported when OpenSSL is built with RSAref.
+     [Ulf Moeller <ulf@fitug.de>]
+
+  *) Move definitions of IS_SET/IS_SEQUENCE inside crypto/asn1/asn1.h 
+     so they no longer are missing under -DNOPROTO. 
+     [Soren S. Jorvang <soren@t.dk>]
+
+ Changes between 0.9.1c and 0.9.2b
+
+  *) Make SSL_get_peer_cert_chain() work in servers. Unfortunately, it still
+     doesn't work when the session is reused. Coming soon!
+     [Ben Laurie]
+
+  *) Fix a security hole, that allows sessions to be reused in the wrong
+     context thus bypassing client cert protection! All software that uses
+     client certs and session caches in multiple contexts NEEDS PATCHING to
+     allow session reuse! A fuller solution is in the works.
+     [Ben Laurie, problem pointed out by Holger Reif, Bodo Moeller (and ???)]
+
+  *) Some more source tree cleanups (removed obsolete files
+     crypto/bf/asm/bf586.pl, test/test.txt and crypto/sha/asm/f.s; changed
+     permission on "config" script to be executable) and a fix for the INSTALL
+     document.
+     [Ulf Moeller <ulf@fitug.de>]
+
+  *) Remove some legacy and erroneous uses of malloc, free instead of
+     Malloc, Free.
+     [Lennart Bang <lob@netstream.se>, with minor changes by Steve]
+
+  *) Make rsa_oaep_test return non-zero on error.
+     [Ulf Moeller <ulf@fitug.de>]
+
+  *) Add support for native Solaris shared libraries. Configure
+     solaris-sparc-sc4-pic, make, then run shlib/solaris-sc4.sh. It'd be nice
+     if someone would make that last step automatic.
+     [Matthias Loepfe <Matthias.Loepfe@AdNovum.CH>]
+
+  *) ctx_size was not built with the right compiler during "make links". Fixed.
+     [Ben Laurie]
+
+  *) Change the meaning of 'ALL' in the cipher list. It now means "everything
+     except NULL ciphers". This means the default cipher list will no longer
+     enable NULL ciphers. They need to be specifically enabled e.g. with
+     the string "DEFAULT:eNULL".
+     [Steve Henson]
+
+  *) Fix to RSA private encryption routines: if p < q then it would
+     occasionally produce an invalid result. This will only happen with
+     externally generated keys because OpenSSL (and SSLeay) ensure p > q.
+     [Steve Henson]
+
+  *) Be less restrictive and allow also `perl util/perlpath.pl
+     /path/to/bin/perl' in addition to `perl util/perlpath.pl /path/to/bin',
+     because this way one can also use an interpreter named `perl5' (which is
+     usually the name of Perl 5.xxx on platforms where an Perl 4.x is still
+     installed as `perl').
+     [Matthias Loepfe <Matthias.Loepfe@adnovum.ch>]
+
+  *) Let util/clean-depend.pl work also with older Perl 5.00x versions.
+     [Matthias Loepfe <Matthias.Loepfe@adnovum.ch>]
+
+  *) Fix Makefile.org so CC,CFLAG etc are passed to 'make links' add
+     advapi32.lib to Win32 build and change the pem test comparision
+     to fc.exe (thanks to Ulrich Kroener <kroneru@yahoo.com> for the
+     suggestion). Fix misplaced ASNI prototypes and declarations in evp.h
+     and crypto/des/ede_cbcm_enc.c.
+     [Steve Henson]
+
+  *) DES quad checksum was broken on big-endian architectures. Fixed.
+     [Ben Laurie]
+
+  *) Comment out two functions in bio.h that aren't implemented. Fix up the
+     Win32 test batch file so it (might) work again. The Win32 test batch file
+     is horrible: I feel ill....
+     [Steve Henson]
+
+  *) Move various #ifdefs around so NO_SYSLOG, NO_DIRENT etc are now selected
+     in e_os.h. Audit of header files to check ANSI and non ANSI
+     sections: 10 functions were absent from non ANSI section and not exported
+     from Windows DLLs. Fixed up libeay.num for new functions.
+     [Steve Henson]
+
+  *) Make `openssl version' output lines consistent.
+     [Ralf S. Engelschall]
+
+  *) Fix Win32 symbol export lists for BIO functions: Added
+     BIO_get_ex_new_index, BIO_get_ex_num, BIO_get_ex_data and BIO_set_ex_data
+     to ms/libeay{16,32}.def.
+     [Ralf S. Engelschall]
+
+  *) Second round of fixing the OpenSSL perl/ stuff. It now at least compiled
+     fine under Unix and passes some trivial tests I've now added. But the
+     whole stuff is horribly incomplete, so a README.1ST with a disclaimer was
+     added to make sure no one expects that this stuff really works in the
+     OpenSSL 0.9.2 release.  Additionally I've started to clean the XS sources
+     up and fixed a few little bugs and inconsistencies in OpenSSL.{pm,xs} and
+     openssl_bio.xs.
+     [Ralf S. Engelschall]
+
+  *) Fix the generation of two part addresses in perl.
+     [Kenji Miyake <kenji@miyake.org>, integrated by Ben Laurie]
+
+  *) Add config entry for Linux on MIPS.
+     [John Tobey <jtobey@channel1.com>]
+
+  *) Make links whenever Configure is run, unless we are on Windoze.
+     [Ben Laurie]
+
+  *) Permit extensions to be added to CRLs using crl_section in openssl.cnf.
+     Currently only issuerAltName and AuthorityKeyIdentifier make any sense
+     in CRLs.
+     [Steve Henson]
+
+  *) Add a useful kludge to allow package maintainers to specify compiler and
+     other platforms details on the command line without having to patch the
+     Configure script everytime: One now can use ``perl Configure
+     <id>:<details>'', i.e. platform ids are allowed to have details appended
+     to them (seperated by colons). This is treated as there would be a static
+     pre-configured entry in Configure's %table under key <id> with value
+     <details> and ``perl Configure <id>'' is called.  So, when you want to
+     perform a quick test-compile under FreeBSD 3.1 with pgcc and without
+     assembler stuff you can use ``perl Configure "FreeBSD-elf:pgcc:-O6:::"''
+     now, which overrides the FreeBSD-elf entry on-the-fly.
+     [Ralf S. Engelschall]
+
+  *) Disable new TLS1 ciphersuites by default: they aren't official yet.
+     [Ben Laurie]
+
+  *) Allow DSO flags like -fpic, -fPIC, -KPIC etc. to be specified
+     on the `perl Configure ...' command line. This way one can compile
+     OpenSSL libraries with Position Independent Code (PIC) which is needed
+     for linking it into DSOs.
+     [Ralf S. Engelschall]
+
+  *) Remarkably, export ciphers were totally broken and no-one had noticed!
+     Fixed.
+     [Ben Laurie]
 
   *) Cleaned up the LICENSE document: The official contact for any license
      questions now is the OpenSSL core team under openssl-core@openssl.org.
@@ -60,10 +241,11 @@
      unsigned to signed types: this was killing the Win32 compile.
      [Steve Henson]
 
-  *) Add new certificate file to stack functions, SSL_add_cert_file_to_stack()
-     and SSL_add_cert_dir_to_stack(). These largely supplant
-     SSL_load_client_CA_file(), and can be used to add multiple certs easily to
-     a stack (usually this is then handed to SSL_CTX_set_client_CA_list()).
+  *) Add new certificate file to stack functions,
+     SSL_add_dir_cert_subjects_to_stack() and
+     SSL_add_file_cert_subjects_to_stack().  These largely supplant
+     SSL_load_client_CA_file(), and can be used to add multiple certs easily
+     to a stack (usually this is then handed to SSL_CTX_set_client_CA_list()).
      This means that Apache-SSL and similar packages don't have to mess around
      to add as many CAs as they want to the preferred list.
      [Ben Laurie]
@@ -230,7 +412,7 @@
      vectors if you have them.
      [Ben Laurie]
 
-  *) Correct caclulation of key length for export ciphers (too much space was
+  *) Correct calculation of key length for export ciphers (too much space was
      allocated for null ciphers). This has not been tested!
      [Ben Laurie]