X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=CHANGES;h=c690bb3800b20737a5083746a59aae9b4bd788e3;hp=33956e2c18645601f58f66ae8350a93f496aec2c;hb=d61ff83be977d9622b98f61a49ab3c1ca2db78a1;hpb=be681e123c3582f7bef18ed41b5ffa4793e8c4f7;ds=sidebyside

diff --git a/CHANGES b/CHANGES
index 33956e2c18..c690bb3800 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,18 @@
 
  Changes between 1.0.1 and 1.1.0  [xx XXX xxxx]
 
+  *) Add new "valid_flags" field to CERT_PKEY structure which determines what
+     the certificate can be used for (if anything). Set valid_flags field 
+     in new tls1_check_chain function. Simplify ssl_set_cert_masks which used
+     to have similar checks in it.
+
+     Add new "cert_flags" field to CERT structure and include a "strict mode".
+     This enforces some TLS certificate requirements (such as only permitting
+     certificate signature algorithms contained in the supported algorithms
+     extension) which some implementations ignore: this option should be used
+     with caution as it could cause interoperability issues.
+     [Steve Henson]
+
   *) Update and tidy signature algorithm extension processing. Work out
      shared signature algorithms based on preferences and peer algorithms
      and print them out in s_client and s_server. Abort handshake if no