X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=CHANGES;h=f1b416d445421521bd5a0b0f91af4e56df58d46e;hp=c9d12ea5d4aa8970ecc005e1605aecd8f9967950;hb=7f62532030e7881011eced5c561b3cd606518e61;hpb=28b6d5020ee928ee41d360628d904bf2f31eec92 diff --git a/CHANGES b/CHANGES index c9d12ea5d4..f1b416d445 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,29 @@ Changes between 0.9.8j and 0.9.9 [xx XXX xxxx] + *) Enhance the hash format used for certificate directory links. The new + form uses the canonical encoding (meaning equivalent names will work + even if they aren't identical) and uses SHA1 instead of MD5. This form + is incompatible with the older format and as a result c_rehash should + be used to rebuild symbolic links. + [Steve Henson] + + *) Make PKCS#8 the default write format for private keys, replacing the + traditional format. This form is standardised, more secure and doesn't + include an implicit MD5 dependency. + [Steve Henson] + + *) Add a $gcc_devteam_warn option to Configure. The idea is that any code + committed to OpenSSL should pass this lot as a minimum. + [Steve Henson] + + *) Add session ticket override functionality for use by EAP-FAST. + [Jouni Malinen ] + + *) Modify HMAC functions to return a value. Since these can be implemented + in an ENGINE errors can occur. + [Steve Henson] + *) Type-checked OBJ_bsearch_ex. [Ben Laurie] @@ -720,7 +743,37 @@ *) Change 'Configure' script to enable Camellia by default. [NTT] - Changes between 0.9.8i and 0.9.8j [xx XXX xxxx] + Changes between 0.9.8j and 0.9.8k [xx XXX xxxx] + + *) Allow CC in the environment to override the automatically chosen + compiler. Note that nothing is done to ensure flags work with the + chosen compiler. + [Ben Laurie] + + Changes between 0.9.8i and 0.9.8j [07 Jan 2009] + + *) Properly check EVP_VerifyFinal() and similar return values + (CVE-2008-5077). + [Ben Laurie, Bodo Moeller, Google Security Team] + + *) Enable TLS extensions by default. + [Ben Laurie] + + *) Allow the CHIL engine to be loaded, whether the application is + multithreaded or not. (This does not release the developer from the + obligation to set up the dynamic locking callbacks.) + [Sander Temme ] + + *) Use correct exit code if there is an error in dgst command. + [Steve Henson; problem pointed out by Roland Dirlewanger] + + *) Tweak Configure so that you need to say "experimental-jpake" to enable + JPAKE, and need to use -DOPENSSL_EXPERIMENTAL_JPAKE in applications. + [Bodo Moeller] + + *) Add experimental JPAKE support, including demo authentication in + s_client and s_server. + [Ben Laurie] *) Set the comparison function in v3_addr_canonize(). [Rob Austein ]