Major changes between OpenSSL 0.9.2b and OpenSSL 0.9.3:
o Lots of enhancements and cleanups to the Configuration mechanism
o RSA OEAP related fixes
- o Support for PKCS#5 v2.0 ASN1 PBES2 structures
o Added `openssl ca -revoke' option for revoking a certificate
o Source cleanups: const correctness, type-safe stacks and ASN.1 SETs
o Source tree cleanups: removed lots of obsolete files
- o Support for Thawte SXNet extensions
- o Full integration of PKCS#12 support
+ o Thawte SXNet, certificate policies and CRL distribution points
+ extension support
+ o Preliminary (experimental) S/MIME support
+ o Support for ASN.1 UTF8String and VisibleString
+ o Full integration of PKCS#12 code
o Sparc assembler bignum implementation, optimized hash functions
Major changes between OpenSSL 0.9.1c and OpenSSL 0.9.2b:
extensions = extension_section
-in the nameless (default) section is used. If no such line is include then
+in the nameless (default) section is used. If no such line is included then
it uses the default section.
You can also add extensions to CRLs: a line
have *any* critical extensions (these violates PKIX but we have to live
with it).
-There are three main types of extension, string extensions, multi valued
+There are three main types of extension: string extensions, multi valued
extensions, and raw extensions.
-String extensions simply have a string which defines the value of the or how
-it is obtained.
+String extensions simply have a string which contains either the value itself
+or how it is obtained.
For example:
This is because the configuration file code cannot handle the same name
occurring twice in the same extension.
-Raw extensions allow arbitrary data to be placed in an extension. For
-example
+The syntax of raw extensions is governed by the extension code: it can
+for example contain data in multiple sections. The correct syntax to
+use is defined by the extension code itself: check out the certificate
+policies extension for an example.
-1.2.3.4=critical,RAW:01:02:03:04
-1.2.3.4=RAW:01020304
+In addition it is also possible to use the word DER to include arbitrary
+data in any extension.
-The value following RAW is a hex dump of the extension contents. Any extension
-can be placed in this form to override the default behaviour. For example:
+1.2.3.4=critical,DER:01:02:03:04
+1.2.3.4=DER:01020304
-basicConstraints=critical,RAW:00:01:02:03
+The value following DER is a hex dump of the DER encoding of the extension
+Any extension can be placed in this form to override the default behaviour.
+For example:
+
+basicConstraints=critical,DER:00:01:02:03
-WARNING: raw extensions should be used with caution. It is possible to create
-totally invalid extensions unless care is taken.
+WARNING: DER should be used with caution. It is possible to create totally
+invalid extensions unless care is taken.
CURRENTLY SUPPORTED EXTENSIONS.
projects / openssl.git / commitdiff