[thirdparty/openssl.git] / CHANGES


 OpenSSL CHANGES
 _______________


 Changes between 0.9.1c and 0.9.2

  *) Get the gendsa program working (hopefully) and add it to app list. Remove
     encryption from sample DSA keys (in case anyone is interested the password
     was "1234").
     [Steve Henson]

  *) Make _all_ *_free functions accept a NULL pointer.
     [Frans Heymans <fheymans@isaserver.be>]

  *) If a DH key is generated in s3_srvr.c, don't blow it by trying to use
     NULL pointers.
     [Anonymous <nobody@replay.com>]

  *) s_server should send the CAfile as acceptable CAs, not its own cert.
     [Bodo Moeller <3moeller@informatik.uni-hamburg.de>]

  *) Don't blow it for numeric -newkey arguments to apps/req.
     [Bodo Moeller <3moeller@informatik.uni-hamburg.de>]

  *) Temp key "for export" tests were wrong in s3_srvr.c.
     [Anonymous <nobody@replay.com>]

  *) Add prototype for temp key callback functions
     SSL_CTX_set_tmp_{rsa,dh}_callback().
     [Ben Laurie]

  *) Make DH_free() tolerate being passed a NULL pointer (like RSA_free() and
     DSA_free()). Make X509_PUBKEY_set() check for errors in d2i_PublicKey().
     [Steve Henson]

  *) X509_name_add_entry() freed the wrong thing after an error.
     [Arne Ansper <arne@ats.cyber.ee>]

  *) rsa_eay.c would attempt to free a NULL context.
     [Arne Ansper <arne@ats.cyber.ee>]

  *) BIO_s_socket() had a broken should_retry() on Windoze.
     [Arne Ansper <arne@ats.cyber.ee>]

  *) BIO_f_buffer() didn't pass on BIO_CTRL_FLUSH.
     [Arne Ansper <arne@ats.cyber.ee>]

  *) Make sure the already existing X509_STORE->depth variable is initialized
     in X509_STORE_new(), but document the fact that this variable is still
     unused in the certificate verification process.
     [Ralf S. Engelschall]

  *) Fix the various library and apps files to free up pkeys obtained from
     X509_PUBKEY_get() et al. Also allow x509.c to handle netscape extensions.
     [Steve Henson]

  *) Fix reference counting in X509_PUBKEY_get(). This makes
     demos/maurice/example2.c work, amongst others, probably.
     [Steve Henson and Ben Laurie]

  *) First cut of a cleanup for apps/. First the `ssleay' program is now named
     `openssl' and second, the shortcut symlinks for the `openssl <command>'
     are no longer created. This way we have a single and consistent command
     line interface `openssl <command>', similar to `cvs <command>'.
     [Ralf S. Engelschall, Paul Sutton and Ben Laurie]

  *) ca.c: move test for DSA keys inside #ifndef NO_DSA. Make pubkey
     BIT STRING wrapper always have zero unused bits.
     [Steve Henson]

  *) Add CA.pl, perl version of CA.sh, add extended key usage OID.
     [Steve Henson]

  *) Make the top-level INSTALL documentation easier to understand.
     [Paul Sutton]

  *) Makefiles updated to exit if an error occurs in a sub-directory
     make (including if user presses ^C) [Paul Sutton]

  *) Make Montgomery context stuff explicit in RSA data structure.
     [Ben Laurie]

  *) Fix build order of pem and err to allow for generated pem.h.
     [Ben Laurie]

  *) Fix renumbering bug in X509_NAME_delete_entry().
     [Ben Laurie]

  *) Enhanced the err-ins.pl script so it makes the error library number 
     global and can add a library name. This is needed for external ASN1 and
     other error libraries.
     [Steve Henson]

  *) Fixed sk_insert which never worked properly.
     [Steve Henson]

  *) Fix ASN1 macros so they can handle indefinite length construted 
     EXPLICIT tags. Some non standard certificates use these: they can now
     be read in.
     [Steve Henson]

  *) Merged the various old/obsolete SSLeay documentation files (doc/xxx.doc)
     into a single doc/ssleay.txt bundle. This way the information is still
     preserved but no longer messes up this directory. Now it's new room for
     the new set of documenation files.
     [Ralf S. Engelschall]

  *) SETs were incorrectly DER encoded. This was a major pain, because they
     shared code with SEQUENCEs, which aren't coded the same. This means that
     almost everything to do with SETs or SEQUENCEs has either changed name or
     number of arguments.
     [Ben Laurie, based on a partial fix by GP Jayan <gp@nsj.co.jp>]

  *) Fix test data to work with the above.
     [Ben Laurie]

  *) Fix the RSA header declarations that hid a bug I fixed in 0.9.0b but
     was already fixed by Eric for 0.9.1 it seems.
Commit	Line	Data
651d0aff	1
f1c236f8	2	OpenSSL CHANGES
651d0aff RE	3	_______________
	4
	5
9cb0969f	6	Changes between 0.9.1c and 0.9.2
320a14cb	7
7f9b7b07 DSH	8	*) Get the gendsa program working (hopefully) and add it to app list. Remove
	9	encryption from sample DSA keys (in case anyone is interested the password
	10	was "1234").
	11	[Steve Henson]
	12
e03ddfae BL	13	) Make _all_ _free functions accept a NULL pointer.
	14	[Frans Heymans <fheymans@isaserver.be>]
	15
6fa89f94 BL	16	*) If a DH key is generated in s3_srvr.c, don't blow it by trying to use
	17	NULL pointers.
	18	[Anonymous <nobody@replay.com>]
	19
c13d4799 BL	20	*) s_server should send the CAfile as acceptable CAs, not its own cert.
	21	[Bodo Moeller <3moeller@informatik.uni-hamburg.de>]
	22
bc4deee0 BL	23	*) Don't blow it for numeric -newkey arguments to apps/req.
	24	[Bodo Moeller <3moeller@informatik.uni-hamburg.de>]
	25
5b00115a BL	26	*) Temp key "for export" tests were wrong in s3_srvr.c.
	27	[Anonymous <nobody@replay.com>]
	28
f8c3c05d BL	29	*) Add prototype for temp key callback functions
	30	SSL_CTX_set_tmp_{rsa,dh}_callback().
	31	[Ben Laurie]
	32
ad65ce75 DSH	33	*) Make DH_free() tolerate being passed a NULL pointer (like RSA_free() and
ad65ce75 DSH	34	DSA_free()). Make X509_PUBKEY_set() check for errors in d2i_PublicKey().
384c479c	35	[Steve Henson]
ad65ce75	36
e416ad97 BL	37	*) X509_name_add_entry() freed the wrong thing after an error.
	38	[Arne Ansper <arne@ats.cyber.ee>]
	39
4a18cddd BL	40	*) rsa_eay.c would attempt to free a NULL context.
	41	[Arne Ansper <arne@ats.cyber.ee>]
	42
bb65e20b BL	43	*) BIO_s_socket() had a broken should_retry() on Windoze.
	44	[Arne Ansper <arne@ats.cyber.ee>]
	45
b5e406f7 BL	46	*) BIO_f_buffer() didn't pass on BIO_CTRL_FLUSH.
	47	[Arne Ansper <arne@ats.cyber.ee>]
	48
cb0f35d7 RE	49	*) Make sure the already existing X509_STORE->depth variable is initialized
	50	in X509_STORE_new(), but document the fact that this variable is still
	51	unused in the certificate verification process.
	52	[Ralf S. Engelschall]
	53
cfcf6453	54	*) Fix the various library and apps files to free up pkeys obtained from
ad65ce75	55	X509_PUBKEY_get() et al. Also allow x509.c to handle netscape extensions.
cfcf6453 DSH	56	[Steve Henson]
cfcf6453 DSH	57
cdbb8c2f BL	58	*) Fix reference counting in X509_PUBKEY_get(). This makes
	59	demos/maurice/example2.c work, amongst others, probably.
	60	[Steve Henson and Ben Laurie]
	61
06d5b162 RE	62	*) First cut of a cleanup for apps/. First the `ssleay' program is now named
	63	`openssl' and second, the shortcut symlinks for the `openssl <command>'
	64	are no longer created. This way we have a single and consistent command
	65	line interface `openssl <command>', similar to `cvs <command>'.
cdbb8c2f	66	[Ralf S. Engelschall, Paul Sutton and Ben Laurie]
06d5b162	67
c35f549e DSH	68	*) ca.c: move test for DSA keys inside #ifndef NO_DSA. Make pubkey
	69	BIT STRING wrapper always have zero unused bits.
	70	[Steve Henson]
	71
ebc828ca DSH	72	*) Add CA.pl, perl version of CA.sh, add extended key usage OID.
	73	[Steve Henson]
	74
79e259e3 PS	75	*) Make the top-level INSTALL documentation easier to understand.
	76	[Paul Sutton]
	77
56ee3117 PS	78	*) Makefiles updated to exit if an error occurs in a sub-directory
	79	make (including if user presses ^C) [Paul Sutton]
	80
6063b27b BL	81	*) Make Montgomery context stuff explicit in RSA data structure.
	82	[Ben Laurie]
	83
	84	*) Fix build order of pem and err to allow for generated pem.h.
	85	[Ben Laurie]
	86
	87	*) Fix renumbering bug in X509_NAME_delete_entry().
	88	[Ben Laurie]
	89
792a9002	90	*) Enhanced the err-ins.pl script so it makes the error library number
	91	global and can add a library name. This is needed for external ASN1 and
	92	other error libraries.
	93	[Steve Henson]
	94
	95	*) Fixed sk_insert which never worked properly.
	96	[Steve Henson]
	97
	98	*) Fix ASN1 macros so they can handle indefinite length construted
	99	EXPLICIT tags. Some non standard certificates use these: they can now
	100	be read in.
	101	[Steve Henson]
	102
ce72df1c RE	103	*) Merged the various old/obsolete SSLeay documentation files (doc/xxx.doc)
	104	into a single doc/ssleay.txt bundle. This way the information is still
	105	preserved but no longer messes up this directory. Now it's new room for
	106	the new set of documenation files.
	107	[Ralf S. Engelschall]
	108
4098e89c BL	109	*) SETs were incorrectly DER encoded. This was a major pain, because they
	110	shared code with SEQUENCEs, which aren't coded the same. This means that
	111	almost everything to do with SETs or SEQUENCEs has either changed name or
	112	number of arguments.
	113	[Ben Laurie, based on a partial fix by GP Jayan <gp@nsj.co.jp>]
	114
	115	*) Fix test data to work with the above.
	116	[Ben Laurie]
	117
03f8b042 BL	118	*) Fix the RSA header declarations that hid a bug I fixed in 0.9.0b but
03f8b042 BL	119	was already fixed by Eric for 0.9.1 it seems.
88fce979	120