projects / thirdparty / openssl.git / blame
| Commit | Line | Data |
|---|---|---|
| 651d0aff | 1 | |
| f1c236f8 | 2 | OpenSSL CHANGES |
| 651d0aff RE |
3 | _______________ |
| 4 | ||
| c90341a1 RL |
5 | Changes between 0.9.5a and 0.9.6 [xx XXX 2000] |
| 6 | ||
| d4fbe318 DSH |
7 | *) The obj_dat.pl script was messing up the sorting of object |
| 8 | names. The reason was that it compared the quoted version | |
| 9 | of strings as a result "OCSP" > "OCSP Signing" because | |
| 10 | " > SPACE. Changed script to store unquoted versions of | |
| 11 | names and add quotes on output. It was also omitting some | |
| 12 | names from the lookup table if they were given a default | |
| 13 | value (that is if SN is missing it is given the same | |
| 14 | value as LN and vice versa), these are now added on the | |
| 15 | grounds that if an object has a name we should be able to | |
| 16 | look it up. Finally added warning output when duplicate | |
| 17 | short or long names are found. | |
| 18 | [Steve Henson] | |
| 19 | ||
| 2d978cbd | 20 | *) Changes needed for Tandem NSK. |
| d4fbe318 | 21 | [Scott Uroff scott@xypro.com] |
| 2d978cbd | 22 | |
| aa826d88 BM |
23 | *) Fix SSL 2.0 rollback checking: Due to an off-by-one error in |
| 24 | RSA_padding_check_SSLv23(), special padding was never detected | |
| 25 | and thus the SSL 3.0/TLS 1.0 countermeasure against protocol | |
| 26 | version rollback attacks was not effective. | |
| 27 | ||
| 37569e64 BM |
28 | In s23_clnt.c, don't use special rollback-attack detection padding |
| 29 | (RSA_SSLV23_PADDING) if SSL 2.0 is the only protocol enabled in the | |
| 30 | client; similarly, in s23_srvr.c, don't do the rollback check if | |
| 31 | SSL 2.0 is the only protocol enabled in the server. | |
| 32 | [Bodo Moeller] | |
| 33 | ||
| ca1e465f RL |
34 | *) Make it possible to get hexdumps of unprintable data with 'openssl |
| 35 | asn1parse'. By implication, the functions ASN1_parse_dump() and | |
| 36 | BIO_dump_indent() are added. | |
| 37 | [Richard Levitte] | |
| 38 | ||
| a657546f DSH |
39 | *) New functions ASN1_STRING_print_ex() and X509_NAME_print_ex() |
| 40 | these print out strings and name structures based on various | |
| 41 | flags including RFC2253 support and proper handling of | |
| 42 | multibyte characters. Added options to the 'x509' utility | |
| 43 | to allow the various flags to be set. | |
| 44 | [Steve Henson] | |
| 45 | ||
| 284ef5f3 DSH |
46 | *) Various fixes to use ASN1_TIME instead of ASN1_UTCTIME. |
| 47 | Also change the functions X509_cmp_current_time() and | |
| 48 | X509_gmtime_adj() work with an ASN1_TIME structure, | |
| 49 | this will enable certificates using GeneralizedTime in validity | |
| 50 | dates to be checked. | |
| 51 | [Steve Henson] | |
| 52 | ||
| 53 | *) Make the NEG_PUBKEY_BUG code (which tolerates invalid | |
| 54 | negative public key encodings) on by default, | |
| 55 | NO_NEG_PUBKEY_BUG can be set to disable it. | |
| 56 | [Steve Henson] | |
| 57 | ||
| 58 | *) New function c2i_ASN1_OBJECT() which acts on ASN1_OBJECT | |
| 59 | content octets. An i2c_ASN1_OBJECT is unnecessary because | |
| 60 | the encoding can be trivially obtained from the structure. | |
| 61 | [Steve Henson] | |
| 62 | ||
| fa729135 BM |
63 | *) crypto/err.c locking bugfix: Use write locks (CRYPTO_w_[un]lock), |
| 64 | not read locks (CRYPTO_r_[un]lock). | |
| 65 | [Bodo Moeller] | |
| 66 | ||
| b436a982 RL |
67 | *) A first attempt at creating official support for shared |
| 68 | libraries through configuration. I've kept it so the | |
| 69 | default is static libraries only, and the OpenSSL programs | |
| 70 | are always statically linked for now, but there are | |
| 71 | preparations for dynamic linking in place. | |
| 72 | This has been tested on Linux and True64. | |
| 73 | [Richard Levitte] | |
| 74 | ||
| c0722725 UM |
75 | *) Randomness polling function for Win9x, as described in: |
| 76 | Peter Gutmann, Software Generation of Practically Strong | |
| 77 | Random Numbers. | |
| 78 |