[thirdparty/openssl.git] / CHANGES


 OpenSSL CHANGES
 _______________


 Changes between 0.9.1c and 0.9.2
  
  *) New program nseq to manipulate netscape certificate sequences
     [Steve Henson]

  *) Modify crl2pkcs7 so it supports multiple -certfile arguments. Fix a
     few typos.
     [Steve Henson]

  *) Fixes to BN code.  Previously the default was to define BN_RECURSION
     but the BN code had some problems that would cause failures when
     doing certificate verification and some other functions.
     [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]

  *) Add ASN1 and PEM code to support netscape certificate sequences.
     [Steve Henson]

  *) Add ASN1 and PEM code to support netscape certificate sequences.
     [Steve Henson]

  *) Add several PKIX and private extended key usage OIDs.
     [Steve Henson]

  *) Modify the 'ca' program to handle the new extension code. Modify
     openssl.cnf for new extension format, add comments.
     [Steve Henson]

  *) More X509 V3 changes. Fix typo in v3_bitstr.c. Add support to 'req'
     and add a sample to openssl.cnf so req -x509 now adds appropriate
     CA extensions.
     [Steve Henson]

  *) Continued X509 V3 changes. Add to other makefiles, integrate with the
     error code, add initial support to X509_print() and x509 application.
     [Steve Henson]

  *) Takes a deep breath and start addding X509 V3 extension support code. Add
     files in crypto/x509v3. Move original stuff to crypto/x509v3/old. All this
     stuff is currently isolated and isn't even compiled yet.
     [Steve Henson]

  *) Continuing patches for GeneralizedTime. Fix up certificate and CRL
     ASN1 to use ASN1_TIME and modify print routines to use ASN1_TIME_print.
     Removed the versions check from X509 routines when loading extensions:
     this allows certain broken certificates that don't set the version
     properly to be processed.
     [Steve Henson]

  *) Deal with irritating shit to do with dependencies, in YAAHW (Yet Another
     Ad Hoc Way) - Makefile.ssls now all contain local dependencies, which
     can still be regenerated with "make depend".
     [Ben Laurie]

  *) Spelling mistake in C version of CAST-128.
     [Ben Laurie, reported by Jeremy Hylton <jeremy@cnri.reston.va.us>]

  *) Changes to the error generation code. The perl script err-code.pl 
     now reads in the old error codes and retains the old numbers, only
     adding new ones if necessary. It also only changes the .err files if new
     codes are added. The makefiles have been modified to only insert errors
     when needed (to avoid needlessly modifying header files). This is done
     by only inserting errors if the .err file is newer than the auto generated
     C file. To rebuild all the error codes from scratch (the old behaviour)
     either modify crypto/Makefile.ssl to pass the -regen flag to err_code.pl
     or delete all the .err files.
     [Steve Henson]

  *) CAST-128 was incorrectly implemented for short keys. The C version has
     been fixed, but is untested. The assembler versions are also fixed, but
     new assembler HAS NOT BEEN GENERATED FOR WIN32 - the Makefile needs fixing
     to regenerate it if needed.
     [Ben Laurie, reported (with fix for C version) by Jun-ichiro itojun
      Hagino <itojun@kame.net>]

  *) File was opened incorrectly in randfile.c.
Commit	Line	Data
651d0aff	1
f1c236f8	2	OpenSSL CHANGES
651d0aff RE	3	_______________
	4
	5
9cb0969f	6	Changes between 0.9.1c and 0.9.2
79dfa975 DSH	7
	8	*) New program nseq to manipulate netscape certificate sequences
	9	[Steve Henson]
320a14cb	10
9fe84296 DSH	11	*) Modify crl2pkcs7 so it supports multiple -certfile arguments. Fix a
	12	few typos.
	13	[Steve Henson]
	14
a0a54079 MC	15	*) Fixes to BN code. Previously the default was to define BN_RECURSION
	16	but the BN code had some problems that would cause failures when
	17	doing certificate verification and some other functions.
	18	[Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]
	19
92c046ca DSH	20	*) Add ASN1 and PEM code to support netscape certificate sequences.
	21	[Steve Henson]
	22
79dfa975 DSH	23	*) Add ASN1 and PEM code to support netscape certificate sequences.
	24	[Steve Henson]
	25
a27598bf DSH	26	*) Add several PKIX and private extended key usage OIDs.
	27	[Steve Henson]
	28
b2347661 DSH	29	*) Modify the 'ca' program to handle the new extension code. Modify
	30	openssl.cnf for new extension format, add comments.
	31	[Steve Henson]
	32
f317aa4c DSH	33	*) More X509 V3 changes. Fix typo in v3_bitstr.c. Add support to 'req'
	34	and add a sample to openssl.cnf so req -x509 now adds appropriate
	35	CA extensions.
	36	[Steve Henson]
	37
834eeef9 DSH	38	*) Continued X509 V3 changes. Add to other makefiles, integrate with the
834eeef9 DSH	39	error code, add initial support to X509_print() and x509 application.
f317aa4c	40	[Steve Henson]
834eeef9	41
9aeaf1b4 DSH	42	*) Takes a deep breath and start addding X509 V3 extension support code. Add
	43	files in crypto/x509v3. Move original stuff to crypto/x509v3/old. All this
	44	stuff is currently isolated and isn't even compiled yet.
	45	[Steve Henson]
	46
9b5cc156 DSH	47	*) Continuing patches for GeneralizedTime. Fix up certificate and CRL
	48	ASN1 to use ASN1_TIME and modify print routines to use ASN1_TIME_print.
	49	Removed the versions check from X509 routines when loading extensions:
	50	this allows certain broken certificates that don't set the version
	51	properly to be processed.
	52	[Steve Henson]
	53
8039257d BL	54	*) Deal with irritating shit to do with dependencies, in YAAHW (Yet Another
	55	Ad Hoc Way) - Makefile.ssls now all contain local dependencies, which
	56	can still be regenerated with "make depend".
	57	[Ben Laurie]
	58
b13a1554 BL	59	*) Spelling mistake in C version of CAST-128.
	60	[Ben Laurie, reported by Jeremy Hylton <jeremy@cnri.reston.va.us>]
	61
6c8abdd7 DSH	62	*) Changes to the error generation code. The perl script err-code.pl
	63	now reads in the old error codes and retains the old numbers, only
	64	adding new ones if necessary. It also only changes the .err files if new
	65	codes are added. The makefiles have been modified to only insert errors
	66	when needed (to avoid needlessly modifying header files). This is done
	67	by only inserting errors if the .err file is newer than the auto generated
	68	C file. To rebuild all the error codes from scratch (the old behaviour)
	69	either modify crypto/Makefile.ssl to pass the -regen flag to err_code.pl
	70	or delete all the .err files.
9b5cc156	71	[Steve Henson]
6c8abdd7	72
649cdb7b BL	73	*) CAST-128 was incorrectly implemented for short keys. The C version has
	74	been fixed, but is untested. The assembler versions are also fixed, but
	75	new assembler HAS NOT BEEN GENERATED FOR WIN32 - the Makefile needs fixing
	76	to regenerate it if needed.
	77	[Ben Laurie, reported (with fix for C version) by Jun-ichiro itojun
	78	Hagino <itojun@kame.net>]
	79
	80	*) File was opened incorrectly in randfile.c.
	81