]>
Commit | Line | Data |
---|---|---|
651d0aff | 1 | |
f1c236f8 | 2 | OpenSSL CHANGES |
651d0aff RE |
3 | _______________ |
4 | ||
5 | ||
9cb0969f | 6 | Changes between 0.9.1c and 0.9.2 |
79dfa975 DSH |
7 | |
8 | *) New program nseq to manipulate netscape certificate sequences | |
9 | [Steve Henson] | |
320a14cb | 10 | |
9fe84296 DSH |
11 | *) Modify crl2pkcs7 so it supports multiple -certfile arguments. Fix a |
12 | few typos. | |
13 | [Steve Henson] | |
14 | ||
a0a54079 MC |
15 | *) Fixes to BN code. Previously the default was to define BN_RECURSION |
16 | but the BN code had some problems that would cause failures when | |
17 | doing certificate verification and some other functions. | |
18 | [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)] | |
19 | ||
92c046ca DSH |
20 | *) Add ASN1 and PEM code to support netscape certificate sequences. |
21 | [Steve Henson] | |
22 | ||
79dfa975 DSH |
23 | *) Add ASN1 and PEM code to support netscape certificate sequences. |
24 | [Steve Henson] | |
25 | ||
a27598bf DSH |
26 | *) Add several PKIX and private extended key usage OIDs. |
27 | [Steve Henson] | |
28 | ||
b2347661 DSH |
29 | *) Modify the 'ca' program to handle the new extension code. Modify |
30 | openssl.cnf for new extension format, add comments. | |
31 | [Steve Henson] | |
32 | ||
f317aa4c DSH |
33 | *) More X509 V3 changes. Fix typo in v3_bitstr.c. Add support to 'req' |
34 | and add a sample to openssl.cnf so req -x509 now adds appropriate | |
35 | CA extensions. | |
36 | [Steve Henson] | |
37 | ||
834eeef9 DSH |
38 | *) Continued X509 V3 changes. Add to other makefiles, integrate with the |
39 | error code, add initial support to X509_print() and x509 application. | |
f317aa4c | 40 | [Steve Henson] |
834eeef9 | 41 | |
9aeaf1b4 DSH |
42 | *) Takes a deep breath and start addding X509 V3 extension support code. Add |
43 | files in crypto/x509v3. Move original stuff to crypto/x509v3/old. All this | |
44 | stuff is currently isolated and isn't even compiled yet. | |
45 | [Steve Henson] | |
46 | ||
9b5cc156 DSH |
47 | *) Continuing patches for GeneralizedTime. Fix up certificate and CRL |
48 | ASN1 to use ASN1_TIME and modify print routines to use ASN1_TIME_print. | |
49 | Removed the versions check from X509 routines when loading extensions: | |
50 | this allows certain broken certificates that don't set the version | |
51 | properly to be processed. | |
52 | [Steve Henson] | |
53 | ||
8039257d BL |
54 | *) Deal with irritating shit to do with dependencies, in YAAHW (Yet Another |
55 | Ad Hoc Way) - Makefile.ssls now all contain local dependencies, which | |
56 | can still be regenerated with "make depend". | |
57 | [Ben Laurie] | |
58 | ||
b13a1554 BL |
59 | *) Spelling mistake in C version of CAST-128. |
60 | [Ben Laurie, reported by Jeremy Hylton <jeremy@cnri.reston.va.us>] | |
61 | ||
6c8abdd7 DSH |
62 | *) Changes to the error generation code. The perl script err-code.pl |
63 | now reads in the old error codes and retains the old numbers, only | |
64 | adding new ones if necessary. It also only changes the .err files if new | |
65 | codes are added. The makefiles have been modified to only insert errors | |
66 | when needed (to avoid needlessly modifying header files). This is done | |
67 | by only inserting errors if the .err file is newer than the auto generated | |
68 | C file. To rebuild all the error codes from scratch (the old behaviour) | |
69 | either modify crypto/Makefile.ssl to pass the -regen flag to err_code.pl | |
70 | or delete all the .err files. | |
9b5cc156 | 71 | [Steve Henson] |
6c8abdd7 | 72 | |
649cdb7b BL |
73 | *) CAST-128 was incorrectly implemented for short keys. The C version has |
74 | been fixed, but is untested. The assembler versions are also fixed, but | |
75 | new assembler HAS NOT BEEN GENERATED FOR WIN32 - the Makefile needs fixing | |
76 | to regenerate it if needed. | |
77 | [Ben Laurie, reported (with fix for C version) by Jun-ichiro itojun | |
78 | Hagino <itojun@kame.net>] | |
79 | ||
80 | *) File was opened incorrectly in randfile.c. | |
81 |