[thirdparty/openssl.git] / CHANGES


 OpenSSL CHANGES
 _______________

 Changes between 0.9.4 and 0.9.5  [xx XXX 1999]

  *) Apply Lutz Jaenicke's 56bit cipher patch. This should fix the problems with cipher
     ordering and the new EXPORT1024 ciphers. Only two minor changes have been
     made, the error reason codes have been altered and the @STRENGTH sorting
     behaviour changed so eNULL ciphers are also sorted (if present).

     One other addition: the "ciphers" program didn't check the return code
     of SSL_CTX_set_cipher_list().
     [Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>, minor changes by Steve Henson]
  *) Minor change to 'x509' utility. The -CAcreateserial option now uses 1
     for the first serial number and places 2 in the serial number file. This
     avoids problems when the root CA is created with serial number zero and
     the first user certificate has the same issuer name and serial number
     as the root CA.
     [Steve Henson]

  *) Fixes to X509_ATTRIBUTE utilities, change the 'req' program so it uses
     the new code. Add documentation for this stuff.
     [Steve Henson]

  *) Changes to X509_ATTRIBUTE utilities. These have been renamed from
     X509_*() to X509at_*() on the grounds that they don't handle X509
     structures and behave in an analagous way to the X509v3 functions:
     they shouldn't be called directly but wrapper functions should be used
     instead.

     So we also now have some wrapper functions that call the X509at functions
     when passed certificate requests. (TO DO: similar things can be done with
     PKCS#7 signed and unsigned attributes, PKCS#12 attributes and a few other
     things. Some of these need some d2i or i2d and print functionality
     because they handle more complex structures.)
     [Steve Henson]

  *) Add missing #ifndefs that caused missing symbols when building libssl
     as a shared library without RSA.  Use #ifndef NO_SSL2 instead of
     NO_RSA in ssl/s2*.c.
Commit	Line	Data
651d0aff	1
f1c236f8	2	OpenSSL CHANGES
651d0aff RE	3	_______________
651d0aff RE	4
d91e201e RE	5	Changes between 0.9.4 and 0.9.5 [xx XXX 1999]
d91e201e RE	6
bda70ed4	7	*) Apply Lutz Jaenicke's 56bit cipher patch. This should fix the problems with cipher
018e57c7 DSH	8	ordering and the new EXPORT1024 ciphers. Only two minor changes have been
	9	made, the error reason codes have been altered and the @STRENGTH sorting
	10	behaviour changed so eNULL ciphers are also sorted (if present).
	11
	12	One other addition: the "ciphers" program didn't check the return code
	13	of SSL_CTX_set_cipher_list().
bda70ed4	14	[Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>, minor changes by Steve Henson]
8100490a DSH	15	*) Minor change to 'x509' utility. The -CAcreateserial option now uses 1
	16	for the first serial number and places 2 in the serial number file. This
	17	avoids problems when the root CA is created with serial number zero and
	18	the first user certificate has the same issuer name and serial number
	19	as the root CA.
	20	[Steve Henson]
	21
6e6bc352 DSH	22	*) Fixes to X509_ATTRIBUTE utilities, change the 'req' program so it uses
	23	the new code. Add documentation for this stuff.
	24	[Steve Henson]
	25
77b47b90 DSH	26	*) Changes to X509_ATTRIBUTE utilities. These have been renamed from
	27	X509_() to X509at_() on the grounds that they don't handle X509
	28	structures and behave in an analagous way to the X509v3 functions:
	29	they shouldn't be called directly but wrapper functions should be used
	30	instead.
	31
	32	So we also now have some wrapper functions that call the X509at functions
	33	when passed certificate requests. (TO DO: similar things can be done with
	34	PKCS#7 signed and unsigned attributes, PKCS#12 attributes and a few other
	35	things. Some of these need some d2i or i2d and print functionality
6e6bc352	36	because they handle more complex structures.)
77b47b90 DSH	37	[Steve Henson]
77b47b90 DSH	38
aa82db4f UM	39	*) Add missing #ifndefs that caused missing symbols when building libssl
	40	as a shared library without RSA. Use #ifndef NO_SSL2 instead of
	41	NO_RSA in ssl/s2*.c.
	42