projects / thirdparty / openssl.git / blame
| Commit | Line | Data |
|---|---|---|
| 651d0aff | 1 | |
| f1c236f8 | 2 | OpenSSL CHANGES |
| 651d0aff RE |
3 | _______________ |
| 4 | ||
| c90341a1 | 5 | Changes between 0.9.5a and 0.9.6 [xx XXX 2000] |
| bbb72003 | 6 | |
| f1192b7f BM |
7 | *) In ssl23_get_client_hello, generate an error message when faced |
| 8 | with an initial SSL 3.0/TLS record that is too small to contain the | |
| 9 | first two bytes of the ClientHello message, i.e. client_version. | |
| 10 | (Note that this is a pathologic case that probably has never happened | |
| 11 | in real life.) The previous approach was to use the version number | |
| 5a5accdd | 12 | from the record header as a substitute; but our protocol choice |
| f1192b7f BM |
13 | should not depend on that one because it is not authenticated |
| 14 | by the Finished messages. | |
| 15 | [Bodo Moeller] | |
| 16 | ||
| dbba890c DSH |
17 | *) For compatibility reasons if the flag X509_V_FLAG_ISSUER_CHECK is |
| 18 | not set then we don't setup the error code for issuer check errors | |
| 19 | to avoid possibly overwriting other errors which the callback does | |
| 20 | handle. If an application does set the flag then we assume it knows | |
| 21 | what it is doing and can handle the new informational codes | |
| 22 | appropriately. | |
| 23 | [Steve Henson] | |
| 24 | ||
| 6cffb201 DSH |
25 | *) Fix for a nasty bug in ASN1_TYPE handling. ASN1_TYPE is used for |
| 26 | a general "ANY" type, as such it should be able to decode anything | |
| 27 | including tagged types. However it didn't check the class so it would | |
| 28 | wrongly interpret tagged types in the same way as their universal | |
| 29 | counterpart and unknown types were just rejected. Changed so that the | |
| 30 | tagged and unknown types are handled in the same way as a SEQUENCE: | |
| 31 | that is the encoding is stored intact. There is also a new type | |
| 32 | "V_ASN1_OTHER" which is used when the class is not universal, in this | |
| 33 | case we have no idea what the actual type is so we just lump them all | |
| 34 | together. | |
| 35 | [Steve Henson] | |
| 36 | ||
| 645749ef RL |
37 | *) On VMS, stdout may very well lead to a file that is written to |
| 38 | in a record-oriented fashion. That means that every write() will | |
| 39 | write a separate record, which will be read separately by the | |
| 40 | programs trying to read from it. This can be very confusing. | |
| 41 | ||
| 42 | The solution is to put a BIO filter in the way that will buffer | |
| 43 | text until a linefeed is reached, and then write everything a | |
| 44 | line at a time, so every record written will be an actual line, | |
| 45 | not chunks of lines and not (usually doesn't happen, but I've | |
| 46 | seen it once) several lines in one record. BIO_f_linebuffer() is | |
| 47 | the answer. | |
| 48 | ||
| 49 | Currently, it's a VMS-only method, because that's where it has | |
| 50 | been tested well enough. | |
| 51 | [Richard Levitte] | |
| 52 | ||
| fe035197 | 53 | *) Remove 'optimized' squaring variant in BN_mod_mul_montgomery, |
| a45bd295 | 54 | it can return incorrect results. |
| cb1fbf8e BM |
55 | (Note: The buggy variant was not enabled in OpenSSL 0.9.5a, |
| 56 | but it was in 0.9.6-beta[12].) | |
| a45bd295 BM |
57 | [Bodo Moeller] |
| 58 | ||
| 730e37ed DSH |
59 | *) Disable the check for content being present when verifying detached |
| 60 | signatures in pk7_smime.c. Some versions of Netscape (wrongly) | |
| 61 | include zero length content when signing messages. | |
| 62 | [Steve Henson] | |
| 63 | ||
| 07fcf422 BM |
64 | *) New BIO_shutdown_wr macro, which invokes the BIO_C_SHUTDOWN_WR |
| 65 | BIO_ctrl (for BIO pairs). | |
| 66 | ||
| 0e05f545 RL |
67 | *) Add DSO method for VMS. |
| 68 | [Richard Levitte] | |
| 69 | ||
| 1d84fd64 UM |
70 | *) Bug fix: Montgomery multiplication could produce results with the |
| 71 | wrong sign. | |
| 72 |