]>
Commit | Line | Data |
---|---|---|
1 | ||
2 | OpenSSL CHANGES | |
3 | _______________ | |
4 | ||
5 | Changes between 0.9.5a and 0.9.6 [24 Sep 2000] | |
6 | ||
7 | *) In ssl23_get_client_hello, generate an error message when faced | |
8 | with an initial SSL 3.0/TLS record that is too small to contain the | |
9 | first two bytes of the ClientHello message, i.e. client_version. | |
10 | (Note that this is a pathologic case that probably has never happened | |
11 | in real life.) The previous approach was to use the version number | |
12 | from the record header as a substitute; but our protocol choice | |
13 | should not depend on that one because it is not authenticated | |
14 | by the Finished messages. | |
15 | [Bodo Moeller] | |
16 | ||
17 | *) More robust randomness gathering functions for Windows. | |
18 | [Jeffrey Altman <jaltman@columbia.edu>] | |
19 | ||
20 | *) For compatibility reasons if the flag X509_V_FLAG_ISSUER_CHECK is | |
21 | not set then we don't setup the error code for issuer check errors | |
22 | to avoid possibly overwriting other errors which the callback does | |
23 | handle. If an application does set the flag then we assume it knows | |
24 | what it is doing and can handle the new informational codes | |
25 | appropriately. | |
26 | [Steve Henson] | |
27 | ||
28 | *) Fix for a nasty bug in ASN1_TYPE handling. ASN1_TYPE is used for | |
29 | a general "ANY" type, as such it should be able to decode anything | |
30 | including tagged types. However it didn't check the class so it would | |
31 | wrongly interpret tagged types in the same way as their universal | |
32 | counterpart and unknown types were just rejected. Changed so that the | |
33 | tagged and unknown types are handled in the same way as a SEQUENCE: | |
34 | that is the encoding is stored intact. There is also a new type | |
35 | "V_ASN1_OTHER" which is used when the class is not universal, in this | |
36 | case we have no idea what the actual type is so we just lump them all | |
37 | together. | |
38 | [Steve Henson] | |
39 | ||
40 | *) On VMS, stdout may very well lead to a file that is written to | |
41 | in a record-oriented fashion. That means that every write() will | |
42 | write a separate record, which will be read separately by the | |
43 | programs trying to read from it. This can be very confusing. | |
44 | ||
45 | The solution is to put a BIO filter in the way that will buffer | |
46 | text until a linefeed is reached, and then write everything a | |
47 | line at a time, so every record written will be an actual line, | |
48 | not chunks of lines and not (usually doesn't happen, but I've | |
49 | seen it once) several lines in one record. BIO_f_linebuffer() is | |
50 | the answer. | |
51 | ||
52 | Currently, it's a VMS-only method, because that's where it has | |
53 | been tested well enough. | |
54 | [Richard Levitte] | |
55 | ||
56 | *) Remove 'optimized' squaring variant in BN_mod_mul_montgomery, | |
57 | it can return incorrect results. | |
58 | (Note: The buggy variant was not enabled in OpenSSL 0.9.5a, | |
59 | but it was in 0.9.6-beta[12].) | |
60 | [Bodo Moeller] | |
61 | ||
62 | *) Disable the check for content being present when verifying detached | |
63 | signatures in pk7_smime.c. Some versions of Netscape (wrongly) | |
64 | include zero length content when signing messages. | |
65 | [Steve Henson] | |
66 | ||
67 | *) New BIO_shutdown_wr macro, which invokes the BIO_C_SHUTDOWN_WR | |
68 | BIO_ctrl (for BIO pairs). | |
69 |