| | 1 | |
| | 2 | OpenSSL CHANGES |
| | 3 | _______________ |
| | 4 | |
| | 5 | Changes between 0.9.5a and 0.9.6 [24 Sep 2000] |
| | 6 | |
| | 7 | *) In ssl23_get_client_hello, generate an error message when faced |
| | 8 | with an initial SSL 3.0/TLS record that is too small to contain the |
| | 9 | first two bytes of the ClientHello message, i.e. client_version. |
| | 10 | (Note that this is a pathologic case that probably has never happened |
| | 11 | in real life.) The previous approach was to use the version number |
| | 12 | from the record header as a substitute; but our protocol choice |
| | 13 | should not depend on that one because it is not authenticated |
| | 14 | by the Finished messages. |
| | 15 | [Bodo Moeller] |
| | 16 | |
| | 17 | *) More robust randomness gathering functions for Windows. |
| | 18 | [Jeffrey Altman <jaltman@columbia.edu>] |
| | 19 | |
| | 20 | *) For compatibility reasons if the flag X509_V_FLAG_ISSUER_CHECK is |
| | 21 | not set then we don't setup the error code for issuer check errors |
| | 22 | to avoid possibly overwriting other errors which the callback does |
| | 23 | handle. If an application does set the flag then we assume it knows |
| | 24 | what it is doing and can handle the new informational codes |
| | 25 | appropriately. |
| | 26 | [Steve Henson] |
| | 27 | |
| | 28 | *) Fix for a nasty bug in ASN1_TYPE handling. ASN1_TYPE is used for |
| | 29 | a general "ANY" type, as such it should be able to decode anything |
| | 30 | including tagged types. However it didn't check the class so it would |
| | 31 | wrongly interpret tagged types in the same way as their universal |
| | 32 | counterpart and unknown types were just rejected. Changed so that the |
| | 33 | tagged and unknown types are handled in the same way as a SEQUENCE: |
| | 34 | that is the encoding is stored intact. There is also a new type |
| | 35 | "V_ASN1_OTHER" which is used when the class is not universal, in this |
| | 36 | case we have no idea what the actual type is so we just lump them all |
| | 37 | together. |
| | 38 | [Steve Henson] |
| | 39 | |
| | 40 | *) On VMS, stdout may very well lead to a file that is written to |
| | 41 | in a record-oriented fashion. That means that every write() will |
| | 42 | write a separate record, which will be read separately by the |
| | 43 | programs trying to read from it. This can be very confusing. |
| | 44 | |
| | 45 | The solution is to put a BIO filter in the way that will buffer |
| | 46 | text until a linefeed is reached, and then write everything a |
| | 47 | line at a time, so every record written will be an actual line, |
| | 48 | not chunks of lines and not (usually doesn't happen, but I've |
| | 49 | seen it once) several lines in one record. BIO_f_linebuffer() is |
| | 50 | the answer. |
| | 51 | |
| | 52 | Currently, it's a VMS-only method, because that's where it has |
| | 53 | been tested well enough. |
| | 54 | [Richard Levitte] |
| | 55 | |
| | 56 | *) Remove 'optimized' squaring variant in BN_mod_mul_montgomery, |
| | 57 | it can return incorrect results. |
| | 58 | (Note: The buggy variant was not enabled in OpenSSL 0.9.5a, |
| | 59 | but it was in 0.9.6-beta[12].) |
| | 60 | [Bodo Moeller] |
| | 61 | |
| | 62 | *) Disable the check for content being present when verifying detached |
| | 63 | signatures in pk7_smime.c. Some versions of Netscape (wrongly) |
| | 64 | include zero length content when signing messages. |
| | 65 | [Steve Henson] |
| | 66 | |
| | 67 | *) New BIO_shutdown_wr macro, which invokes the BIO_C_SHUTDOWN_WR |
| | 68 | BIO_ctrl (for BIO pairs). |
| | 69 |
projects / thirdparty / openssl.git / blame_incremental