]>
Commit | Line | Data |
---|---|---|
651d0aff | 1 | |
f1c236f8 | 2 | OpenSSL CHANGES |
651d0aff RE |
3 | _______________ |
4 | ||
c90341a1 RL |
5 | Changes between 0.9.5a and 0.9.6 [xx XXX 2000] |
6 | ||
1fab73ac BM |
7 | *) In ssl/s2_clnt.c and ssl/s3_clnt.c, call ERR_clear_error() when |
8 | the handshake is continued after ssl_verify_cert_chain(); | |
9 | otherwise, if SSL_VERIFY_NONE is set, remaining error codes | |
10 | can lead to 'unexplainable' connection aborts later. | |
11 | [Bodo Moeller; problem tracked down by Lutz Jaenicke] | |
12 | ||
13 | *) EVP cipher enhancement. Add hooks for extra EVP features. This will allow | |
7f060601 DSH |
14 | various cipher parameters to be set in the EVP interface. Initially |
15 | support added for variable key length ciphers via the | |
16 | EVP_CIPHER_CTX_set_key_length() function. Other cipher specific | |
17 | parameters will be added later via the new catchall 'ctrl' function. | |
be06a934 DSH |
18 | New functionality allows removal of S/MIME code RC2 hack. |
19 | ||
20 | Still needs support in other library functions, and allow parameter | |
21 | setting for algorithms like RC2, RC5. | |
22 | ||
23 | Change lots of functions like EVP_EncryptUpdate() to now return a | |
24 | value: although software versions of the algorithms cannot fail | |
25 | any installed hardware versions can. | |
26 | ||
7f060601 DSH |
27 | [Steve Henson] |
28 | ||
2c05c494 BM |
29 | *) Implement SSL_OP_TLS_ROLLBACK_BUG: In ssl3_get_client_key_exchange, if |
30 | this option is set, tolerate broken clients that send the negotiated | |
31 | protocol version number instead of the requested protocol version | |
32 | number. | |
33 | [Bodo Moeller] | |
34 | ||
35 | *) Call dh_tmp_cb (set by ..._TMP_DH_CB) with correct 'is_export' flag; | |
36 | i.e. non-zero for export ciphersuites, zero otherwise. | |
37 | Previous versions had this flag inverted, inconsistent with | |
38 | rsa_tmp_cb (..._TMP_RSA_CB). | |
39 | [Bodo Moeller; problem reported by Amit Chopra] | |
40 | ||
b4b41f48 DSH |
41 | *) Add missing DSA library text string. Work around for some IIS |
42 | key files with invalid SEQUENCE encoding. | |
43 | [Steve Henson] | |
44 | ||
6d7cce48 RL |
45 | *) Add a document (doc/standards.txt) that list all kinds of standards |
46 | and so on that are implemented in OpenSSL. | |
47 | [Richard Levitte] | |
48 | ||
439df508 DSH |
49 | *) Enhance c_rehash script. Old version would mishandle certificates |
50 | with the same subject name hash and wouldn't handle CRLs at all. | |
51 | Added -fingerprint option to crl utility, to support new c_rehash | |
52 | features. | |
53 | [Steve Henson] | |
54 | ||
0e1c0612 | 55 | *) Eliminate non-ANSI declarations in crypto.h and stack.h. |
2c05c494 | 56 |