[thirdparty/openssl.git] / CHANGES


 OpenSSL CHANGES
 _______________

 Changes between 0.9.5a and 0.9.6  [xx XXX 2000]

  *) In ssl/s2_clnt.c and ssl/s3_clnt.c, call ERR_clear_error() when
     the handshake is continued after ssl_verify_cert_chain();
     otherwise, if SSL_VERIFY_NONE is set, remaining error codes
     can lead to 'unexplainable' connection aborts later.
     [Bodo Moeller; problem tracked down by Lutz Jaenicke]

  *) EVP cipher enhancement. Add hooks for extra EVP features. This will allow
     various cipher parameters to be set in the EVP interface. Initially
     support added for variable key length ciphers via the
     EVP_CIPHER_CTX_set_key_length() function. Other cipher specific
     parameters will be added later via the new catchall 'ctrl' function.
     New functionality allows removal of S/MIME code RC2 hack.

     Still needs support in other library functions, and allow parameter
     setting for algorithms like RC2, RC5.

     Change lots of functions like EVP_EncryptUpdate() to now return a
     value: although software versions of the algorithms cannot fail
     any installed hardware versions can.

     [Steve Henson]

  *) Implement SSL_OP_TLS_ROLLBACK_BUG: In ssl3_get_client_key_exchange, if
     this option is set, tolerate broken clients that send the negotiated
     protocol version number instead of the requested protocol version
     number.
     [Bodo Moeller]

  *) Call dh_tmp_cb (set by ..._TMP_DH_CB) with correct 'is_export' flag;
     i.e. non-zero for export ciphersuites, zero otherwise.
     Previous versions had this flag inverted, inconsistent with
     rsa_tmp_cb (..._TMP_RSA_CB).
     [Bodo Moeller; problem reported by Amit Chopra]

  *) Add missing DSA library text string. Work around for some IIS
     key files with invalid SEQUENCE encoding.
     [Steve Henson]

  *) Add a document (doc/standards.txt) that list all kinds of standards
     and so on that are implemented in OpenSSL.
     [Richard Levitte]

  *) Enhance c_rehash script. Old version would mishandle certificates
     with the same subject name hash and wouldn't handle CRLs at all.
     Added -fingerprint option to crl utility, to support new c_rehash
     features.
     [Steve Henson]

  *) Eliminate non-ANSI declarations in crypto.h and stack.h.
Commit	Line	Data
651d0aff	1
f1c236f8	2	OpenSSL CHANGES
651d0aff RE	3	_______________
651d0aff RE	4
c90341a1 RL	5	Changes between 0.9.5a and 0.9.6 [xx XXX 2000]
c90341a1 RL	6
1fab73ac BM	7	*) In ssl/s2_clnt.c and ssl/s3_clnt.c, call ERR_clear_error() when
	8	the handshake is continued after ssl_verify_cert_chain();
	9	otherwise, if SSL_VERIFY_NONE is set, remaining error codes
	10	can lead to 'unexplainable' connection aborts later.
	11	[Bodo Moeller; problem tracked down by Lutz Jaenicke]
	12
	13	*) EVP cipher enhancement. Add hooks for extra EVP features. This will allow
7f060601 DSH	14	various cipher parameters to be set in the EVP interface. Initially
	15	support added for variable key length ciphers via the
	16	EVP_CIPHER_CTX_set_key_length() function. Other cipher specific
	17	parameters will be added later via the new catchall 'ctrl' function.
be06a934 DSH	18	New functionality allows removal of S/MIME code RC2 hack.
	19
	20	Still needs support in other library functions, and allow parameter
	21	setting for algorithms like RC2, RC5.
	22
	23	Change lots of functions like EVP_EncryptUpdate() to now return a
	24	value: although software versions of the algorithms cannot fail
	25	any installed hardware versions can.
	26
7f060601 DSH	27	[Steve Henson]
7f060601 DSH	28
2c05c494 BM	29	*) Implement SSL_OP_TLS_ROLLBACK_BUG: In ssl3_get_client_key_exchange, if
	30	this option is set, tolerate broken clients that send the negotiated
	31	protocol version number instead of the requested protocol version
	32	number.
	33	[Bodo Moeller]
	34
	35	*) Call dh_tmp_cb (set by ..._TMP_DH_CB) with correct 'is_export' flag;
	36	i.e. non-zero for export ciphersuites, zero otherwise.
	37	Previous versions had this flag inverted, inconsistent with
	38	rsa_tmp_cb (..._TMP_RSA_CB).
	39	[Bodo Moeller; problem reported by Amit Chopra]
	40
b4b41f48 DSH	41	*) Add missing DSA library text string. Work around for some IIS
	42	key files with invalid SEQUENCE encoding.
	43	[Steve Henson]
	44
6d7cce48 RL	45	*) Add a document (doc/standards.txt) that list all kinds of standards
	46	and so on that are implemented in OpenSSL.
	47	[Richard Levitte]
	48
439df508 DSH	49	*) Enhance c_rehash script. Old version would mishandle certificates
	50	with the same subject name hash and wouldn't handle CRLs at all.
	51	Added -fingerprint option to crl utility, to support new c_rehash
	52	features.
	53	[Steve Henson]
	54
0e1c0612	55	*) Eliminate non-ANSI declarations in crypto.h and stack.h.
2c05c494	56