[thirdparty/openssl.git] / CHANGES


 OpenSSL CHANGES
 _______________


 Changes between 0.9.1c and 0.9.2

  *) Remove C++ style comments from crypto/bn/bn_local.h.
     [Neil Costigan <neil.costigan@celocom.com>]

  *) The function OBJ_txt2nid was broken. It was supposed to return a nid
     based on a text string, looking up short and long names and finally
     "dot" format. The "dot" format stuff didn't work. Added new function
     OBJ_txt2obj to do the same but return an ASN1_OBJECT and rewrote 
     OBJ_txt2nid to use it. OBJ_txt2obj can also return objects even if the
     OID is not part of the table.
     [Steve Henson]

  *) Add prototypes to X509 lookup/verify methods, fixing a bug in
     X509_LOOKUP_by_alias().
     [Ben Laurie]

  *) Sort openssl functions by name.
     [Ben Laurie]

  *) Get the gendsa program working (hopefully) and add it to app list. Remove
     encryption from sample DSA keys (in case anyone is interested the password
     was "1234").
     [Steve Henson]

  *) Make _all_ *_free functions accept a NULL pointer.
     [Frans Heymans <fheymans@isaserver.be>]

  *) If a DH key is generated in s3_srvr.c, don't blow it by trying to use
     NULL pointers.
     [Anonymous <nobody@replay.com>]

  *) s_server should send the CAfile as acceptable CAs, not its own cert.
     [Bodo Moeller <3moeller@informatik.uni-hamburg.de>]

  *) Don't blow it for numeric -newkey arguments to apps/req.
     [Bodo Moeller <3moeller@informatik.uni-hamburg.de>]

  *) Temp key "for export" tests were wrong in s3_srvr.c.
     [Anonymous <nobody@replay.com>]

  *) Add prototype for temp key callback functions
     SSL_CTX_set_tmp_{rsa,dh}_callback().
     [Ben Laurie]

  *) Make DH_free() tolerate being passed a NULL pointer (like RSA_free() and
     DSA_free()). Make X509_PUBKEY_set() check for errors in d2i_PublicKey().
     [Steve Henson]

  *) X509_name_add_entry() freed the wrong thing after an error.
     [Arne Ansper <arne@ats.cyber.ee>]

  *) rsa_eay.c would attempt to free a NULL context.
     [Arne Ansper <arne@ats.cyber.ee>]

  *) BIO_s_socket() had a broken should_retry() on Windoze.
     [Arne Ansper <arne@ats.cyber.ee>]

  *) BIO_f_buffer() didn't pass on BIO_CTRL_FLUSH.
     [Arne Ansper <arne@ats.cyber.ee>]

  *) Make sure the already existing X509_STORE->depth variable is initialized
     in X509_STORE_new(), but document the fact that this variable is still
     unused in the certificate verification process.
     [Ralf S. Engelschall]

  *) Fix the various library and apps files to free up pkeys obtained from
     X509_PUBKEY_get() et al. Also allow x509.c to handle netscape extensions.
     [Steve Henson]

  *) Fix reference counting in X509_PUBKEY_get(). This makes
     demos/maurice/example2.c work, amongst others, probably.
     [Steve Henson and Ben Laurie]

  *) First cut of a cleanup for apps/. First the `ssleay' program is now named
     `openssl' and second, the shortcut symlinks for the `openssl <command>'
     are no longer created. This way we have a single and consistent command
     line interface `openssl <command>', similar to `cvs <command>'.
     [Ralf S. Engelschall, Paul Sutton and Ben Laurie]

  *) ca.c: move test for DSA keys inside #ifndef NO_DSA. Make pubkey
     BIT STRING wrapper always have zero unused bits.
     [Steve Henson]

  *) Add CA.pl, perl version of CA.sh, add extended key usage OID.
     [Steve Henson]

  *) Make the top-level INSTALL documentation easier to understand.
     [Paul Sutton]

  *) Makefiles updated to exit if an error occurs in a sub-directory
     make (including if user presses ^C) [Paul Sutton]

  *) Make Montgomery context stuff explicit in RSA data structure.
     [Ben Laurie]

  *) Fix build order of pem and err to allow for generated pem.h.
     [Ben Laurie]

  *) Fix renumbering bug in X509_NAME_delete_entry().
     [Ben Laurie]

  *) Enhanced the err-ins.pl script so it makes the error library number 
     global and can add a library name. This is needed for external ASN1 and
     other error libraries.
     [Steve Henson]

  *) Fixed sk_insert which never worked properly.
     [Steve Henson]

  *) Fix ASN1 macros so they can handle indefinite length construted 
     EXPLICIT tags. Some non standard certificates use these: they can now
     be read in.
     [Steve Henson]

  *) Merged the various old/obsolete SSLeay documentation files (doc/xxx.doc)
     into a single doc/ssleay.txt bundle. This way the information is still
     preserved but no longer messes up this directory. Now it's new room for
     the new set of documenation files.
     [Ralf S. Engelschall]

  *) SETs were incorrectly DER encoded. This was a major pain, because they
     shared code with SEQUENCEs, which aren't coded the same. This means that
     almost everything to do with SETs or SEQUENCEs has either changed name or
     number of arguments.
     [Ben Laurie, based on a partial fix by GP Jayan <gp@nsj.co.jp>]

  *) Fix test data to work with the above.
     [Ben Laurie]

  *) Fix the RSA header declarations that hid a bug I fixed in 0.9.0b but
     was already fixed by Eric for 0.9.1 it seems.
Commit	Line	Data
651d0aff	1
f1c236f8	2	OpenSSL CHANGES
651d0aff RE	3	_______________
	4
	5
9cb0969f	6	Changes between 0.9.1c and 0.9.2
320a14cb	7
27eb622b DSH	8	*) Remove C++ style comments from crypto/bn/bn_local.h.
	9	[Neil Costigan <neil.costigan@celocom.com>]
	10
2d723902 DSH	11	*) The function OBJ_txt2nid was broken. It was supposed to return a nid
	12	based on a text string, looking up short and long names and finally
	13	"dot" format. The "dot" format stuff didn't work. Added new function
	14	OBJ_txt2obj to do the same but return an ASN1_OBJECT and rewrote
	15	OBJ_txt2nid to use it. OBJ_txt2obj can also return objects even if the
	16	OID is not part of the table.
	17	[Steve Henson]
	18
a6801a91 BL	19	*) Add prototypes to X509 lookup/verify methods, fixing a bug in
	20	X509_LOOKUP_by_alias().
	21	[Ben Laurie]
	22
50acf46b BL	23	*) Sort openssl functions by name.
	24	[Ben Laurie]
	25
7f9b7b07 DSH	26	*) Get the gendsa program working (hopefully) and add it to app list. Remove
	27	encryption from sample DSA keys (in case anyone is interested the password
	28	was "1234").
	29	[Steve Henson]
	30
e03ddfae BL	31	) Make _all_ _free functions accept a NULL pointer.
	32	[Frans Heymans <fheymans@isaserver.be>]
	33
6fa89f94 BL	34	*) If a DH key is generated in s3_srvr.c, don't blow it by trying to use
	35	NULL pointers.
	36	[Anonymous <nobody@replay.com>]
	37
c13d4799 BL	38	*) s_server should send the CAfile as acceptable CAs, not its own cert.
	39	[Bodo Moeller <3moeller@informatik.uni-hamburg.de>]
	40
bc4deee0 BL	41	*) Don't blow it for numeric -newkey arguments to apps/req.
	42	[Bodo Moeller <3moeller@informatik.uni-hamburg.de>]
	43
5b00115a BL	44	*) Temp key "for export" tests were wrong in s3_srvr.c.
	45	[Anonymous <nobody@replay.com>]
	46
f8c3c05d BL	47	*) Add prototype for temp key callback functions
	48	SSL_CTX_set_tmp_{rsa,dh}_callback().
	49	[Ben Laurie]
	50
ad65ce75 DSH	51	*) Make DH_free() tolerate being passed a NULL pointer (like RSA_free() and
ad65ce75 DSH	52	DSA_free()). Make X509_PUBKEY_set() check for errors in d2i_PublicKey().
384c479c	53	[Steve Henson]
ad65ce75	54
e416ad97 BL	55	*) X509_name_add_entry() freed the wrong thing after an error.
	56	[Arne Ansper <arne@ats.cyber.ee>]
	57
4a18cddd BL	58	*) rsa_eay.c would attempt to free a NULL context.
	59	[Arne Ansper <arne@ats.cyber.ee>]
	60
bb65e20b BL	61	*) BIO_s_socket() had a broken should_retry() on Windoze.
	62	[Arne Ansper <arne@ats.cyber.ee>]
	63
b5e406f7 BL	64	*) BIO_f_buffer() didn't pass on BIO_CTRL_FLUSH.
	65	[Arne Ansper <arne@ats.cyber.ee>]
	66
cb0f35d7 RE	67	*) Make sure the already existing X509_STORE->depth variable is initialized
	68	in X509_STORE_new(), but document the fact that this variable is still
	69	unused in the certificate verification process.
	70	[Ralf S. Engelschall]
	71
cfcf6453	72	*) Fix the various library and apps files to free up pkeys obtained from
ad65ce75	73	X509_PUBKEY_get() et al. Also allow x509.c to handle netscape extensions.
cfcf6453 DSH	74	[Steve Henson]
cfcf6453 DSH	75
cdbb8c2f BL	76	*) Fix reference counting in X509_PUBKEY_get(). This makes
	77	demos/maurice/example2.c work, amongst others, probably.
	78	[Steve Henson and Ben Laurie]
	79
06d5b162 RE	80	*) First cut of a cleanup for apps/. First the `ssleay' program is now named
	81	`openssl' and second, the shortcut symlinks for the `openssl <command>'
	82	are no longer created. This way we have a single and consistent command
	83	line interface `openssl <command>', similar to `cvs <command>'.
cdbb8c2f	84	[Ralf S. Engelschall, Paul Sutton and Ben Laurie]
06d5b162	85
c35f549e DSH	86	*) ca.c: move test for DSA keys inside #ifndef NO_DSA. Make pubkey
	87	BIT STRING wrapper always have zero unused bits.
	88	[Steve Henson]
	89
ebc828ca DSH	90	*) Add CA.pl, perl version of CA.sh, add extended key usage OID.
	91	[Steve Henson]
	92
79e259e3 PS	93	*) Make the top-level INSTALL documentation easier to understand.
	94	[Paul Sutton]
	95
56ee3117 PS	96	*) Makefiles updated to exit if an error occurs in a sub-directory
	97	make (including if user presses ^C) [Paul Sutton]
	98
6063b27b BL	99	*) Make Montgomery context stuff explicit in RSA data structure.
	100	[Ben Laurie]
	101
	102	*) Fix build order of pem and err to allow for generated pem.h.
	103	[Ben Laurie]
	104
	105	*) Fix renumbering bug in X509_NAME_delete_entry().
	106	[Ben Laurie]
	107
792a9002	108	*) Enhanced the err-ins.pl script so it makes the error library number
	109	global and can add a library name. This is needed for external ASN1 and
	110	other error libraries.
	111	[Steve Henson]
	112
	113	*) Fixed sk_insert which never worked properly.
	114	[Steve Henson]
	115
	116	*) Fix ASN1 macros so they can handle indefinite length construted
	117	EXPLICIT tags. Some non standard certificates use these: they can now
	118	be read in.
	119	[Steve Henson]
	120
ce72df1c RE	121	*) Merged the various old/obsolete SSLeay documentation files (doc/xxx.doc)
	122	into a single doc/ssleay.txt bundle. This way the information is still
	123	preserved but no longer messes up this directory. Now it's new room for
	124	the new set of documenation files.
	125	[Ralf S. Engelschall]
	126
4098e89c BL	127	*) SETs were incorrectly DER encoded. This was a major pain, because they
	128	shared code with SEQUENCEs, which aren't coded the same. This means that
	129	almost everything to do with SETs or SEQUENCEs has either changed name or
	130	number of arguments.
	131	[Ben Laurie, based on a partial fix by GP Jayan <gp@nsj.co.jp>]
	132
	133	*) Fix test data to work with the above.
	134	[Ben Laurie]
	135
03f8b042 BL	136	*) Fix the RSA header declarations that hid a bug I fixed in 0.9.0b but
03f8b042 BL	137	was already fixed by Eric for 0.9.1 it seems.
88fce979	138