[thirdparty/openssl.git] / CHANGES


 OpenSSL CHANGES
 _______________

 Changes between 0.9.6 and 0.9.7  [xx XXX 2000]

  *) Clean old EAY MD5 hack from e_os.h.
     [Richard Levitte]

  *) Fix SSL_CTX_set_read_ahead macro to actually use its argument.

     Copy SSL_CTX's read_ahead flag to SSL object directly in SSL_new
     and not in SSL_clear because the latter is also used by the
     accept/connect functions; previously, the settings made by
     SSL_set_read_ahead would be lost during the handshake.
     [Bodo Moeller; problems reported by Anders Gertz <gertz@epact.se>]     

  *) Correct util/mkdef.pl to be selective about disabled algorithms.
     Previously, it would create entries for disableed algorithms no
     matter what.
     [Richard Levitte]

 Changes between 0.9.5a and 0.9.6  [24 Sep 2000]

  *) In ssl23_get_client_hello, generate an error message when faced
     with an initial SSL 3.0/TLS record that is too small to contain the
     first two bytes of the ClientHello message, i.e. client_version.
     (Note that this is a pathologic case that probably has never happened
     in real life.)  The previous approach was to use the version number
     from the record header as a substitute; but our protocol choice
     should not depend on that one because it is not authenticated
     by the Finished messages.
     [Bodo Moeller]

  *) More robust randomness gathering functions for Windows.
     [Jeffrey Altman <jaltman@columbia.edu>]

  *) For compatibility reasons if the flag X509_V_FLAG_ISSUER_CHECK is
     not set then we don't setup the error code for issuer check errors
     to avoid possibly overwriting other errors which the callback does
     handle. If an application does set the flag then we assume it knows
     what it is doing and can handle the new informational codes
     appropriately.
     [Steve Henson]

  *) Fix for a nasty bug in ASN1_TYPE handling. ASN1_TYPE is used for
     a general "ANY" type, as such it should be able to decode anything
     including tagged types. However it didn't check the class so it would
     wrongly interpret tagged types in the same way as their universal
     counterpart and unknown types were just rejected. Changed so that the
     tagged and unknown types are handled in the same way as a SEQUENCE:
     that is the encoding is stored intact. There is also a new type
     "V_ASN1_OTHER" which is used when the class is not universal, in this
     case we have no idea what the actual type is so we just lump them all
     together.
     [Steve Henson]

  *) On VMS, stdout may very well lead to a file that is written to
     in a record-oriented fashion.  That means that every write() will
     write a separate record, which will be read separately by the
     programs trying to read from it.  This can be very confusing.

     The solution is to put a BIO filter in the way that will buffer
     text until a linefeed is reached, and then write everything a
     line at a time, so every record written will be an actual line,
     not chunks of lines and not (usually doesn't happen, but I've
     seen it once) several lines in one record.  BIO_f_linebuffer() is
     the answer.

     Currently, it's a VMS-only method, because that's where it has
     been tested well enough.
     [Richard Levitte]

  *) Remove 'optimized' squaring variant in BN_mod_mul_montgomery,
     it can return incorrect results.
     (Note: The buggy variant was not enabled in OpenSSL 0.9.5a,
     but it was in 0.9.6-beta[12].)
     [Bodo Moeller]

  *) Disable the check for content being present when verifying detached
     signatures in pk7_smime.c. Some versions of Netscape (wrongly)
     include zero length content when signing messages.
     [Steve Henson]

  *) New BIO_shutdown_wr macro, which invokes the BIO_C_SHUTDOWN_WR
     BIO_ctrl (for BIO pairs).
Commit	Line	Data
651d0aff	1
f1c236f8	2	OpenSSL CHANGES
651d0aff RE	3	_______________
651d0aff RE	4
c5e8580e RL	5	Changes between 0.9.6 and 0.9.7 [xx XXX 2000]
c5e8580e RL	6
ef71cb6d RL	7	*) Clean old EAY MD5 hack from e_os.h.
	8	[Richard Levitte]
	9
3a0afe1e BM	10	*) Fix SSL_CTX_set_read_ahead macro to actually use its argument.
	11
	12	Copy SSL_CTX's read_ahead flag to SSL object directly in SSL_new
	13	and not in SSL_clear because the latter is also used by the
	14	accept/connect functions; previously, the settings made by
	15	SSL_set_read_ahead would be lost during the handshake.
	16	[Bodo Moeller; problems reported by Anders Gertz <gertz@epact.se>]
	17
88aeb646 RL	18	*) Correct util/mkdef.pl to be selective about disabled algorithms.
	19	Previously, it would create entries for disableed algorithms no
	20	matter what.
	21	[Richard Levitte]
c5e8580e	22
0e8f2fdf	23	Changes between 0.9.5a and 0.9.6 [24 Sep 2000]
bbb72003	24
f1192b7f BM	25	*) In ssl23_get_client_hello, generate an error message when faced
	26	with an initial SSL 3.0/TLS record that is too small to contain the
	27	first two bytes of the ClientHello message, i.e. client_version.
	28	(Note that this is a pathologic case that probably has never happened
	29	in real life.) The previous approach was to use the version number
5a5accdd	30	from the record header as a substitute; but our protocol choice
f1192b7f BM	31	should not depend on that one because it is not authenticated
	32	by the Finished messages.
	33	[Bodo Moeller]
	34
d49da3aa UM	35	*) More robust randomness gathering functions for Windows.
	36	[Jeffrey Altman <jaltman@columbia.edu>]
	37
dbba890c DSH	38	*) For compatibility reasons if the flag X509_V_FLAG_ISSUER_CHECK is
	39	not set then we don't setup the error code for issuer check errors
	40	to avoid possibly overwriting other errors which the callback does
	41	handle. If an application does set the flag then we assume it knows
	42	what it is doing and can handle the new informational codes
	43	appropriately.
	44	[Steve Henson]
	45
6cffb201 DSH	46	*) Fix for a nasty bug in ASN1_TYPE handling. ASN1_TYPE is used for
	47	a general "ANY" type, as such it should be able to decode anything
	48	including tagged types. However it didn't check the class so it would
	49	wrongly interpret tagged types in the same way as their universal
	50	counterpart and unknown types were just rejected. Changed so that the
	51	tagged and unknown types are handled in the same way as a SEQUENCE:
	52	that is the encoding is stored intact. There is also a new type
	53	"V_ASN1_OTHER" which is used when the class is not universal, in this
	54	case we have no idea what the actual type is so we just lump them all
	55	together.
	56	[Steve Henson]
	57
645749ef RL	58	*) On VMS, stdout may very well lead to a file that is written to
	59	in a record-oriented fashion. That means that every write() will
	60	write a separate record, which will be read separately by the
	61	programs trying to read from it. This can be very confusing.
	62
	63	The solution is to put a BIO filter in the way that will buffer
	64	text until a linefeed is reached, and then write everything a
	65	line at a time, so every record written will be an actual line,
	66	not chunks of lines and not (usually doesn't happen, but I've
	67	seen it once) several lines in one record. BIO_f_linebuffer() is
	68	the answer.
	69
	70	Currently, it's a VMS-only method, because that's where it has
	71	been tested well enough.
	72	[Richard Levitte]
	73
fe035197	74	*) Remove 'optimized' squaring variant in BN_mod_mul_montgomery,
a45bd295	75	it can return incorrect results.
cb1fbf8e BM	76	(Note: The buggy variant was not enabled in OpenSSL 0.9.5a,
cb1fbf8e BM	77	but it was in 0.9.6-beta[12].)
a45bd295 BM	78	[Bodo Moeller]
a45bd295 BM	79
730e37ed DSH	80	*) Disable the check for content being present when verifying detached
	81	signatures in pk7_smime.c. Some versions of Netscape (wrongly)
	82	include zero length content when signing messages.
	83	[Steve Henson]
	84
07fcf422 BM	85	*) New BIO_shutdown_wr macro, which invokes the BIO_C_SHUTDOWN_WR
07fcf422 BM	86	BIO_ctrl (for BIO pairs).
d49da3aa	87