[thirdparty/openssl.git] / CHANGES


 OpenSSL CHANGES
 _______________


 Changes between 0.9.2b and 0.9.3

  *) Don't auto-generate pem.h.
     [Bodo Moeller]

  *) Introduce type-safe ASN.1 SETs.
     [Ben Laurie]

  *) Introduce type-safe STACKs. This will almost certainly break lots of code
     that links with OpenSSL (well at least cause lots of warnings), but fear
     not: the conversion is trivial, and it eliminates loads of evil casts. A
     few STACKed things have been converted already. Feel free to convert more.
     In the fullness of time, I'll do away with the STACK type altogether.
     [Ben Laurie]

  *) Add `openssl ca -revoke <certfile>' facility which revokes a certificate
     specified in <certfile> by updating the entry in the index.txt file.
     This way one no longer has to edit the index.txt file manually for
     revoking a certificate. The -revoke option does the gory details now.
     [Massimiliano Pala <madwolf@openca.org>, Ralf S. Engelschall]

  *) Fix `openssl crl -noout -text' combination where `-noout' killed the
     `-text' option at all and this way the `-noout -text' combination was
     inconsistent in `openssl crl' with the friends in `openssl x509|rsa|dsa'.
     [Ralf S. Engelschall]

  *) Make sure a corresponding plain text error message exists for the
     X509_V_ERR_CERT_REVOKED/23 error number which can occur when a
     verify callback function determined that a certificate was revoked.
     [Ralf S. Engelschall]

  *) Bugfix: In test/testenc, don't test "openssl <cipher>" for
     ciphers that were excluded, e.g. by -DNO_IDEA.  Also, test
     all available cipers including rc5, which was forgotten until now.
     In order to let the testing shell script know which algorithms
     are available, a new (up to now undocumented) command
     "openssl list-cipher-commands" is used.
     [Bodo Moeller]

  *) Bugfix: s_client occasionally would sleep in select() when
     it should have checked SSL_pending() first.
     [Bodo Moeller]

  *) New functions DSA_do_sign and DSA_do_verify to provide access to
     the raw DSA values prior to ASN.1 encoding.
Commit	Line	Data
651d0aff	1
f1c236f8	2	OpenSSL CHANGES
651d0aff RE	3	_______________
	4
	5
1b276f30 RE	6	Changes between 0.9.2b and 0.9.3
1b276f30 RE	7
5fd4e2b1 BM	8	*) Don't auto-generate pem.h.
	9	[Bodo Moeller]
	10
f73e07cf BL	11	*) Introduce type-safe ASN.1 SETs.
	12	[Ben Laurie]
	13
	14	*) Introduce type-safe STACKs. This will almost certainly break lots of code
	15	that links with OpenSSL (well at least cause lots of warnings), but fear
	16	not: the conversion is trivial, and it eliminates loads of evil casts. A
	17	few STACKed things have been converted already. Feel free to convert more.
	18	In the fullness of time, I'll do away with the STACK type altogether.
	19	[Ben Laurie]
	20
f9a25931 RE	21	*) Add `openssl ca -revoke <certfile>' facility which revokes a certificate
	22	specified in <certfile> by updating the entry in the index.txt file.
	23	This way one no longer has to edit the index.txt file manually for
	24	revoking a certificate. The -revoke option does the gory details now.
	25	[Massimiliano Pala <madwolf@openca.org>, Ralf S. Engelschall]
	26
2f0cd195 RE	27	*) Fix `openssl crl -noout -text' combination where `-noout' killed the
	28	`-text' option at all and this way the `-noout -text' combination was
	29	inconsistent in `openssl crl' with the friends in `openssl x509\|rsa\|dsa'.
	30	[Ralf S. Engelschall]
	31
268c2102 RE	32	*) Make sure a corresponding plain text error message exists for the
	33	X509_V_ERR_CERT_REVOKED/23 error number which can occur when a
	34	verify callback function determined that a certificate was revoked.
	35	[Ralf S. Engelschall]
	36
fc8ee06b BM	37	*) Bugfix: In test/testenc, don't test "openssl <cipher>" for
	38	ciphers that were excluded, e.g. by -DNO_IDEA. Also, test
	39	all available cipers including rc5, which was forgotten until now.
	40	In order to let the testing shell script know which algorithms
	41	are available, a new (up to now undocumented) command
	42	"openssl list-cipher-commands" is used.
	43	[Bodo Moeller]
	44
c7ac31e2 BM	45	*) Bugfix: s_client occasionally would sleep in select() when
	46	it should have checked SSL_pending() first.
	47	[Bodo Moeller]
	48
9d892e28 UM	49	*) New functions DSA_do_sign and DSA_do_verify to provide access to
	50	the raw DSA values prior to ASN.1 encoding.
	51