]>
Commit | Line | Data |
---|---|---|
651d0aff | 1 | |
f1c236f8 | 2 | OpenSSL CHANGES |
651d0aff RE |
3 | _______________ |
4 | ||
5 | ||
1b276f30 RE |
6 | Changes between 0.9.2b and 0.9.3 |
7 | ||
5fd4e2b1 BM |
8 | *) Don't auto-generate pem.h. |
9 | [Bodo Moeller] | |
10 | ||
f73e07cf BL |
11 | *) Introduce type-safe ASN.1 SETs. |
12 | [Ben Laurie] | |
13 | ||
14 | *) Introduce type-safe STACKs. This will almost certainly break lots of code | |
15 | that links with OpenSSL (well at least cause lots of warnings), but fear | |
16 | not: the conversion is trivial, and it eliminates loads of evil casts. A | |
17 | few STACKed things have been converted already. Feel free to convert more. | |
18 | In the fullness of time, I'll do away with the STACK type altogether. | |
19 | [Ben Laurie] | |
20 | ||
f9a25931 RE |
21 | *) Add `openssl ca -revoke <certfile>' facility which revokes a certificate |
22 | specified in <certfile> by updating the entry in the index.txt file. | |
23 | This way one no longer has to edit the index.txt file manually for | |
24 | revoking a certificate. The -revoke option does the gory details now. | |
25 | [Massimiliano Pala <madwolf@openca.org>, Ralf S. Engelschall] | |
26 | ||
2f0cd195 RE |
27 | *) Fix `openssl crl -noout -text' combination where `-noout' killed the |
28 | `-text' option at all and this way the `-noout -text' combination was | |
29 | inconsistent in `openssl crl' with the friends in `openssl x509|rsa|dsa'. | |
30 | [Ralf S. Engelschall] | |
31 | ||
268c2102 RE |
32 | *) Make sure a corresponding plain text error message exists for the |
33 | X509_V_ERR_CERT_REVOKED/23 error number which can occur when a | |
34 | verify callback function determined that a certificate was revoked. | |
35 | [Ralf S. Engelschall] | |
36 | ||
fc8ee06b BM |
37 | *) Bugfix: In test/testenc, don't test "openssl <cipher>" for |
38 | ciphers that were excluded, e.g. by -DNO_IDEA. Also, test | |
39 | all available cipers including rc5, which was forgotten until now. | |
40 | In order to let the testing shell script know which algorithms | |
41 | are available, a new (up to now undocumented) command | |
42 | "openssl list-cipher-commands" is used. | |
43 | [Bodo Moeller] | |
44 | ||
c7ac31e2 BM |
45 | *) Bugfix: s_client occasionally would sleep in select() when |
46 | it should have checked SSL_pending() first. | |
47 | [Bodo Moeller] | |
48 | ||
9d892e28 UM |
49 | *) New functions DSA_do_sign and DSA_do_verify to provide access to |
50 | the raw DSA values prior to ASN.1 encoding. | |
51 |