]>
Commit | Line | Data |
---|---|---|
651d0aff | 1 | |
f1c236f8 | 2 | OpenSSL CHANGES |
651d0aff RE |
3 | _______________ |
4 | ||
c5e8580e RL |
5 | Changes between 0.9.6 and 0.9.7 [xx XXX 2000] |
6 | ||
3aba98e7 RL |
7 | *) Give the OpenSSL applications more possibilities to make use of |
8 | keys (public as well as private) handled by engines. | |
9 | [Richard Levitte] | |
10 | ||
7c155330 RL |
11 | *) Add OCSP code that comes from CertCo. |
12 | [Richard Levitte] | |
13 | ||
34a14882 | 14 | *) Add VMS support for the Rijndael code. |
5270e702 RL |
15 | [Richard Levitte] |
16 | ||
17 | *) Added untested support for Nuron crypto accelerator. | |
18 | [Ben Laurie] | |
19 | ||
20 | *) Add support for external cryptographic devices. This code was | |
21 | previously distributed separately as the "engine" branch. | |
22 | [Geoff Thorpe, Richard Levitte] | |
23 | ||
1df586be GT |
24 | *) Rework the filename-translation in the DSO code. It is now possible to |
25 | have far greater control over how a "name" is turned into a filename | |
26 | depending on the operating environment and any oddities about the | |
27 | different shared library filenames on each system. | |
28 | [Geoff Thorpe] | |
29 | ||
53400da7 RL |
30 | *) Support threads on FreeBSD-elf in Configure. |
31 | [Richard Levitte] | |
32 | ||
0fd44e2d RL |
33 | *) Add the possibility to create shared libraries on HP-UX |
34 | [Richard Levitte] | |
35 | ||
627ec355 DSH |
36 | *) Fix for SHA1 assembly problem with MASM: it produces |
37 | warnings about corrupt line number information when assembling | |
38 | with debugging information. This is caused by the overlapping | |
39 | of two sections. | |
40 | [Bernd Matthes <mainbug@celocom.de>, Steve Henson] | |
41 | ||
567f17cf RL |
42 | *) NCONF changes. |
43 | NCONF_get_number() has no error checking at all. As a replacement, | |
44 | NCONF_get_number_e() is defined (_e for "error checking") and is | |
45 | promoted strongly. The old NCONF_get_number is kept around for | |
46 | binary backward compatibility. | |
47 | Make it possible for methods to load from something other than a BIO, | |
48 | by providing a function pointer that is given a name instead of a BIO. | |
49 | For example, this could be used to load configuration data from an | |
50 | LDAP server. | |
51 | [Richard Levitte] | |
52 | ||
71d525c9 DSH |
53 | *) Fix typo in get_cert_by_subject() in by_dir.c |
54 | [Jean-Marc Desperrier <jean-marc.desperrier@certplus.com>] | |
55 | ||
a22fb399 RL |
56 | *) Rework the system to generate shared libraries: |
57 | ||
58 | - Make note of the expected extension for the shared libraries and | |
59 | if there is a need for symbolic links from for example libcrypto.so.0 | |
60 | to libcrypto.so.0.9.7. There is extended info in Configure for | |
61 | that. | |
62 | ||
63 | - Make as few rebuilds of the shared libraries as possible. | |
64 | ||
65 | - Still avoid linking the OpenSSL programs with the shared libraries. | |
66 | ||
67 | - When installing, install the shared libraries separately from the | |
68 | static ones. | |
69 | [Richard Levitte] | |
70 | ||
924046ce DSH |
71 | *) Fix for non blocking accept BIOs. Added new I/O special reason |
72 | BIO_RR_ACCEPT to cover this case. Previously use of accept BIOs | |
73 | with non blocking I/O was not possible because no retry code was | |
74 | implemented. Also added new SSL code SSL_WANT_ACCEPT to cover | |
75 | this case. | |
76 | [Steve Henson] | |
77 | ||
3ab56511 RL |
78 | *) Added the beginnings of Rijndael support. |
79 | [Ben Laurie] | |
80 | ||
d0c98589 | 81 | *) Fix for bug in DirectoryString mask setting. Add support for |
8ca533e3 DSH |
82 | X509_NAME_print_ex() in 'req' and X509_print_ex() function |
83 | to allow certificate printing to more controllable, additional | |
84 | 'certopt' option to 'x509' to allow new printing options to be | |
85 | set. | |
d0c98589 DSH |
86 | [Steve Henson] |
87 | ||
ef71cb6d RL |
88 | *) Clean old EAY MD5 hack from e_os.h. |
89 | [Richard Levitte] | |
90 | ||
3a0afe1e BM |
91 | *) Fix SSL_CTX_set_read_ahead macro to actually use its argument. |
92 | ||
93 | Copy SSL_CTX's read_ahead flag to SSL object directly in SSL_new | |
94 | and not in SSL_clear because the latter is also used by the | |
95 | accept/connect functions; previously, the settings made by | |
96 | SSL_set_read_ahead would be lost during the handshake. | |
97 | [Bodo Moeller; problems reported by Anders Gertz <gertz@epact.se>] | |
98 | ||
88aeb646 RL |
99 | *) Correct util/mkdef.pl to be selective about disabled algorithms. |
100 | Previously, it would create entries for disableed algorithms no | |
101 | matter what. | |
102 | [Richard Levitte] | |
c5e8580e | 103 | |
0e8f2fdf | 104 | Changes between 0.9.5a and 0.9.6 [24 Sep 2000] |
bbb72003 | 105 | |
f1192b7f BM |
106 | *) In ssl23_get_client_hello, generate an error message when faced |
107 | with an initial SSL 3.0/TLS record that is too small to contain the | |
108 | first two bytes of the ClientHello message, i.e. client_version. | |
109 | (Note that this is a pathologic case that probably has never happened | |
110 | in real life.) The previous approach was to use the version number | |
5a5accdd | 111 | from the record header as a substitute; but our protocol choice |
f1192b7f BM |
112 | should not depend on that one because it is not authenticated |
113 | by the Finished messages. | |
114 | [Bodo Moeller] | |
115 | ||
d49da3aa UM |
116 | *) More robust randomness gathering functions for Windows. |
117 | [Jeffrey Altman <jaltman@columbia.edu>] | |
118 | ||
dbba890c DSH |
119 | *) For compatibility reasons if the flag X509_V_FLAG_ISSUER_CHECK is |
120 | not set then we don't setup the error code for issuer check errors | |
121 | to avoid possibly overwriting other errors which the callback does | |
122 | handle. If an application does set the flag then we assume it knows | |
123 | what it is doing and can handle the new informational codes | |
124 | appropriately. | |
125 | [Steve Henson] | |
126 | ||
6cffb201 DSH |
127 | *) Fix for a nasty bug in ASN1_TYPE handling. ASN1_TYPE is used for |
128 | a general "ANY" type, as such it should be able to decode anything | |
129 | including tagged types. However it didn't check the class so it would | |
130 | wrongly interpret tagged types in the same way as their universal | |
131 | counterpart and unknown types were just rejected. Changed so that the | |
132 | tagged and unknown types are handled in the same way as a SEQUENCE: | |
133 | that is the encoding is stored intact. There is also a new type | |
134 | "V_ASN1_OTHER" which is used when the class is not universal, in this | |
135 | case we have no idea what the actual type is so we just lump them all | |
136 | together. | |
137 | [Steve Henson] | |
138 | ||
645749ef RL |
139 | *) On VMS, stdout may very well lead to a file that is written to |
140 | in a record-oriented fashion. That means that every write() will | |
141 | write a separate record, which will be read separately by the | |
142 | programs trying to read from it. This can be very confusing. | |
143 | ||
144 | The solution is to put a BIO filter in the way that will buffer | |
145 | text until a linefeed is reached, and then write everything a | |
146 | line at a time, so every record written will be an actual line, | |
147 | not chunks of lines and not (usually doesn't happen, but I've | |
148 | seen it once) several lines in one record. BIO_f_linebuffer() is | |
149 | the answer. | |
150 | ||
151 | Currently, it's a VMS-only method, because that's where it has | |
152 | been tested well enough. | |
153 | [Richard Levitte] | |
154 | ||
fe035197 | 155 | *) Remove 'optimized' squaring variant in BN_mod_mul_montgomery, |
a45bd295 | 156 | it can return incorrect results. |
cb1fbf8e BM |
157 | (Note: The buggy variant was not enabled in OpenSSL 0.9.5a, |
158 | but it was in 0.9.6-beta[12].) | |
a45bd295 BM |
159 | [Bodo Moeller] |
160 | ||
730e37ed DSH |
161 | *) Disable the check for content being present when verifying detached |
162 | signatures in pk7_smime.c. Some versions of Netscape (wrongly) | |
163 | include zero length content when signing messages. | |
164 | [Steve Henson] | |
165 | ||
07fcf422 BM |
166 | *) New BIO_shutdown_wr macro, which invokes the BIO_C_SHUTDOWN_WR |
167 | BIO_ctrl (for BIO pairs). | |
d49da3aa | 168 |