[thirdparty/openssl.git] / CHANGES


 OpenSSL CHANGES
 _______________


 Changes between 0.9.2b and 0.9.3

  *) Add `openssl ca -revoke <certfile>' facility which revokes a certificate
     specified in <certfile> by updating the entry in the index.txt file.
     This way one no longer has to edit the index.txt file manually for
     revoking a certificate. The -revoke option does the gory details now.
     [Massimiliano Pala <madwolf@openca.org>, Ralf S. Engelschall]

  *) Fix `openssl crl -noout -text' combination where `-noout' killed the
     `-text' option at all and this way the `-noout -text' combination was
     inconsistent in `openssl crl' with the friends in `openssl x509|rsa|dsa'.
     [Ralf S. Engelschall]

  *) Make sure a corresponding plain text error message exists for the
     X509_V_ERR_CERT_REVOKED/23 error number which can occur when a
     verify callback function determined that a certificate was revoked.
     [Ralf S. Engelschall]

  *) Bugfix: In test/testenc, don't test "openssl <cipher>" for
     ciphers that were excluded, e.g. by -DNO_IDEA.  Also, test
     all available cipers including rc5, which was forgotten until now.
     In order to let the testing shell script know which algorithms
     are available, a new (up to now undocumented) command
     "openssl list-cipher-commands" is used.
     [Bodo Moeller]

  *) Bugfix: s_client occasionally would sleep in select() when
     it should have checked SSL_pending() first.
     [Bodo Moeller]

  *) New functions DSA_do_sign and DSA_do_verify to provide access to
     the raw DSA values prior to ASN.1 encoding.
Commit	Line	Data
651d0aff	1
f1c236f8	2	OpenSSL CHANGES
651d0aff RE	3	_______________
	4
	5
1b276f30 RE	6	Changes between 0.9.2b and 0.9.3
1b276f30 RE	7
f9a25931 RE	8	*) Add `openssl ca -revoke <certfile>' facility which revokes a certificate
	9	specified in <certfile> by updating the entry in the index.txt file.
	10	This way one no longer has to edit the index.txt file manually for
	11	revoking a certificate. The -revoke option does the gory details now.
	12	[Massimiliano Pala <madwolf@openca.org>, Ralf S. Engelschall]
	13
2f0cd195 RE	14	*) Fix `openssl crl -noout -text' combination where `-noout' killed the
	15	`-text' option at all and this way the `-noout -text' combination was
	16	inconsistent in `openssl crl' with the friends in `openssl x509\|rsa\|dsa'.
	17	[Ralf S. Engelschall]
	18
268c2102 RE	19	*) Make sure a corresponding plain text error message exists for the
	20	X509_V_ERR_CERT_REVOKED/23 error number which can occur when a
	21	verify callback function determined that a certificate was revoked.
	22	[Ralf S. Engelschall]
	23
fc8ee06b BM	24	*) Bugfix: In test/testenc, don't test "openssl <cipher>" for
	25	ciphers that were excluded, e.g. by -DNO_IDEA. Also, test
	26	all available cipers including rc5, which was forgotten until now.
	27	In order to let the testing shell script know which algorithms
	28	are available, a new (up to now undocumented) command
	29	"openssl list-cipher-commands" is used.
	30	[Bodo Moeller]
	31
c7ac31e2 BM	32	*) Bugfix: s_client occasionally would sleep in select() when
	33	it should have checked SSL_pending() first.
	34	[Bodo Moeller]
	35
9d892e28 UM	36	*) New functions DSA_do_sign and DSA_do_verify to provide access to
	37	the raw DSA values prior to ASN.1 encoding.
	38