]>
Commit | Line | Data |
---|---|---|
651d0aff | 1 | |
f1c236f8 | 2 | OpenSSL CHANGES |
651d0aff RE |
3 | _______________ |
4 | ||
4c4d87f9 | 5 | Changes between 0.9.5 and 0.9.5a [XX XXX 2000] |
865874f2 | 6 | |
daf4e53e | 7 | *) Add compatibility options to the purpose and trust code. The |
068fdce8 DSH |
8 | purpose X509_PURPOSE_ANY is "any purpose" which automatically |
9 | accepts a certificate or CA, this was the previous behaviour, | |
10 | with all the associated security issues. | |
11 | ||
12 | X509_TRUST_COMPAT is the old trust behaviour: only and | |
13 | automatically trust self signed roots in certificate store. A | |
14 | new trust setting X509_TRUST_DEFAULT is used to specify that | |
15 | a purpose has no associated trust setting and it should instead | |
16 | use the value in the default purpose. | |
17 | [Steve Henson] | |
18 | ||
48fe0eec DSH |
19 | *) Fix the PKCS#8 DSA private key code so it decodes keys again |
20 | and fix a memory leak. | |
21 | [Steve Henson] | |
22 | ||
59fc2b0f BM |
23 | *) In util/mkerr.pl (which implements 'make errors'), preserve |
24 | reason strings from the previous version of the .c file, as | |
25 | the default to have only downcase letters (and digits) in | |
26 | automatically generated reasons codes is not always appropriate. | |
27 | [Bodo Moeller] | |
28 | ||
0a150c5c BM |
29 | *) In ERR_load_ERR_strings(), build an ERR_LIB_SYS error reason table |
30 | using strerror. Previously, ERR_reason_error_string() returned | |
31 | library names as reason strings for SYSerr; but SYSerr is a special | |
32 | case where small numbers are errno values, not library numbers. | |
33 | [Bodo Moeller] | |
34 | ||
41918458 BM |
35 | *) Add '-dsaparam' option to 'openssl dhparam' application. This |
36 | converts DSA parameters into DH parameters. (When creating parameters, | |
37 | DSA_generate_parameters is used.) | |
38 | [Bodo Moeller] | |
39 | ||
40 | *) Include 'length' (recommended exponent length) in C code generated | |
41 | by 'openssl dhparam -C'. | |
42 | [Bodo Moeller] | |
43 | ||
d9c88a39 DSH |
44 | *) The second argument to set_label in perlasm was already being used |
45 | so couldn't be used as a "file scope" flag. Moved to third argument | |
46 | which was free. | |
47 | [Steve Henson] | |
48 | ||
84d14408 BM |
49 | *) In PEM_ASN1_write_bio and some other functions, use RAND_pseudo_bytes |
50 | instead of RAND_bytes for encryption IVs and salts. | |
51 | [Bodo Moeller] | |
52 | ||
5eb8ca4d BM |
53 | *) Include RAND_status() into RAND_METHOD instead of implementing |
54 | it only for md_rand.c Otherwise replacing the PRNG by calling | |
55 | RAND_set_rand_method would be impossible. | |
56 | [Bodo Moeller] | |
57 | ||
7a2dfc2a UM |
58 | *) Don't let DSA_generate_key() enter an infinite loop if the random |
59 | number generation fails. | |
60 | [Bodo Moeller] | |
61 | ||
55f7d65d BM |
62 | *) New 'rand' application for creating pseudo-random output. |
63 | [Bodo Moeller] | |
64 | ||
010712ff RE |
65 | *) Added configuration support for Linux/IA64 |
66 | [Rolf Haberrecker <rolf@suse.de>] | |
67 | ||
2da0c119 UM |
68 | *) Assembler module support for Mingw32. |
69 |