projects / thirdparty / openssl.git / blame
| Commit | Line | Data |
|---|---|---|
| 3b52c2e7 RE |
1 | |
| 2 | NEWS | |
| 3 | ==== | |
| 4 | ||
| 5 | This file gives a brief overview of the major changes between each OpenSSL | |
| 6 | release. For more details please read the CHANGES file. | |
| 7 | ||
| b7e7aa00 DSH |
8 | Major changes between OpenSSL 0.9.8g and OpenSSL 0.9.8h: |
| 9 | ||
| 10 | o CryptoAPI ENGINE support. | |
| 11 | o Various precautionary measures. | |
| 12 | o Fix for bugs affecting certificate request creation. | |
| 13 | o Support for local machine keyset attribute in PKCS#12 files. | |
| 14 | ||
| 32f1f622 LJ |
15 | Major changes between OpenSSL 0.9.8f and OpenSSL 0.9.8g: |
| 16 | ||
| b7e7aa00 | 17 | o Backport of CMS functionality to 0.9.8. |
| 32f1f622 LJ |
18 | o Fixes for bugs introduced with 0.9.8f. |
| 19 | ||
| 29c0866b DSH |
20 | Major changes between OpenSSL 0.9.8e and OpenSSL 0.9.8f: |
| 21 | ||
| 272f9f3d | 22 | o Add gcc 4.2 support. |
| 29c0866b DSH |
23 | o Add support for AES and SSE2 assembly lanugauge optimization |
| 24 | for VC++ build. | |
| 25 | o Support for RFC4507bis and server name extensions if explicitly | |
| 26 | selected at compile time. | |
| dd002667 BL |
27 | o DTLS improvements. |
| 28 | o RFC4507bis support. | |
| 29 | o TLS Extensions support. | |
| 29c0866b | 30 | |
| ac319217 DSH |
31 | Major changes between OpenSSL 0.9.8d and OpenSSL 0.9.8e: |
| 32 | ||
| 33 | o Various ciphersuite selection fixes. | |
| 34 | o RFC3779 support. | |
| 35 | ||
| 0c66d3ae | 36 | Major changes between OpenSSL 0.9.8c and OpenSSL 0.9.8d: |
| 951dfbb1 MC |
37 | |
| 38 | o Introduce limits to prevent malicious key DoS (CVE-2006-2940) | |
| 39 | o Fix security issues (CVE-2006-2937, CVE-2006-3737, CVE-2006-4343) | |
| 40 | o Changes to ciphersuite selection algorithm | |
| 41 | ||
| df20b6e7 MC |
42 | Major changes between OpenSSL 0.9.8b and OpenSSL 0.9.8c: |
| 43 | ||
| 44 | o Fix Daniel Bleichenbacher forged signature attack, CVE-2006-4339 | |
| 45 | o New cipher Camellia | |
| 46 | ||
| df22f59f DSH |
47 | Major changes between OpenSSL 0.9.8a and OpenSSL 0.9.8b: |
| 48 | ||
| 49 | o Cipher string fixes. | |
| 50 | o Fixes for VC++ 2005. | |
| 51 | o Updated ECC cipher suite support. | |
| 52 | o New functions EVP_CIPHER_CTX_new() and EVP_CIPHER_CTX_free(). | |
| 53 | o Zlib compression usage fixes. | |
| 54 | o Built in dynamic engine compilation support on Win32. | |
| 55 | o Fixes auto dynamic engine loading in Win32. | |
| 56 | ||
| 64932f9e MC |
57 | Major changes between OpenSSL 0.9.8 and OpenSSL 0.9.8a: |
| 58 | ||
| df20b6e7 | 59 | o Fix potential SSL 2.0 rollback, CVE-2005-2969 |
| 64932f9e MC |
60 | o Extended Windows CE support |
| 61 | ||
| e0ee5ea9 RL |
62 | Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.8: |
| 63 | ||
| 64 | o Major work on the BIGNUM library for higher efficiency and to | |
| 65 | make operations more streamlined and less contradictory. This | |
| 66 | is the result of a major audit of the BIGNUM library. | |
| 67 | o Addition of BIGNUM functions for fields GF(2^m) and NIST | |
| 68 | curves, to support the Elliptic Crypto functions. | |
| 69 | o Major work on Elliptic Crypto; ECDH and ECDSA added, including | |
| 70 | the use through EVP, X509 and ENGINE. | |
| 71 | o New ASN.1 mini-compiler that's usable through the OpenSSL | |
| 72 | configuration file. | |
| 73 | o Added support for ASN.1 indefinite length constructed encoding. | |
| 74 | o New PKCS#12 'medium level' API to manipulate PKCS#12 files. | |
| 75 | o Complete rework of shared library construction and linking | |
| 76 | programs with shared or static libraries, through a separate | |
| 77 | Makefile.shared. | |
| 1d01c9d4 | 78 | o Rework of the passing of parameters from one Makefile to another. |
| e0ee5ea9 RL |
79 | o Changed ENGINE framework to load dynamic engine modules |
| 80 | automatically from specifically given directories. | |
| 81 | o New structure and ASN.1 functions for CertificatePair. | |
| 82 | o Changed the ZLIB compression method to be stateful. | |
| 83 | o Changed the key-generation and primality testing "progress" | |
| 84 | mechanism to take a structure that contains the ticker | |
| 85 | function and an argument. | |
| 86 | o New engine module: GMP (performs private key exponentiation). | |
| 87 | o New engine module: VIA PadLOck ACE extension in VIA C3 | |
| 88 | Nehemiah processors. | |
| 89 | o Added support for IPv6 addresses in certificate extensions. | |
| 90 | See RFC 1884, section 2.2. | |
| 91 | o Added support for certificate policy mappings, policy | |
| 92 | constraints and name constraints. | |
| 93 | o Added support for multi-valued AVAs in the OpenSSL | |
| 94 | configuration file. | |
| 95 | o Added support for multiple certificates with the same subject | |
| 96 | in the 'openssl ca' index file. | |
| 97 | o Make it possible to create self-signed certificates using | |
| 98 | 'openssl ca -selfsign'. | |
| 99 | o Make it possible to generate a serial number file with | |
| 100 | 'openssl ca -create_serial'. | |
| 101 | o New binary search functions with extended functionality. | |
| 102 | o New BUF functions. | |
| 103 | o New STORE structure and library to provide an interface to all | |
| 104 | sorts of data repositories. Supports storage of public and | |
| 105 | private keys, certificates, CRLs, numbers and arbitrary blobs. | |
| 106 | This library is unfortunately unfinished and unused withing | |
| 107 | OpenSSL. | |
| 108 | o New control functions for the error stack. | |
| 109 | o Changed the PKCS#7 library to support one-pass S/MIME | |
| 110 | processing. | |
| 111 | o Added the possibility to compile without old deprecated | |
| 112 | functionality with the OPENSSL_NO_DEPRECATED macro or the | |
| 113 | 'no-deprecated' argument to the config and Configure scripts. | |
| 114 | o Constification of all ASN.1 conversion functions, and other | |
| 115 | affected functions. | |
| 116 | o Improved platform support for PowerPC. | |
| 117 | o New FIPS 180-2 algorithms (SHA-224, -256, -384 and -512). | |
| 118 | o New X509_VERIFY_PARAM structure to support parametrisation | |
| 119 | of X.509 path validation. | |
| 120 | o Major overhaul of RC4 performance on Intel P4, IA-64 and | |
| 121 | AMD64. | |
| 122 | o Changed the Configure script to have some algorithms disabled | |
| 123 | by default. Those can be explicitely enabled with the new | |
| 124 | argument form 'enable-xxx'. | |
| 125 | o Change the default digest in 'openssl' commands from MD5 to | |
| 126 | SHA-1. | |
| b2d27e37 | 127 | o Added support for DTLS. |
| e0ee5ea9 | 128 | o New BIGNUM blinding. |
| b257c152 RL |
129 | o Added support for the RSA-PSS encryption scheme |
| 130 | o Added support for the RSA X.931 padding. | |
| b2d27e37 RL |
131 | o Added support for BSD sockets on NetWare. |
| 132 | o Added support for files larger than 2GB. | |
| 1d01c9d4 RL |
133 | o Added initial support for Win64. |
| 134 | o Added alternate pkg-config files. | |
| e0ee5ea9 | 135 | |
| bd869183 BM |
136 | Major changes between OpenSSL 0.9.7k and OpenSSL 0.9.7l: |
| 137 | ||
| 138 | o Introduce limits to prevent malicious key DoS (CVE-2006-2940) | |
| 139 | o Fix security issues (CVE-2006-2937, CVE-2006-3737, CVE-2006-4343) | |
| 140 | ||
| df20b6e7 MC |
141 | Major changes between OpenSSL 0.9.7j and OpenSSL 0.9.7k: |
| 142 | ||
| 143 | o Fix Daniel Bleichenbacher forged signature attack, CVE-2006-4339 | |
| 144 | ||
| df22f59f DSH |
145 | Major changes between OpenSSL 0.9.7i and OpenSSL 0.9.7j: |
| 146 | ||
| 147 | o Visual C++ 2005 fixes. | |
| 148 | o Update Windows build system for FIPS. | |
| 149 | ||
| 150 | Major changes between OpenSSL 0.9.7h and OpenSSL 0.9.7i: | |
| 151 | ||
| 152 | o Give EVP_MAX_MD_SIZE it's old value, except for a FIPS build. | |
| 153 | ||
| 154 | Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.7h: | |
| 155 | ||
| df20b6e7 | 156 | o Fix SSL 2.0 Rollback, CVE-2005-2969 |
| df22f59f DSH |
157 | o Allow use of fixed-length exponent on DSA signing |
| 158 | o Default fixed-window RSA, DSA, DH private-key operations | |
| 159 | ||
| 36521f01 RL |
160 | Major changes between OpenSSL 0.9.7f and OpenSSL 0.9.7g: |
| 161 | ||
| 162 | o More compilation issues fixed. | |
| 163 | o Adaptation to more modern Kerberos API. | |
| 164 | o Enhanced or corrected configuration for Solaris64, Mingw and Cygwin. | |
| 165 | o Enhanced x86_64 assembler BIGNUM module. | |
| 166 | o More constification. | |
| 167 | o Added processing of proxy certificates (RFC 3820). | |
| 168 | ||
| 169 | Major changes between OpenSSL 0.9.7e and OpenSSL 0.9.7f: | |
| 170 | ||
| 171 | o Several compilation issues fixed. | |
| 172 | o Many memory allocation failure checks added. | |
| 173 | o Improved comparison of X509 Name type. | |
| 174 | o Mandatory basic checks on certificates. | |
| 175 | o Performance improvements. | |
| 176 | ||
| 03386677 DSH |
177 | Major changes between OpenSSL 0.9.7d and OpenSSL 0.9.7e: |
| 178 | ||
| 179 | o Fix race condition in CRL checking code. | |
| 180 | o Fixes to PKCS#7 (S/MIME) code. | |
| 181 | ||
| 182 | Major changes between OpenSSL 0.9.7c and OpenSSL 0.9.7d: | |
| 183 | ||
| 184 | o Security: Fix Kerberos ciphersuite SSL/TLS handshaking bug | |
| 185 | o Security: Fix null-pointer assignment in do_change_cipher_spec() | |
| 186 | o Allow multiple active certificates with same subject in CA index | |
| 187 | o Multiple X509 verification fixes | |
| 188 | o Speed up HMAC and other operations | |
| 189 | ||
| 29902449 DSH |
190 | Major changes between OpenSSL 0.9.7b and OpenSSL 0.9.7c: |
| 191 | ||
| 192 | o Security: fix various ASN1 parsing bugs. | |
| 193 | o New -ignore_err option to OCSP utility. | |
| 194 | o Various interop and bug fixes in S/MIME code. | |
| 195 | o SSL/TLS protocol fix for unrequested client certificates. | |
| 196 | ||
| 1774e22d RL |
197 | Major changes between OpenSSL 0.9.7a and OpenSSL 0.9.7b: |
| 198 | ||
| 199 | o Security: counter the Klima-Pokorny-Rosa extension of | |
| 200 | Bleichbacher's attack | |
| 201 | o Security: make RSA blinding default. | |
| 202 | o Configuration: Irix fixes, AIX fixes, better mingw support. | |
| 203 | o Support for new platforms: linux-ia64-ecc. | |
| 204 | o Build: shared library support fixes. | |
| 205 | o ASN.1: treat domainComponent correctly. | |
| 206 | o Documentation: fixes and additions. | |
| 207 | ||
| d8cbc935 RL |
208 | Major changes between OpenSSL 0.9.7 and OpenSSL 0.9.7a: |
| 209 | ||
| 210 | o Security: Important security related bugfixes. | |
| 211 | o Enhanced compatibility with MIT Kerberos. | |
| 212 | o Can be built without the ENGINE framework. | |
| 213 | o IA32 assembler enhancements. | |
| 214 | o Support for new platforms: FreeBSD/IA64 and FreeBSD/Sparc64. | |
| 215 | o Configuration: the no-err option now works properly. | |
| 216 | o SSL/TLS: now handles manual certificate chain building. | |
| 217 | o SSL/TLS: certain session ID malfunctions corrected. | |
| 218 | ||
| 3ba25ee8 | 219 | Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.7: |
| 83f25717 RL |
220 | |
| 221 | o New library section OCSP. | |
| e4fb4977 LJ |
222 | o Complete rewrite of ASN1 code. |
| 223 | o CRL checking in verify code and openssl utility. | |
| 224 | o Extension copying in 'ca' utility. | |
| 225 | o Flexible display options in 'ca' utility. | |
| 226 | o Provisional support for international characters with UTF8. | |
| 4dec4f64 BM |
227 | o Support for external crypto devices ('engine') is no longer |
| 228 | a separate distribution. | |
| e4fb4977 LJ |
229 | o New elliptic curve library section. |
| 230 | o New AES (Rijndael) library section. | |
| 1fc73fef | 231 | o Support for new platforms: Windows CE, Tandem OSS, A/UX, AIX 64-bit, |
| 29902449 | 232 | Linux x86_64, Linux 64-bit on Sparc v9 |
| 9801fb61 RL |
233 | o Extended support for some platforms: VxWorks |
| 234 | o Enhanced support for shared libraries. | |
| 29902449 | 235 | o Now only builds PIC code when shared library support is requested. |
| 9801fb61 RL |
236 | o Support for pkg-config. |
| 237 | o Lots of new manuals. | |
| 29902449 DSH |
238 | o Makes symbolic links to or copies of manuals to cover all described |
| 239 | functions. | |
| e4fb4977 LJ |
240 | o Change DES API to clean up the namespace (some applications link also |
| 241 | against libdes providing similar functions having the same name). | |
| 242 | Provide macros for backward compatibility (will be removed in the | |
| 243 | future). | |
| ece0bdf1 BM |
244 | o Unify handling of cryptographic algorithms (software and engine) |
| 245 | to be available via EVP routines for asymmetric and symmetric ciphers. | |
| e4fb4977 LJ |
246 | o NCONF: new configuration handling routines. |
| 247 | o Change API to use more 'const' modifiers to improve error checking | |
| 248 | and help optimizers. | |
| 249 | o Finally remove references to RSAref. | |
| 250 | o Reworked parts of the BIGNUM code. | |
| 251 | o Support for new engines: Broadcom ubsec, Accelerated Encryption | |
| 252 | Processing, IBM 4758. | |
| 9801fb61 | 253 | o A few new engines added in the demos area. |
| e1f7ea25 | 254 | o Extended and corrected OID (object identifier) table. |
| e4fb4977 LJ |
255 | o PRNG: query at more locations for a random device, automatic query for |
| 256 | EGD style random sources at several locations. | |
| 257 | o SSL/TLS: allow optional cipher choice according to server's preference. | |
| 258 | o SSL/TLS: allow server to explicitly set new session ids. | |
| 259 | o SSL/TLS: support Kerberos cipher suites (RFC2712). | |
| 1fc73fef | 260 | Only supports MIT Kerberos for now. |
| e4fb4977 LJ |
261 | o SSL/TLS: allow more precise control of renegotiations and sessions. |
| 262 | o SSL/TLS: add callback to retrieve SSL/TLS messages. | |
| ea4f109c | 263 | o SSL/TLS: support AES cipher suites (RFC3268). |
| e4fb4977 | 264 | |
| 29902449 DSH |
265 | Major changes between OpenSSL 0.9.6j and OpenSSL 0.9.6k: |
| 266 | ||
| 267 | o Security: fix various ASN1 parsing bugs. | |
| 268 | o SSL/TLS protocol fix for unrequested client certificates. | |
| 269 | ||
| 138f970e RL |
270 | Major changes between OpenSSL 0.9.6i and OpenSSL 0.9.6j: |
| 271 | ||
| 272 | o Security: counter the Klima-Pokorny-Rosa extension of | |
| 273 | Bleichbacher's attack | |
| 274 | o Security: make RSA blinding default. | |
| 275 | o Build: shared library support fixes. | |
| 276 | ||
| d8cbc935 RL |
277 | Major changes between OpenSSL 0.9.6h and OpenSSL 0.9.6i: |
| 278 | ||
| 279 | o Important security related bugfixes. | |
| 280 | ||
| 9801fb61 RL |
281 | Major changes between OpenSSL 0.9.6g and OpenSSL 0.9.6h: |
| 282 | ||
| 283 | o New configuration targets for Tandem OSS and A/UX. | |
| 284 | o New OIDs for Microsoft attributes. | |
| 285 | o Better handling of SSL session caching. | |
| 286 | o Better comparison of distinguished names. | |
| 287 | o Better handling of shared libraries in a mixed GNU/non-GNU environment. | |
| 288 | o Support assembler code with Borland C. | |
| 289 | o Fixes for length problems. | |
| 290 | o Fixes for uninitialised variables. | |
| 291 | o Fixes for memory leaks, some unusual crashes and some race conditions. | |
| 292 | o Fixes for smaller building problems. | |
| 293 | o Updates of manuals, FAQ and other instructive documents. | |
| 294 | ||
| 36969082 RL |
295 | Major changes between OpenSSL 0.9.6f and OpenSSL 0.9.6g: |
| 296 | ||
| 297 | o Important building fixes on Unix. | |
| 298 | ||
| fbe792f0 RL |
299 | Major changes between OpenSSL 0.9.6e and OpenSSL 0.9.6f: |
| 300 | ||
| 301 | o Various important bugfixes. | |
| 302 | ||
| b218af2b LJ |
303 | Major changes between OpenSSL 0.9.6d and OpenSSL 0.9.6e: |
| 304 | ||
| 305 | o Important security related bugfixes. | |
| 306 | o Various SSL/TLS library bugfixes. | |
| 307 | ||
| 151457ab | 308 | Major changes between OpenSSL 0.9.6c and OpenSSL 0.9.6d: |
| e4fb4977 LJ |
309 | |
| 310 | o Various SSL/TLS library bugfixes. | |
| 311 | o Fix DH parameter generation for 'non-standard' generators. | |
| 4dec4f64 | 312 | |
| 151457ab | 313 | Major changes between OpenSSL 0.9.6b and OpenSSL 0.9.6c: |
| ae52ec98 BM |
314 | |
| 315 | o Various SSL/TLS library bugfixes. | |
| 316 | o BIGNUM library fixes. | |
| ef5f6a08 RL |
317 | o RSA OAEP and random number generation fixes. |
| 318 | o Object identifiers corrected and added. | |
| 319 | o Add assembler BN routines for IA64. | |
| 320 | o Add support for OS/390 Unix, UnixWare with gcc, OpenUNIX 8, | |
| 321 | MIPS Linux; shared library support for Irix, HP-UX. | |
| a3790c0d | 322 | o Add crypto accelerator support for AEP, Baltimore SureWare, |
| ef5f6a08 RL |
323 | Broadcom and Cryptographic Appliance's keyserver |
| 324 | [in 0.9.6c-engine release]. | |
| ae52ec98 | 325 | |
| 151457ab | 326 | Major changes between OpenSSL 0.9.6a and OpenSSL 0.9.6b: |
| 4dec4f64 BM |
327 | |
| 328 | o Security fix: PRNG improvements. | |
| 329 | o Security fix: RSA OAEP check. | |
| 330 | o Security fix: Reinsert and fix countermeasure to Bleichbacher's | |
| 331 | attack. | |
| 332 | o MIPS bug fix in BIGNUM. | |
| 333 | o Bug fix in "openssl enc". | |
| 334 | o Bug fix in X.509 printing routine. | |
| 335 | o Bug fix in DSA verification routine and DSA S/MIME verification. | |
| 336 | o Bug fix to make PRNG thread-safe. | |
| 337 | o Bug fix in RAND_file_name(). | |
| 338 | o Bug fix in compatibility mode trust settings. | |
| 339 | o Bug fix in blowfish EVP. | |
| 340 | o Increase default size for BIO buffering filter. | |
| 341 | o Compatibility fixes in some scripts. | |
| 83f25717 | 342 | |
| 7cdd2aa1 RL |
343 | Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.6a: |
| 344 | ||
| 345 | o Security fix: change behavior of OpenSSL to avoid using | |
| 346 | environment variables when running as root. | |
| 347 | o Security fix: check the result of RSA-CRT to reduce the | |
| 348 | possibility of deducing the private key from an incorrectly | |
| 349 | calculated signature. | |
| 350 | o Security fix: prevent Bleichenbacher's DSA attack. | |
| 351 | o Security fix: Zero the premaster secret after deriving the | |
| 352 | master secret in DH ciphersuites. | |
| 4fea8145 | 353 | o Reimplement SSL_peek(), which had various problems. |
| 307bf4da RL |
354 | o Compatibility fix: the function des_encrypt() renamed to |
| 355 | des_encrypt1() to avoid clashes with some Unixen libc. | |
| 7cdd2aa1 RL |
356 | o Bug fixes for Win32, HP/UX and Irix. |
| 357 | o Bug fixes in BIGNUM, SSL, PKCS#7, PKCS#12, X.509, CONF and | |
| 358 | memory checking routines. | |
| 5012158a | 359 | o Bug fixes for RSA operations in threaded environments. |
| 7cdd2aa1 RL |
360 | o Bug fixes in misc. openssl applications. |
| 361 | o Remove a few potential memory leaks. | |
| 362 | o Add tighter checks of BIGNUM routines. | |
| 363 | o Shared library support has been reworked for generality. | |
| 364 | o More documentation. | |
| 4fea8145 | 365 | o New function BN_rand_range(). |
| 7cdd2aa1 RL |
366 | o Add "-rand" option to openssl s_client and s_server. |
| 367 | ||
| 4e87e05b DSH |
368 | Major changes between OpenSSL 0.9.5a and OpenSSL 0.9.6: |
| 369 | ||
| 370 | o Some documentation for BIO and SSL libraries. | |
| 371 | o Enhanced chain verification using key identifiers. | |
| 372 | o New sign and verify options to 'dgst' application. | |
| 373 | o Support for DER and PEM encoded messages in 'smime' application. | |
| 374 | o New 'rsautl' application, low level RSA utility. | |
| b38d84d8 BM |
375 | o MD4 now included. |
| 376 | o Bugfix for SSL rollback padding check. | |
| 4dec4f64 | 377 | o Support for external crypto devices [1]. |
| fda05b21 | 378 | o Enhanced EVP interface. |
| b22bda21 | 379 | |
| 4dec4f64 BM |
380 | [1] The support for external crypto devices is currently a separate |
| 381 | distribution. See the file README.ENGINE. | |
| 382 | ||
| 35a79ecb RL |
383 | Major changes between OpenSSL 0.9.5 and OpenSSL 0.9.5a: |
| 384 | ||
| b7a81df4 | 385 | o Bug fixes for Win32, SuSE Linux, NeXTSTEP and FreeBSD 2.2.8 |
| 35a79ecb RL |
386 | o Shared library support for HPUX and Solaris-gcc |
| 387 | o Support of Linux/IA64 | |
| b7a81df4 | 388 | o Assembler support for Mingw32 |
| 35a79ecb RL |
389 | o New 'rand' application |
| 390 | o New way to check for existence of algorithms from scripts | |
| 391 | ||
| 0c235249 UM |
392 | Major changes between OpenSSL 0.9.4 and OpenSSL 0.9.5: |
| 393 | ||
| 90644dd7 | 394 | o S/MIME support in new 'smime' command |
| 0c235249 | 395 | o Documentation for the OpenSSL command line application |
| 90644dd7 DSH |
396 | o Automation of 'req' application |
| 397 | o Fixes to make s_client, s_server work under Windows | |
| 398 | o Support for multiple fieldnames in SPKACs | |
| 399 | o New SPKAC command line utilty and associated library functions | |
| ae1bb4e5 | 400 | o Options to allow passwords to be obtained from various sources |
| 90644dd7 DSH |
401 | o New public key PEM format and options to handle it |
| 402 | o Many other fixes and enhancements to command line utilities | |
| 403 | o Usable certificate chain verification | |
| 404 | o Certificate purpose checking | |
| 405 | o Certificate trust settings | |
| 406 | o Support of authority information access extension | |
| 407 | o Extensions in certificate requests | |
| 408 | o Simplified X509 name and attribute routines | |
| ae1bb4e5 | 409 | o Initial (incomplete) support for international character sets |
| 90644dd7 DSH |
410 | o New DH_METHOD, DSA_METHOD and enhanced RSA_METHOD |
| 411 | o Read only memory BIOs and simplified creation function | |
| 8bd5b794 BM |
412 | o TLS/SSL protocol bugfixes: Accept TLS 'client hello' in SSL 3.0 |
| 413 | record; allow fragmentation and interleaving of handshake and other | |
| 414 | data | |
| 90644dd7 | 415 | o TLS/SSL code now "tolerates" MS SGC |
| 8bd5b794 | 416 | o Work around for Netscape client certificate hang bug |
| 90644dd7 DSH |
417 | o RSA_NULL option that removes RSA patent code but keeps other |
| 418 | RSA functionality | |
| 07e6dbde BM |
419 | o Memory leak detection now allows applications to add extra information |
| 420 | via a per-thread stack | |
| 421 | o PRNG robustness improved | |
| 4d524e10 | 422 | o EGD support |
| 6d9ca500 | 423 | o BIGNUM library bug fixes |
| 4d524e10 | 424 | o Faster DSA parameter generation |
| 74235cc9 UM |
425 | o Enhanced support for Alpha Linux |
| 426 | o Experimental MacOS support | |
| 0c235249 | 427 | |
| ed7f60fb DSH |
428 | Major changes between OpenSSL 0.9.3 and OpenSSL 0.9.4: |
| 429 | ||
| 430 | o Transparent support for PKCS#8 format private keys: these are used | |
| c97cbcb3 BM |
431 | by several software packages and are more secure than the standard |
| 432 | form | |
| 433 | o PKCS#5 v2.0 implementation | |
| 434 | o Password callbacks have a new void * argument for application data | |
| 435 | o Avoid various memory leaks | |
| 436 | o New pipe-like BIO that allows using the SSL library when actual I/O | |
| 437 | must be handled by the application (BIO pair) | |
| ed7f60fb | 438 | |
| 8e8a8a5f | 439 | Major changes between OpenSSL 0.9.2b and OpenSSL 0.9.3: |
| 9de649ff UM |
440 | o Lots of enhancements and cleanups to the Configuration mechanism |
| 441 | o RSA OEAP related fixes | |
| 8e8a8a5f RE |
442 | o Added `openssl ca -revoke' option for revoking a certificate |
| 443 | o Source cleanups: const correctness, type-safe stacks and ASN.1 SETs | |
| 444 | o Source tree cleanups: removed lots of obsolete files | |
| 703126f0 | 445 | o Thawte SXNet, certificate policies and CRL distribution points |
| a03dd7a6 | 446 | extension support |
| 703126f0 DSH |
447 | o Preliminary (experimental) S/MIME support |
| 448 | o Support for ASN.1 UTF8String and VisibleString | |
| 449 | o Full integration of PKCS#12 code | |
| 2cf9fcda | 450 | o Sparc assembler bignum implementation, optimized hash functions |
| b0759f87 | 451 | o Option to disable selected ciphers |
| 8e8a8a5f | 452 | |
| d343d272 | 453 | Major changes between OpenSSL 0.9.1c and OpenSSL 0.9.2b: |
| 738769ff RE |
454 | o Fixed a security hole related to session resumption |
| 455 | o Fixed RSA encryption routines for the p < q case | |
| 456 | o "ALL" in cipher lists now means "everything except NULL ciphers" | |
| 3b52c2e7 RE |
457 | o Support for Triple-DES CBCM cipher |
| 458 | o Support of Optimal Asymmetric Encryption Padding (OAEP) for RSA | |
| 459 | o First support for new TLSv1 ciphers | |
| 460 | o Added a few new BIOs (syslog BIO, reliable BIO) | |
| 461 | o Extended support for DSA certificate/keys. | |
| 03e20a1a | 462 | o Extended support for Certificate Signing Requests (CSR) |
| 3b52c2e7 RE |
463 | o Initial support for X.509v3 extensions |
| 464 | o Extended support for compression inside the SSL record layer | |
| 465 | o Overhauled Win32 builds | |
| 466 | o Cleanups and fixes to the Big Number (BN) library | |
| 467 | o Support for ASN.1 GeneralizedTime | |
| 468 | o Splitted ASN.1 SETs from SEQUENCEs | |
| 469 | o ASN1 and PEM support for Netscape Certificate Sequences | |
| 470 | o Overhauled Perl interface | |
| 471 | o Lots of source tree cleanups. | |
| 472 | o Lots of memory leak fixes. | |
| 473 | o Lots of bug fixes. | |
| 474 | ||
| 475 | Major changes between SSLeay 0.9.0b and OpenSSL 0.9.1c: | |
| 476 | o Integration of the popular NO_RSA/NO_DSA patches | |
| 477 | o Initial support for compression inside the SSL record layer | |
| 478 | o Added BIO proxy and filtering functionality | |
| 479 | o Extended Big Number (BN) library | |
| 480 | o Added RIPE MD160 message digest | |
| 481 | o Addeed support for RC2/64bit cipher | |
| 482 | o Extended ASN.1 parser routines | |
| 483 | o Adjustations of the source tree for CVS | |
| 484 | o Support for various new platforms | |
| 485 |