From: Matt Caswell <matt@openssl.org>
Date: Tue, 22 Sep 2020 12:13:17 +0000 (+0100)
Subject: Updates CHANGES and NEWS for the new release
X-Git-Tag: OpenSSL_1_1_1h~2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6f26a76d2d8caf5142a444a9aa60316aa99b21a2;p=thirdparty%2Fopenssl.git

Updates CHANGES and NEWS for the new release

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/12949)
---

diff --git a/CHANGES b/CHANGES
index ee5403dffc1..150af73395c 100644
--- a/CHANGES
+++ b/CHANGES
@@ -9,6 +9,10 @@
 
  Changes between 1.1.1g and 1.1.1h [xx XXX xxxx]
 
+  *) Certificates with explicit curve parameters are now disallowed in
+     verification chains if the X509_V_FLAG_X509_STRICT flag is used.
+     [Tomas Mraz]
+
   *) The 'MinProtocol' and 'MaxProtocol' configuration commands now silently
      ignore TLS protocol version bounds when configuring DTLS-based contexts, and
      conversely, silently ignore DTLS protocol version bounds when configuring
diff --git a/NEWS b/NEWS
index fc8ff7371a6..47db6cbb5d4 100644
--- a/NEWS
+++ b/NEWS
@@ -7,7 +7,11 @@
 
   Major changes between OpenSSL 1.1.1g and OpenSSL 1.1.1h [under development]
 
-      o
+      o Disallow explicit curve parameters in verifications chains when
+        X509_V_FLAG_X509_STRICT is used
+      o Enable 'MinProtocol' and 'MaxProtocol' to configure both TLS and DTLS
+        contexts
+      o Oracle Developer Studio will start reporting deprecation warnings
 
   Major changes between OpenSSL 1.1.1f and OpenSSL 1.1.1g [21 Apr 2020]