From: Matt Caswell <matt@openssl.org>
Date: Thu, 15 Oct 2020 10:40:18 +0000 (+0100)
Subject: Add a CHANGES entry for the SSL_SECOP_TMP_DH change
X-Git-Tag: OpenSSL_1_1_1i~28
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ed7cdb954e96d463add20f584f5e7ce99560af27;p=thirdparty%2Fopenssl.git

Add a CHANGES entry for the SSL_SECOP_TMP_DH change

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/13136)
---

diff --git a/CHANGES b/CHANGES
index fcb824c02d5..401ae7a339c 100644
--- a/CHANGES
+++ b/CHANGES
@@ -9,7 +9,15 @@
 
  Changes between 1.1.1h and 1.1.1i [xx XXX xxxx]
 
-  *)
+  *) The security callback, which can be customised by application code, supports
+     the security operation SSL_SECOP_TMP_DH. This is defined to take an EVP_PKEY
+     in the "other" parameter. In most places this is what is passed. All these
+     places occur server side. However there was one client side call of this
+     security operation and it passed a DH object instead. This is incorrect
+     according to the definition of SSL_SECOP_TMP_DH, and is inconsistent with all
+     of the other locations. Therefore this client side call has been changed to
+     pass an EVP_PKEY instead.
+     [Matt Caswell]
 
  Changes between 1.1.1g and 1.1.1h [22 Sep 2020]