1998-12-22 23:04:48 +08:00
|
|
|
|
|
1998-12-23 15:38:54 +08:00
|
|
|
|
OpenSSL CHANGES
|
1998-12-22 23:04:48 +08:00
|
|
|
|
_______________
|
|
|
|
|
|
|
|
|
|
|
1998-12-31 17:36:40 +08:00
|
|
|
|
Changes between 0.9.1c and 0.9.2
|
1999-01-30 19:36:05 +08:00
|
|
|
|
|
1999-01-31 20:14:39 +08:00
|
|
|
|
*) Add new function, EVP_MD_CTX_copy() to replace frequent use of memcpy.
|
|
|
|
|
[Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]
|
|
|
|
|
|
1999-01-31 19:10:10 +08:00
|
|
|
|
*) Make sure `make rehash' target really finds the `openssl' program.
|
|
|
|
|
[Ralf S. Engelschall, Matthias Loepfe <Matthias.Loepfe@adnovum.ch>]
|
|
|
|
|
|
1999-01-31 01:53:00 +08:00
|
|
|
|
*) Squeeze another 7% of speed out of MD5 assembler, at least on a P2. I'd
|
|
|
|
|
like to hear about it if this slows down other processors.
|
|
|
|
|
[Ben Laurie]
|
|
|
|
|
|
1999-01-30 19:50:48 +08:00
|
|
|
|
*) Add CygWin32 platform information to Configure script.
|
|
|
|
|
[Alan Batie <batie@aahz.jf.intel.com>]
|
|
|
|
|
|
1999-01-30 19:36:05 +08:00
|
|
|
|
*) Fixed ms/32all.bat script: `no_asm' -> `no-asm'
|
|
|
|
|
[Rainer W. Gerling <gerling@mpg-gv.mpg.de>]
|
1999-01-30 07:34:19 +08:00
|
|
|
|
|
|
|
|
|
*) New program nseq to manipulate netscape certificate sequences
|
|
|
|
|
[Steve Henson]
|
1998-12-23 20:09:47 +08:00
|
|
|
|
|
1999-01-29 09:53:55 +08:00
|
|
|
|
*) Modify crl2pkcs7 so it supports multiple -certfile arguments. Fix a
|
|
|
|
|
few typos.
|
|
|
|
|
[Steve Henson]
|
|
|
|
|
|
1999-01-28 18:40:38 +08:00
|
|
|
|
*) Fixes to BN code. Previously the default was to define BN_RECURSION
|
|
|
|
|
but the BN code had some problems that would cause failures when
|
|
|
|
|
doing certificate verification and some other functions.
|
|
|
|
|
[Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]
|
|
|
|
|
|
1999-01-28 08:16:44 +08:00
|
|
|
|
*) Add ASN1 and PEM code to support netscape certificate sequences.
|
|
|
|
|
[Steve Henson]
|
|
|
|
|
|
1999-01-30 07:34:19 +08:00
|
|
|
|
*) Add ASN1 and PEM code to support netscape certificate sequences.
|
|
|
|
|
[Steve Henson]
|
|
|
|
|
|
1999-01-27 07:13:14 +08:00
|
|
|
|
*) Add several PKIX and private extended key usage OIDs.
|
|
|
|
|
[Steve Henson]
|
|
|
|
|
|
1999-01-26 09:19:27 +08:00
|
|
|
|
*) Modify the 'ca' program to handle the new extension code. Modify
|
|
|
|
|
openssl.cnf for new extension format, add comments.
|
|
|
|
|
[Steve Henson]
|
|
|
|
|
|
1999-01-25 09:09:21 +08:00
|
|
|
|
*) More X509 V3 changes. Fix typo in v3_bitstr.c. Add support to 'req'
|
|
|
|
|
and add a sample to openssl.cnf so req -x509 now adds appropriate
|
|
|
|
|
CA extensions.
|
|
|
|
|
[Steve Henson]
|
|
|
|
|
|
1999-01-25 01:50:32 +08:00
|
|
|
|
*) Continued X509 V3 changes. Add to other makefiles, integrate with the
|
|
|
|
|
error code, add initial support to X509_print() and x509 application.
|
1999-01-25 09:09:21 +08:00
|
|
|
|
[Steve Henson]
|
1999-01-25 01:50:32 +08:00
|
|
|
|
|
1999-01-24 08:50:01 +08:00
|
|
|
|
*) Takes a deep breath and start addding X509 V3 extension support code. Add
|
|
|
|
|
files in crypto/x509v3. Move original stuff to crypto/x509v3/old. All this
|
|
|
|
|
stuff is currently isolated and isn't even compiled yet.
|
|
|
|
|
[Steve Henson]
|
|
|
|
|
|
1999-01-20 08:14:40 +08:00
|
|
|
|
*) Continuing patches for GeneralizedTime. Fix up certificate and CRL
|
|
|
|
|
ASN1 to use ASN1_TIME and modify print routines to use ASN1_TIME_print.
|
|
|
|
|
Removed the versions check from X509 routines when loading extensions:
|
|
|
|
|
this allows certain broken certificates that don't set the version
|
|
|
|
|
properly to be processed.
|
|
|
|
|
[Steve Henson]
|
|
|
|
|
|
1999-01-20 05:36:31 +08:00
|
|
|
|
*) Deal with irritating shit to do with dependencies, in YAAHW (Yet Another
|
|
|
|
|
Ad Hoc Way) - Makefile.ssls now all contain local dependencies, which
|
|
|
|
|
can still be regenerated with "make depend".
|
|
|
|
|
[Ben Laurie]
|
|
|
|
|
|
1999-01-20 03:18:20 +08:00
|
|
|
|
*) Spelling mistake in C version of CAST-128.
|
|
|
|
|
[Ben Laurie, reported by Jeremy Hylton <jeremy@cnri.reston.va.us>]
|
|
|
|
|
|
1999-01-19 06:18:38 +08:00
|
|
|
|
*) Changes to the error generation code. The perl script err-code.pl
|
|
|
|
|
now reads in the old error codes and retains the old numbers, only
|
|
|
|
|
adding new ones if necessary. It also only changes the .err files if new
|
|
|
|
|
codes are added. The makefiles have been modified to only insert errors
|
|
|
|
|
when needed (to avoid needlessly modifying header files). This is done
|
|
|
|
|
by only inserting errors if the .err file is newer than the auto generated
|
|
|
|
|
C file. To rebuild all the error codes from scratch (the old behaviour)
|
|
|
|
|
either modify crypto/Makefile.ssl to pass the -regen flag to err_code.pl
|
|
|
|
|
or delete all the .err files.
|
1999-01-20 08:14:40 +08:00
|
|
|
|
[Steve Henson]
|
1999-01-19 06:18:38 +08:00
|
|
|
|
|
1999-01-18 00:26:24 +08:00
|
|
|
|
*) CAST-128 was incorrectly implemented for short keys. The C version has
|
|
|
|
|
been fixed, but is untested. The assembler versions are also fixed, but
|
|
|
|
|
new assembler HAS NOT BEEN GENERATED FOR WIN32 - the Makefile needs fixing
|
|
|
|
|
to regenerate it if needed.
|
|
|
|
|
[Ben Laurie, reported (with fix for C version) by Jun-ichiro itojun
|
|
|
|
|
Hagino <itojun@kame.net>]
|
|
|
|
|
|
|
|
|
|
*) File was opened incorrectly in randfile.c.
|
|
|
|
|
[Ulf M<>ller <ulf@fitug.de>]
|
|
|
|
|
|
1999-01-17 23:10:33 +08:00
|
|
|
|
*) Beginning of support for GeneralizedTime. d2i, i2d, check and print
|
|
|
|
|
functions. Also ASN1_TIME suite which is a CHOICE of UTCTime or
|
|
|
|
|
GeneralizedTime. ASN1_TIME is the proper type used in certificates et
|
|
|
|
|
al: it's just almost always a UTCTime. Note this patch adds new error
|
|
|
|
|
codes so do a "make errors" if there are problems.
|
|
|
|
|
[Steve Henson]
|
|
|
|
|
|
1999-01-17 22:20:20 +08:00
|
|
|
|
*) Correct Linux 1 recognition in config.
|
|
|
|
|
[Ulf M<>ller <ulf@fitug.de>]
|
|
|
|
|
|
1999-01-17 22:14:41 +08:00
|
|
|
|
*) Remove pointless MD5 hash when using DSA keys in ca.
|
|
|
|
|
[Anonymous <nobody@replay.com>]
|
|
|
|
|
|
1999-01-17 22:10:08 +08:00
|
|
|
|
*) Generate an error if given an empty string as a cert directory. Also
|
|
|
|
|
generate an error if handed NULL (previously returned 0 to indicate an
|
|
|
|
|
error, but didn't set one).
|
|
|
|
|
[Ben Laurie, reported by Anonymous <nobody@replay.com>]
|
|
|
|
|
|
1999-01-17 02:46:23 +08:00
|
|
|
|
*) Add prototypes to SSL methods. Make SSL_write's buffer const, at last.
|
|
|
|
|
[Ben Laurie]
|
|
|
|
|
|
1999-01-15 02:25:07 +08:00
|
|
|
|
*) Fix the dummy function BN_ref_mod_exp() in rsaref.c to have the correct
|
|
|
|
|
parameters. This was causing a warning which killed off the Win32 compile.
|
|
|
|
|
[Steve Henson]
|
|
|
|
|
|
1999-01-15 02:21:57 +08:00
|
|
|
|
*) Remove C++ style comments from crypto/bn/bn_local.h.
|
|
|
|
|
[Neil Costigan <neil.costigan@celocom.com>]
|
|
|
|
|
|
1999-01-13 02:40:33 +08:00
|
|
|
|
*) The function OBJ_txt2nid was broken. It was supposed to return a nid
|
|
|
|
|
based on a text string, looking up short and long names and finally
|
|
|
|
|
"dot" format. The "dot" format stuff didn't work. Added new function
|
|
|
|
|
OBJ_txt2obj to do the same but return an ASN1_OBJECT and rewrote
|
|
|
|
|
OBJ_txt2nid to use it. OBJ_txt2obj can also return objects even if the
|
|
|
|
|
OID is not part of the table.
|
|
|
|
|
[Steve Henson]
|
|
|
|
|
|
1999-01-11 04:36:02 +08:00
|
|
|
|
*) Add prototypes to X509 lookup/verify methods, fixing a bug in
|
|
|
|
|
X509_LOOKUP_by_alias().
|
|
|
|
|
[Ben Laurie]
|
|
|
|
|
|
1999-01-10 03:15:59 +08:00
|
|
|
|
*) Sort openssl functions by name.
|
|
|
|
|
[Ben Laurie]
|
|
|
|
|
|
1999-01-10 01:29:34 +08:00
|
|
|
|
*) Get the gendsa program working (hopefully) and add it to app list. Remove
|
|
|
|
|
encryption from sample DSA keys (in case anyone is interested the password
|
|
|
|
|
was "1234").
|
|
|
|
|
[Steve Henson]
|
|
|
|
|
|
1999-01-08 03:15:59 +08:00
|
|
|
|
*) Make _all_ *_free functions accept a NULL pointer.
|
|
|
|
|
[Frans Heymans <fheymans@isaserver.be>]
|
|
|
|
|
|
1999-01-07 08:37:01 +08:00
|
|
|
|
*) If a DH key is generated in s3_srvr.c, don't blow it by trying to use
|
|
|
|
|
NULL pointers.
|
|
|
|
|
[Anonymous <nobody@replay.com>]
|
|
|
|
|
|
1999-01-07 08:16:37 +08:00
|
|
|
|
*) s_server should send the CAfile as acceptable CAs, not its own cert.
|
|
|
|
|
[Bodo Moeller <3moeller@informatik.uni-hamburg.de>]
|
|
|
|
|
|
1999-01-07 08:10:32 +08:00
|
|
|
|
*) Don't blow it for numeric -newkey arguments to apps/req.
|
|
|
|
|
[Bodo Moeller <3moeller@informatik.uni-hamburg.de>]
|
|
|
|
|
|
1999-01-07 07:18:08 +08:00
|
|
|
|
*) Temp key "for export" tests were wrong in s3_srvr.c.
|
|
|
|
|
[Anonymous <nobody@replay.com>]
|
|
|
|
|
|
1999-01-07 06:53:34 +08:00
|
|
|
|
*) Add prototype for temp key callback functions
|
|
|
|
|
SSL_CTX_set_tmp_{rsa,dh}_callback().
|
|
|
|
|
[Ben Laurie]
|
|
|
|
|
|
1999-01-06 09:39:24 +08:00
|
|
|
|
*) Make DH_free() tolerate being passed a NULL pointer (like RSA_free() and
|
|
|
|
|
DSA_free()). Make X509_PUBKEY_set() check for errors in d2i_PublicKey().
|
1999-01-06 09:41:21 +08:00
|
|
|
|
[Steve Henson]
|
1999-01-06 09:39:24 +08:00
|
|
|
|
|
1999-01-05 05:43:32 +08:00
|
|
|
|
*) X509_name_add_entry() freed the wrong thing after an error.
|
|
|
|
|
[Arne Ansper <arne@ats.cyber.ee>]
|
|
|
|
|
|
1999-01-05 05:39:34 +08:00
|
|
|
|
*) rsa_eay.c would attempt to free a NULL context.
|
|
|
|
|
[Arne Ansper <arne@ats.cyber.ee>]
|
|
|
|
|
|
1999-01-05 04:11:31 +08:00
|
|
|
|
*) BIO_s_socket() had a broken should_retry() on Windoze.
|
|
|
|
|
[Arne Ansper <arne@ats.cyber.ee>]
|
|
|
|
|
|
1999-01-05 03:55:12 +08:00
|
|
|
|
*) BIO_f_buffer() didn't pass on BIO_CTRL_FLUSH.
|
|
|
|
|
[Arne Ansper <arne@ats.cyber.ee>]
|
|
|
|
|
|
1999-01-03 23:31:11 +08:00
|
|
|
|
*) Make sure the already existing X509_STORE->depth variable is initialized
|
|
|
|
|
in X509_STORE_new(), but document the fact that this variable is still
|
|
|
|
|
unused in the certificate verification process.
|
|
|
|
|
[Ralf S. Engelschall]
|
|
|
|
|
|
1999-01-03 09:08:33 +08:00
|
|
|
|
*) Fix the various library and apps files to free up pkeys obtained from
|
1999-01-06 09:39:24 +08:00
|
|
|
|
X509_PUBKEY_get() et al. Also allow x509.c to handle netscape extensions.
|
1999-01-03 09:08:33 +08:00
|
|
|
|
[Steve Henson]
|
|
|
|
|
|
1999-01-03 03:04:27 +08:00
|
|
|
|
*) Fix reference counting in X509_PUBKEY_get(). This makes
|
|
|
|
|
demos/maurice/example2.c work, amongst others, probably.
|
|
|
|
|
[Steve Henson and Ben Laurie]
|
|
|
|
|
|
1999-01-02 20:59:33 +08:00
|
|
|
|
*) First cut of a cleanup for apps/. First the `ssleay' program is now named
|
|
|
|
|
`openssl' and second, the shortcut symlinks for the `openssl <command>'
|
|
|
|
|
are no longer created. This way we have a single and consistent command
|
|
|
|
|
line interface `openssl <command>', similar to `cvs <command>'.
|
1999-01-03 03:04:27 +08:00
|
|
|
|
[Ralf S. Engelschall, Paul Sutton and Ben Laurie]
|
1999-01-02 20:59:33 +08:00
|
|
|
|
|
1999-01-02 09:53:06 +08:00
|
|
|
|
*) ca.c: move test for DSA keys inside #ifndef NO_DSA. Make pubkey
|
|
|
|
|
BIT STRING wrapper always have zero unused bits.
|
|
|
|
|
[Steve Henson]
|
|
|
|
|
|
1999-01-02 02:43:44 +08:00
|
|
|
|
*) Add CA.pl, perl version of CA.sh, add extended key usage OID.
|
|
|
|
|
[Steve Henson]
|
|
|
|
|
|
1999-01-01 22:04:07 +08:00
|
|
|
|
*) Make the top-level INSTALL documentation easier to understand.
|
|
|
|
|
[Paul Sutton]
|
|
|
|
|
|
1999-01-01 20:51:11 +08:00
|
|
|
|
*) Makefiles updated to exit if an error occurs in a sub-directory
|
|
|
|
|
make (including if user presses ^C) [Paul Sutton]
|
|
|
|
|
|
1999-01-01 01:11:46 +08:00
|
|
|
|
*) Make Montgomery context stuff explicit in RSA data structure.
|
|
|
|
|
[Ben Laurie]
|
|
|
|
|
|
|
|
|
|
*) Fix build order of pem and err to allow for generated pem.h.
|
|
|
|
|
[Ben Laurie]
|
|
|
|
|
|
|
|
|
|
*) Fix renumbering bug in X509_NAME_delete_entry().
|
|
|
|
|
[Ben Laurie]
|
|
|
|
|
|
1998-12-31 09:35:07 +08:00
|
|
|
|
*) Enhanced the err-ins.pl script so it makes the error library number
|
|
|
|
|
global and can add a library name. This is needed for external ASN1 and
|
|
|
|
|
other error libraries.
|
|
|
|
|
[Steve Henson]
|
|
|
|
|
|
|
|
|
|
*) Fixed sk_insert which never worked properly.
|
|
|
|
|
[Steve Henson]
|
|
|
|
|
|
|
|
|
|
*) Fix ASN1 macros so they can handle indefinite length construted
|
|
|
|
|
EXPLICIT tags. Some non standard certificates use these: they can now
|
|
|
|
|
be read in.
|
|
|
|
|
[Steve Henson]
|
|
|
|
|
|
1998-12-31 07:07:32 +08:00
|
|
|
|
*) Merged the various old/obsolete SSLeay documentation files (doc/xxx.doc)
|
|
|
|
|
into a single doc/ssleay.txt bundle. This way the information is still
|
|
|
|
|
preserved but no longer messes up this directory. Now it's new room for
|
|
|
|
|
the new set of documenation files.
|
|
|
|
|
[Ralf S. Engelschall]
|
|
|
|
|
|
1998-12-30 05:43:55 +08:00
|
|
|
|
*) SETs were incorrectly DER encoded. This was a major pain, because they
|
|
|
|
|
shared code with SEQUENCEs, which aren't coded the same. This means that
|
|
|
|
|
almost everything to do with SETs or SEQUENCEs has either changed name or
|
|
|
|
|
number of arguments.
|
|
|
|
|
[Ben Laurie, based on a partial fix by GP Jayan <gp@nsj.co.jp>]
|
|
|
|
|
|
|
|
|
|
*) Fix test data to work with the above.
|
|
|
|
|
[Ben Laurie]
|
|
|
|
|
|
1998-12-30 01:22:31 +08:00
|
|
|
|
*) Fix the RSA header declarations that hid a bug I fixed in 0.9.0b but
|
|
|
|
|
was already fixed by Eric for 0.9.1 it seems.
|
1998-12-31 07:09:13 +08:00
|
|
|
|
[Ben Laurie - pointed out by Ulf M<>ller <ulf@fitug.de>]
|
1998-12-30 01:22:31 +08:00
|
|
|
|
|
1998-12-29 01:14:28 +08:00
|
|
|
|
*) Autodetect FreeBSD3.
|
|
|
|
|
[Ben Laurie]
|
|
|
|
|
|
1998-12-29 01:08:48 +08:00
|
|
|
|
*) Fix various bugs in Configure. This affects the following platforms:
|
|
|
|
|
nextstep
|
|
|
|
|
ncr-scde
|
|
|
|
|
unixware-2.0
|
|
|
|
|
unixware-2.0-pentium
|
|
|
|
|
sco5-cc.
|
|
|
|
|
[Ben Laurie]
|
1998-12-26 20:42:56 +08:00
|
|
|
|
|
1998-12-29 05:58:19 +08:00
|
|
|
|
*) Eliminate generated files from CVS. Reorder tests to regenerate files
|
|
|
|
|
before they are needed.
|
|
|
|
|
[Ben Laurie]
|
|
|
|
|
|
|
|
|
|
*) Generate Makefile.ssl from Makefile.org (to keep CVS happy).
|
|
|
|
|
[Ben Laurie]
|
|
|
|
|
|
1998-12-29 01:15:43 +08:00
|
|
|
|
Changes between 0.9.1b and 0.9.1c
|
1998-12-23 15:58:53 +08:00
|
|
|
|
|
1998-12-23 16:18:47 +08:00
|
|
|
|
*) Added OPENSSL_VERSION_NUMBER to crypto/crypto.h and
|
|
|
|
|
changed SSLeay to OpenSSL in version strings.
|
1998-12-23 15:58:53 +08:00
|
|
|
|
[Ralf S. Engelschall]
|
1998-12-23 15:42:26 +08:00
|
|
|
|
|
|
|
|
|
*) Some fixups to the top-level documents.
|
|
|
|
|
[Paul Sutton]
|
1998-12-22 23:04:48 +08:00
|
|
|
|
|
1998-12-22 23:59:57 +08:00
|
|
|
|
*) Fixed the nasty bug where rsaref.h was not found under compile-time
|
|
|
|
|
because the symlink to include/ was missing.
|
|
|
|
|
[Ralf S. Engelschall]
|
|
|
|
|
|
|
|
|
|
*) Incorporated the popular no-RSA/DSA-only patches
|
|
|
|
|
which allow to compile a RSA-free SSLeay.
|
1998-12-23 20:09:47 +08:00
|
|
|
|
[Andrew Cooke / Interrader Ldt., Ralf S. Engelschall]
|
1998-12-22 23:59:57 +08:00
|
|
|
|
|
|
|
|
|
*) Fixed nasty rehash problem under `make -f Makefile.ssl links'
|
|
|
|
|
when "ssleay" is still not found.
|
|
|
|
|
[Ralf S. Engelschall]
|
|
|
|
|
|
|
|
|
|
*) Added more platforms to Configure: Cray T3E, HPUX 11,
|
|
|
|
|
[Ralf S. Engelschall, Beckmann <beckman@acl.lanl.gov>]
|
|
|
|
|
|
1998-12-22 23:04:48 +08:00
|
|
|
|
*) Updated the README file.
|
|
|
|
|
[Ralf S. Engelschall]
|
|
|
|
|
|
|
|
|
|
*) Added various .cvsignore files in the CVS repository subdirs
|
|
|
|
|
to make a "cvs update" really silent.
|
|
|
|
|
[Ralf S. Engelschall]
|
|
|
|
|
|
|
|
|
|
*) Recompiled the error-definition header files and added
|
|
|
|
|
missing symbols to the Win32 linker tables.
|
|
|
|
|
[Ralf S. Engelschall]
|
|
|
|
|
|
|
|
|
|
*) Cleaned up the top-level documents;
|
|
|
|
|
o new files: CHANGES and LICENSE
|
|
|
|
|
o merged VERSION, HISTORY* and README* files a CHANGES.SSLeay
|
|
|
|
|
o merged COPYRIGHT into LICENSE
|
|
|
|
|
o removed obsolete TODO file
|
|
|
|
|
o renamed MICROSOFT to INSTALL.W32
|
|
|
|
|
[Ralf S. Engelschall]
|
|
|
|
|
|
|
|
|
|
*) Removed dummy files from the 0.9.1b source tree:
|
|
|
|
|
crypto/asn1/x crypto/bio/cd crypto/bio/fg crypto/bio/grep crypto/bio/vi
|
|
|
|
|
crypto/bn/asm/......add.c crypto/bn/asm/a.out crypto/dsa/f crypto/md5/f
|
|
|
|
|
crypto/pem/gmon.out crypto/perlasm/f crypto/pkcs7/build crypto/rsa/f
|
|
|
|
|
crypto/sha/asm/f crypto/threads/f ms/zzz ssl/f ssl/f.mak test/f
|
|
|
|
|
util/f.mak util/pl/f util/pl/f.mak crypto/bf/bf_locl.old apps/f
|
|
|
|
|
[Ralf S. Engelschall]
|
|
|
|
|
|
1998-12-22 23:59:57 +08:00
|
|
|
|
*) Added various platform portability fixes.
|
1998-12-23 15:42:26 +08:00
|
|
|
|
[Mark J. Cox]
|
1998-12-22 23:04:48 +08:00
|
|
|
|
|
1998-12-23 15:38:54 +08:00
|
|
|
|
*) The Genesis of the OpenSSL rpject:
|
1998-12-22 23:04:48 +08:00
|
|
|
|
We start with the latest (unreleased) SSLeay version 0.9.1b which Eric A.
|
1998-12-30 01:22:31 +08:00
|
|
|
|
Young and Tim J. Hudson created while they were working for C2Net until
|
1998-12-22 23:04:48 +08:00
|
|
|
|
summer 1998.
|
1998-12-23 15:38:54 +08:00
|
|
|
|
[The OpenSSL Project]
|
1998-12-22 23:04:48 +08:00
|
|
|
|
|
|
|
|
|
Changes between 0.9.0b and 0.9.1b
|
|
|
|
|
|
|
|
|
|
*) Updated a few CA certificates under certs/
|
|
|
|
|
[Eric A. Young]
|
|
|
|
|
|
|
|
|
|
*) Changed some BIGNUM api stuff.
|
|
|
|
|
[Eric A. Young]
|
|
|
|
|
|
|
|
|
|
*) Various platform ports: OpenBSD, Ultrix, IRIX 64bit, NetBSD,
|
|
|
|
|
DGUX x86, Linux Alpha, etc.
|
|
|
|
|
[Eric A. Young]
|
|
|
|
|
|
|
|
|
|
*) New COMP library [crypto/comp/] for SSL Record Layer Compression:
|
|
|
|
|
RLE (dummy implemented) and ZLIB (really implemented when ZLIB is
|
|
|
|
|
available).
|
|
|
|
|
[Eric A. Young]
|
|
|
|
|
|
|
|
|
|
*) Add -strparse option to asn1pars program which parses nested
|
|
|
|
|
binary structures
|
|
|
|
|
[Dr Stephen Henson <shenson@bigfoot.com>]
|
|
|
|
|
|
|
|
|
|
*) Added "oid_file" to ssleay.cnf for "ca" and "req" programs.
|
|
|
|
|
[Eric A. Young]
|
|
|
|
|
|
|
|
|
|
*) DSA fix for "ca" program.
|
|
|
|
|
[Eric A. Young]
|
|
|
|
|
|
|
|
|
|
*) Added "-genkey" option to "dsaparam" program.
|
|
|
|
|
[Eric A. Young]
|
|
|
|
|
|
|
|
|
|
*) Added RIPE MD160 (rmd160) message digest.
|
|
|
|
|
[Eric A. Young]
|
|
|
|
|
|
|
|
|
|
*) Added -a (all) option to "ssleay version" command.
|
|
|
|
|
[Eric A. Young]
|
|
|
|
|
|
|
|
|
|
*) Added PLATFORM define which is the id given to Configure.
|
|
|
|
|
[Eric A. Young]
|
|
|
|
|
|
|
|
|
|
*) Added MemCheck_XXXX functions to crypto/mem.c for memory checking.
|
|
|
|
|
[Eric A. Young]
|
|
|
|
|
|
|
|
|
|
*) Extended the ASN.1 parser routines.
|
|
|
|
|
[Eric A. Young]
|
|
|
|
|
|
|
|
|
|
*) Extended BIO routines to support REUSEADDR, seek, tell, etc.
|
|
|
|
|
[Eric A. Young]
|
|
|
|
|
|
|
|
|
|
*) Added a BN_CTX to the BN library.
|
|
|
|
|
[Eric A. Young]
|
|
|
|
|
|
|
|
|
|
*) Fixed the weak key values in DES library
|
|
|
|
|
[Eric A. Young]
|
|
|
|
|
|
|
|
|
|
*) Changed API in EVP library for cipher aliases.
|
|
|
|
|
[Eric A. Young]
|
|
|
|
|
|
|
|
|
|
*) Added support for RC2/64bit cipher.
|
|
|
|
|
[Eric A. Young]
|
|
|
|
|
|
|
|
|
|
*) Converted the lhash library to the crypto/mem.c functions.
|
|
|
|
|
[Eric A. Young]
|
|
|
|
|
|
|
|
|
|
*) Added more recognized ASN.1 object ids.
|
|
|
|
|
[Eric A. Young]
|
|
|
|
|
|
|
|
|
|
*) Added more RSA padding checks for SSL/TLS.
|
|
|
|
|
[Eric A. Young]
|
|
|
|
|
|
|
|
|
|
*) Added BIO proxy/filter functionality.
|
|
|
|
|
[Eric A. Young]
|
|
|
|
|
|
|
|
|
|
*) Added extra_certs to SSL_CTX which can be used
|
|
|
|
|
send extra CA certificates to the client in the CA cert chain sending
|
|
|
|
|
process. It can be configured with SSL_CTX_add_extra_chain_cert().
|
|
|
|
|
[Eric A. Young]
|
|
|
|
|
|
|
|
|
|
*) Now Fortezza is denied in the authentication phase because
|
|
|
|
|
this is key exchange mechanism is not supported by SSLeay at all.
|
|
|
|
|
[Eric A. Young]
|
|
|
|
|
|
|
|
|
|
*) Additional PKCS1 checks.
|
|
|
|
|
[Eric A. Young]
|
|
|
|
|
|
|
|
|
|
*) Support the string "TLSv1" for all TLS v1 ciphers.
|
|
|
|
|
[Eric A. Young]
|
|
|
|
|
|
|
|
|
|
*) Added function SSL_get_ex_data_X509_STORE_CTX_idx() which gives the
|
|
|
|
|
ex_data index of the SSL context in the X509_STORE_CTX ex_data.
|
|
|
|
|
[Eric A. Young]
|
|
|
|
|
|
|
|
|
|
*) Fixed a few memory leaks.
|
|
|
|
|
[Eric A. Young]
|
|
|
|
|
|
|
|
|
|
*) Fixed various code and comment typos.
|
|
|
|
|
[Eric A. Young]
|
|
|
|
|
|
|
|
|
|
*) A minor bug in ssl/s3_clnt.c where there would always be 4 0
|
|
|
|
|
bytes sent in the client random.
|
|
|
|
|
[Edward Bishop <ebishop@spyglass.com>]
|
|
|
|
|
|