Add a CHANGES entry for the SSL_SECOP_TMP_DH change

Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/13136)
2024-12-13 20:13:53 +08:00 · 2020-10-15 11:37:38 +01:00 · 2020-10-15 11:37:38 +01:00 · 372e72b19e
commit 372e72b19e
parent 47e81a1bfa
1 changed files with 11 additions and 0 deletions
--- a/CHANGES.md
+++ b/CHANGES.md
@ -23,6 +23,17 @@ OpenSSL 3.0

 ### Changes between 1.1.1 and 3.0 [xx XXX xxxx]

+ * The security callback, which can be customised by application code, supports
+   the security operation SSL_SECOP_TMP_DH. This is defined to take an EVP_PKEY
+   in the "other" parameter. In most places this is what is passed. All these
+   places occur server side. However there was one client side call of this
+   security operation and it passed a DH object instead. This is incorrect
+   according to the definition of SSL_SECOP_TMP_DH, and is inconsistent with all
+   of the other locations. Therefore this client side call has been changed to
+   pass an EVP_PKEY instead.
+
+   *Matt Caswell*
+
 * Add PKCS7_get_octet_string() and PKCS7_type_is_other() to the public
   interface. Their functionality remains unchanged.