RFC7250 (RPK) support

Add support for the RFC7250 certificate-type extensions. Alows the use of only private keys for connection (i.e. certs not needed). Add APIs Add unit tests Add documentation Add s_client/s_server support Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18185)
author: Todd Short <tshort@akamai.com> 2021-01-27 14:23:33 -0500
committer: Todd Short <todd.short@me.com> 2023-03-28 13:49:54 -0400
commit: 3c95ef22df55cb2d9dc64ce1f3be6e5a8ee63206 (patch)
tree: 0f7fcff4ec4735c778595db4f4a85bce70715d8b /CHANGES.md
parent: 5ab3f71a33cb0140fc29ae9244cd4f8331c2f3a5 (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/CHANGES.md b/CHANGES.md
index 253f2fd823..452e5d0e74 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -25,6 +25,14 @@ OpenSSL 3.2
 
 ### Changes between 3.1 and 3.2 [xx XXX xxxx]
 
+ * Add Raw Public Key (RFC7250) support. Authentication is supported
+   by matching keys against either local policy (TLSA records synthesised
+   from the expected keys) or DANE (TLSA records obtained by the
+   application from DNS). TLSA records will also match the same key in
+   the server certificate, should RPK use not happen to be negotiated.
+
+   *Todd Short*
+
  * Added EC_GROUP_to_params which creates an OSSL_PARAM array
    from a given EC_GROUP.
author	Todd Short <tshort@akamai.com>	2021-01-27 14:23:33 -0500
committer	Todd Short <todd.short@me.com>	2023-03-28 13:49:54 -0400
commit	3c95ef22df55cb2d9dc64ce1f3be6e5a8ee63206 (patch)
tree	0f7fcff4ec4735c778595db4f4a85bce70715d8b /CHANGES.md
parent	5ab3f71a33cb0140fc29ae9244cd4f8331c2f3a5 (diff)