diff options
author | Matt Caswell <matt@openssl.org> | 2020-10-15 11:37:38 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2020-10-16 14:58:44 +0100 |
commit | 372e72b19ee0b3584370fdea85e8be7dcf8b445b (patch) | |
tree | 3d887465d943140cf129fe0d675af12dfacab738 /CHANGES.md | |
parent | 47e81a1bfa5ebd21f23c19745c7f5f93d141b02f (diff) |
Add a CHANGES entry for the SSL_SECOP_TMP_DH change
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/13136)
Diffstat (limited to 'CHANGES.md')
-rw-r--r-- | CHANGES.md | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/CHANGES.md b/CHANGES.md index e7f4992cf1..ba068b4f9d 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -23,6 +23,17 @@ OpenSSL 3.0 ### Changes between 1.1.1 and 3.0 [xx XXX xxxx] + * The security callback, which can be customised by application code, supports + the security operation SSL_SECOP_TMP_DH. This is defined to take an EVP_PKEY + in the "other" parameter. In most places this is what is passed. All these + places occur server side. However there was one client side call of this + security operation and it passed a DH object instead. This is incorrect + according to the definition of SSL_SECOP_TMP_DH, and is inconsistent with all + of the other locations. Therefore this client side call has been changed to + pass an EVP_PKEY instead. + + *Matt Caswell* + * Add PKCS7_get_octet_string() and PKCS7_type_is_other() to the public interface. Their functionality remains unchanged. |