tls_process_{client,server}_certificate(): allow verify_callback return > 1

Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13937)
author: Dr. David von Oheimb <dev@ddvo.net> 2021-01-27 22:13:30 +0100
committer: Dr. David von Oheimb <dev@ddvo.net> 2021-07-21 11:46:18 +0200
commit: 4672e5de9e22a752870c9a05e0a92faef9e6f340 (patch)
tree: bbb19d03ec3a39680a6604cb02506e6e5d451464 /CHANGES.md
parent: ee11462d31e0f05bc75264ab40bf90ae55cb1d7c (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/CHANGES.md b/CHANGES.md
index 8109e0ad8d..49031339d0 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -292,6 +292,15 @@ breaking changes, and mappings for the large list of deprecated functions.
 
  * Deprecated the obsolete X9.31 RSA key generation related functions.
 
+ * While a callback function set via `SSL_CTX_set_cert_verify_callback()`
+   is not allowed to return a value > 1, this is no more taken as failure.
+
+   *Viktor Dukhovni and David von Oheimb*
+
+ * Deprecated the obsolete X9.31 RSA key generation related functions
+   BN_X931_generate_Xpq(), BN_X931_derive_prime_ex(), and
+   BN_X931_generate_prime_ex().
+
    *Tomáš Mráz*
 
  * The default key generation method for the regular 2-prime RSA keys was
author	Dr. David von Oheimb <dev@ddvo.net>	2021-01-27 22:13:30 +0100
committer	Dr. David von Oheimb <dev@ddvo.net>	2021-07-21 11:46:18 +0200
commit	4672e5de9e22a752870c9a05e0a92faef9e6f340 (patch)
tree	bbb19d03ec3a39680a6604cb02506e6e5d451464 /CHANGES.md
parent	ee11462d31e0f05bc75264ab40bf90ae55cb1d7c (diff)