Update from 1.0.0-stable.

author: Dr. Stephen Henson <steve@openssl.org> 2009-06-26 11:29:26 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2009-06-26 11:29:26 +0000
commit: f3be6c7b7d2081101c21c7a9b7ec39f4e86271e5 (patch)
tree: ef92e5f388f36bf637cde6f5f6cde8c4ccde525d /CHANGES
parent: 4aa902ebaffb385199b9d0fb850ca4f9f5cb795e (diff)
1 files changed, 4 insertions, 3 deletions
diff --git a/CHANGES b/CHANGES
index d74262e1bb..b886dbfeec 100644
--- a/CHANGES
+++ b/CHANGES
@@ -808,9 +808,10 @@
 
  Changes between 0.9.8k and 0.9.8l  [xx XXX xxxx]
 
-  *) Don't check self signed certificate signatures in X509_verify_cert():
-     it just wastes time without adding any security. As a useful side effect
-     self signed root CAs with non-FIPS digests are now usable in FIPS mode.
+  *) Don't check self signed certificate signatures in X509_verify_cert()
+     by default (a flag can override this): it just wastes time without
+     adding any security. As a useful side effect self signed root CAs
+     with non-FIPS digests are now usable in FIPS mode.
      [Steve Henson]
 
   *) In dtls1_process_out_of_seq_message() the check if the current message
author	Dr. Stephen Henson <steve@openssl.org>	2009-06-26 11:29:26 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2009-06-26 11:29:26 +0000
commit	f3be6c7b7d2081101c21c7a9b7ec39f4e86271e5 (patch)
tree	ef92e5f388f36bf637cde6f5f6cde8c4ccde525d /CHANGES
parent	4aa902ebaffb385199b9d0fb850ca4f9f5cb795e (diff)