Provisional support for TLS v1.2 client authentication: client side only.

Parse certificate request message and set digests appropriately. Generate new TLS v1.2 format certificate verify message. Keep handshake caches around for longer as they are needed for client auth.
author: Dr. Stephen Henson <steve@openssl.org> 2011-05-12 17:35:03 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2011-05-12 17:35:03 +0000
commit: 855a54a9a50b165c314262e5e626a18e4e5ce2ad (patch)
tree: e578d0c45dd039d84e43aa04d9eafe5241404106 /CHANGES
parent: 8f82912460c3066fc222d8e5893187df0566fc18 (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index 872ab107f7..03a626f3ec 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,11 @@
 
  Changes between 1.0.1 and 1.1.0  [xx XXX xxxx]
 
+  *) Add TLS v1.2 client side support for client authentication. Keep cache
+     of handshake records longer as we don't know the hash algorithm to use
+     until after the certificate request message is received.
+     [Steve Henson]
+
   *) Rename FIPS_mode_set and FIPS_mode to FIPS_module_mode_set and
      FIPS_module_mode. FIPS_mode and FIPS_mode_set will be implmeneted
      outside the validated module in the FIPS capable OpenSSL.
author	Dr. Stephen Henson <steve@openssl.org>	2011-05-12 17:35:03 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2011-05-12 17:35:03 +0000
commit	855a54a9a50b165c314262e5e626a18e4e5ce2ad (patch)
tree	e578d0c45dd039d84e43aa04d9eafe5241404106 /CHANGES
parent	8f82912460c3066fc222d8e5893187df0566fc18 (diff)