New function SSL_renegotiate_pending().

New option SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION.

1 files changed, 16 insertions, 0 deletions

diff --git a/CHANGES b/CHANGES
index ad5f9464e8..1d2c6cf98a 100644
--- a/CHANGES
+++ b/CHANGES
@@ -12,6 +12,22 @@
          *) applies to 0.9.6a/0.9.6b/0.9.6c and 0.9.7
          +) applies to 0.9.7 only
 
+  +) New function SSL_renegotiate_pending().  This returns true once
+     renegotiation has been requested (either SSL_renegotiate() call
+     or HelloRequest/ClientHello receveived from the peer) and becomes
+     false once a handshake has been completed.
+     (For servers, SSL_renegotiate() followed by SSL_do_handshake()
+     sends a HelloRequest, but does not ensure that a handshake takes
+     place.  SSL_renegotiate_pending() is useful for checking if the
+     client has followed the request.)
+     [Bodo Moeller]
+
+  +) New SSL option SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION.
+     By default, clients may request session resumption even during
+     renegotiation (if session ID contexts permit); with this option,
+     session resumption is possible only in the first handshake.
+     [Bodo Moeller]
+
   *) Fix ssl3_accept (ssl/s3_srvr.c): Do not call ssl_init_wbio_buffer()
      when just sending a HelloRequest as this could interfere with
      application data writes (and is totally unnecessary).