Add support for distinct certificate chains per key type and per SSL

structure. Before this the only way to add a custom chain was in the parent SSL_CTX (which is shared by all key types and SSL structures) or rely on auto chain building (which is performed on each handshake) from the trust store.
author: Dr. Stephen Henson <steve@openssl.org> 2012-01-31 14:00:10 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2012-01-31 14:00:10 +0000
commit: f71c6e52f769af0d2d40ed7e1dcb4fff837837a0 (patch)
tree: b015ad5bdf53d7e33677379876112c58437e42d0 /CHANGES
parent: 9ade64dedfeb7a36f1c4f1f804cb1be492e92319 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index 39fa10f292..86b2f92583 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,10 @@
 
  Changes between 1.0.1 and 1.1.0  [xx XXX xxxx]
 
+  *) Enhance SSL/TLS certificate chain handling to support different
+     chains for each certificate instead of one chain in the parent SSL_CTX.
+     [Steve Henson]
+
   *) Support for fixed DH ciphersuite client authentication: where both
      server and client use DH certificates with common parameters.
      [Steve Henson]
author	Dr. Stephen Henson <steve@openssl.org>	2012-01-31 14:00:10 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2012-01-31 14:00:10 +0000
commit	f71c6e52f769af0d2d40ed7e1dcb4fff837837a0 (patch)
tree	b015ad5bdf53d7e33677379876112c58437e42d0 /CHANGES
parent	9ade64dedfeb7a36f1c4f1f804cb1be492e92319 (diff)