Support for AKID in CRLs and partial support for IDP. Overhaul of CRL

handling to support this.
author: Dr. Stephen Henson <steve@openssl.org> 2006-09-14 17:25:02 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2006-09-14 17:25:02 +0000
commit: bc7535bc7fe30fbba222c316a3957da7d906603b (patch)
tree: 2c7ea8fdce84052210512bb62f66c25ac68067b1 /CHANGES
parent: 83357f047d994415ae96e07386fe55ed1087bdee (diff)
1 files changed, 12 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index d205bca4b8..506e8fa4aa 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,18 @@
 
  Changes between 0.9.8d and 0.9.9  [xx XXX xxxx]
 
+  *) Partial support for Issuing Distribution Point CRL extension. CRLs
+     partitioned by DP are handled but no indirect CRL or reason partitioning
+     (yet). Complete overhaul of CRL handling: now the most suitable CRL is
+     selected via a scoring technique which handles IDP and AKID in CRLs.
+     [Steve Henson]
+
+  *) New X509_STORE_CTX callbacks lookup_crls() and lookup_certs() which
+     will ultimately be used for all verify operations: this will remove the
+     X509_STORE dependency on certificate verification and allow alternative
+     lookup methods.  X509_STORE based implementations of these two callbacks.
+     [Steve Henson]
+
   *) Allow multiple CRLs to exist in an X509_STORE with matching issuer names.
      Modify get_crl() to find a valid (unexpired) CRL if possible.
      [Steve Henson]
author	Dr. Stephen Henson <steve@openssl.org>	2006-09-14 17:25:02 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2006-09-14 17:25:02 +0000
commit	bc7535bc7fe30fbba222c316a3957da7d906603b (patch)
tree	2c7ea8fdce84052210512bb62f66c25ac68067b1 /CHANGES
parent	83357f047d994415ae96e07386fe55ed1087bdee (diff)