diff options
Diffstat (limited to 'CHANGES.md')
-rw-r--r-- | CHANGES.md | 24 |
1 files changed, 18 insertions, 6 deletions
diff --git a/CHANGES.md b/CHANGES.md index 5a5bc9d91f..9bc1a91c94 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -179,12 +179,24 @@ OpenSSL 3.1 *Hugo Landau* - * The `SSL_CERT_URI` environment variable has been added, which can be used - to specify a default URI for certificate stores. Previously, the - `SSL_CERT_DIR` environment variable was used for this purpose, and could - accept either a URI or a delimiter-separated list of paths. This usage is now - deprecated; to specify a delimiter-separated list of paths, use - `SSL_CERT_DIR`, and to specify a URI, use `SSL_CERT_URI`. + * The `SSL_CERT_PATH` and `SSL_CERT_URI` environment variables are introduced. + `SSL_CERT_URI` can be used to specify a URI for a root certificate store. The + `SSL_CERT_PATH` environment variable specifies a delimiter-separated list of + paths which are searched for root certificates. + + The existing `SSL_CERT_DIR` environment variable is deprecated. + `SSL_CERT_DIR` was previously used to specify either a delimiter-separated + list of paths or an URI, which is ambiguous. Setting `SSL_CERT_PATH` causes + `SSL_CERT_DIR` to be ignored for the purposes of determining root certificate + directories, and setting `SSL_CERT_URI` causes `SSL_CERT_DIR` to be ignored + for the purposes of determining root certificate stores. + + *Hugo Landau* + + * Support for loading root certificates from the Windows certificate store + has been added. The support is in the form of a store which recognises the + URI string of `org.openssl.winstore://`. This store is enabled by default and + can be disabled using the new compile-time option `no-winstore`. *Hugo Landau* |