summaryrefslogtreecommitdiffstats
path: root/CHANGES
AgeCommit message (Collapse)Author
2010-01-27typoDr. Stephen Henson
2010-01-26PR: 1949Dr. Stephen Henson
Submitted by: steve@openssl.org More robust fix and workaround for PR#1949. Don't try to work out if there is any write pending data as this can be unreliable: always flush.
2010-01-26TypoDr. Stephen Henson
2010-01-22Tolerate PKCS#8 DSA format with negative private key.Dr. Stephen Henson
2010-01-13Fix version handling so it can cope with a major version >3.Dr. Stephen Henson
Although it will be many years before TLS v2.0 or later appears old versions of servers have a habit of hanging around for a considerable time so best if we handle this properly now.
2010-01-13Modify compression code so it avoids using ex_data free functions. ThisDr. Stephen Henson
stops applications that call CRYPTO_free_all_ex_data() prematurely leaking memory.
2010-01-12PR: 2136Dr. Stephen Henson
Submitted by: Willy Weisz <weisz@vcpc.univie.ac.at> Add options to output hash using older algorithm compatible with OpenSSL versions before 1.0.0
2010-01-06Updates to conform with draft-ietf-tls-renegotiation-03.txt:Dr. Stephen Henson
1. Add provisional SCSV value. 2. Don't send SCSV and RI at same time. 3. Fatal error is SCSV received when renegotiating.
2009-12-31Compression handling on session resume was badly broken: it alwaysDr. Stephen Henson
used compression algorithms in client hello (a legacy from when the compression algorithm wasn't serialized with SSL_SESSION).
2009-12-31Include CHANGES entry for external cacheDr. Stephen Henson
2009-12-22Constify crypto/cast.Bodo Möller
2009-12-16New option to enable/disable connection to unpatched serversDr. Stephen Henson
2009-12-09Add ctrls to clear options and mode.Dr. Stephen Henson
Change RI ctrl so it doesn't clash.
2009-12-08Send no_renegotiation alert as required by spec.Dr. Stephen Henson
2009-12-08Add ctrl and macro so we can determine if peer support secure renegotiation.Dr. Stephen Henson
2009-12-08Add support for magic cipher suite value (MCSV). Make secure renegotiationDr. Stephen Henson
work in SSLv3: initial handshake has no extensions but includes MCSV, if server indicates RI support then renegotiation handshakes include RI. NB: current MCSV value is bogus for testing only, will be updated when we have an official value. Change mismatch alerts to handshake_failure as required by spec. Also have some debugging fprintfs so we can clearly see what is going on if OPENSSL_RI_DEBUG is set.
2009-12-07Initial experimental TLSv1.1 supportDr. Stephen Henson
2009-12-02Update CHANGES.Dr. Stephen Henson
2009-11-26Experimental CMS password based recipient Info support.Dr. Stephen Henson
2009-11-26Make CHANGES in CVS head consistent with the CHANGES files in theBodo Möller
branches. This means that http://www.openssl.org/news/changelog.html will finally describe 0.9.8l.
2009-11-25Split PBES2 into cipher and PBKDF2 versions. This tidies the code somewhatDr. Stephen Henson
and is a pre-requisite to adding password based CMS support.
2009-11-09First cut of renegotiation extension. (port to HEAD)Dr. Stephen Henson
2009-11-09update CHANGESDr. Stephen Henson
2009-10-31Add option to allow in-band CRL loading in verify utility. Add functionDr. Stephen Henson
load_crls and tidy up load_certs. Remove useless purpose variable from verify utility: now done with args_verify.
2009-10-30Move CHANGES entry to 0.9.8l sectionDr. Stephen Henson
2009-10-30Fix statless session resumption so it can coexist with SNIDr. Stephen Henson
2009-09-30PR: 2064, 728Dr. Stephen Henson
Submitted by: steve@openssl.org Add support for custom headers in OCSP requests.
2009-09-23Audit libcrypto for unchecked return values: fix all cases enounteredDr. Stephen Henson
2009-09-23Add attribute to check if return value of certain functions is incorrectlyDr. Stephen Henson
ignored.
2009-09-13Submitted by: Julia Lawall <julia@diku.dk>Dr. Stephen Henson
The functions ENGINE_ctrl(), OPENSSL_isservice(), EVP_PKEY_sign(), CMS_get1_RecipientRequest() and RAND_bytes() can return <=0 on error fix so the return code is checked correctly.
2009-09-09Add new option --strict-warnings to Configure script. This is used to addDr. Stephen Henson
in devteam warnings into other configurations.
2009-09-02Tidy up and fix verify callbacks to avoid structure dereference, use ofDr. Stephen Henson
obsolete functions and enhance to handle new conditions such as policy printing.
2009-08-10PR: 2003Dr. Stephen Henson
Make it possible to install OpenSSL in directories with name other than "lib" for example "lib64". Based on patch from Jeremy Utley.
2009-08-06Reject leading 0x80 in OID subidentifiers.Dr. Stephen Henson
2009-07-13Document MD2 deprecation.Dr. Stephen Henson
2009-06-30Update from 0.9.8-stableDr. Stephen Henson
2009-06-28Update from 0.9.8-stable.Dr. Stephen Henson
2009-06-26Update from 1.0.0-stable.Dr. Stephen Henson
2009-06-25Update from 1.0.0-stableDr. Stephen Henson
2009-06-17Rename asc2uni and uni2asc functions to avoid clashes.Dr. Stephen Henson
2009-06-15Update from 0.9.8-stable.Dr. Stephen Henson
2009-05-31Oops, update CHANGES entry.Dr. Stephen Henson
2009-05-18Add CHANGES entries from 0.9.8-stable.Dr. Stephen Henson
2009-04-28Update from 1.0.0-stable.Dr. Stephen Henson
2009-04-15Updates from 1.0.0-stable.Dr. Stephen Henson
2009-04-08Update from 1.0.0-stableDr. Stephen Henson
2009-04-07Changes from 1.0.0-stable.Dr. Stephen Henson
2009-04-03Merge from 1.0.0-stable branch.Dr. Stephen Henson
2009-03-30Allow use of algorithm and cipher names for dgsts and enc utilities insteadDr. Stephen Henson
of having to manually include each one.
2009-03-25Fix typo in CHANGES.Dr. Stephen Henson
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-07 23:01:25 +0000