From 6dbb6219e7a6a5f94c9e7b0a25f0ce7c733f5060 Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Fri, 27 Jul 2012 13:39:23 +0000
Subject: Make tls1_check_chain return a set of flags indicating checks passed
 by a certificate chain. Add additional tests to handle client certificates:
 checks for matching certificate type and issuer name comparison.

Print out results of checks for each candidate chain tested in
s_server/s_client.
---
 CHANGES | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'CHANGES')

diff --git a/CHANGES b/CHANGES
index 46b23de1da..f320ef7911 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,12 @@
 
  Changes between 1.0.1 and 1.1.0  [xx XXX xxxx]
 
+  *) Make tls1_check_chain return a set of flags indicating checks passed
+     by a certificate chain. Add additional tests to handle client
+     certificates: checks for matching certificate type and issuer name
+     comparison.
+     [Steve Henson]
+
   *) If an attempt is made to use a signature algorithm not in the peer
      preference list abort the handshake. If client has no suitable
      signature algorithms in response to a certificate request do not
-- 
cgit v1.2.3