diff options
author | Todd Short <tshort@akamai.com> | 2021-01-27 14:23:33 -0500 |
---|---|---|
committer | Todd Short <todd.short@me.com> | 2023-03-28 13:49:54 -0400 |
commit | 3c95ef22df55cb2d9dc64ce1f3be6e5a8ee63206 (patch) | |
tree | 0f7fcff4ec4735c778595db4f4a85bce70715d8b /CHANGES.md | |
parent | 5ab3f71a33cb0140fc29ae9244cd4f8331c2f3a5 (diff) | |
download | openssl-3c95ef22df55cb2d9dc64ce1f3be6e5a8ee63206.tar.gz |
RFC7250 (RPK) support
Add support for the RFC7250 certificate-type extensions.
Alows the use of only private keys for connection (i.e. certs not needed).
Add APIs
Add unit tests
Add documentation
Add s_client/s_server support
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18185)
Diffstat (limited to 'CHANGES.md')
-rw-r--r-- | CHANGES.md | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/CHANGES.md b/CHANGES.md index 253f2fd823..452e5d0e74 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -25,6 +25,14 @@ OpenSSL 3.2 ### Changes between 3.1 and 3.2 [xx XXX xxxx] + * Add Raw Public Key (RFC7250) support. Authentication is supported + by matching keys against either local policy (TLSA records synthesised + from the expected keys) or DANE (TLSA records obtained by the + application from DNS). TLSA records will also match the same key in + the server certificate, should RPK use not happen to be negotiated. + + *Todd Short* + * Added EC_GROUP_to_params which creates an OSSL_PARAM array from a given EC_GROUP. |