diff options
author | Bodo Möller <bodo@openssl.org> | 1999-05-09 20:12:44 +0000 |
---|---|---|
committer | Bodo Möller <bodo@openssl.org> | 1999-05-09 20:12:44 +0000 |
commit | ca8e5b9b8ad3c199943ad7850bf66bc03279c0b9 (patch) | |
tree | 6826d0a788880b08e6774c31d8c0629ee855e53c /CHANGES | |
parent | 8d1157c71c477be91bbf276ff0b0e6b1d4c139c5 (diff) | |
download | openssl-ca8e5b9b8ad3c199943ad7850bf66bc03279c0b9.tar.gz |
Create a duplicate of the SSL_CTX's CERT in SSL_new instead of copying
pointers. The cert_st handling is changed by this in various ways.
Submitted by:
Reviewed by:
PR:
Diffstat (limited to 'CHANGES')
-rw-r--r-- | CHANGES | 22 |
1 files changed, 22 insertions, 0 deletions
@@ -5,6 +5,28 @@ Changes between 0.9.2b and 0.9.3 + *) Create a duplicate of the SSL_CTX's CERT in SSL_new instead of + copying pointers. The cert_st handling is changed by this in + various ways (and thus what used to be known as ctx->default_cert + is now called ctx->cert, since we don't resort to s->ctx->[default_]cert + any longer when s->cert does not give us what we need). + ssl_cert_instantiate becomes obsolete by this change. + As soon as we've got the new code right (possibly it already is?), + we have solved a couple of bugs of the earlier code where s->cert + was used as if it could not have been shared with other SSL structures. + + Note that using the SSL API in certain dirty ways now will result + in different behaviour than observed with earlier library versions: + Changing settings for an SSL_CTX *ctx after having done s = SSL_new(ctx) + does not influence s as it used to. + + Projected further changes: + In order to clean up things more thoroughly, inside SSL_SESSION + we should not use CERT any longer, but a new structure SESS_CERT + that holds per-session data, and CERT should hold only those + values that can have meaningful defaults in an SSL_CTX. + [Bodo Moeller] + *) New function X509V3_EXT_i2d() to create an X509_EXTENSION structure from the internal representation. Various PKCS#7 fixes: remove some evil casts and set the enc_dig_alg field properly based on the signing |