diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2004-02-19 18:16:38 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2004-02-19 18:16:38 +0000 |
commit | dc90f64d563f2c9709749d0731d6b26c6bce5325 (patch) | |
tree | 74aaf84a8e20ab060062326ea0c698b619048d25 /CHANGES | |
parent | 6c43032121b3403061119def69c5684ab955e7e2 (diff) | |
download | openssl-dc90f64d563f2c9709749d0731d6b26c6bce5325.tar.gz |
Use an OCTET STRING for the encoding of an OCSP nonce value.
The old raw format can't be handled by some implementations
and updates to RFC2560 will make this mandatory.
Diffstat (limited to 'CHANGES')
-rw-r--r-- | CHANGES | 7 |
1 files changed, 7 insertions, 0 deletions
@@ -617,6 +617,13 @@ Changes between 0.9.7c and 0.9.7d [xx XXX XXXX] + *) When creating an OCSP nonce use an OCTET STRING inside the extnValue. + A clarification of RFC2560 will require the use of OCTET STRINGs and + some implementations cannot handle the current raw format. Since OpenSSL + copies and compares OCSP nonces as opaque blobs without any attempt at + parsing them this should not create any compatibility issues. + [Steve Henson] + *) New md flag EVP_MD_CTX_FLAG_REUSE this allows md_data to be reused when calling EVP_MD_CTX_copy_ex() to avoid calling OPENSSL_malloc(). Without this HMAC (and other) operations are several times slower than OpenSSL |