Use an OCTET STRING for the encoding of an OCSP nonce value.

The old raw format can't be handled by some implementations and updates to RFC2560 will make this mandatory.
author: Dr. Stephen Henson <steve@openssl.org> 2004-02-19 18:16:38 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2004-02-19 18:16:38 +0000
commit: dc90f64d563f2c9709749d0731d6b26c6bce5325 (patch)
tree: 74aaf84a8e20ab060062326ea0c698b619048d25 /CHANGES
parent: 6c43032121b3403061119def69c5684ab955e7e2 (diff)
download: openssl-dc90f64d563f2c9709749d0731d6b26c6bce5325.tar.gz
1 files changed, 7 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index 5590487fd1..bea8e76838 100644
--- a/CHANGES
+++ b/CHANGES
@@ -617,6 +617,13 @@
 
  Changes between 0.9.7c and 0.9.7d  [xx XXX XXXX]
 
+  *) When creating an OCSP nonce use an OCTET STRING inside the extnValue.
+     A clarification of RFC2560 will require the use of OCTET STRINGs and 
+     some implementations cannot handle the current raw format. Since OpenSSL
+     copies and compares OCSP nonces as opaque blobs without any attempt at
+     parsing them this should not create any compatibility issues.
+     [Steve Henson]
+
   *) New md flag EVP_MD_CTX_FLAG_REUSE this allows md_data to be reused when
      calling EVP_MD_CTX_copy_ex() to avoid calling OPENSSL_malloc(). Without
      this HMAC (and other) operations are several times slower than OpenSSL
author	Dr. Stephen Henson <steve@openssl.org>	2004-02-19 18:16:38 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2004-02-19 18:16:38 +0000
commit	dc90f64d563f2c9709749d0731d6b26c6bce5325 (patch)
tree	74aaf84a8e20ab060062326ea0c698b619048d25 /CHANGES
parent	6c43032121b3403061119def69c5684ab955e7e2 (diff)
download	openssl-dc90f64d563f2c9709749d0731d6b26c6bce5325.tar.gz