aboutsummaryrefslogtreecommitdiffstats
path: root/CHANGES
Commit message (Collapse)AuthorAgeFilesLines
* Fix BN_[pseudo_]rand: 'mask' must be used even if top=-1.Bodo Möller2001-02-201-0/+3
| | | | Mention BN_[pseudo_]rand with top=-1 in CHANGES.
* note OPENSSL_issetugid().Ulf Möller2001-02-191-0/+4
|
* I forgot to document the system identification macrosRichard Levitte2001-02-191-0/+6
|
* Make all configuration macros available for application by makingRichard Levitte2001-02-191-0/+7
| | | | | | | | | | | | sure they are available in opensslconf.h, by giving them names starting with "OPENSSL_" to avoid conflicts with other packages and by making sure e_os2.h will cover all platform-specific cases together with opensslconf.h. I've checked fairly well that nothing breaks with this (apart from external software that will adapt if they have used something like NO_KRB5), but I can't guarantee it completely, so a review of this change would be a good thing.
* New -set_serial options to 'req' and 'x509'.Dr. Stephen Henson2001-02-191-0/+7
| | | | | | | | Remove the old broken bio read of serial numbers in the 'ca' index file. This would choke if a revoked certificate was specified with a negative serial number. Fix typo in uid.c
* Memory leak detection bugfixes for multi-threading.Bodo Möller2001-02-191-0/+13
|
* New options to 'ca' utility to support CRL entry extensions.Dr. Stephen Henson2001-02-161-0/+5
| | | | | | | | Add revelant new X509V3 extensions. Add OIDs. Fix ASN1 memory leak code to pop info if external allocation used.
* Move entry to match chronologic orderering.Lutz Jänicke2001-02-151-3/+3
|
* Don't forget to mention minor change.Lutz Jänicke2001-02-151-0/+3
|
* Option to disable standard block padding with EVP API.Dr. Stephen Henson2001-02-141-0/+7
| | | | | | Add -nopad option to enc command. Update docs.
* Initial OCSP SSL support.Dr. Stephen Henson2001-02-141-0/+3
|
* IRIX bugfixUlf Möller2001-02-141-0/+4
|
* New function OCSP_parse_url() and -url option for ocsp utility.Dr. Stephen Henson2001-02-131-0/+5
| | | | Doesn't handle SSL URLs yet.
* Modify OCSP nonce behaviour.Dr. Stephen Henson2001-02-121-0/+9
|
* Work around for libsafe "error".Dr. Stephen Henson2001-02-121-0/+5
|
* disable stdin buffering in load_certBodo Möller2001-02-101-0/+5
|
* Fix CRL printing to correctly show when there are no revoked certificates.Dr. Stephen Henson2001-02-101-0/+5
| | | | | | | Make ca.c correctly initialize the revocation date. Make ASN1_UTCTIME_set_string() and ASN1_GENERALIZEDTIME_set_string() set the string type: so they can initialize ASN1_TIME structures properly.
* New Option SSL_OP_CIPHER_SERVER_PREFERENCE allows TLS/SSLv3 server to overrideLutz Jänicke2001-02-091-0/+6
| | | | the clients choice; in SSLv2 the client uses the server's preferences.
* Various updates to mkdef.pl to cope with new aesDr. Stephen Henson2001-02-091-0/+5
| | | | and ASN1 code.
* Allow various options to be included for signing and verify ofDr. Stephen Henson2001-02-081-0/+4
| | | | | | | | | OCSP responses. Documentation to follow... Urgh.. this conflicted with the -VAfile patch I hope I haven't broken it.
* Add the -VAfile option to 'openssl ocsp'. This option will give theRichard Levitte2001-02-081-0/+5
| | | | | | | client code certificates to use to only check response signatures. I'm not entirely sure if the way I just implemented the verification is the right way to do it, and would be happy if someone would like to review this.
* Integrate my implementation of a countermeasure againstBodo Möller2001-02-081-1/+1
| | | | | | | | | | | | | | Bleichenbacher's DSA attack. With this implementation, the expected number of iterations never exceeds 2. New semantics for BN_rand_range(): BN_rand_range(r, min, range) now generates r such that min <= r < min+range. (Previously, BN_rand_range(r, min, max) generated r such that min <= r < max. It is more convenient to have the range; also the previous prototype was misleading because max was larger than the actual maximum.)
* Bleichenbacher's DSA attackUlf Möller2001-02-071-0/+4
|
* Fix AES code.Dr. Stephen Henson2001-02-071-0/+6
| | | | | | | | | | Update Rijndael source to v3.0 Add AES OIDs. Change most references of Rijndael to AES. Add new draft AES ciphersuites.
* Avoid coredumps for CONF_get_...(NULL, ...)Bodo Möller2001-02-061-0/+9
|
* Fix potential buffer overrun for EBCDIC.Ulf Möller2001-02-061-0/+3
|
* New function to copy nonce values from OCSPDr. Stephen Henson2001-02-051-0/+4
| | | | request to response.
* Various OCSP responder utility functions.Dr. Stephen Henson2001-02-031-0/+13
| | | | | | Delete obsolete OCSP functions. Largely untested at present...
* Various function for commmon operations.Dr. Stephen Henson2001-02-021-0/+6
|
* Tolerate some "variations" used in someDr. Stephen Henson2001-02-011-0/+4
| | | | | | | | | | certificates. One is a valid CA which has no basicConstraints but does have certSign keyUsage. Other is S/MIME signer with nonRepudiation but no digitalSignature.
* Document the change.Richard Levitte2001-01-301-0/+7
|
* Make sk_sort tolearate a NULL argument.Dr. Stephen Henson2001-01-281-0/+3
|
* New OCSP response verify option OCSP_TRUSTOTHERDr. Stephen Henson2001-01-261-0/+5
|
* Zero the premaster secret after deriving the master secret in DHDr. Stephen Henson2001-01-251-0/+4
| | | | ciphersuites.
* Add debugging info to new ASN1 code to trace memory leaks.Dr. Stephen Henson2001-01-241-1/+12
| | | | | | Fix PKCS7 and PKCS12 memory leaks. Initialise encapsulated content type properly.
* EVP_add_digest_alias additions to SS_library_initBodo Möller2001-01-231-1/+8
|
* There is no C version of bn_div_3_wordsUlf Möller2001-01-231-0/+3
|
* Mention the ./config script fixes.Ulf Möller2001-01-211-0/+3
|
* Fix to stop X509_time_adj() using GeneralizedTime.Dr. Stephen Henson2001-01-201-0/+9
|
* Fixes to various ASN1_INTEGER routines for negative case.Dr. Stephen Henson2001-01-191-0/+8
| | | | Enhance s2i_ASN1_INTEGER().
* Fix openssl passwd -1Bodo Möller2001-01-191-0/+3
|
* Additional functionality in ocsp utility: print summaryDr. Stephen Henson2001-01-191-0/+8
| | | | | | | of status info. Check nonce values. Option to disable verify. Update usage message. Rename status to string functions and make them global.
* Implement remaining OCSP verify checks inDr. Stephen Henson2001-01-181-0/+10
| | | | accordance with RFC2560.
* Make the change log on the RAND_poll change a bit more explicit. Suggested ↵Richard Levitte2001-01-171-3/+8
| | | | by Bodo Moeller.
* Initial OCSP certificate verify. Not complete,Dr. Stephen Henson2001-01-171-0/+10
| | | | it just supports a "trusted OCSP global root CA".
* New '-extfile' option for 'openssl ca'.Bodo Möller2001-01-151-0/+7
| | | | | | This allows keeping extensions in a separate configuration file. Submitted by: Massimiliano Pala <madwolf@comune.modena.it>
* Change PKCS#12 key derivation routines to cope withDr. Stephen Henson2001-01-141-0/+6
| | | | non null terminated passwords.
* New OCSP utility. This can generate, parse and printDr. Stephen Henson2001-01-131-0/+6
| | | | | | | | OCSP requests. It can also query reponders and parse or print out responses. Still needs some more work: OCSP response checks and of course documentation.
* New 'openssl ca -status <serial>' and 'openssl ca -updatedb'Bodo Möller2001-01-121-0/+7
| | | | | | commands. Submitted by: Massimiliano Pala <madwolf@comune.modena.it>
* New -newreq-nodes option to CA.pl.Bodo Möller2001-01-111-0/+5
| | | | Submitted by: Damien Miller <djm@mindrot.org>
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-16 09:22:39 +0000