From 3bd65f9b5b4731acae395d045dea63d7fdfd507b Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Mon, 22 Jun 2020 13:15:22 +0200 Subject: Update NEWS and CHANGES NEWS and CHANGES hasn't mentioned OPENSSL_CTX before, so adding entries now. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12228) --- CHANGES.md | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) (limited to 'CHANGES.md') diff --git a/CHANGES.md b/CHANGES.md index 8f8ee33415..7da5ccd55c 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -23,6 +23,28 @@ OpenSSL 3.0 ### Changes between 1.1.1 and 3.0 [xx XXX xxxx] + * Added a library context that applications as well as other + libraries can use to form a separate context within which libcrypto + operations are performed. + + There are two ways this can be used: + + - Directly, by passing a library context to functions that take + such an argument, such as `EVP_CIPHER_fetch` and similar algorithm + fetching functions. + - Indirectly, by creating a new library context and then assigning + it as the new default, with `OPENSSL_CTX_set0_default`. + + All public OpenSSL functions that take an `OPENSSL_CTX` pointer, + apart from the functions directly related to `OPENSSL_CTX`, accept + NULL to indicate that the default library context should be used. + + Library code that changes the default library context using + `OPENSSL_CTX_set0_default` should take care to restore it with a + second call before returning to the caller. + + *Richard Levitte* + * Handshake now fails if Extended Master Secret extension is dropped on renegotiation. -- cgit v1.2.3