Harmonize CHANGES and STATUS files between the 0.9.6a branch and
the trunk to keep diffs small.
This commit is contained in:
Bodo Möller
parent
bdcb9321ca
commit
a8e738f9ad
2 changed files with 36 additions and 21 deletions
26
CHANGES
26
CHANGES
|
|
@ -28,15 +28,6 @@
|
|||
X509_NAME_get_index_by_NID() since 0 is a valid index.
|
||||
[Steve Henson reported by Massimiliano Pala <madwolf@opensca.org>]
|
||||
|
||||
*) Use better test patterns in bntest.
|
||||
[Ulf Möller]
|
||||
|
||||
*) Initialise "ex_data" member of RSA/DSA/DH structures prior to calling
|
||||
the method-specific "init()" handler. Also clean up ex_data after
|
||||
calling the method-specific "finish()" handler. Previously, this was
|
||||
happening the other way round.
|
||||
[Geoff Thorpe]
|
||||
|
||||
*) Avoid coredump with unsupported or invalid public keys by checking if
|
||||
X509_get_pubkey() fails in PKCS7_verify(). Fix memory leak when
|
||||
PKCS7_verify() fails with non detached data.
|
||||
|
|
@ -69,6 +60,7 @@
|
|||
*) Fix X509_NAME bug which produced incorrect encoding if X509_NAME
|
||||
was empty.
|
||||
[Steve Henson]
|
||||
[This change does not apply to 0.9.7.]
|
||||
|
||||
*) Use the cached encoding of an X509_NAME structure rather than
|
||||
copying it. This is apparently the reason for the libsafe "errors"
|
||||
|
|
@ -80,7 +72,7 @@
|
|||
Extend BN_[pseudo_]rand: As before, top=1 forces the highest two bits
|
||||
to be set and top=0 forces the highest bit to be set; top=-1 is new
|
||||
and leaves the highest bit random.
|
||||
[Ulf Moeller]
|
||||
[Ulf Moeller, Bodo Moeller]
|
||||
|
||||
*) In the NCONF_...-based implementations for CONF_... queries
|
||||
(crypto/conf/conf_lib.c), if the input LHASH is NULL, avoid using
|
||||
|
|
@ -109,6 +101,7 @@
|
|||
macros previously used would not encode an empty SEQUENCE OF
|
||||
and break the signature.
|
||||
[Steve Henson]
|
||||
[This change does not apply to 0.9.7.]
|
||||
|
||||
*) Zero the premaster secret after deriving the master secret in
|
||||
DH ciphersuites.
|
||||
|
|
@ -161,12 +154,19 @@
|
|||
*) Fix a deadlock in CRYPTO_mem_leaks().
|
||||
[Bodo Moeller]
|
||||
|
||||
*) Use better test patterns in bntest.
|
||||
[Ulf Möller]
|
||||
|
||||
*) rand_win.c fix for Borland C.
|
||||
[Ulf Möller]
|
||||
|
||||
*) BN_rshift bugfix for n == 0.
|
||||
[Bodo Moeller]
|
||||
|
||||
*) Add a 'bctest' script that checks for some known 'bc' bugs
|
||||
so that 'make test' does not abort just because 'bc' is broken.
|
||||
[Bodo Moeller]
|
||||
|
||||
*) Store verify_result within SSL_SESSION also for client side to
|
||||
avoid potential security hole. (Re-used sessions on the client side
|
||||
always resulted in verify_result==X509_V_OK, not using the original
|
||||
|
|
@ -189,6 +189,12 @@
|
|||
does the actual work for ssl3_read_internal.
|
||||
[Bodo Moeller]
|
||||
|
||||
*) Initialise "ex_data" member of RSA/DSA/DH structures prior to calling
|
||||
the method-specific "init()" handler. Also clean up ex_data after
|
||||
calling the method-specific "finish()" handler. Previously, this was
|
||||
happening the other way round.
|
||||
[Geoff Thorpe]
|
||||
|
||||
*) Increase BN_CTX_NUM (the number of BIGNUMs in a BN_CTX) to 16.
|
||||
The previous value, 12, was not always sufficient for BN_mod_exp().
|
||||
[Bodo Moeller]
|
||||
|
|
|
|||
31
STATUS
31
STATUS
|
|
@ -1,10 +1,10 @@
|
|||
|
||||
OpenSSL STATUS Last modified at
|
||||
______________ $Date: 2001/03/22 09:02:38 $
|
||||
______________ $Date: 2001/03/22 10:59:16 $
|
||||
|
||||
DEVELOPMENT STATE
|
||||
|
||||
o OpenSSL 0.9.6a: In development...
|
||||
o OpenSSL 0.9.6a: Bugfix release -- under development...
|
||||
Beta 1 released on March 13th, 2001
|
||||
HP-UX 10.20 (hpux-parisc-cc) - PASSED [normal+engine]
|
||||
HP-UX 10.20 (hpux-parisc-gcc) - PASSED [normal+engine]
|
||||
|
|
@ -50,14 +50,13 @@
|
|||
|
||||
AVAILABLE PATCHES
|
||||
|
||||
o CA.pl patch (Damien Miller)
|
||||
|
||||
IN PROGRESS
|
||||
|
||||
o Steve is currently working on (in no particular order):
|
||||
ASN1 code redesign, butchery, replacement.
|
||||
OCSP
|
||||
EVP cipher enhancement.
|
||||
Proper (or at least usable) certificate chain verification.
|
||||
Enhanced certificate chain verification.
|
||||
Private key, certificate and CRL API and implementation.
|
||||
Developing and bugfixing PKCS#7 (S/MIME code).
|
||||
Various X509 issues: character sets, certificate request extensions.
|
||||
|
|
@ -66,19 +65,29 @@
|
|||
o Richard is currently working on:
|
||||
UTIL (a new set of library functions to support some higher level
|
||||
functionality that is currently missing).
|
||||
Dynamic thread-lock support.
|
||||
Shared library support for VMS.
|
||||
OCSP
|
||||
Kerberos 5 authentication
|
||||
Constification
|
||||
|
||||
NEEDS PATCH
|
||||
|
||||
o non-blocking socket on AIX
|
||||
o $(PERL) in */Makefile.ssl
|
||||
o "Sign the certificate?" - "n" creates empty certificate file
|
||||
o apps/ca.c: "Sign the certificate?" - "n" creates empty certificate file
|
||||
|
||||
o OpenSSL_0_9_6-stable:
|
||||
#include <openssl/e_os.h> in exported header files is illegal since
|
||||
e_os.h is suitable only for library-internal use.
|
||||
|
||||
o Whenever strncpy is used, make sure the resulting string is NULL-terminated
|
||||
or an error is reported
|
||||
|
||||
OPEN ISSUES
|
||||
|
||||
o internal_verify doesn't know about X509.v3 (basicConstraints
|
||||
CA flag ...)
|
||||
o crypto/ex_data.c is not really thread-safe and so must be used
|
||||
with care (e.g., extra locking where necessary, or don't call
|
||||
CRYPTO_get_ex_new_index once multiple threads exist).
|
||||
The current API is not suitable for everything that it pretends
|
||||
to offer.
|
||||
|
||||
o The Makefile hierarchy and build mechanism is still not a round thing:
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue