Harmonize CHANGES and STATUS files between the 0.9.6a branch and
the trunk to keep diffs small.
This commit is contained in:
parent
bdcb9321ca
commit
a8e738f9ad
2 changed files with 36 additions and 21 deletions
26
CHANGES
26
CHANGES
|
@ -28,15 +28,6 @@
|
||||||
X509_NAME_get_index_by_NID() since 0 is a valid index.
|
X509_NAME_get_index_by_NID() since 0 is a valid index.
|
||||||
[Steve Henson reported by Massimiliano Pala <madwolf@opensca.org>]
|
[Steve Henson reported by Massimiliano Pala <madwolf@opensca.org>]
|
||||||
|
|
||||||
*) Use better test patterns in bntest.
|
|
||||||
[Ulf Möller]
|
|
||||||
|
|
||||||
*) Initialise "ex_data" member of RSA/DSA/DH structures prior to calling
|
|
||||||
the method-specific "init()" handler. Also clean up ex_data after
|
|
||||||
calling the method-specific "finish()" handler. Previously, this was
|
|
||||||
happening the other way round.
|
|
||||||
[Geoff Thorpe]
|
|
||||||
|
|
||||||
*) Avoid coredump with unsupported or invalid public keys by checking if
|
*) Avoid coredump with unsupported or invalid public keys by checking if
|
||||||
X509_get_pubkey() fails in PKCS7_verify(). Fix memory leak when
|
X509_get_pubkey() fails in PKCS7_verify(). Fix memory leak when
|
||||||
PKCS7_verify() fails with non detached data.
|
PKCS7_verify() fails with non detached data.
|
||||||
|
@ -69,6 +60,7 @@
|
||||||
*) Fix X509_NAME bug which produced incorrect encoding if X509_NAME
|
*) Fix X509_NAME bug which produced incorrect encoding if X509_NAME
|
||||||
was empty.
|
was empty.
|
||||||
[Steve Henson]
|
[Steve Henson]
|
||||||
|
[This change does not apply to 0.9.7.]
|
||||||
|
|
||||||
*) Use the cached encoding of an X509_NAME structure rather than
|
*) Use the cached encoding of an X509_NAME structure rather than
|
||||||
copying it. This is apparently the reason for the libsafe "errors"
|
copying it. This is apparently the reason for the libsafe "errors"
|
||||||
|
@ -80,7 +72,7 @@
|
||||||
Extend BN_[pseudo_]rand: As before, top=1 forces the highest two bits
|
Extend BN_[pseudo_]rand: As before, top=1 forces the highest two bits
|
||||||
to be set and top=0 forces the highest bit to be set; top=-1 is new
|
to be set and top=0 forces the highest bit to be set; top=-1 is new
|
||||||
and leaves the highest bit random.
|
and leaves the highest bit random.
|
||||||
[Ulf Moeller]
|
[Ulf Moeller, Bodo Moeller]
|
||||||
|
|
||||||
*) In the NCONF_...-based implementations for CONF_... queries
|
*) In the NCONF_...-based implementations for CONF_... queries
|
||||||
(crypto/conf/conf_lib.c), if the input LHASH is NULL, avoid using
|
(crypto/conf/conf_lib.c), if the input LHASH is NULL, avoid using
|
||||||
|
@ -109,6 +101,7 @@
|
||||||
macros previously used would not encode an empty SEQUENCE OF
|
macros previously used would not encode an empty SEQUENCE OF
|
||||||
and break the signature.
|
and break the signature.
|
||||||
[Steve Henson]
|
[Steve Henson]
|
||||||
|
[This change does not apply to 0.9.7.]
|
||||||
|
|
||||||
*) Zero the premaster secret after deriving the master secret in
|
*) Zero the premaster secret after deriving the master secret in
|
||||||
DH ciphersuites.
|
DH ciphersuites.
|
||||||
|
@ -161,12 +154,19 @@
|
||||||
*) Fix a deadlock in CRYPTO_mem_leaks().
|
*) Fix a deadlock in CRYPTO_mem_leaks().
|
||||||
[Bodo Moeller]
|
[Bodo Moeller]
|
||||||
|
|
||||||
|
*) Use better test patterns in bntest.
|
||||||
|
[Ulf Möller]
|
||||||
|
|
||||||
*) rand_win.c fix for Borland C.
|
*) rand_win.c fix for Borland C.
|
||||||
[Ulf Möller]
|
[Ulf Möller]
|
||||||
|
|
||||||
*) BN_rshift bugfix for n == 0.
|
*) BN_rshift bugfix for n == 0.
|
||||||
[Bodo Moeller]
|
[Bodo Moeller]
|
||||||
|
|
||||||
|
*) Add a 'bctest' script that checks for some known 'bc' bugs
|
||||||
|
so that 'make test' does not abort just because 'bc' is broken.
|
||||||
|
[Bodo Moeller]
|
||||||
|
|
||||||
*) Store verify_result within SSL_SESSION also for client side to
|
*) Store verify_result within SSL_SESSION also for client side to
|
||||||
avoid potential security hole. (Re-used sessions on the client side
|
avoid potential security hole. (Re-used sessions on the client side
|
||||||
always resulted in verify_result==X509_V_OK, not using the original
|
always resulted in verify_result==X509_V_OK, not using the original
|
||||||
|
@ -189,6 +189,12 @@
|
||||||
does the actual work for ssl3_read_internal.
|
does the actual work for ssl3_read_internal.
|
||||||
[Bodo Moeller]
|
[Bodo Moeller]
|
||||||
|
|
||||||
|
*) Initialise "ex_data" member of RSA/DSA/DH structures prior to calling
|
||||||
|
the method-specific "init()" handler. Also clean up ex_data after
|
||||||
|
calling the method-specific "finish()" handler. Previously, this was
|
||||||
|
happening the other way round.
|
||||||
|
[Geoff Thorpe]
|
||||||
|
|
||||||
*) Increase BN_CTX_NUM (the number of BIGNUMs in a BN_CTX) to 16.
|
*) Increase BN_CTX_NUM (the number of BIGNUMs in a BN_CTX) to 16.
|
||||||
The previous value, 12, was not always sufficient for BN_mod_exp().
|
The previous value, 12, was not always sufficient for BN_mod_exp().
|
||||||
[Bodo Moeller]
|
[Bodo Moeller]
|
||||||
|
|
31
STATUS
31
STATUS
|
@ -1,10 +1,10 @@
|
||||||
|
|
||||||
OpenSSL STATUS Last modified at
|
OpenSSL STATUS Last modified at
|
||||||
______________ $Date: 2001/03/22 09:02:38 $
|
______________ $Date: 2001/03/22 10:59:16 $
|
||||||
|
|
||||||
DEVELOPMENT STATE
|
DEVELOPMENT STATE
|
||||||
|
|
||||||
o OpenSSL 0.9.6a: In development...
|
o OpenSSL 0.9.6a: Bugfix release -- under development...
|
||||||
Beta 1 released on March 13th, 2001
|
Beta 1 released on March 13th, 2001
|
||||||
HP-UX 10.20 (hpux-parisc-cc) - PASSED [normal+engine]
|
HP-UX 10.20 (hpux-parisc-cc) - PASSED [normal+engine]
|
||||||
HP-UX 10.20 (hpux-parisc-gcc) - PASSED [normal+engine]
|
HP-UX 10.20 (hpux-parisc-gcc) - PASSED [normal+engine]
|
||||||
|
@ -50,14 +50,13 @@
|
||||||
|
|
||||||
AVAILABLE PATCHES
|
AVAILABLE PATCHES
|
||||||
|
|
||||||
o CA.pl patch (Damien Miller)
|
|
||||||
|
|
||||||
IN PROGRESS
|
IN PROGRESS
|
||||||
|
|
||||||
o Steve is currently working on (in no particular order):
|
o Steve is currently working on (in no particular order):
|
||||||
ASN1 code redesign, butchery, replacement.
|
ASN1 code redesign, butchery, replacement.
|
||||||
|
OCSP
|
||||||
EVP cipher enhancement.
|
EVP cipher enhancement.
|
||||||
Proper (or at least usable) certificate chain verification.
|
Enhanced certificate chain verification.
|
||||||
Private key, certificate and CRL API and implementation.
|
Private key, certificate and CRL API and implementation.
|
||||||
Developing and bugfixing PKCS#7 (S/MIME code).
|
Developing and bugfixing PKCS#7 (S/MIME code).
|
||||||
Various X509 issues: character sets, certificate request extensions.
|
Various X509 issues: character sets, certificate request extensions.
|
||||||
|
@ -66,19 +65,29 @@
|
||||||
o Richard is currently working on:
|
o Richard is currently working on:
|
||||||
UTIL (a new set of library functions to support some higher level
|
UTIL (a new set of library functions to support some higher level
|
||||||
functionality that is currently missing).
|
functionality that is currently missing).
|
||||||
Dynamic thread-lock support.
|
|
||||||
Shared library support for VMS.
|
Shared library support for VMS.
|
||||||
|
OCSP
|
||||||
|
Kerberos 5 authentication
|
||||||
|
Constification
|
||||||
|
|
||||||
NEEDS PATCH
|
NEEDS PATCH
|
||||||
|
|
||||||
o non-blocking socket on AIX
|
o apps/ca.c: "Sign the certificate?" - "n" creates empty certificate file
|
||||||
o $(PERL) in */Makefile.ssl
|
|
||||||
o "Sign the certificate?" - "n" creates empty certificate file
|
o OpenSSL_0_9_6-stable:
|
||||||
|
#include <openssl/e_os.h> in exported header files is illegal since
|
||||||
|
e_os.h is suitable only for library-internal use.
|
||||||
|
|
||||||
|
o Whenever strncpy is used, make sure the resulting string is NULL-terminated
|
||||||
|
or an error is reported
|
||||||
|
|
||||||
OPEN ISSUES
|
OPEN ISSUES
|
||||||
|
|
||||||
o internal_verify doesn't know about X509.v3 (basicConstraints
|
o crypto/ex_data.c is not really thread-safe and so must be used
|
||||||
CA flag ...)
|
with care (e.g., extra locking where necessary, or don't call
|
||||||
|
CRYPTO_get_ex_new_index once multiple threads exist).
|
||||||
|
The current API is not suitable for everything that it pretends
|
||||||
|
to offer.
|
||||||
|
|
||||||
o The Makefile hierarchy and build mechanism is still not a round thing:
|
o The Makefile hierarchy and build mechanism is still not a round thing:
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue