### Changes between 1.1.1 and 3.0 [xx XXX xxxx]
-* Deprecated EC_GROUP_precompute_mult(), EC_GROUP_have_precompute_mult(), and
- EC_KEY_precompute_mult() These functions are not widely used and applications
- should instead switch to named curves which OpenSSL has hardcoded lookup
- tables for.
+ * Handshake now fails if Extended Master Secret extension is dropped
+ on renegotiation.
- *Billy Bob Brumley*
+ *Tomas Mraz*
+
+ * Dropped interactive mode from the 'openssl' program. From now on,
+ the `openssl` command without arguments is equivalent to `openssl
+ help`.
+
+ *Richard Levitte*
+
+ * Renamed EVP_PKEY_cmp() to EVP_PKEY_eq() and
+ EVP_PKEY_cmp_parameters() to EVP_PKEY_parameters_eq().
+ While the old function names have been retained for backward compatibility
+ they should not be used in new developments
+ because their return values are confusing: Unlike other `_cmp()` functions
+ they do not return 0 in case their arguments are equal.
+
+ *David von Oheimb*
+
+ * Deprecated EC_METHOD_get_field_type(). Applications should switch to
+ EC_GROUP_get_field_type().
+
+ *Billy Bob Brumley*
+
+ * Deprecated EC_GFp_simple_method(), EC_GFp_mont_method(),
+ EC_GF2m_simple_method(), EC_GFp_nist_method(), EC_GFp_nistp224_method()
+ EC_GFp_nistp256_method(), and EC_GFp_nistp521_method().
+ Applications should rely on the library automatically assigning a suitable
+ EC_METHOD internally upon EC_GROUP construction.
+
+ *Billy Bob Brumley*
+
+ * Deprecated EC_GROUP_new(), EC_GROUP_method_of(), and EC_POINT_method_of().
+ EC_METHOD is now an internal-only concept and a suitable EC_METHOD is
+ assigned internally without application intervention.
+ Users of EC_GROUP_new() should switch to a different suitable constructor.
+
+ *Billy Bob Brumley*
+
+ * Add CAdES-BES signature verification support, mostly derived
+ from ESSCertIDv2 TS (RFC 5816) contribution by Marek Klein.
+
+ *Filipe Raimundo da Silva*
+
+ * Add CAdES-BES signature scheme and attributes support (RFC 5126) to CMS API.
+
+ *Antonio Iacono*
+
+ * Deprecated EC_POINT_make_affine() and EC_POINTs_make_affine(). These
+ functions are not widely used and now OpenSSL automatically perform this
+ conversion when needed.
+
+ *Billy Bob Brumley*
+
+ * Deprecated EC_GROUP_precompute_mult(), EC_GROUP_have_precompute_mult(), and
+ EC_KEY_precompute_mult(). These functions are not widely used and
+ applications should instead switch to named curves which OpenSSL has
+ hardcoded lookup tables for.
+
+ *Billy Bob Brumley*
* Deprecated EC_POINTs_mul(). This function is not widely used and applications
should instead use the L<EC_POINT_mul(3)> function.
*David von Oheimb*
+ * BIO_do_connect and BIO_do_handshake have been extended:
+ If domain name resolution yields multiple IP addresses all of them are tried
+ after connect() failures.
+
+ *David von Oheimb*
+
* All of the low level RSA functions have been deprecated including:
RSA_new_method, RSA_size, RSA_security_bits, RSA_get0_pss_params,
and HMAC_CTX_get_md.
Use of these low level functions has been informally discouraged for a long
- time. Instead applications should use L<EVP_MAC_CTX_new(3)>,
- L<EVP_MAC_CTX_free(3)>, L<EVP_MAC_init(3)>, L<EVP_MAC_update(3)>
+ time. Instead applications should use L<EVP_MAC_new_ctx(3)>,
+ L<EVP_MAC_free_ctx(3)>, L<EVP_MAC_init(3)>, L<EVP_MAC_update(3)>
and L<EVP_MAC_final(3)>.
*Paul Dale*
CMAC_CTX_copy, CMAC_Init, CMAC_Update, CMAC_Final and CMAC_resume.
Use of these low level functions has been informally discouraged for a long
- time. Instead applications should use L<EVP_MAC_CTX_new(3)>,
- L<EVP_MAC_CTX_free(3)>, L<EVP_MAC_init(3)>, L<EVP_MAC_update(3)>
+ time. Instead applications should use L<EVP_MAC_new_ctx(3)>,
+ L<EVP_MAC_free_ctx(3)>, L<EVP_MAC_init(3)>, L<EVP_MAC_update(3)>
and L<EVP_MAC_final(3)>.
*Paul Dale*
- SSL_CTX_load_verify_dir()
- SSL_CTX_load_verify_store()
- Also, the following functions are now deprecated:
-
- - X509_STORE_load_locations() (use X509_STORE_load_file(),
- X509_STORE_load_path() or X509_STORE_load_store() instead)
- - SSL_CTX_load_verify_locations() (use SSL_CTX_load_verify_file(),
- SSL_CTX_load_verify_dir() or SSL_CTX_load_verify_store() instead)
-
*Richard Levitte*
* Added a new method to gather entropy on VMS, based on SYS$GET_ENTROPY.