Changes between 1.0.2 and 1.1.0 [xx XXX xxxx]
+ *) State machine rewrite. The state machine code has been significantly
+ refactored in order to remove much duplication of code and solve issues
+ with the old code (see ssl/statem/README for further details). This change
+ does have some associated API changes. Notably SSL_get_state/SSL_state now
+ returns an "OSSL_HANDSHAKE_STATE" instead of an int. The previous handshake
+ states defined in ssl.h and ssl3.h have been redefined to be the nearest
+ equivalent OSS_HANDSHAKE_STATE value. Not all states have an equivalent
+ value, (e.g. SSL_ST_CW_FLUSH). New application code should not use the old
+ handshake state values, but should instead use OSSL_HANDSHAKE_STATE.
+ [Matt Caswell]
+
+ *) The demo files in crypto/threads were moved to demo/threads.
+ [Rich Salz]
+
+ *) Removed obsolete engines: 4758cca, aep, atalla, cswift, nuron and sureware.
+ [Matt Caswell]
+
+ *) New ASN.1 embed macro.
+
+ New ASN.1 macro ASN1_EMBED. This is the same as ASN1_SIMPLE except the
+ structure is not allocated: it is part of the parent. That is instead of
+
+ FOO *x;
+
+ it must be:
+
+ FOO x;
+
+ This reduces memory fragmentation and make it impossible to accidentally
+ set a mandatory field to NULL.
+
+ This currently only works for some fields specifically a SEQUENCE, CHOICE,
+ or ASN1_STRING type which is part of a parent SEQUENCE. Since it is
+ equivalent to ASN1_SIMPLE it cannot be tagged, OPTIONAL, SET OF or
+ SEQUENCE OF.
+ [Steve Henson]
+
+ *) Remove EVP_CHECK_DES_KEY, a compile-time option that never compiled.
+ [Emilia Käsper]
+
+ *) Removed DES and RC4 ciphersuites from DEFAULT. Also removed RC2 although
+ in 1.0.2 EXPORT was already removed and the only RC2 ciphersuite is also
+ an EXPORT one. COMPLEMENTOFDEFAULT has been updated accordingly to add
+ DES and RC4 ciphersuites.
+ [Matt Caswell]
+
*) Rewrite EVP_DecodeUpdate (base64 decoding) to fix several bugs.
This changes the decoding behaviour for some invalid messages,
though the change is mostly in the more lenient direction, and
*) Fix no-stdio build.
[ David Woodhouse <David.Woodhouse@intel.com> and also
Ivan Nestlerode <ivan.nestlerode@sonos.com> ]
+
*) New testing framework
The testing framework has been largely rewritten and is now using
perl and the perl modules Test::Harness and an extended variant of