OpenSSL CHANGES
_______________
- Changes between 0.9.8i and 0.9.8j [xx XXX xxxx]
+ Changes between 0.9.8j and 0.9.8k [xx XXX xxxx]
+
+ *) Allow CC in the environment to override the automatically chosen
+ compiler. Note that nothing is done to ensure flags work with the
+ chosen compiler.
+ [Ben Laurie]
+
+ Changes between 0.9.8i and 0.9.8j [07 Jan 2009]
+
+ *) Properly check EVP_VerifyFinal() and similar return values
+ (CVE-2008-5077).
+ [Ben Laurie, Bodo Moeller, Google Security Team]
+
+ *) Enable TLS extensions by default.
+ [Ben Laurie]
*) Allow the CHIL engine to be loaded, whether the application is
multithreaded or not. (This does not release the developer from the
obligation to set up the dynamic locking callbacks.)
[Sander Temme <sander@temme.net>]
- *) Update Configure code and WIN32 build scripts to support experimental
- code. This is surrounded by OPENSSL_EXPERIMENTAL_FOO and not compiled
- in by default. Using the configuration option "enable-experimental-foo"
- enables it. Use this option for JPAKE.
- [Steve Henson]
-
*) Use correct exit code if there is an error in dgst command.
[Steve Henson; problem pointed out by Roland Dirlewanger]
- *) Add JPAKE support, including demo authentication in s_client and
- s_server.
+ *) Tweak Configure so that you need to say "experimental-jpake" to enable
+ JPAKE, and need to use -DOPENSSL_EXPERIMENTAL_JPAKE in applications.
+ [Bodo Moeller]
+
+ *) Add experimental JPAKE support, including demo authentication in
+ s_client and s_server.
[Ben Laurie]
*) Set the comparison function in v3_addr_canonize().