OpenSSL CHANGES
_______________
- Changes between 1.0.1 and 1.1.0 [xx XXX xxxx]
+ Changes between 1.0.x and 1.1.0 [xx XXX xxxx]
- *) New function SSL_certs_clear() to delete all references to certificates
- from an SSL structure. Before this once a certificate had been added
- it couldn't be removed.
+ *) Make openssl verify return errors.
+ [Chris Palmer <palmer@google.com> and Ben Laurie]
+
+ *) Fix OCSP checking.
+ [Rob Stradling <rob.stradling@comodo.com> and Ben Laurie]
+
+ *) New option -crl_download in several openssl utilities to download CRLs
+ from CRLDP extension in certificates.
[Steve Henson]
- *) Initial SSL tracing code. This parses out SSL/TLS records using the
- message callback and prints the results. Needs compile time option
- "enable-ssl-trace". New options to s_client and s_server to enable
- tracing.
+ *) Integrate hostname, email address and IP address checking with certificate
+ verification. New verify options supporting checking in opensl utility.
[Steve Henson]
- *) New functions to retrieve certificate signature and signature
- OID NID.
+ *) New function X509_CRL_diff to generate a delta CRL from the difference
+ of two full CRLs. Add support to "crl" utility.
[Steve Henson]
- *) Print out deprecated issuer and subject unique ID fields in
- certificates.
+ *) New options -CRL and -CRLform for s_client and s_server for CRLs.
[Steve Henson]
- *) RFC 5878 support.
- [Emilia Kasper, Adam Langley, Ben Laurie (Google)]
+ *) Extend OCSP I/O functions so they can be used for simple general purpose
+ HTTP as well as OCSP. New wrapper function which can be used to download
+ CRLs using the OCSP API.
+ [Steve Henson]
- *) Support for automatic EC temporary key parameter selection. If enabled
- the most preferred EC parameters are automatically used instead of
- hardcoded fixed parameters. Now a server just has to call:
- SSL_CTX_set_ecdh_auto(ctx, 1) and the server will automatically
- support ECDH and use the most appropriate parameters.
+ *) New functions to set lookup_crls callback and to retrieve
+ X509_STORE from X509_STORE_CTX.
[Steve Henson]
- *) Enhance and tidy EC curve and point format TLS extension code. Use
- static structures instead of allocation if default values are used.
- New ctrls to set curves we wish to support and to retrieve shared curves.
- Print out shared curves in s_server. New options to s_server and s_client
- to set list of supported curves.
+ *) New ctrl and macro to retrieve supported points extensions.
+ Print out extension in s_server and s_client.
[Steve Henson]
- *) New ctrls to retrieve supported signature algorithms and
- supported curve values as an array of NIDs. Extend openssl utility
- to print out received values.
+ *) New function ASN1_TIME_diff to calculate the difference between two
+ ASN1_TIME structures or one structure and the current time.
[Steve Henson]
- *) Add new APIs EC_curve_nist2nid and EC_curve_nid2nist which convert
- between NIDs and the more common NIST names such as "P-256". Enhance
- ecparam utility and ECC method to recognise the NIST names for curves.
+ *) Fixes and wildcard matching support to hostname and email checking
+ functions. Add manual page.
+ [Florian Weimer (Red Hat Product Security Team)]
+
+ *) New experimental SSL_CONF* functions. These provide a common framework
+ for application configuration using configuration files or command lines.
[Steve Henson]
- *) Enhance SSL/TLS certificate chain handling to support different
- chains for each certificate instead of one chain in the parent SSL_CTX.
+ *) New functions to check a hostname email or IP address against a
+ certificate. Add options x509 utility to print results of checks against
+ a certificate.
[Steve Henson]
- *) Support for fixed DH ciphersuite client authentication: where both
- server and client use DH certificates with common parameters.
+ *) Add -rev test option to s_server to just reverse order of characters
+ received by client and send back to server. Also prints an abbreviated
+ summary of the connection parameters.
[Steve Henson]
- *) Support for fixed DH ciphersuites: those requiring DH server
- certificates.
+ *) New option -brief for s_client and s_server to print out a brief summary
+ of connection parameters.
[Steve Henson]
- *) Transparently support X9.42 DH parameters when calling
- PEM_read_bio_DHparameters. This means existing applications can handle
- the new parameter format automatically.
+ *) Add functions to retrieve and manipulate the raw cipherlist sent by a
+ client to OpenSSL.
[Steve Henson]
- *) Initial experimental support for X9.42 DH parameter format: mainly
- to support use of 'q' parameter for RFC5114 parameters.
+ *) New Suite B modes for TLS code. These use and enforce the requirements
+ of RFC6460: restrict ciphersuites, only permit Suite B algorithms and
+ only use Suite B curves. The Suite B modes can be set by using the
+ strings "SUITEB128", "SUITEB192" or "SUITEB128ONLY" for the cipherstring.
[Steve Henson]
- *) Add DH parameters from RFC5114 including test data to dhtest.
+ *) New chain verification flags for Suite B levels of security. Check
+ algorithms are acceptable when flags are set in X509_verify_cert.
+ [Steve Henson]
+
+ *) Make tls1_check_chain return a set of flags indicating checks passed
+ by a certificate chain. Add additional tests to handle client
+ certificates: checks for matching certificate type and issuer name
+ comparison.
+ [Steve Henson]
+
+ *) If an attempt is made to use a signature algorithm not in the peer
+ preference list abort the handshake. If client has no suitable
+ signature algorithms in response to a certificate request do not
+ use the certificate.
+ [Steve Henson]
+
+ *) If server EC tmp key is not in client preference list abort handshake.
+ [Steve Henson]
+
+ *) Add support for certificate stores in CERT structure. This makes it
+ possible to have different stores per SSL structure or one store in
+ the parent SSL_CTX. Include distint stores for certificate chain
+ verification and chain building. New ctrl SSL_CTRL_BUILD_CERT_CHAIN
+ to build and store a certificate chain in CERT structure: returing
+ an error if the chain cannot be built: this will allow applications
+ to test if a chain is correctly configured.
+
+ Note: if the CERT based stores are not set then the parent SSL_CTX
+ store is used to retain compatibility with existing behaviour.
+
+ [Steve Henson]
+
+ *) New function ssl_set_client_disabled to set a ciphersuite disabled
+ mask based on the current session, check mask when sending client
+ hello and checking the requested ciphersuite.
+ [Steve Henson]
+
+ *) New ctrls to retrieve and set certificate types in a certificate
+ request message. Print out received values in s_client. If certificate
+ types is not set with custom values set sensible values based on
+ supported signature algorithms.
+ [Steve Henson]
+
+ *) Support for distinct client and server supported signature algorithms.
+ [Steve Henson]
+
+ *) Add certificate callback. If set this is called whenever a certificate
+ is required by client or server. An application can decide which
+ certificate chain to present based on arbitrary criteria: for example
+ supported signature algorithms. Add very simple example to s_server.
+ This fixes many of the problems and restrictions of the existing client
+ certificate callback: for example you can now clear an existing
+ certificate and specify the whole chain.
+ [Steve Henson]
+
+ *) Add new "valid_flags" field to CERT_PKEY structure which determines what
+ the certificate can be used for (if anything). Set valid_flags field
+ in new tls1_check_chain function. Simplify ssl_set_cert_masks which used
+ to have similar checks in it.
+
+ Add new "cert_flags" field to CERT structure and include a "strict mode".
+ This enforces some TLS certificate requirements (such as only permitting
+ certificate signature algorithms contained in the supported algorithms
+ extension) which some implementations ignore: this option should be used
+ with caution as it could cause interoperability issues.
+ [Steve Henson]
+
+ *) Update and tidy signature algorithm extension processing. Work out
+ shared signature algorithms based on preferences and peer algorithms
+ and print them out in s_client and s_server. Abort handshake if no
+ shared signature algorithms.
+ [Steve Henson]
+
+ *) Add new functions to allow customised supported signature algorithms
+ for SSL and SSL_CTX structures. Add options to s_client and s_server
+ to support them.
+ [Steve Henson]
+
+ *) New function SSL_certs_clear() to delete all references to certificates
+ from an SSL structure. Before this once a certificate had been added
+ it couldn't be removed.
+ [Steve Henson]
+
+ *) Initial SSL tracing code. This parses out SSL/TLS records using the
+ message callback and prints the results. Needs compile time option
+ "enable-ssl-trace". New options to s_client and s_server to enable
+ tracing.
+ [Steve Henson]
+
+ *) New functions to retrieve certificate signature and signature
+ OID NID.
+ [Steve Henson]
+
+ *) Print out deprecated issuer and subject unique ID fields in
+ certificates.
[Steve Henson]
*) Update fips_test_suite to support multiple command line options. New
whose return value is often ignored.
[Steve Henson]
+ Changes between 1.0.1 and 1.0.2 [xx XXX xxxx]
+
+ *) MIPS assembly pack updates: support for MIPS32r2 and SmartMIPS ASE,
+ platform support for Linux and Android.
+ [Andy Polyakov]
+
+ *) Call OCSP Stapling callback after ciphersuite has been chosen, so
+ the right response is stapled. Also change current certificate to
+ the certificate actually sent.
+ See http://rt.openssl.org/Ticket/Display.html?id=2836.
+ [Rob Stradling <rob.stradling@comodo.com>]
+
+ *) Support for linux-x32, ILP32 environment in x86_64 framework.
+ [Andy Polyakov]
+
+ *) RFC 5878 support.
+ [Emilia Kasper, Adam Langley, Ben Laurie (Google)]
+
+ *) Experimental multi-implementation support for FIPS capable OpenSSL.
+ When in FIPS mode the approved implementations are used as normal,
+ when not in FIPS mode the internal unapproved versions are used instead.
+ This means that the FIPS capable OpenSSL isn't forced to use the
+ (often lower perfomance) FIPS implementations outside FIPS mode.
+ [Steve Henson]
+
+ *) Transparently support X9.42 DH parameters when calling
+ PEM_read_bio_DHparameters. This means existing applications can handle
+ the new parameter format automatically.
+ [Steve Henson]
+
+ *) Initial experimental support for X9.42 DH parameter format: mainly
+ to support use of 'q' parameter for RFC5114 parameters.
+ [Steve Henson]
+
+ *) Add DH parameters from RFC5114 including test data to dhtest.
+ [Steve Henson]
+
+ *) Support for automatic EC temporary key parameter selection. If enabled
+ the most preferred EC parameters are automatically used instead of
+ hardcoded fixed parameters. Now a server just has to call:
+ SSL_CTX_set_ecdh_auto(ctx, 1) and the server will automatically
+ support ECDH and use the most appropriate parameters.
+ [Steve Henson]
+
+ *) Enhance and tidy EC curve and point format TLS extension code. Use
+ static structures instead of allocation if default values are used.
+ New ctrls to set curves we wish to support and to retrieve shared curves.
+ Print out shared curves in s_server. New options to s_server and s_client
+ to set list of supported curves.
+ [Steve Henson]
+
+ *) New ctrls to retrieve supported signature algorithms and
+ supported curve values as an array of NIDs. Extend openssl utility
+ to print out received values.
+ [Steve Henson]
+
+ *) Add new APIs EC_curve_nist2nid and EC_curve_nid2nist which convert
+ between NIDs and the more common NIST names such as "P-256". Enhance
+ ecparam utility and ECC method to recognise the NIST names for curves.
+ [Steve Henson]
+
+ *) Enhance SSL/TLS certificate chain handling to support different
+ chains for each certificate instead of one chain in the parent SSL_CTX.
+ [Steve Henson]
+
+ *) Support for fixed DH ciphersuite client authentication: where both
+ server and client use DH certificates with common parameters.
+ [Steve Henson]
+
+ *) Support for fixed DH ciphersuites: those requiring DH server
+ certificates.
+ [Steve Henson]
+
Changes between 1.0.1c and 1.0.1d [xx XXX xxxx]
*) Fix possible deadlock when decoding public keys.
*) Initialise tkeylen properly when encrypting CMS messages.
Thanks to Solar Designer of Openwall for reporting this issue.
[Steve Henson]
-
+
*) In FIPS mode don't try to use composite ciphers as they are not
approved.
[Steve Henson]
-
+
Changes between 1.0.1a and 1.0.1b [26 Apr 2012]
-
+
*) OpenSSL 1.0.0 sets SSL_OP_ALL to 0x80000FFFL and OpenSSL 1.0.1 and
1.0.1a set SSL_OP_NO_TLSv1_1 to 0x00000400L which would unfortunately
mean any application compiled against OpenSSL 1.0.0 headers setting
the correct format in RSA_verify so both forms transparently work.
[Steve Henson]
- *) Add compatibility with old MDC2 signatures which use an ASN1 OCTET
- STRING form instead of a DigestInfo.
- [Steve Henson]
-
*) Some servers which support TLS 1.0 can choke if we initially indicate
support for TLS 1.2 and later renegotiate using TLS 1.0 in the RSA
encrypted premaster secret. As a workaround use the maximum pemitted