Add info on the CMP implementation and HTTP client to NEWS.md and CHANGES.md

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11608)

diff --git a/CHANGES.md b/CHANGES.md
index 21ce8962a5e418637689e2a2f265b50c6614ce36..78e8f88c6247091a9d7f2668c0e9d56d5c48fbf8 100644 (file)
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -87,6 +87,18 @@ OpenSSL 3.0
 
    *Richard Levitte*
 
+ * Added an implementation of CMP and CRMF (RFC 4210, RFC 4211 RFC 6712).
+   This adds crypto/cmp/, crpyto/crmf/, and test/cmp_*.
+   See L<OSSL_CMP_exec_IR_ses(3)> as starting point.
+
+   *David von Oheimb*
+
+ * Generalized the HTTP client code from crypto/ocsp/ into crpyto/http/.
+   The legacy OCSP-focused and only partly documented API is retained.
+   See L<OSSL_CMP_MSG_http_perform(3)> etc. for details.
+
+   *David von Oheimb*
+
  * All of the low level RSA functions have been deprecated including:
 
    RSA_new_method, RSA_bits, RSA_size, RSA_security_bits,

diff --git a/NEWS.md b/NEWS.md
index 9f18f416f889daf31f63575e09b81b9bd0ea8e8d..59081b0cdd47c8dd9f8fa6765e514daa8e1ccedc 100644 (file)
--- a/NEWS.md
+++ b/NEWS.md
@@ -33,6 +33,12 @@ OpenSSL 3.0
     authenticate servers or clients.
   * enable-crypto-mdebug and enable-crypto-mdebug-backtrace were mostly
     disabled; the project uses address sanitize/leak-detect instead.
+  * Added a Certificate Management Protocol (CMP, RFC 4210) implementation
+    also covering CRMF (RFC 4211) and HTTP transfer (RFC 6712).
+    It is part of the crypto lib, while a 'cmp' app using it is in preparation.
+    All widely used CMP features are supported for both clients and servers.
+  * Added a proper HTTP(S) client to libcrypto supporting GET and POST,
+    redirection, plain and ASN.1-encoded contents, proxies, and timeouts.
   * Added OSSL_SERIALIZER, a generic serializer API.
   * Added OSSL_PARAM_BLD, an easier to use API to OSSL_PARAM.
   * Added error raising macros, ERR_raise() and ERR_raise_data().