From: Richard Levitte <levitte@openssl.org>
Date: Mon, 29 Nov 2004 11:57:00 +0000 (+0000)
Subject: Document the change.
X-Git-Tag: BEN_FIPS_TEST_6~14^2~19
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=5022e4ecdf228dd79c9fc355a7b5047adbf9d414;p=oweals%2Fopenssl.git

Document the change.
---

diff --git a/CHANGES b/CHANGES
index 1227d35e2b..47ffdcfded 100644
--- a/CHANGES
+++ b/CHANGES
@@ -743,7 +743,21 @@
      differing sizes.
      [Richard Levitte]
 
- Changes between 0.9.7d and 0.9.7e  [XX xxx XXXX]
+ Changes between 0.9.7e and 0.9.7f  [XX xxx XXXX]
+
+  *) Make an explicit check during certificate validation to see that
+     the CA setting in each certificate on the chain is correct.  As a
+     side effect always do the following basic checks on extensions,
+     not just when there's an associated purpose to the check:
+
+      - if there is an unhandled critical extension (unless the user
+        has chosen to ignore this fault)
+      - if the path length has been exceeded (if one is set at all)
+      - that certain extensions fit the associated purpose (if one has
+        been given)
+     [Richard Levitte]
+
+ Changes between 0.9.7d and 0.9.7e  [25 Oct 2004]
 
   *) Avoid a race condition when CRLs are checked in a multi threaded 
      environment. This would happen due to the reordering of the revoked