From: Dr. Stephen Henson <steve@openssl.org>
Date: Mon, 1 Mar 2004 01:10:26 +0000 (+0000)
Subject: Since the last commit also included the OCSP nonce change
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=d60425034fdcd2646b2627779c5601aff6321de4;p=oweals%2Fopenssl.git

Since the last commit also included the OCSP nonce change
(which I thought I'd included before). I'd better add the
corresponding CHANGES entry.
---

diff --git a/CHANGES b/CHANGES
index 2444eb7c51..27bf3e9bb7 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,13 @@
 
  Changes between 0.9.7c and 0.9.7d  [xx XXX XXXX]
 
+  *) When creating an OCSP nonce use an OCTET STRING inside the extnValue.
+     A clarification of RFC2560 will require the use of OCTET STRINGs and 
+     some implementations cannot handle the current raw format. Since OpenSSL
+     copies and compares OCSP nonces as opaque blobs without any attempt at
+     parsing them this should not create any compatibility issues.
+     [Steve Henson]
+
   *) New md flag EVP_MD_CTX_FLAG_REUSE this allows md_data to be reused when
      calling EVP_MD_CTX_copy_ex() to avoid calling OPENSSL_malloc(). Without
      this HMAC (and other) operations are several times slower than OpenSSL