diff options
author | Theo Buehler <tb@openbsd.org> | 2020-10-07 21:54:19 +0200 |
---|---|---|
committer | Brent Cook <busterb@gmail.com> | 2020-10-17 03:15:28 -0500 |
commit | 6693b2ebd83771f8ac02ec1533360444f9f6fb58 (patch) | |
tree | 207d153c62325cd8ccaf3351835304a3dc04470a /ChangeLog | |
parent | 4de6e2988370865e447f3d3e826ffc7aee96056b (diff) | |
download | portable-6693b2ebd83771f8ac02ec1533360444f9f6fb58.tar.gz portable-6693b2ebd83771f8ac02ec1533360444f9f6fb58.tar.bz2 portable-6693b2ebd83771f8ac02ec1533360444f9f6fb58.zip |
Zap many things that are promised for later
We can mention the new OpenSSL compat API and the validator API
when they're enabled.
The commit message for the validator is out of place.
Diffstat (limited to 'ChangeLog')
-rw-r--r-- | ChangeLog | 24 |
1 files changed, 2 insertions, 22 deletions
@@ -34,29 +34,12 @@ LibreSSL Portable Release Notes: | |||
34 | enabled for both server and client. The OpenSSL TLSv1.3 API is not | 34 | enabled for both server and client. The OpenSSL TLSv1.3 API is not |
35 | yet available and will be provided in an upcoming release. | 35 | yet available and will be provided in an upcoming release. |
36 | 36 | ||
37 | * This release also adds a new X509 certificate chain validator | 37 | * New X509 certificate chain validator loosely based on Go's X509 |
38 | 38 | validator. | |
39 | The new validator finds multiple validated chains to handle the | ||
40 | modern PKI cases which may frequently have multiple paths via | ||
41 | different intermediates to different roots. It is loosely based on | ||
42 | golang's X509 validator. | ||
43 | |||
44 | This includes integration so that the new validator can be used via | ||
45 | X509_verify_cert() as well as a new API x509_verify() which will | ||
46 | return multiple chains (similar to go). | ||
47 | |||
48 | The new public API is not yet exposed, and will be finalized and | ||
49 | enabled later. | ||
50 | 39 | ||
51 | * Improve the handling of BIO_read()/BIO_write() failures in the | 40 | * Improve the handling of BIO_read()/BIO_write() failures in the |
52 | TLSv1.3 stack. | 41 | TLSv1.3 stack. |
53 | 42 | ||
54 | * Prepare to provide most of the TLSv1.3-related OpenSSL 1.1.1 API. | ||
55 | This will be finished in an upcoming release. | ||
56 | |||
57 | * Implement SSL_{CTX_,}set_ciphersuites() and add regress. This is not | ||
58 | yet public API and will be enabled in a future release. | ||
59 | |||
60 | * Start replacing the existing TLSv1.2 record layer. | 43 | * Start replacing the existing TLSv1.2 record layer. |
61 | 44 | ||
62 | * Define OPENSSL_NO_SSL_TRACE in opensslfeatures.h. | 45 | * Define OPENSSL_NO_SSL_TRACE in opensslfeatures.h. |
@@ -112,9 +95,6 @@ LibreSSL Portable Release Notes: | |||
112 | 95 | ||
113 | * Document return value from EC_KEY_get0_public_key(3). | 96 | * Document return value from EC_KEY_get0_public_key(3). |
114 | 97 | ||
115 | * Add initial manual page for the x509_verify() chain validator which | ||
116 | will be installed once the new API is publically exposed. | ||
117 | |||
118 | * Greatly expanded test coverage by the tlsfuzzer test scripts. | 98 | * Greatly expanded test coverage by the tlsfuzzer test scripts. |
119 | 99 | ||
120 | * Test the Botan TLS client with LibreSSL, OpenSSL 1.0.2 and 1.1.1 | 100 | * Test the Botan TLS client with LibreSSL, OpenSSL 1.0.2 and 1.1.1 |