aboutsummaryrefslogtreecommitdiff
path: root/ChangeLog
diff options
context:
space:
mode:
authorTheo Buehler <tb@openbsd.org>2020-10-07 21:54:19 +0200
committerBrent Cook <busterb@gmail.com>2020-10-17 03:15:28 -0500
commit6693b2ebd83771f8ac02ec1533360444f9f6fb58 (patch)
tree207d153c62325cd8ccaf3351835304a3dc04470a /ChangeLog
parent4de6e2988370865e447f3d3e826ffc7aee96056b (diff)
downloadportable-6693b2ebd83771f8ac02ec1533360444f9f6fb58.tar.gz
portable-6693b2ebd83771f8ac02ec1533360444f9f6fb58.tar.bz2
portable-6693b2ebd83771f8ac02ec1533360444f9f6fb58.zip
Zap many things that are promised for later
We can mention the new OpenSSL compat API and the validator API when they're enabled. The commit message for the validator is out of place.
Diffstat (limited to 'ChangeLog')
-rw-r--r--ChangeLog24
1 files changed, 2 insertions, 22 deletions
diff --git a/ChangeLog b/ChangeLog
index 936ffa4..0edf65e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -34,29 +34,12 @@ LibreSSL Portable Release Notes:
34 enabled for both server and client. The OpenSSL TLSv1.3 API is not 34 enabled for both server and client. The OpenSSL TLSv1.3 API is not
35 yet available and will be provided in an upcoming release. 35 yet available and will be provided in an upcoming release.
36 36
37 * This release also adds a new X509 certificate chain validator 37 * New X509 certificate chain validator loosely based on Go's X509
38 38 validator.
39 The new validator finds multiple validated chains to handle the
40 modern PKI cases which may frequently have multiple paths via
41 different intermediates to different roots. It is loosely based on
42 golang's X509 validator.
43
44 This includes integration so that the new validator can be used via
45 X509_verify_cert() as well as a new API x509_verify() which will
46 return multiple chains (similar to go).
47
48 The new public API is not yet exposed, and will be finalized and
49 enabled later.
50 39
51 * Improve the handling of BIO_read()/BIO_write() failures in the 40 * Improve the handling of BIO_read()/BIO_write() failures in the
52 TLSv1.3 stack. 41 TLSv1.3 stack.
53 42
54 * Prepare to provide most of the TLSv1.3-related OpenSSL 1.1.1 API.
55 This will be finished in an upcoming release.
56
57 * Implement SSL_{CTX_,}set_ciphersuites() and add regress. This is not
58 yet public API and will be enabled in a future release.
59
60 * Start replacing the existing TLSv1.2 record layer. 43 * Start replacing the existing TLSv1.2 record layer.
61 44
62 * Define OPENSSL_NO_SSL_TRACE in opensslfeatures.h. 45 * Define OPENSSL_NO_SSL_TRACE in opensslfeatures.h.
@@ -112,9 +95,6 @@ LibreSSL Portable Release Notes:
112 95
113 * Document return value from EC_KEY_get0_public_key(3). 96 * Document return value from EC_KEY_get0_public_key(3).
114 97
115 * Add initial manual page for the x509_verify() chain validator which
116 will be installed once the new API is publically exposed.
117
118 * Greatly expanded test coverage by the tlsfuzzer test scripts. 98 * Greatly expanded test coverage by the tlsfuzzer test scripts.
119 99
120 * Test the Botan TLS client with LibreSSL, OpenSSL 1.0.2 and 1.1.1 100 * Test the Botan TLS client with LibreSSL, OpenSSL 1.0.2 and 1.1.1