11.4.6
2 - Update unit tests to new pki.goog test servers
3
41.4.5
5 - Tweaks and fixes for upcoming OpenSSLv3. Once OpenSSLv3 is released we should
6   port the deprecated functions, but for now we keep supporting OpenSSL 1.0.2.
7
81.4.4
9 - Fix rand_bytes for large input
10 - Remove some legacy Windows workarounds from R 3.2
11 - Windows: upgrade libs to openssl 1.1.1k
12
131.4.3
14 - Fix a harmless compiler warning for CRAN
15
161.4.2
17 - Catch FIPS errors and add FIPS flag to openssl_config()
18 - Win/Mac: update binary packages to openssl 1.1.1g
19 - Early preparations for upcoming OpenSSL 3
20
211.4.1
22 - write_pkcs1 now supports RSA/DSA/EC keys for legacy ssh compatibility
23 - as.list.cert() gains a parameter 'name_format' to control printing #72
24
251.4.0
26 - Expose ed25519 and x25519 functions for signatures and diffie hellman using
27   curve25519. This is only supported when building against version 1.1.1 or newer
28   of the openssl library.
29 - Unit tests for curve25519 (this requires sodium)
30
311.3.0
32 - read_key() now supports the new openssh private key format
33 - Added bcrypt KDF which is needed to read the new openssh keys
34
351.2.2
36 - Fix double free crash with libssl 1.1.1b
37
381.2.1
39 - Hotfix release for crash in ecdsa_write()
40
411.2
42 - askpass() has been moved into its own package and gains native programs
43   for MacOS and Windows.
44 - Added ecdsa_parse() and ecdsa_write() to support JWT signatures (jose pkg)
45
461.1
47 - MacOS and Windows binaries now ship with libssl 1.1.1 (TLS 1.3 support)
48 - Windows (breaking): my_key() and my_pubkey() now interpret ~/ as windows
49   home dir instead of documents dir, for compatibility with other software.
50 - my_pubkey() no longer uses USER_PUBKEY but instead USER_KEY + ".pub"
51 - Use the OpenSSL 1.1 API in LibreSSL 2.7
52 - Suppress echo in askpass if stdin is a tty
53
541.0.2
55 - Improve system error messages in download_ssl_cert()
56 - Fix unit test (password error message) for libcrypto 1.1.1
57
581.0.1
59 - Fix a unit test from  http://pki.goog/ (google changed servers)
60
611.0
62 - Add the 'name' field to read_p12() output
63 - Add write_pkcs1() for legacy OpenSSH keys
64 - Fix unit tests using http://pki.goog/ (Google changed crt files to DER)
65
660.9.9
67 - Workaround failing test on Mavericks due to IPv6 firewall issue
68
690.9.8
70 - Fix build on OSX Mavericks
71
720.9.7
73 - Configure script checks SHLIB_VERSION_NUMBER to find matching lib
74 - Added internal stopifnot() replacement to give more helpful error mesasges
75 - Add live SSL unit tests from https://pki.goog
76 - Fix for OpenBSD/FreeBSD (#41)
77 - Added as.integer.bignum() method
78 - Update maintainer email address
79 - Add symbol registration call in R_init_openssl
80 - Reject empty digests when signing (#44)
81 - Use OPENSSL_free to free OpenSSL's allocations (#44)
82 - Cleanups for ec_keygen() (#44)
83 - Windows: update OpenSSL to 1.1.0f
84
850.9.6
86 - Add read_p7b() and write_p7b() for certificate bundles
87 - Rename read_pkcs12 / write_pkcs12 to read_p12 / write_p12
88 - More unit test for rountripping certs
89 - Workaround for PEM files with "RSA PUBLIC KEY" instead of "PUBLIC KEY" header
90 - Fix example in bignum vignette for OpenSSL 1.1.0 (increase RSA key size)
91 - Sync bundled cacert.pem with Mozilla as of: Wed Sep 14 03:12:05 2016
92 - Added blake2b and blake2s hash functions (only available in libssl 1.1)
93 - Fix support for LibreSSL
94 - Windows: update libssl/libcrypto to 1.1.0c
95
960.9.5
97 - Support for new API in OpenSSL 1.1.0
98 - Remove 'pseudo_rand_bytes()' (deprecated in libssl)
99 - Work around missing EVP_CIPH_GCM_MODE in OpenSSL 1.0.0
100 - Add read_pkcs12() and write_pkcs12() functions
101 - Add read_pem() for debugging PEM files
102 - Add base methods [, [[, $, names, .DollarNames for keys and certificates
103 - Update libssl on Windows to 1.0.2h
104 - Add #define _POSIX_C_SOURCE in ssl.c to ensure getaddrinfo() is available
105 - Add as.character.hash method for raw hashes
106 - Clear error buffer when raising an error
107
1080.9.4
109 - Fix ec_keygen() for old versions of OpenSSL
110 - Added aes_ctr() and aes_gcm() modes
111 - Added aes_keygen()
112 - Added bignum_mod_inv()
113 - Internal tools for JWT/JWK support (see pkg: jose)
114
1150.9.3
116 - Added ec_dh() function for ECDH
117 - Added --atleast-version=1.0 to pkg-config in configure script
118 - Switch as.list(cert) to RFC2253 format for 'subject' and 'issuer' fields
119
1200.9.2
121 - Disable EC stuff for OPENSSL_NO_EC (needed on some Solaris / Gentoo)
122 - Added openssl_config() function to test if libssl is built with EC support
123 - Make configure script bourne compatible (remove bash shebang)
124 - Tweak for OpenBSD in ssl.c
125 - Added sha224, sha384 and sha2 functions
126 - Export the fingerprint function
127
1280.9.1
129 - Fix for getaddrinfo() in Solaris
130 - Use the configurable askpass() for password prompt
131
1320.9
133 - Switched download_ssl_cert to getaddrinfo() api for ipv6 support
134 - Fix for example for naming conflict with new digest package
135
1360.8
137 - Configure script now checks for OpenSSL minimum version 1.0.0
138
1390.7
140 - Breaking change: hash functions now use hmac 'key' instead of a 'salt'
141 - The my_key() and my_pubkey() functions now work as documented
142 - as.list(cert) add alt_names field for https certs with multiple domains
143 - added export_pem for certificates
144
1450.6
146 - Added --force-bottle to autobrew installer
147 - Use nonblocking socket in ssl to set connection timeout
148 - Fix UBSAN problem in ssl.c
149 - Fix ASAN problem in hash.c
150
1510.5
152 - Major overhaul, add encryption, signature, cert stuff
153 - Upgrade libssl and libcrypto on windows to 1.0.2d
154
1550.4
156 - Added base64 functions
157