12010-01-05  Rob Crittenden <rcritten@redhat.com>
2
3	* nss_compat_ossl 0.9.6 released.
4
52010-01-04  Rob Crittenden <rcritten@redhat.com>
6
7	* Fixes the SSLv23_[server|client]_method() and only sets
8	  SSL_V2_COMPATIBLE_HELLO when SSLv2 is enabled to be more complaint
9	  with the OpenSSL API.
10
11	* Added 4 DH ciphers (for clients only) and enabled AES by default.
12
13	* Changed the way that ssl_set_cipher_list() determines its return
14	  value.
15
162009-04-29  Rob Crittenden <rcritten@redhat.com>
17
18	* Implement SSL_CTX_set_default_verify_paths()
19
202009-04-20  Rob Crittenden <rcritten@redhat.com>
21
22	* nss_compat_ossl 0.9.5 released.
23
242009-04-20  Rob Crittenden <rcritten@redhat.com>
25	* Ensure that an SSL context exists before doing anything. Since
26	  we can't catch NSS initialization failures at init time we have
27	  to catch them later (like this).
28
292009-03-06  Rich Megginson <rmeggins@redhat.com>
30
31	* Change license to MIT style license
32
332008-09-12  Rob Crittenden <rcritten@redhat.com>
34
35	* Use proper NSPR header file (even though marked as private)
36	* Don't use PR_GetRandomNoise(), it isn't truly random. Use
37	  PK11_GenerateRandom()
38
392008-07-02  Rob Crittenden <rcritten@redhat.com>
40
41	* nss_compat_ossl has some BIO emulation code that links a BIO object
42	  in as an NSPR layer. This code 1) did not implement enough of the
43	  layer to make SSL happy, and 2) linked the layer at the wrong point
44	  in the stack. (453651) Contributed by Bob Relyea
45
462007-10-16  Rob Crittenden <rcritten@redhat.com>
47
48	* Use pkg-config to get the list of NSPR and NSS libraries to link with.
49
502007-10-13  Rob Crittenden <rcritten@redhat.com>
51
52	* Don't explicitly link with libsoftokn3.so (330091)
53
542007-10-13  Rob Crittenden <rcritten@redhat.com>
55
56	* Reverting change to remove #define CERT_NewTempCertificate (306711)
57	  This needs to be there otherwise there is an undefined symbol
58
592007-09-20  Rob Crittenden <rcritten@redhat.com>
60
61	* nss_compat_ossl 0.9.2 released.
62
632007-09-20  Rob Crittenden <rcritten@redhat.com>
64
65	* Fix some compiler warnings
66
672007-09-20  Rob Crittenden <rcritten@redhat.com>
68
69	* The license is LGPLv2.1. I had wrongly included both a LGPL
70	  LICENSE file AND the GPL 2 COPYING file. LICENSE was removed
71	  in a separate update, this fixes COPYING.
72
732007-09-20  Rob Crittenden <rcritten@redhat.com>
74
75	* Patch submitted by Miloslav Trmac (259901)
76	  * Define PEM_BUFSIZE
77	  * Use a better X509_STORE_CTX (with ->current_cert, ->error)
78	  * Add a dummy PEM_def_callback
79	  * Add SSLv2_server_method
80	  * Add X509_LU_X509, X509_STORE_get_by_subject
81	  * Add SSL_get_ex_data_X509_STORE_CTX_idx, and a stub for
82	    X509_STORE_CTX_get_ex_data
83	  * Uncomment declaration of SSL_state_string_long.  Return at least
84	    some string instead of NULL.
85	  * Fix prototype of CRYPTO_set_locking_callback
86	  * Use PK11_GenerateRandom, not PR_GetRandomNoise for RAND_write_file:
87	    RAND_write_file is used to keep a persistent random seed across
88	    stunnel runs, it is not really necessary to generate a truly random
89	    seed each time.  Besides, reading 1024 bytes from /dev/random takes
90	    way too long.
91	  * Don't call fclose(NULL) in RAND_write_file
92	  * Return NULL from SSL_get_peer_certificate if no peer certificate is
93	    available
94	  * Decide whether to allocate memory in X509_NAME_oneline based on
95	    the passed buffer, not its size
96
972007-09-14  Rob Crittenden <rcritten@redhat.com>
98
99	* Change name of PKCS#11 module to libnsspem.so
100	* Import some improvements made during curl development
101
1022007-08-29  Rob Crittenden <rcritten@redhat.com>
103
104	* nss_compat_ossl 0.9.1 released.
105
1062007-08-06  Rob Crittenden <rcritten@redhat.com>
107
108	* Remove conflicting LICENSE file (the library is LGPL, not GPL).
109	  The file COPYING was correct.
110	* Provide a more usable README
111
1122007-07-25  Rob Crittenden <rcritten@redhat.com>
113
114	* Import into repository. Lost 17 revisions of the history in the
115	  migration.
116
1172007-05-29  Rob Crittenden <rcritten@redhat.com>
118
119	* Handle the SSL verify modes for clients as well
120
1212007-05-29  Rob Crittenden <rcritten@redhat.com>
122
123	* In X509_NAME_oneline() use the certificate arena to allocate memory
124
1252007-05-24  Rob Crittenden <rcritten@redhat.com>
126
127	* Handle authenticating a PKCS#11 PEM token. If an encrypted key PEM is
128	  provided then the module will correctly prompt for the PIN
129	* Initialize the certificate nickname to NULL
130	* Check the return result of PK11_CreateGenericObject()
131	* After a certificate is selected make sure it exists. Better to catch
132	  this earlier than later
133	* Fix SSL_want() to return a legal value (SSL_NOTHING)
134	* Fix some compiler warnings
135
1362007-05-14  Rob Crittenden <rcritten@redhat.com>
137
138	* First cut at loading PEM files on the fly by using a PKCS#11 module
139	  that can read them. This is currently disabled as it requires the
140	  NSS tip (3.12) and some additional patches.
141	  If a filename does not contain a slash (/) then it is considered
142	  to be a regular NSS nickname and the NSS Certificate DB token is
143	  used.
144
1452007-05-11  Rob Crittenden <rcritten@redhat.com>
146
147	* Patch from Bob Relyea
148	  * Adds support for some of the BIO API
149
1502007-04-25  Rob Crittenden <rcritten@redhat.com>
151
152	* A few casts to eliminate some compiler warnings.
153
1542007-04-25  Rob Crittenden <rcritten@redhat.com>
155
156	* Don't allow SSL_library_init to be called more than once
157	* Enable the SSL cache for servers
158
1592007-04-24  Rob Crittenden <rcritten@redhat.com>
160
161	* Cobbled function sftk_newPinCheck() from NSS to do password type and
162	  length enforcemen when in FIPS mode
163	* For some reason I had disabled setting ciphers. Re-enabled that and
164	  now enforce only FIPS-approved ciphers when the token is in FIPS mode.
165
1662007-04-24  Rob Crittenden <rcritten@redhat.com>
167
168	* Should use PR_USER_THREAD in PR_Init
169	* Add a close method for our layer
170
1712007-04-24  Rob Crittenden <rcritten@redhat.com>
172
173	* Implement SSL_CIPHER_get_version (possibly wrongly) and
174	  SSL_CIPHER_get_bits
175	* Fix using an NSS database with a password. Freeing the slot list
176	  was bad.
177
1782007-04-23  Rob Crittenden <rcritten@redhat.com>
179
180	* If a certificate cannot be found set an appropriate error so an
181	  OpenSSL app reports the right problem.
182	* Look in /etc/pki/nssdb if SSL_DIR is not set
183	* Implement the DEFAULT cipher keyword
184
1852007-04-23  Rob Crittenden <rcritten@redhat.com>
186
187	* Fill in some more of the RAND_ API
188
1892007-04-20  Rob Crittenden <rcritten@redhat.com>
190
191	* Start of project
192