12010-01-05 Rob Crittenden <rcritten@redhat.com> 2 3 * nss_compat_ossl 0.9.6 released. 4 52010-01-04 Rob Crittenden <rcritten@redhat.com> 6 7 * Fixes the SSLv23_[server|client]_method() and only sets 8 SSL_V2_COMPATIBLE_HELLO when SSLv2 is enabled to be more complaint 9 with the OpenSSL API. 10 11 * Added 4 DH ciphers (for clients only) and enabled AES by default. 12 13 * Changed the way that ssl_set_cipher_list() determines its return 14 value. 15 162009-04-29 Rob Crittenden <rcritten@redhat.com> 17 18 * Implement SSL_CTX_set_default_verify_paths() 19 202009-04-20 Rob Crittenden <rcritten@redhat.com> 21 22 * nss_compat_ossl 0.9.5 released. 23 242009-04-20 Rob Crittenden <rcritten@redhat.com> 25 * Ensure that an SSL context exists before doing anything. Since 26 we can't catch NSS initialization failures at init time we have 27 to catch them later (like this). 28 292009-03-06 Rich Megginson <rmeggins@redhat.com> 30 31 * Change license to MIT style license 32 332008-09-12 Rob Crittenden <rcritten@redhat.com> 34 35 * Use proper NSPR header file (even though marked as private) 36 * Don't use PR_GetRandomNoise(), it isn't truly random. Use 37 PK11_GenerateRandom() 38 392008-07-02 Rob Crittenden <rcritten@redhat.com> 40 41 * nss_compat_ossl has some BIO emulation code that links a BIO object 42 in as an NSPR layer. This code 1) did not implement enough of the 43 layer to make SSL happy, and 2) linked the layer at the wrong point 44 in the stack. (453651) Contributed by Bob Relyea 45 462007-10-16 Rob Crittenden <rcritten@redhat.com> 47 48 * Use pkg-config to get the list of NSPR and NSS libraries to link with. 49 502007-10-13 Rob Crittenden <rcritten@redhat.com> 51 52 * Don't explicitly link with libsoftokn3.so (330091) 53 542007-10-13 Rob Crittenden <rcritten@redhat.com> 55 56 * Reverting change to remove #define CERT_NewTempCertificate (306711) 57 This needs to be there otherwise there is an undefined symbol 58 592007-09-20 Rob Crittenden <rcritten@redhat.com> 60 61 * nss_compat_ossl 0.9.2 released. 62 632007-09-20 Rob Crittenden <rcritten@redhat.com> 64 65 * Fix some compiler warnings 66 672007-09-20 Rob Crittenden <rcritten@redhat.com> 68 69 * The license is LGPLv2.1. I had wrongly included both a LGPL 70 LICENSE file AND the GPL 2 COPYING file. LICENSE was removed 71 in a separate update, this fixes COPYING. 72 732007-09-20 Rob Crittenden <rcritten@redhat.com> 74 75 * Patch submitted by Miloslav Trmac (259901) 76 * Define PEM_BUFSIZE 77 * Use a better X509_STORE_CTX (with ->current_cert, ->error) 78 * Add a dummy PEM_def_callback 79 * Add SSLv2_server_method 80 * Add X509_LU_X509, X509_STORE_get_by_subject 81 * Add SSL_get_ex_data_X509_STORE_CTX_idx, and a stub for 82 X509_STORE_CTX_get_ex_data 83 * Uncomment declaration of SSL_state_string_long. Return at least 84 some string instead of NULL. 85 * Fix prototype of CRYPTO_set_locking_callback 86 * Use PK11_GenerateRandom, not PR_GetRandomNoise for RAND_write_file: 87 RAND_write_file is used to keep a persistent random seed across 88 stunnel runs, it is not really necessary to generate a truly random 89 seed each time. Besides, reading 1024 bytes from /dev/random takes 90 way too long. 91 * Don't call fclose(NULL) in RAND_write_file 92 * Return NULL from SSL_get_peer_certificate if no peer certificate is 93 available 94 * Decide whether to allocate memory in X509_NAME_oneline based on 95 the passed buffer, not its size 96 972007-09-14 Rob Crittenden <rcritten@redhat.com> 98 99 * Change name of PKCS#11 module to libnsspem.so 100 * Import some improvements made during curl development 101 1022007-08-29 Rob Crittenden <rcritten@redhat.com> 103 104 * nss_compat_ossl 0.9.1 released. 105 1062007-08-06 Rob Crittenden <rcritten@redhat.com> 107 108 * Remove conflicting LICENSE file (the library is LGPL, not GPL). 109 The file COPYING was correct. 110 * Provide a more usable README 111 1122007-07-25 Rob Crittenden <rcritten@redhat.com> 113 114 * Import into repository. Lost 17 revisions of the history in the 115 migration. 116 1172007-05-29 Rob Crittenden <rcritten@redhat.com> 118 119 * Handle the SSL verify modes for clients as well 120 1212007-05-29 Rob Crittenden <rcritten@redhat.com> 122 123 * In X509_NAME_oneline() use the certificate arena to allocate memory 124 1252007-05-24 Rob Crittenden <rcritten@redhat.com> 126 127 * Handle authenticating a PKCS#11 PEM token. If an encrypted key PEM is 128 provided then the module will correctly prompt for the PIN 129 * Initialize the certificate nickname to NULL 130 * Check the return result of PK11_CreateGenericObject() 131 * After a certificate is selected make sure it exists. Better to catch 132 this earlier than later 133 * Fix SSL_want() to return a legal value (SSL_NOTHING) 134 * Fix some compiler warnings 135 1362007-05-14 Rob Crittenden <rcritten@redhat.com> 137 138 * First cut at loading PEM files on the fly by using a PKCS#11 module 139 that can read them. This is currently disabled as it requires the 140 NSS tip (3.12) and some additional patches. 141 If a filename does not contain a slash (/) then it is considered 142 to be a regular NSS nickname and the NSS Certificate DB token is 143 used. 144 1452007-05-11 Rob Crittenden <rcritten@redhat.com> 146 147 * Patch from Bob Relyea 148 * Adds support for some of the BIO API 149 1502007-04-25 Rob Crittenden <rcritten@redhat.com> 151 152 * A few casts to eliminate some compiler warnings. 153 1542007-04-25 Rob Crittenden <rcritten@redhat.com> 155 156 * Don't allow SSL_library_init to be called more than once 157 * Enable the SSL cache for servers 158 1592007-04-24 Rob Crittenden <rcritten@redhat.com> 160 161 * Cobbled function sftk_newPinCheck() from NSS to do password type and 162 length enforcemen when in FIPS mode 163 * For some reason I had disabled setting ciphers. Re-enabled that and 164 now enforce only FIPS-approved ciphers when the token is in FIPS mode. 165 1662007-04-24 Rob Crittenden <rcritten@redhat.com> 167 168 * Should use PR_USER_THREAD in PR_Init 169 * Add a close method for our layer 170 1712007-04-24 Rob Crittenden <rcritten@redhat.com> 172 173 * Implement SSL_CIPHER_get_version (possibly wrongly) and 174 SSL_CIPHER_get_bits 175 * Fix using an NSS database with a password. Freeing the slot list 176 was bad. 177 1782007-04-23 Rob Crittenden <rcritten@redhat.com> 179 180 * If a certificate cannot be found set an appropriate error so an 181 OpenSSL app reports the right problem. 182 * Look in /etc/pki/nssdb if SSL_DIR is not set 183 * Implement the DEFAULT cipher keyword 184 1852007-04-23 Rob Crittenden <rcritten@redhat.com> 186 187 * Fill in some more of the RAND_ API 188 1892007-04-20 Rob Crittenden <rcritten@redhat.com> 190 191 * Start of project 192