From 17224a3d31d25ce6daa4de63b52b26bee9564bcd Mon Sep 17 00:00:00 2001 From: Erlang/OTP Date: Mon, 13 Sep 2010 17:58:05 +0200 Subject: Prepare release --- lib/ssl/doc/src/notes.xml | 111 +++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 110 insertions(+), 1 deletion(-) (limited to 'lib/ssl/doc') diff --git a/lib/ssl/doc/src/notes.xml b/lib/ssl/doc/src/notes.xml index 95e968aa22..5f9e436348 100644 --- a/lib/ssl/doc/src/notes.xml +++ b/lib/ssl/doc/src/notes.xml @@ -31,7 +31,116 @@

This document describes the changes made to the SSL application.

-
SSL 4.0 +
SSL 4.0.1 + +
Fixed Bugs and Malfunctions + + +

+ The server now verifies the client certificate verify + message correctly, instead of causing a case-clause.

+

+ Own Id: OTP-8721

+ + +

+ The client hello message now always include ALL available + cipher suites (or those specified by the ciphers option). + Previous implementation would filter them based on the + client certificate key usage extension (such filtering + only makes sense for the server certificate).

+

+ Own Id: OTP-8772

+ + +

+ Fixed handling of the option {mode, list} that was broken + for some packet types for instance line.

+

+ Own Id: OTP-8785

+ + +

+ Empty packets were not delivered to the client.

+

+ Own Id: OTP-8790

+ + +

Building in a source tree without prebuilt platform + independent build results failed on the SSL examples + when:

cross building. This has been + solved by not building the SSL examples during a cross + build. building on Windows. +

+ Own Id: OTP-8791

+ + +

+ Fixed a handshake error which occurred on some ssl + implementations.

+

+ Own Id: OTP-8793

+ + +
+ + +
Improvements and New Features + + +

+ Revise the public_key API - Cleaned up and documented the + public_key API to make it useful for general use, also + changed ssl to use the new API.

+

+ Own Id: OTP-8722

+ + +

+ Added support for inputing certificates and keys directly + in DER format these options will override the pem-file + options if specified.

+

+ Own Id: OTP-8723

+ + +

+ To gain interoperability ssl will not check for padding + errors when using TLS 1.0. It is first in TLS 1.1 that + checking the padding is an requirement.

+

+ Own Id: OTP-8740

+ + +

+ Changed the semantics of the verify_fun option in the + ssl-application so that it takes care of both application + handling of path validation errors and verification of + application specific extensions. This means that it is + now possible for the server application in verify_peer + mode to handle path validation errors. This change moved + some functionality earlier in ssl to the public_key + application.

+

+ Own Id: OTP-8770

+ + +

+ Added the functionality so that the verification fun will + be called when a certificate is considered valid by the + path validation to allow access to each certificate in + the path to the user application. Also try to verify + subject-AltName, if unable to verify it let the + application verify it.

+

+ Own Id: OTP-8825

+ + +
+ +
+ +
SSL 4.0
Improvements and New Features -- cgit v1.2.3