+15
-0
lines changedFilter options
+15
-0
lines changed Original file line number Diff line number Diff line change
@@ -4,6 +4,20 @@
4 4 5 5
Changes between 1.0.2e and 1.1.0 [xx XXX xxxx]
6 6 7 +
*) Support for RFC6698/RFC7671 DANE TLSA peer authentication.
8 + 9 +
Obtaining and performing DNSSEC validation of TLSA records is
10 +
the application's responsibility. The application provides
11 +
the TLSA records of its choice to OpenSSL, and these are then
12 +
used to authenticate the peer.
13 + 14 +
The TLSA records need not even come from DNS. They can, for
15 +
example, be used to implement local end-entity certificate or
16 +
trust-anchor "pinning", where the "pin" data takes the form
17 +
of TLSA records, which can augment or replace verification
18 +
based on the usual WebPKI public certification authorities.
19 +
[Viktor Dukhovni]
20 + 7 21
*) Revert default OPENSSL_NO_DEPRECATED setting. Instead OpenSSL
8 22
continues to support deprecated interfaces in default builds.
9 23
However, applications are strongly advised to compile their
@@ -28,6 +28,7 @@
28 28
argument, or via the "--api=1.1.0|1.0.0|0.9.8" option.
29 29
o Application software can be compiled with -DOPENSSL_API_COMPAT=version
30 30
to ensure that features deprecated before that version are not exposed.
31 +
o Support for RFC6698/RFC7671 DANE TLSA peer authentication
31 32 32 33
Major changes between OpenSSL 1.0.2d and OpenSSL 1.0.2e [3 Dec 2015]
33 34 You can’t perform that action at this time.
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4