160  * An empty renegotiate extension will be used in TLS client hellos instead
860    a caller-supplied array with the list of extension types present in the
1886    include the Subject Alternative Name extension but where a Certificate
1912  * Allow sign extension in OSSL_PARAM_allocate_from_text() for the
2461  * Handshake now fails if Extended Master Secret extension is dropped
2550  * Project text documents not yet having a proper file name extension
2915    There is a subjectKeyIdentifier extension with a hash value of the public key
2916    and for not self-signed certs there is an authorityKeyIdentifier extension
2927    * CA certificates must explicitly include the keyUsage extension.
2932    * If a subjectAlternativeName extension is given it must not be empty.
3489    renegotiation ClientHello omits the signature_algorithms extension (where it
3491    signature_algorithms_cert extension then a NULL pointer dereference will
3581  * Handshake now fails if Extended Master Secret extension is dropped
3594    "signature_algorithms_cert" TLS extension. The crash occurs if an invalid
4256  * Add 'Maximum Fragment Length' TLS extension negotiation and support
4425  * s_client will now send the Server Name Indication (SNI) extension by
4794    If an X.509 certificate has a malformed IPAddressFamily extension,
4820    During a renegotiation handshake if the Encrypt-Then-Mac extension is
4952  * OCSP Status Request extension unbounded memory growth
4955    extension. If that client continually requests renegotiation, sending a
4956    large OCSP Status Request extension each time, then there will be unbounded
5927  * A missing bounds check in the handling of the TLS heartbeat extension
5957    To enable it set the appropriate extension number (0x42 for the test
6545    If an X.509 certificate has a malformed IPAddressFamily extension,
6640  * OCSP Status Request extension unbounded memory growth
6643    extension. If that client continually requests renegotiation, sending a
6644    large OCSP Status Request extension each time, then there will be unbounded
7271    invalid signature algorithms extension a NULL pointer dereference will
7560    from CRLDP extension in certificates.
7606    Print out extension in s_server and s_client.
7698    extension) which some implementations ignore: this option should be used
7703  * Update and tidy signature algorithm extension processing. Work out
7795  * Enhance and tidy EC curve and point format TLS extension code. Use
7841  * OCSP Status Request extension unbounded memory growth
7844    extension. If that client continually requests renegotiation, sending a
7845    large OCSP Status Request extension each time, then there will be unbounded
8661    the extension anew in the ServerHello. Previously, a TLS client would
8662    reuse the old extension state and thus accept a session ticket if one was
8675    A flaw in the DTLS SRTP extension parsing code allows an attacker, who
8786    session and the server sends an ec point format extension it could write
8875  * A missing bounds check in the handling of the TLS heartbeat extension
8895  * TLS pad extension: draft-agl-tls-padding-03
8899    less that 512 pad with a dummy extension containing zeroes so it
9338    extension including all the algorithms we support. Parse new signature
9344  * Add server support for TLS v1.2 signature algorithms extension. Switch
9781    session and the server sends an ec point format extension it could write
9979  * Nadhem Alfardan and Kenny Paterson have discovered an extension
10077  * Fix parsing of OCSP stapling ClientHello extension. CVE-2011-0014
10103  * Fix extension code to avoid race conditions which can result in a buffer
10309  * Support for freshest CRL extension.
10317    CRL entry extension and lookup CRL entries by bother issuer name
10318    and serial number. Check and process CRL issuer entry in IDP extension.
10333  * Add support for policy mappings extension.
10346  * Support for name constraints certificate extension. DN, email, DNS
10445  * Implement Opaque PRF Input TLS extension as specified in
10447    official specification yet and no extension type assignment by
10448    IANA exists, this extension (for now) will have to be explicitly
10449    enabled when building OpenSSL by providing the extension number
10454    to the "config" or "Configure" script to enable the extension,
10455    assuming extension number 0x9527 (which is a completely arbitrary
10459    be using the same extension number for other purposes.
10524    Add a TLS extension debugging callback to allow the contents of any client
10664  * Partial support for Issuing Distribution Point CRL extension. CRLs
10968    extension so far.  The SSL_SESSION, SSL_CTX, and SSL data structures now
10973    server_name extension.
10993    testing the HostName extension for a specific single hostname ('-cert'
11066  * Modify CRL distribution points extension code to print out previously
11067    unsupported fields. Enhance extension setting code to allow setting of
11072  * Add print and set support for Issuing Distribution Point CRL extension.
11180  * Implement RFC5746. Re-enable renegotiation but require the extension
11615  * Implement certificate status request TLS extension defined in RFC3546.
11667    Add a TLS extension debugging callback to allow the contents of any client
11675    extension so far.  The SSL_SESSION, SSL_CTX, and SSL data structures now
11680    server_name extension.
11700    testing the HostName extension for a specific single hostname ('-cert'
11909    non-experimental use of the ECC ciphersuites to get TLS extension
12301  * Support for inhibitAnyPolicy certificate extension.
12481  * Support for nameConstraints certificate extension.
12485  * Support for policyConstraints certificate extension.
12489  * Support for policyMappings certificate extension.
13259    - if there is an unhandled critical extension (unless the user
13277  * Add Delta CRL to the extension code.
13318    keyUsage extension present. Don't accept CRLs with unhandled critical
13408  * Countermeasure against the Klima-Pokorny-Rosa extension of
14009  * Add support for Subject Information Access extension.
14031    extension only).  The new configuration file option 'email_in_dn = no'
14072    particular extension is supported.
14399    New functions to support `NCONF` routines in extension code.
14507    CRLs with different times, extension based lookup (rather than just
14508    by subject name) and ultimately more complete V2 CRL extension
14640    or excluded and extension details. The old system didn't display
15192    OCSP extension code. New simple OCSP HTTP function which
15246  * New extension functions for OCSP structures, these follow the
15252    adds an extension. Its behaviour can be customised with various
15259    an extension cannot be parsed. Correct a typo in the
15260    OCSP_SERVICELOC extension. Tidy up print OCSP format.
15289  * Move common extension printing code to new function
15666  * Countermeasure against the Klima-Pokorny-Rosa extension of
16427    the default extension for executables, if any.  Also, make the perl
16729    - Make note of the expected extension for the shared libraries and
18010    Due to the strength-sorting extension, the code of the
18115    manner analogous to the X509 extension functions: they allow
18146    the host supports BWX extension and if Compaq C is present on the
18147    $PATH. Just exploiting of the BWX extension results in 20-30%
18206    typically have values the same as the extended key usage extension
18345  * Modify the way the V3 extension code looks up extensions. This now
18350    updated whenever a new extension is added to the core code and kept
18358    Side note: I get *lots* of email saying the extension code doesn't
18408    new chain verify code is used to check extension consistency.
18412  * Support for the authority information access extension.
18689    for, obtain and decode and extension and obtain its critical flag.
18690    This allows all the necessary extension code to be handled in a
18834  * Allow the config file extension section to be overwritten on the
18916  * Initial support for certificate extension requests, these are included
19227    to use the new extension code.
19500  * Allow certificate policies extension to use an IA5STRING for the
19503    extension option.
19601    extension adding in x509 utility.
19644  * Add support for CRL distribution points extension. Add Certificate
19688  * Support for Certificate Policies extension: both print and set.
19713  * Various utility functions to handle SXNet extension. Modify mkdef.pl to
19840  * Add a new 'indent' option to some X509V3 extension code. Initial ASN1
19841    and display support for Thawte strong extranet extension.
20193  * Add preliminary config info for new extension code.
20211    key usage extension and fuller support for authority key id.
20241  * Support for RAW extensions where an arbitrary extension can be
20324  * More extension code. Incomplete support for subject and issuer alt
20385  * Modify the 'ca' program to handle the new extension code. Modify
20386    openssl.cnf for new extension format, add comments.
20401  * Takes a deep breath and start adding X509 V3 extension support code. Add

Last Index update Thu Oct 03 06:04:22 UTC 2024

Dedicated to & Maintained by Room-11