OpenSSL 0.9.7

Od wczoraj dostępna jest nowa wersja pakietu OpenSSL o numerku 0.9.7. Nowa wersja przynosi ponad 260 zmian i poprawek, poniżej znajduje się lista bardziej znaczących zmian:

New library section OCSP.

Complete rewrite of ASN1 code.

CRL checking in verify code and openssl utility.

Extension copying in ‚ca’ utility.

Flexible display options in ‚ca’ utility.

Provisional support for international characters with UTF8.

Support for external crypto devices (‚engine’) is no longer a separate distribution.

New elliptic curve library section.

New AES (Rijndael) library section.

Support for new platforms: Windows CE, Tandem OSS, A/UX, AIX 64-bit, Linux x86_64, Linux 64-bit on Sparc v9

Extended support for some platforms: VxWorks

Enhanced support for shared libraries.

Now only builds PIC code when shared library support is requested.

Support for pkg-config.

Lots of new manuals.

Makes symbolic links to or copies of manuals to cover all described functions.

Change DES API to clean up the namespace (some applications link also against libdes providing similar functions having the same name). Provide macros for backward compatibility (will be removed in the future).

Unify handling of cryptographic algorithms (software and engine) to be available via EVP routines for asymmetric and symmetric ciphers.

NCONF: new configuration handling routines.

Change API to use more ‚const’ modifiers to improve error checking and help optimizers.

Finally remove references to RSAref.

Reworked parts of the BIGNUM code.

Support for new engines: Broadcom ubsec, Accelerated Encryption Processing, IBM 4758.

A few new engines added in the demos area.

Extended and corrected OID (object identifier) table.

PRNG: query at more locations for a random device, automatic query for EGD style random sources at several locations.

SSL/TLS: allow optional cipher choice according to server’s preference.

SSL/TLS: allow server to explicitly set new session ids.

SSL/TLS: support Kerberos cipher suites (RFC2712). Only supports MIT Kerberos for now.

SSL/TLS: allow more precise control of renegotiations and sessions.

SSL/TLS: add callback to retrieve SSL/TLS messages.

SSL/TLS: support AES cipher suites (RFC3268).

Więcej informacji na temat nowej wersji OpenSSL znajdziecie tutaj, natomiast źródła pakietu można pobrać stąd.