OpenSSL v0.9.7.d Release Notes

Release Date: 2004-10-25 // over 17 years ago
    • Avoid a race condition when CRLs are checked in a multi threaded environment. This would happen due to the reordering of the revoked entries during signature checking and serial number lookup. Now the encoding is cached and the serial number sort performed under a lock. Add new STACK function sk_is_sorted().

    Steve Henson

    • Add Delta CRL to the extension code.

    Steve Henson

    • Various fixes to s3_pkt.c so alerts are sent properly.

    David Holmes [email protected]

    • Reduce the chances of duplicate issuer name and serial numbers (in violation of RFC3280) using the OpenSSL certificate creation utilities. This is done by creating a random 64 bit value for the initial serial number when a serial number file is created or when a self signed certificate is created using 'openssl req -x509'. The initial serial number file is created using 'openssl x509 -next_serial' in CA.pl rather than being initialized to 1.

    Steve Henson