OpenSSL v0.9.8.i Release Notes
Release Date: 2009-01-07 // over 15 years ago-
- Properly check EVP_VerifyFinal() and similar return values [CVE-2008-5077][].
Ben Laurie, Bodo Moeller, Google Security Team
- Enable TLS extensions by default.
Ben Laurie
- Allow the CHIL engine to be loaded, whether the application is multithreaded or not. (This does not release the developer from the obligation to set up the dynamic locking callbacks.)
Sander Temme [email protected]
- Use correct exit code if there is an error in dgst command.
Steve Henson; problem pointed out by Roland Dirlewanger
- Tweak Configure so that you need to say "experimental-jpake" to enable JPAKE, and need to use -DOPENSSL_EXPERIMENTAL_JPAKE in applications.
Bodo Moeller
- Add experimental JPAKE support, including demo authentication in s_client and s_server.
Ben Laurie
- Set the comparison function in v3_addr_canonize().
Rob Austein [email protected]
- Add support for XMPP STARTTLS in s_client.
Philip Paeps [email protected]
- Change the server-side SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG behavior to ensure that even with this option, only ciphersuites in the server's preference list will be accepted. (Note that the option applies only when resuming a session, so the earlier behavior was just about the algorithm choice for symmetric cryptography.)
Bodo Moeller