- Chris Mumford filed bug report #2861587

                                  Changelog

Daniel Stenberg (25 Sep 2009)

- Chris Mumford filed bug report #2861587

  (http://curl.haxx.se/bug/view.cgi?id=2861587) identifying that libcurl used

  the OpenSSL function X509_load_crl_file() wrongly and failed if it would

  load a CRL file with more than one certificate within. This is now fixed.

Daniel Stenberg (16 Sep 2009)

- Sven Anders reported that we introduced a cert verfication flaw for OpenSSL-

  powered libcurl in 7.19.6. If there was a X509v3 Subject Alternative Name

 o improved NSS detection in configure

 o cookie expiry date at 1970-jan-1 00:00:00

 o libcurl-OpenSSL failed to verify some certs with Subject Alternative Name

 o libcurl-OpenSSL can load CRL files with more than one certificate inside

This release includes the following known bugs:

 Karl Moerder, Kamil Dudka, Krister Johansen, Andre Guibert de Bruet,

 Michal Marek, Eric Wong, Guenter Knauf, Peter Sylvester, Daniel Johnson,

 Claes Jakobsson, Sven Anders

 Claes Jakobsson, Sven Anders, Chris Mumford

        Thanks! (and sorry if I forgot to mention someone)

     * revocation */

    lookup=X509_STORE_add_lookup(connssl->ctx->cert_store,X509_LOOKUP_file());

    if ( !lookup ||

         (X509_load_crl_file(lookup,data->set.str[STRING_SSL_CRLFILE],

                             X509_FILETYPE_PEM)!=1) ) {

         (!X509_load_crl_file(lookup,data->set.str[STRING_SSL_CRLFILE],

                              X509_FILETYPE_PEM)) ) {

      failf(data,"error loading CRL file :\n"

            "  CRLfile: %s\n",

            data->set.str[STRING_SSL_CRLFILE]?