Commit 2c55a0bc authored by Matt Caswell's avatar Matt Caswell
Browse files

Add CHANGES entry for OPENSSL_NO_TLSEXT removal 



Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
parent e481f9b9

CHANGES

+5 −0
Original line number Diff line number Diff line
@@ -3,6 +3,11 @@ 
 _______________



 Changes between 1.0.2 and 1.1.0  [xx XXX xxxx]

  *) Given the pervasive nature of TLS extensions it is inadvisable to run

     OpenSSL without support for them. It also means that maintaining

     the OPENSSL_NO_TLSEXT option within the code is very invasive (and probably

     not well tested). Therefore the OPENSSL_NO_TLSEXT option has been removed.

     [Matt Caswell]



  *) Version negotiation has been rewritten. In particular SSLv23_method(),

     SSLv23_client_method() and SSLv23_server_method() have been deprecated,

makevms.com

+0 −3
Original line number Diff line number Diff line
@@ -304,7 +304,6 @@ $ CONFIG_LOGICALS := AES,- 
		     STATIC_ENGINE,-

		     STDIO,-

		     STORE,-

		     TLSEXT,-

		     UNIT_TEST,-

		     WHIRLPOOL

$ CONFIG_EXPERIMENTAL := JPAKE,-
@@ -332,11 +331,9 @@ $ CONFIG_DISABLE_RULES := RIJNDAEL/AES;- 
			  SHA/SSL3,TLS1;-

			  RSA,DSA/SSL3,TLS1;-

			  DH/SSL3,TLS1;-

			  TLS1/TLSEXT;-

			  EC/GOST;-

			  DSA/GOST;-

			  DH/GOST;-

			  TLSEXT/SRP,HEARTBEAT;-

			  /STATIC_ENGINE;-

			  /DEPRECATED;-

			  /EC_NISTP_64_GCC_128;-

ssl/ssl_cert.c

+0 −1
Original line number Diff line number Diff line
@@ -265,7 +265,6 @@ CERT *ssl_cert_dup(CERT *cert) 
                goto err;

            }

        }

        rpk->valid_flags = 0;

        if (cert->pkeys[i].serverinfo != NULL) {

            /* Just copy everything. */

            ret->pkeys[i].serverinfo =