[openssl] master update

Matt Caswell matt at openssl.org
Thu Apr 23 12:15:44 UTC 2020 

The branch master has been updated
       via  e7774c287c9a4cd9bab461eb878d269f94c52cd5 (commit)
      from  32a5dc9efe9cd3534957e716ba14025038215eeb (commit)


- Log -----------------------------------------------------------------
commit e7774c287c9a4cd9bab461eb878d269f94c52cd5
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Wed Apr 22 13:12:45 2020 +0200

    Add info on the CMP implementation and HTTP client to NEWS.md and CHANGES.md
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/11608)

-----------------------------------------------------------------------

Summary of changes:
 CHANGES.md | 12 ++++++++++++
 NEWS.md    |  6 ++++++
 2 files changed, 18 insertions(+)

diff --git a/CHANGES.md b/CHANGES.md
index 21ce8962a5..78e8f88c62 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -87,6 +87,18 @@ OpenSSL 3.0
 
    *Richard Levitte*
 
+ * Added an implementation of CMP and CRMF (RFC 4210, RFC 4211 RFC 6712).
+   This adds crypto/cmp/, crpyto/crmf/, and test/cmp_*.
+   See L<OSSL_CMP_exec_IR_ses(3)> as starting point.
+
+   *David von Oheimb*
+
+ * Generalized the HTTP client code from crypto/ocsp/ into crpyto/http/.
+   The legacy OCSP-focused and only partly documented API is retained.
+   See L<OSSL_CMP_MSG_http_perform(3)> etc. for details.
+
+   *David von Oheimb*
+
  * All of the low level RSA functions have been deprecated including:
 
    RSA_new_method, RSA_bits, RSA_size, RSA_security_bits,
diff --git a/NEWS.md b/NEWS.md
index 9f18f416f8..59081b0cdd 100644
--- a/NEWS.md
+++ b/NEWS.md
@@ -33,6 +33,12 @@ OpenSSL 3.0
     authenticate servers or clients.
   * enable-crypto-mdebug and enable-crypto-mdebug-backtrace were mostly
     disabled; the project uses address sanitize/leak-detect instead.
+  * Added a Certificate Management Protocol (CMP, RFC 4210) implementation
+    also covering CRMF (RFC 4211) and HTTP transfer (RFC 6712).
+    It is part of the crypto lib, while a 'cmp' app using it is in preparation.
+    All widely used CMP features are supported for both clients and servers.
+  * Added a proper HTTP(S) client to libcrypto supporting GET and POST,
+    redirection, plain and ASN.1-encoded contents, proxies, and timeouts.
   * Added OSSL_SERIALIZER, a generic serializer API.
   * Added OSSL_PARAM_BLD, an easier to use API to OSSL_PARAM.
   * Added error raising macros, ERR_raise() and ERR_raise_data().

More information about the openssl-commits mailing list