More TLS extension related changes. Submitted by: Peter Sylvester

commit: 241520e66d3ece1054beae93ff96978d0299cae4 [log] [tgz]
author: Bodo Möller <bodo@openssl.org> Wed Jan 11 06:10:40 2006 +0000
committer: Bodo Möller <bodo@openssl.org> Wed Jan 11 06:10:40 2006 +0000
tree: 11e6149f50fb9e45aaba9635a138c93059c1c988
parent: a13c20f60353d3cd3fdd4f23563819eeb4234528 [diff] [blame]
diff --git a/CHANGES b/CHANGES
index f4014ae..c3a7848 100644
--- a/CHANGES
+++ b/CHANGES

@@ -26,14 +26,15 @@
                                       - SSL_CTX_set_tlsext_servername_arg()
          SSL_CTRL_SET_TLSEXT_HOSTNAME           - SSL_set_tlsext_hostname()
 
-     openssl s_client has a new '-servername' option.
+     openssl s_client has a new '-servername ...' option.
 
-     openssl s_server has new options '-servername', '-cert2', and '-key2'
-     (subject to change); this allows testing the HostName extension for a
-     specific single host name ('-cert' and '-key' remain fallbacks for
-     handshakes without HostName negotiation).
-     The option servername_warn allows to return a warning alert instead of
-     a fatal alert in case of servername mismatch. 
+     openssl s_server has new options '-servername_host ...', '-cert2 ...',
+     '-key2 ...', '-servername_fatal' (subject to change).  This allows
+     testing the HostName extension for a specific single host name ('-cert'
+     and '-key' remain fallbacks for handshakes without HostName
+     negotiation).  If the unrecogninzed_name alert has to be sent, this by
+     default is a warning; it becomes fatal with the '-servername_fatal'
+     option.
 
      [Peter Sylvester,  Remy Allais, Christophe Renou]
commit	241520e66d3ece1054beae93ff96978d0299cae4	[log] [tgz]
author	Bodo Möller <bodo@openssl.org>	Wed Jan 11 06:10:40 2006 +0000
committer	Bodo Möller <bodo@openssl.org>	Wed Jan 11 06:10:40 2006 +0000
tree	11e6149f50fb9e45aaba9635a138c93059c1c988
parent	a13c20f60353d3cd3fdd4f23563819eeb4234528 [diff] [blame]