Allow CRLs to be passed into X509_STORE_CTX. This is useful when the verified structure can contain its own CRLs (such as PKCS#7 signedData). Tidy up some of the verify code.

commit: e1a27eb34a6bf40af1bd6450d0fb3d57f6e24ab5 [log] [tgz]
author: Dr. Stephen Henson <steve@openssl.org> Sat Mar 27 22:49:28 2004 +0000
committer: Dr. Stephen Henson <steve@openssl.org> Sat Mar 27 22:49:28 2004 +0000
tree: 85542e68548159b865c01b76a96ffe8de2ff7beb
parent: 6446e0c3c8286428374ec738ffdc859802bd3c92 [diff] [blame]
diff --git a/CHANGES b/CHANGES
index b242e46..c5c2ebb 100644
--- a/CHANGES
+++ b/CHANGES

@@ -4,6 +4,12 @@
 
  Changes between 0.9.7c and 0.9.8  [xx XXX xxxx]
 
+  *) Add a local set of CRLs that can be used by X509_verify_cert() as well
+     as looking them up. This is useful when the verified structure may contain
+     CRLs, for example PKCS#7 signedData. Modify PKCS7_verify() to use any CRLs
+     present unless the new PKCS7_NO_CRL flag is asserted.
+     [Steve Henson]
+
   *) Extend ASN1 oid configuration module. It now additionally accepts the
      syntax:
commit	e1a27eb34a6bf40af1bd6450d0fb3d57f6e24ab5	[log] [tgz]
author	Dr. Stephen Henson <steve@openssl.org>	Sat Mar 27 22:49:28 2004 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	Sat Mar 27 22:49:28 2004 +0000
tree	85542e68548159b865c01b76a96ffe8de2ff7beb
parent	6446e0c3c8286428374ec738ffdc859802bd3c92 [diff] [blame]