Sun Nov 17 12:22:18 2002 EKR <ekr@rtfm.com>
* Add a check for SSLv3 pad > blocksize
	
Wed Sep 11 16:48:25 2002 EKR <ekr@rtfm.com>
* Added a check for maximum length in variable length
  array decoding. The only thing this should affect is
  that SSL session IDs now are enforced to be 32
  bytes or less--which they should be anyway.
	
Thu Aug 29 06:30:01 2002 EKR <ekr@rtfm.com>
* Fixed zero-trimming of output of Cryptix RSA Signatures
  adding or removing zeros as required. This fixes a low
  probability bad signature event when signing cert requests.
			      
Wed Aug 28 08:58:12 2002 EKR <ekr@rtfm.com>
* Cleaned up response to bad CertificateVerify. We now
  throw an alert instead of just an InternalError
	
Tue Aug 27 15:42:48 2002 EKR <ekr@rtfm.com>
* Portability for SocketBasedSocketImpl to JDK 1.4
  for both Ant and Make.	      
  	      	
Sat Aug 24 22:35:28 2002 EKR <ekr@rtfm.com>
* Cleaned up error handling in ClientKeyExchange
		
Wed Aug 21 07:34:59 2002 EKR <ekr@rtfm.com>
* Cleaned up some of the code in SSLRecord so it's easier to
  follow.

Wed Aug 14 11:05:02 2002 EKR <ekr@rtfm.com>
* Added KeyUsage checking for CAs

Mon Aug 12 16:08:43 2002 EKR <ekr@rtfm.com>
* Added prototype basic constraints checking.
* Fixed reading of zero-length ASN.1 sequences/blocks
	
Mon Aug  5 10:41:34 2002 EKR <ekr@rtfm.com>
* Enforce that CCS messages are correct.
	
Sat Aug  3 12:25:38 2002 EKR <ekr@rtfm.com>
* Added a stricter check for TLS padding--all bytes must match
  the pad
	
Thu Jul 25 11:09:17 2002 EKR <ekr@rtfm.com>
* Wrapped SSLRecord.encode() in a synchronized for thread
  safety.
* Added some more debugging output code.
	  
Tue Jun 25 07:51:11 2002 EKR <ekr@rtfm.com>
* Made PKCS-1 padding errors in signatures cause a 
  false return code instead of throwing an
  IllegalBlockSizeException.
* Fixed client behavior when a certificate is requested
  but not available. We now send either an empty certs
  message (for TLS) or a no_certificate alert (SSLv3).
	
Mon Jun 24 15:20:36 2002 EKR <ekr@rtfm.com>
* Throw an error when ephemeral RSA is attempted with
  domestic cipher suites. Tighter compliance with RFC 2246.	   
Wed Jun 19 07:44:24 2002 EKR <ekr@rtfm.com>
* Created errors if we receive inappropriate handshake messages
  during data transfer. Before they just got eaten. (bug 143)
	
* Fixed	output of RSASignature to be always the exact length of
  the modulus, adding or removing (zeros only) as required.
  This fixes a ~1/255 incompatibility when signing SSL data to
  be read by OpenSSL. (bug 145)
	
* Made RSASignature.java check the length of the RSA signature.
  For tighter compliance with PKCS-1. (bug 145)

	
Mon Apr 15 07:53:15 2002 EKR <ekr@rtfm.com>
* Fixed BitString decoding
* Fixed decoding of RDNs with multiple AVAs at a given level
  so the second ADA doesn't get dropped.		 
* Added a little more test and debug code.
--------------------0.9b2 Released-----------------------
Thu Feb 28 20:15:44 2002 EKR <ekr@rtfm.com>
* Fixed BOOLEAN BER decoding
* Fixed leading zero trimming of signatures in CertRequest
  (bug PureTLS/68)
* Cleaned up SSLSocket constructor so that it's clear that 
  we're not self-assigning remote_port
 	
Wed Feb 27 09:34:39 2002 EKR <ekr@rtfm.com>
* Added extra-fascist checking for key types in ServerKeyExchange.
  This is a belt-and-suspenders change.	
	
Wed Feb 27 08:21:38 2002 EKR <ekr@rtfm.com>
* Fixed export cipher suites that got broken when I screwed
  with the PKCS-1 padding	
	
Tue Feb 26 08:42:42 2002 EKR <ekr@rtfm.com>
* Reordered ciphers once again to put SHA-1 in front of MD5
* Hacked UTCTime generation to throw an error in 2050 rather
  than encoding an incorrect date
* Shut things down more completely when an alert happens:
  make things unresumable even when we generate the alert
  make sure the connection can't be read from, even if the
  user is stupid and ignores the exception.

Mon Feb 25 10:05:51 2002 EKR <ekr@rtfm.com>
* Added more fascist version number checking.
* Security fix: prevent injection attacks
	
Sun Feb  3 17:10:21 2002 EKR <ekr@rtfm.com>
* Fixed SSLAlertX to properly set alerts to fatal or warning
  appropriately.
		  
Sun Jan  6 15:51:50 2002 EKR <ekr@rtfm.com>
* Added an SSLSocket constructor that takes a Socket. This lets
  you wrap a Socket.
	 
Sat Jan  5 20:26:08 2002 EKR <ekr@rtfm.com>
* Added PKCS-10 cert requests and generation of self-signed
  certs. See CertRequest Javadoc. Currently, cooking up the
  DN isn't totally straightforward but there are some 
  helper functions in CertRequest	
		
Sat Jan  5 10:01:17 2002 EKR <ekr@rtfm.com>
* Added some explicit closes when loading/saving files
	
Sat Jan  5 09:02:38 2002 EKR <ekr@rtfm.com>
* Removed unnecessary OID table from X509Cert.java

* Cleaned up handling of signature errors in SSLServerKeyExchange
  we now throw an alert instead of generating an InternalError.

* The remote_host value in SSLSocket was not being set.
  This could potentially cause session resumption problems
  where clients advertised the wrong session (depending on
  ordering.)
	  
Sat Jan  5 09:02:23 2002 EKR <ekr@rtfm.com>
* Cleaned up a bunch of comment bugs.

Tue Jan  1 22:16:37 2002 EKR <ekr@rtfm.com>
* Re-ordered cipher suites to prefer 128-bit to DES.
  Bug 53

Fri Nov 30 13:56:16 2001 EKR <ekr@rtfm.com>
* Added waitOnClose in SSLPolicyInto to allow you to call close
  and not wait for the peer close_notify.
		    
Thu Nov 29 10:04:47 2001 EKR <ekr@rtfm.com>
* Modified the Makefile to build in build/*
	
Wed Nov 28 17:14:56 2001 EKR <ekr@rtfm.com>
* Added the ability to connect without handshaking and
  use an explicit call to handshake() instead.
	    
Tue Nov 20 17:47:01 2001 EKR <ekr@rtfm.com>
* Added getSessionID() function to SSLSocketXInt,SSLSocket

* Don't save sessions with an empty session id

* Made CertRequest depend explicitly on Cryptix for 
  the KeyGenerator
       
Mon Nov 19 09:29:58 2001 EKR <ekr@rtfm.com>
* Fixed bug PureTLS/48. Change SSLv3PRF.PRFHash() to write only
  out.length bytes instead of 16. This makes thing swork with DES40.

* Tweaked the Makefile to improve building and compatibility.

* Added SSLv3 tests to the test harness.

Sun Nov 18 14:27:56 2001 EKR <ekr@rtfm.com>
* Fix for bug PureTLS/46. Reverse order of certs when writing
	
Sun Nov 18 12:10:32 2001 EKR <ekr@rtfm.com>
* Added a global Makefile system. This replaces the old build scripts
  and is rather nicer. The build scripts are now deprecated and will
  eventually be removed. (bug PureTLS/40)
	
Sat Nov 17 08:35:31 2001 EKR <ekr@rtfm.com>
* Privatized the long form of SSLContext.getEphemeralDHPrivateKey.
  Added a check stopping it from being used when you haven't set
  DH params, instead of automatic generation. This is all belt and
  suspenders stuff.

* Added the correct version check for the version in the PMS.
  This prevents rollback attacks but also allows semi-broken clients
  who use the "current" instead of "offered" version to be successful. 

* Fixed bug 7. There were three problems:
  (1) needed to flush the write buffers after sending a HelloRequest.
  (2) suppress looking for the SSLv2 handshake during rehandshake.
  (3) retain the same version number settings during rehandshake.
  With these three changes things work.
	
* Made SSLServer reset the ciphersuite values when renegotiating.
  Otherwise you get problems when renegotiating with a ciphersuite
  that's not part of the default set.

* Added clientauth testing to the test harness
	  
Fri Nov 16 20:51:59 2001 EKR <ekr@rtfm.com>
* Fixed bug 19. Added time to client/server random
	
* Added a length check to PKCS1Pad.java
	
Fri Nov 16 20:35:17 2001 EKR <ekr@rtfm.com>
* Fixed bug PureTLS/34: Allowed pads up to 255 as required by RFC 2246.
 	
Fri Nov 16 20:09:51 2001 EKR <ekr@rtfm.com>
* Fixed bug PureTLS/33: Changed Compression algorithms to uint8.

* Fixed bug PureTLS/16: Reseed the PRNG with time after writeRandomStore()
    	
Undated changes.
	
	* Fix build.sh so that the entire build happens in one shot.
	  This fixes a problem where crypto/ was needed to build the
	  provider (bug PureTLS/10).
	
	* Fixed SSLAlert to return the right number of bytes
	  written (trivial).
	
	* Check that RSA signatures are really padded with
	  0xff. 
	  
	* Removed NullPointerException when setSoTimeout fires
	  (bug PureTLS/27)
	
	* Fixed the ClientKeyExchange so it contains the 
	  version offered by the client, not the negotiated
	  version.

	* Added SSLv2 backward-compatible messaging for the server

	* Invalidate session cache entried on short reads 
	  (premature close).

	* Force socket closure on underlying close().

	* Added a hardClose() method to force closure without 
	  waiting for the client's close_notify or FIN.

	* Port to Cryptix 3.2 -- now works with JDK 1.3.

	* Propagated randomness to the RSA code so that if you
	  enter random seed data then that will be used to seed
	  the SecureRandom that generates RSA padding.

	* Buffered handshake messages to improve net performance.

	* Separated Socket from SSLSocket so that you can create
	  your own InputStream and OutputStream and attach that
	  to an SSLSocket. This takes the form of a new SSLSocket 
	  constructor.

	* Redid the session lookup key to be the hostname, not the IP
         address. This doubly avoids the DNS-substitution attack on
         session resumption that existed in many SSL implementations
         (including TSW). This isn't really a problem in PureTLS anyway
         because users are supposed to check the cert after every connection
         and it gets restored with the restored session. This fix makes
         resumption a little more robust against DNS changes and also
         eliminates confusion caused by homology between PureTLS and
         other systems that exhibit this bug.

	
0.9b1 release.
	
	


	
