version 1.63, 2017/04/02 16:38:32 |
version 1.64, 2017/04/02 16:53:22 |
|
|
to allow for multiple https sites on a single IP address. |
to allow for multiple https sites on a single IP address. |
<li><a href="http://man.openbsd.org/ocspcheck.8">ocspheck(8)</a> |
<li><a href="http://man.openbsd.org/ocspcheck.8">ocspheck(8)</a> |
has been added, and can be used to check the OCSP status of |
has been added, and can be used to check the OCSP status of |
certificates and save OCSP responses for use in OCSP stapling |
certificates. The corresponding responses can be saved for later use in OCSP stapling. |
<li><a href="http://man.openbsd.org/httpd.8">httpd(8)</a> supports |
<li><a href="http://man.openbsd.org/httpd.8">httpd(8)</a> supports |
OCSP stapling |
OCSP stapling |
via <a href="http://man.openbsd.org/tls_config_add_keypair_ocsp_mem.3">libtls</a> |
via <a href="http://man.openbsd.org/tls_config_add_keypair_ocsp_mem.3">libtls</a> |
|
|
<li> Code cleanups, CBB conversions, further unification of DTLS/SSL |
<li> Code cleanups, CBB conversions, further unification of DTLS/SSL |
handshake code, further ASN1 macro expansion and removal. |
handshake code, further ASN1 macro expansion and removal. |
|
|
<li> Private symbol are now hidden in libssl and libcryto. |
<li> Private symbols are now hidden in libssl and libcrypto. |
|
|
<li> Friendly certificate verification error messages in libtls, peer |
<li> Friendly certificate verification error messages in libtls, peer |
verification is now always enabled. |
verification is now always enabled. |
|
|
<li> Added OCSP stapling support to libtls and netcat. |
<li> Added OCSP stapling support to libtls and nc. |
|
|
<li> Added ocspcheck utility to validate a certificate against its OCSP |
<li> Added ocspcheck utility to validate a certificate against its OCSP |
responder and save the reply for stapling |
responder and save the reply for stapling |