NEWS and CHANGES hasn't mentioned OPENSSL_CTX before, so adding entries now.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12228)
Richard Levitte 3 years ago
parent 5a9752756b
commit 3bd65f9b5b

@ -23,6 +23,28 @@ OpenSSL 3.0
### Changes between 1.1.1 and 3.0 [xx XXX xxxx]
* Added a library context that applications as well as other
libraries can use to form a separate context within which libcrypto
operations are performed.
There are two ways this can be used:
- Directly, by passing a library context to functions that take
such an argument, such as `EVP_CIPHER_fetch` and similar algorithm
fetching functions.
- Indirectly, by creating a new library context and then assigning
it as the new default, with `OPENSSL_CTX_set0_default`.
All public OpenSSL functions that take an `OPENSSL_CTX` pointer,
apart from the functions directly related to `OPENSSL_CTX`, accept
NULL to indicate that the default library context should be used.
Library code that changes the default library context using
`OPENSSL_CTX_set0_default` should take care to restore it with a
second call before returning to the caller.
*Richard Levitte*
* Handshake now fails if Extended Master Secret extension is dropped
on renegotiation.

@ -20,6 +20,7 @@ OpenSSL 3.0
### Major changes between OpenSSL 1.1.1 and OpenSSL 3.0 [under development]
* Added `OPENSSL_CTX`, a libcrypto library context.
* Interactive mode is removed from the 'openssl' program.
* The X25519, X448, Ed25519, Ed448 and SHAKE256 algorithms are included in
the FIPS provider. None have the "fips=yes" property set and, as such,