-*- coding: utf-8 -*- Changes from 0.10.3 to 0.10.3.1 ------------------------------- * Merged #14 "Fixed X509_STORE_CTX bindings vs OpenSSL 0.9.x" by Mikhail Vorozhtsov Changes from 0.10.2.1 to 0.10.3 ------------------------------- * Merged #12 "Bindings to some of the X509_STORE_CTX functions" by Mikhail Vorozhtsov: - New functions in OpenSSL.X509.Store: - getStoreCtxCert - getStoreCtxIssuer - getStoreCtxCRL - getStoreCtxChain * Merged #13 "Fixed early verification callback deallocation crash" by Mikhail Vorozhtsov. Changes from 0.10.2 to 0.10.2.1 ------------------------------- * Merged #10 "Fix X509 PEM reading/writing" by Mikhail Vorozhtsov: - OpenSSL.PEM.readX509 now uses PEM_read_bio_X509() instead of PEM_read_bio_X509_AUX(). - OpenSSL.PEM.writeX509 now uses PEM_write_bio_X509() instead of PEM_write_bio_X509_AUX(). Changes from 0.10.1.4 to 0.10.2 ------------------------------- * Merged #9 "Add raw pointer read/write operations" by Iavor S. Diatchki: - OpenSSL.Session.readPtr - OpenSSL.Session.tryReadPtr - OpenSSL.Session.writePtr - OpenSSL.Session.tryWritePtr * Fixed #8 "HsOpenSSL 0.10.1.4 won't build" reported by vcxp: - Workaround for broken versions of Cabal, including one that comes with ghc-7.0.4. Changes from 0.10.1.3 to 0.10.1.4 --------------------------------- * Fixed #7 "Haskell Platform 2011.4 Support", reported by stepcut: - Foreign.ForeignPtr.Unsafe does not exist prior to base-4.4 Changes from 0.10.1.2 to 0.10.1.3 --------------------------------- * OpenSSL.Session: - SSL, SSLContext, SSLResult, ShutdownType and VerificationMode are now instances of Typeable. * Applied a series of patches "Various fixes for GHC 7.5" by Ben Gamari: - Use unsafeForeignPtrToPtr from Foreign.ForeignPtr.Unsafe - Use unsafePerformIO from System.IO.Unsafe - Add Num to constraints with Bits Changes from 0.10.1.1 to 0.10.1.2 --------------------------------- * Applied a patch by Mikhail Vorozhtsov: - Moved all EVP-related private functions to OpenSSL.EVP.Internal. * Improve the error handling in OpenSSL.Session: - SSL_get_error() must be called within the OS thread which caused the failed operation as it inspects the thread-local storage. - write/tryWrite should throw EPIPE for cleanly-closed connections rather than EOF. - shutdown/tryShutdown shouldn't throw an exception when a remote peer sends us a "close notify" alert and closes the connection without waiting for our reply. - ProtocolError should contain an error message string. Changes from 0.10.1 to 0.10.1.1 ------------------------------- * Applied a patch by Peter Gammie: - GHC 6.12.3 friendliness: don't use Control.Monad.void * Applied a patch by Peter Gammie and David Terei: - Placate LLVM in GHC 7.3.x HEAD: give memcpy the right type. Courtesy of David Terei. * Applied a patch by Mikhail Vorozhtsov: - Use throwIO instead of throw to raise SSL exceptions. * Fixed breakage on OpenSSL 0.9.8: - DHparams_dup() is a function in OpenSSL 1.0.0 but is a macro in 0.9.8. - OpenSSL 0.9.8 doesn't provide X509_CRL_get0_by_serial(). Changes from 0.10 to 0.10.1 --------------------------- * Applied patches by Mikhail Vorozhtsov: - Added optional verification callback to VerifyPeer. - Added revocation lookup function. - Added bindings to Diffie-Hellman functions. - Expose low-level asynchronous versions of accept, connect, read, write and shutdown. * Moved the repository to GitHub: git://github.com/phonohawk/HsOpenSSL.git Changes from 0.9.0.1 to 0.10 ---------------------------- * Applied a patch by Mikhail Vorozhtsov to support wrapping plain file descriptors in SSL connections. - New function: fdConnection :: SSLContext -> Socket -> IO SSL sslFd :: SSL -> Fd - Function signature change: sslSocket :: SSL -> Maybe Socket (It was "SSL -> Socket" before.) Changes from 0.9 to 0.9.0.1 --------------------------- * Applied a patch by Mikhail Vorozhtsov - Added missing BangPatterns pragma to OpenSSL/BN.hsc. It was failing to build on GHC 7.1 without this. Changes from 0.8.0.2 to 0.9 --------------------------- * (Suggested by Arthur Chan) Operations in OpenSSL.Session now throw exceptions of individual exception types instead of plain strings. The following exception types are defined: - ConnectionCleanlyClosed - ConnectionAbruptlyTerminated - WantConnect - WantAccept - WantX509Lookup - SSLIOError - ProtocolError - UnknownError(..) Changes from 0.8 to 0.8.0.2 --------------------------- * 0.8.0.1 was broken so it's invalidated. * Fix Windows support as suggested in this page: http://hackage.haskell.org/trac/ghc/wiki/Builder (Thanks Edward Z. Yang for notifying me.) Changes from 0.7 to 0.8 ----------------------- * Applied 7 patches by Taru Karttunen: - Add cipherStrictLBS - Encrypt a lazy bytestring in a strict manner. Does not leak the keys - Add rsaCopyPublic and rsaKeyPairFinalize to OpenSSL.RSA - Document pkcs5_pbkdf2_hmac_sha1 in OpenSSL.EVP.Digest - Make OpenSSL.EVP.Sign.signFinal use ByteStrings internally - Export OpenSSL.EVP.Sign.signFinal - Add PEM-functionality with a new PwBS that works like PwStr except there are no superfluous extra copies retained in the memory. - Make PEM callbacks use bracket which makes cleanup work even if there are exceptions. Changes from 0.6.5 to 0.7 ------------------------- * Applied patches by Taru Karttunen to make HsOpenSSL compatible with GHC 6.12.1. * Many cosmetic changes to suppress warnings which GHC 6.12.1 emits. It shouldn't change any semantics. Changes from 0.6.4 to 0.6.5 --------------------------- * Suggestion by Carl Mackey: - OpenSSL.Cipher now exports a type AESCtx. Changes from 0.6.3 to 0.6.4 --------------------------- * Applied a patch by Taru Karttunen: > Unbreak BIO ForeignPtrs for GHC 6.10 > > In GHC 6.10 it is no longer possible to mix C and Haskell > finalizers on the same ForeignPtr. This patch fixes that > and unbreaks things for GHC 6.10. Changes from 0.6.2 to 0.6.3 --------------------------- * Suggestion by Grant Monroe: - Changed the signature of OpenSSL.EVP.Sign.signBS from signBS :: KeyPair key => Digest -> key -> Strict.ByteString -> IO String to signBS :: KeyPair key => Digest -> key -> Strict.ByteString -> IO Strict.ByteString - Changed the signature of OpenSSL.EVP.Sign.signLBS from signLBS :: KeyPair key => Digest -> key -> Lazy.ByteString -> IO String to signLBS :: KeyPair key => Digest -> key -> Lazy.ByteString -> IO Lazy.ByteString Chanegs from 0.6.1 to 0.6.2 --------------------------- * Applied a patch by John Van Enk and his friend: 1) Moved away from the Configure build type to the Simple build type. 2) Removed the direct dependency on pthreads. This involved an indirection layer using the preprocessor. In linux/bsd, we use pthreads. In windows, we call out to the OS mutexing functions. This allows us to "cabal install" the HsOpenSSL library from the cmd.exe terminal in windows *without* having to use cygwin. Changes from 0.6 to 0.6.1 ------------------------- * OpenSSL.Session: - New functions: # lazyRead # lazyWrite # contextGetCAStore # contextSetPrivateKey # contextSetCertificate Changes from 0.5.2 to 0.6 ------------------------- * INCOMPATIBLE CHANGES: + OpenSSL.DSA: - The data type "DSA" is now broken into two separate types "DSAPubKey" and "DSAKeyPair" to distinguish between public keys and keypairs at type-level. These two data types are instances of class "DSAKey". - These functions are renamed to avoid name collision with OpenSSL.RSA: # generateParameters --> generateDSAParameters # generateKey --> generateDSAKey # generateParametersAndKey --> generateDSAParametersAndKey # signDigestedData --> signDigestedDataWithDSA # verifyDigestedData --> verifyDigestedDataWithDSA - These functions are broken into two separate functions: # dsaToTuple --> dsaPubKeyToTuple, dsaKeyPairToTuple # tupleToDSA --> tupleToDSAPubKey, tupleToDSAKeyPair + OpenSSL.RSA: - The data type "RSA" is now broken into two separate types "RSAPubKey" and "RSAKeyPair" to distinguish between public keys and keypairs at type-level. These two data types are instances of class "RSAKey". + OpenSSL.EVP.PKey: - The data type "PKey" is now broken into two separate classes, not data types, "PublicKey" and "KeyPair" to distinguish between public keys and keypairs at type-level. You can pass "RSAPubKey" and such like directly to cryptographic functions instead of the prior polymorphic type "PKey", for the sake of type classes. + OpenSSL.EVP.Open: - These functions now take "KeyPair k" instead of "PKey": # open # openBS # openLBS + OpenSSL.EVP.Seal: - These functions now take "SomePublicKey" instead of "PKey": # seal # sealBS # sealLBS + OpenSSL.EVP.Sign: - These functions now take "KeyPair k" instead of "PKey": # sign # signBS # signLBS + OpenSSL.EVP.Verify: - These functions now take "PublicKey k" instead of "PKey": # verify # verifyBS # verifyLBS + OpenSSL.PEM: - writePKCS8PrivateKey now takes "KeyPair k" instead of "PKey". - readPrivateKey now returns "SomeKeyPair" instead of "PKey". - writePublicKey now takes "PublicKey k" instead of "PKey". - readPublicKey now returns "SomePublicKey" instead of "PKey". + OpenSSL.PKCS7: - pkcs7Sign now takes "KeyPair k" instead of "PKey". - pkcs7Decrypt now takes "KeyPair k" instead of "PKey". + OpenSSL.X509: - signX509 now takes "KeyPair k" instead of "PKey". - verifyX509 now takes "PublicKey k" instead of "PKey". - getPublicKey now returns "SomePublicKey" instead of "PKey". - setPublicKey now takes "PublicKey k" instead of "PKey". + OpenSSL.X509.Request: - signX509Req now takes "KeyPair k" instead of "PKey". - verifyX509Req now takes "PublicKey k" instead of "PKey". - getPublicKey now returns "SomePublicKey" instead of "PKey". - setPublicKey now takes "PublicKey k" instead of "PKey". + OpenSSL.X509.Revocation: - signCRL now takes "KeyPair k" instead of "PKey". - verifyCRL now takes "PublicKey k" instead of "PKey". * OpenSSL.RSA: - RSAPubKey and RSAKeyPair are now instances of Eq, Ord and Show. - New function: generateRSAKey' * OpenSSL.DSA: - DSAPubKey and DSAKeyPair are now instances of Eq, Ord and Show. Changes from 0.5.1 to 0.5.2 --------------------------- * Fixed incorrect dependency declaration in HsOpenSSL.cabal. No semantical changes to the code. Changes from 0.5 to 0.5.1 ------------------------- * Fixed breakage on 64-bit architectures. Reported by: Neumark Péter Changes from 0.4.2 to 0.5 ------------------------- * Fixed breakage on GHC 6.10.1. And now requires 6.10.1... * Applied a patch by Taru Karttunen: - Add pkcs5_pbkdf2_hmac_sha1 to OpenSSL.EVP.Digest Changes from 0.4.1 to 0.4.2 --------------------------- * No .hs files which are generated from .hsc files should be in the tarball. If any .hs files are outdated, Cabal seems to compile the outdated files instead of newer .hsc files. Changes from 0.4 to 0.4.1 ------------------------- * Applied patches by Adam Langley: - Fix BN<->Integer conversions on 64-bit systems - Another 64-bit fix (OpenSSL.ASN1.peekASN1String) - Add ByteString version of digestBS - Fix the foreign types of the cipher functions to use CInt, not Int - 64-bit fix for HMAC - Turn the Session IO inside out - Silly cosmetic change Changes from 0.3.1 to 0.4 ------------------------- * Applied patches by Adam Langley: - Add the beginnings of session support - Add an example SSL server Changes from 0.3 to 0.3.1 ------------------------- * OpenSSL.EVP.Base64: Fix a bug in an internal function `decodeBlock': decodeBase64* didn't drop the padding NUL. * Applied patches by Adam Langley: - Updates for 6.8.1 (also *requires* 6.8.1 now) - tests/Base64.hs: Test for Base64 Changes from 0.2 to 0.3 ----------------------- * Applied patches by Adam Langley: - tests/DSA.hs: Add a DSA test: this just adds a binary which tests a few simple DSA cases (and runs a timing test) and prints "PASS" as the last line of stdout in the case that everything looks good. It doesn't include any hooks nor framework for running these. - Bug fix for fast Integer<->BN functions - OpenSSL.Cipher: Add non-EVP cipher support - OpenSSL.EVP.Digest: Add HMAC support in EVP - OpenSSL.Random: Add OpenSSL.Random - OpenSSL.BN: Additional utility functions in BN and exposing BN Changes from 0.1.1. to 0.2 -------------------------- * Applied patches by Adam Langley: - OpenSSL.DSA: Add DSA support - OpenSSL.BN: Add support for fast Integer<->BN conversions - OpenSSL.BN: New BN utility function, newBN - OpenSSL.BN: FIX: set the BN ptr to NULL before calling BN_dec2bn, otherwise that function thinks that there's a valid BN there - OpenSSL.Utils: Add utility functions to print and read hex numbers Changes from 0.1 to 0.1.1 ------------------------- * Moved hidden modules from Exposed-Modules to Other-Modules. * Added "time >= 1.1.1" to the Build-Depends.