NEWS

-*- coding: utf-8 -*-

Changes from 0.10.3.1 to 0.10.3.2
---------------------------------
* Merged #15 "Fixed build with base-4.6" by Mikhail Vorozhtsov.
* Added a configuration flag 'fast-bignum', fixes #16.


Changes from 0.10.3 to 0.10.3.1
-------------------------------
* Merged #14 "Fixed X509_STORE_CTX bindings vs OpenSSL 0.9.x" by
  Mikhail Vorozhtsov.


Changes from 0.10.2.1 to 0.10.3
-------------------------------
* Merged #12 "Bindings to some of the X509_STORE_CTX functions" by
  Mikhail Vorozhtsov:

  - New functions in OpenSSL.X509.Store:
    - getStoreCtxCert
    - getStoreCtxIssuer
    - getStoreCtxCRL
    - getStoreCtxChain

* Merged #13 "Fixed early verification callback deallocation crash" by
  Mikhail Vorozhtsov.


Changes from 0.10.2 to 0.10.2.1
-------------------------------
* Merged #10 "Fix X509 PEM reading/writing" by Mikhail Vorozhtsov:

  - OpenSSL.PEM.readX509 now uses PEM_read_bio_X509() instead of
    PEM_read_bio_X509_AUX().

  - OpenSSL.PEM.writeX509 now uses PEM_write_bio_X509() instead of
    PEM_write_bio_X509_AUX().


Changes from 0.10.1.4 to 0.10.2
-------------------------------
* Merged #9 "Add raw pointer read/write operations" by Iavor
  S. Diatchki:

  - OpenSSL.Session.readPtr
  - OpenSSL.Session.tryReadPtr
  - OpenSSL.Session.writePtr
  - OpenSSL.Session.tryWritePtr

* Fixed #8 "HsOpenSSL 0.10.1.4 won't build" reported by vcxp:

  - Workaround for broken versions of Cabal, including one that comes
    with ghc-7.0.4.


Changes from 0.10.1.3 to 0.10.1.4
---------------------------------
* Fixed #7 "Haskell Platform 2011.4 Support", reported by stepcut:
  - Foreign.ForeignPtr.Unsafe does not exist prior to base-4.4


Changes from 0.10.1.2 to 0.10.1.3
---------------------------------
* OpenSSL.Session:
  - SSL, SSLContext, SSLResult, ShutdownType and VerificationMode are
    now instances of Typeable.

* Applied a series of patches "Various fixes for GHC 7.5" by Ben Gamari:
  - Use unsafeForeignPtrToPtr from Foreign.ForeignPtr.Unsafe
  - Use unsafePerformIO from System.IO.Unsafe
  - Add Num to constraints with Bits


Changes from 0.10.1.1 to 0.10.1.2
---------------------------------
* Applied a patch by Mikhail Vorozhtsov:
  - Moved all EVP-related private functions to OpenSSL.EVP.Internal.

* Improve the error handling in OpenSSL.Session:
  - SSL_get_error() must be called within the OS thread which caused
    the failed operation as it inspects the thread-local storage.
  - write/tryWrite should throw EPIPE for cleanly-closed connections
    rather than EOF.
  - shutdown/tryShutdown shouldn't throw an exception when a remote
    peer sends us a "close notify" alert and closes the connection
    without waiting for our reply.
  - ProtocolError should contain an error message string.


Changes from 0.10.1 to 0.10.1.1
-------------------------------
* Applied a patch by Peter Gammie:
  - GHC 6.12.3 friendliness: don't use Control.Monad.void

* Applied a patch by Peter Gammie and David Terei:
  - Placate LLVM in GHC 7.3.x HEAD: give memcpy the right
    type. Courtesy of David Terei.

* Applied a patch by Mikhail Vorozhtsov:
  - Use throwIO instead of throw to raise SSL exceptions.

* Fixed breakage on OpenSSL 0.9.8:
  - DHparams_dup() is a function in OpenSSL 1.0.0 but is a macro in 0.9.8.
  - OpenSSL 0.9.8 doesn't provide X509_CRL_get0_by_serial().


Changes from 0.10 to 0.10.1
---------------------------
* Applied patches by Mikhail Vorozhtsov:
  - Added optional verification callback to VerifyPeer.
  - Added revocation lookup function.
  - Added bindings to Diffie-Hellman functions.
  - Expose low-level asynchronous versions of accept, connect, read,
    write and shutdown.

* Moved the repository to GitHub:
  git://github.com/phonohawk/HsOpenSSL.git


Changes from 0.9.0.1 to 0.10
----------------------------
* Applied a patch by Mikhail Vorozhtsov to support wrapping plain file
  descriptors in SSL connections.

  - New function:
      fdConnection :: SSLContext -> Socket -> IO SSL
      sslFd :: SSL -> Fd

  - Function signature change:
      sslSocket :: SSL -> Maybe Socket
      (It was "SSL -> Socket" before.)


Changes from 0.9 to 0.9.0.1
---------------------------
* Applied a patch by Mikhail Vorozhtsov

  - Added missing BangPatterns pragma to OpenSSL/BN.hsc. It was
    failing to build on GHC 7.1 without this.


Changes from 0.8.0.2 to 0.9
---------------------------
* (Suggested by Arthur Chan) Operations in OpenSSL.Session now throw
  exceptions of individual exception types instead of plain
  strings. The following exception types are defined:

    - ConnectionCleanlyClosed
    - ConnectionAbruptlyTerminated
    - WantConnect
    - WantAccept
    - WantX509Lookup
    - SSLIOError
    - ProtocolError
    - UnknownError(..)


Changes from 0.8 to 0.8.0.2
---------------------------
* 0.8.0.1 was broken so it's invalidated.

* Fix Windows support as suggested in this page:
  http://hackage.haskell.org/trac/ghc/wiki/Builder
  (Thanks Edward Z. Yang for notifying me.)


Changes from 0.7 to 0.8
-----------------------
* Applied 7 patches by Taru Karttunen:

  - Add cipherStrictLBS - Encrypt a lazy bytestring in a strict
    manner. Does not leak the keys

  - Add rsaCopyPublic and rsaKeyPairFinalize to OpenSSL.RSA

  - Document pkcs5_pbkdf2_hmac_sha1 in OpenSSL.EVP.Digest

  - Make OpenSSL.EVP.Sign.signFinal use ByteStrings internally

  - Export OpenSSL.EVP.Sign.signFinal

  - Add PEM-functionality with a new PwBS that works like PwStr except
    there are no superfluous extra copies retained in the memory.

  - Make PEM callbacks use bracket which makes cleanup work even if
    there are exceptions.


Changes from 0.6.5 to 0.7
-------------------------
* Applied patches by Taru Karttunen to make HsOpenSSL compatible with
  GHC 6.12.1.

* Many cosmetic changes to suppress warnings which GHC 6.12.1
  emits. It shouldn't change any semantics.


Changes from 0.6.4 to 0.6.5
---------------------------
* Suggestion by Carl Mackey:

  - OpenSSL.Cipher now exports a type AESCtx.


Changes from 0.6.3 to 0.6.4
---------------------------
* Applied a patch by Taru Karttunen:

  > Unbreak BIO ForeignPtrs for GHC 6.10
  >
  > In GHC 6.10 it is no longer possible to mix C and Haskell
  > finalizers on the same ForeignPtr. This patch fixes that
  > and unbreaks things for GHC 6.10.


Changes from 0.6.2 to 0.6.3
---------------------------
* Suggestion by Grant Monroe:

  - Changed the signature of OpenSSL.EVP.Sign.signBS from
      signBS :: KeyPair key => Digest -> key -> Strict.ByteString -> IO String
    to
      signBS :: KeyPair key => Digest -> key -> Strict.ByteString -> IO Strict.ByteString

  - Changed the signature of OpenSSL.EVP.Sign.signLBS from
      signLBS :: KeyPair key => Digest -> key -> Lazy.ByteString -> IO String
    to
      signLBS :: KeyPair key => Digest -> key -> Lazy.ByteString -> IO Lazy.ByteString


Chanegs from 0.6.1 to 0.6.2
---------------------------
* Applied a patch by John Van Enk and his friend:

  1) Moved away from the Configure build type to the Simple build
     type.

  2) Removed the direct dependency on pthreads. This involved an
     indirection layer using the preprocessor. In linux/bsd, we use
     pthreads. In windows, we call out to the OS mutexing
     functions. This allows us to "cabal install" the HsOpenSSL
     library from the cmd.exe terminal in windows *without* having to
     use cygwin.


Changes from 0.6 to 0.6.1
-------------------------
* OpenSSL.Session:
    - New functions:
      # lazyRead
      # lazyWrite
      # contextGetCAStore
      # contextSetPrivateKey
      # contextSetCertificate


Changes from 0.5.2 to 0.6
-------------------------
* INCOMPATIBLE CHANGES:
    + OpenSSL.DSA:
        - The data type "DSA" is now broken into two separate types
          "DSAPubKey" and "DSAKeyPair" to distinguish between public
          keys and keypairs at type-level. These two data types are
          instances of class "DSAKey".
        - These functions are renamed to avoid name collision with
          OpenSSL.RSA:
            # generateParameters       --> generateDSAParameters
            # generateKey              --> generateDSAKey
            # generateParametersAndKey --> generateDSAParametersAndKey
            # signDigestedData         --> signDigestedDataWithDSA
            # verifyDigestedData       --> verifyDigestedDataWithDSA
        - These functions are broken into two separate functions:
            # dsaToTuple --> dsaPubKeyToTuple, dsaKeyPairToTuple
            # tupleToDSA --> tupleToDSAPubKey, tupleToDSAKeyPair
    + OpenSSL.RSA:
        - The data type "RSA" is now broken into two separate types
          "RSAPubKey" and "RSAKeyPair" to distinguish between public
          keys and keypairs at type-level. These two data types are
          instances of class "RSAKey".
    + OpenSSL.EVP.PKey:
        - The data type "PKey" is now broken into two separate
          classes, not data types, "PublicKey" and "KeyPair" to
          distinguish between public keys and keypairs at
          type-level. You can pass "RSAPubKey" and such like directly
          to cryptographic functions instead of the prior polymorphic
          type "PKey", for the sake of type classes.
    + OpenSSL.EVP.Open:
        - These functions now take "KeyPair k" instead of "PKey":
            # open
            # openBS
            # openLBS
    + OpenSSL.EVP.Seal:
        - These functions now take "SomePublicKey" instead of "PKey":
            # seal
            # sealBS
            # sealLBS
    + OpenSSL.EVP.Sign:
        - These functions now take "KeyPair k" instead of "PKey":
            # sign
            # signBS
            # signLBS
    + OpenSSL.EVP.Verify:
        - These functions now take "PublicKey k" instead of "PKey":
            # verify
            # verifyBS
            # verifyLBS
    + OpenSSL.PEM:
        - writePKCS8PrivateKey now takes "KeyPair k" instead of "PKey".
        - readPrivateKey now returns "SomeKeyPair" instead of "PKey".
        - writePublicKey now takes "PublicKey k" instead of "PKey".
        - readPublicKey now returns "SomePublicKey" instead of "PKey".
    + OpenSSL.PKCS7:
        - pkcs7Sign now takes "KeyPair k" instead of "PKey".
        - pkcs7Decrypt now takes "KeyPair k" instead of "PKey".
    + OpenSSL.X509:
        - signX509 now takes "KeyPair k" instead of "PKey".
        - verifyX509 now takes "PublicKey k" instead of "PKey".
        - getPublicKey now returns "SomePublicKey" instead of "PKey".
        - setPublicKey now takes "PublicKey k" instead of "PKey".
    + OpenSSL.X509.Request:
        - signX509Req now takes "KeyPair k" instead of "PKey".
        - verifyX509Req now takes "PublicKey k" instead of "PKey".
        - getPublicKey now returns "SomePublicKey" instead of "PKey".
        - setPublicKey now takes "PublicKey k" instead of "PKey".
    + OpenSSL.X509.Revocation:
        - signCRL now takes "KeyPair k" instead of "PKey".
        - verifyCRL now takes "PublicKey k" instead of "PKey".
* OpenSSL.RSA:
    - RSAPubKey and RSAKeyPair are now instances of Eq, Ord and Show.
    - New function: generateRSAKey'
* OpenSSL.DSA:
    - DSAPubKey and DSAKeyPair are now instances of Eq, Ord and Show.

Changes from 0.5.1 to 0.5.2
---------------------------
* Fixed incorrect dependency declaration in HsOpenSSL.cabal. No
  semantical changes to the code.

Changes from 0.5 to 0.5.1
-------------------------
* Fixed breakage on 64-bit architectures.
  Reported by: Neumark Péter

Changes from 0.4.2 to 0.5
-------------------------
* Fixed breakage on GHC 6.10.1. And now requires 6.10.1...
* Applied a patch by Taru Karttunen:
  -  Add pkcs5_pbkdf2_hmac_sha1 to OpenSSL.EVP.Digest


Changes from 0.4.1 to 0.4.2
---------------------------
* No .hs files which are generated from .hsc files should be in the
  tarball. If any .hs files are outdated, Cabal seems to compile the
  outdated files instead of newer .hsc files.


Changes from 0.4 to 0.4.1
-------------------------
* Applied patches by Adam Langley:
  - Fix BN<->Integer conversions on 64-bit systems
  - Another 64-bit fix (OpenSSL.ASN1.peekASN1String)
  - Add ByteString version of digestBS
  - Fix the foreign types of the cipher functions to use CInt, not Int
  - 64-bit fix for HMAC
  - Turn the Session IO inside out
  - Silly cosmetic change


Changes from 0.3.1 to 0.4
-------------------------
* Applied patches by Adam Langley:
  - Add the beginnings of session support
  - Add an example SSL server


Changes from 0.3 to 0.3.1
-------------------------
* OpenSSL.EVP.Base64: Fix a bug in an internal function `decodeBlock':
  decodeBase64* didn't drop the padding NUL.
* Applied patches by Adam Langley:
  - Updates for 6.8.1 (also *requires* 6.8.1 now)
  - tests/Base64.hs: Test for Base64


Changes from 0.2 to 0.3
-----------------------
* Applied patches by Adam Langley:
  - tests/DSA.hs: Add a DSA test: this just adds a binary which tests
    a few simple DSA cases (and runs a timing test) and prints "PASS"
    as the last line of stdout in the case that everything looks good.
    It doesn't include any hooks nor framework for running these.
  - Bug fix for fast Integer<->BN functions
  - OpenSSL.Cipher: Add non-EVP cipher support
  - OpenSSL.EVP.Digest: Add HMAC support in EVP
  - OpenSSL.Random: Add OpenSSL.Random
  - OpenSSL.BN: Additional utility functions in BN and exposing BN


Changes from 0.1.1. to 0.2
--------------------------
* Applied patches by Adam Langley:
  - OpenSSL.DSA: Add DSA support
  - OpenSSL.BN: Add support for fast Integer<->BN conversions
  - OpenSSL.BN: New BN utility function, newBN
  - OpenSSL.BN: FIX: set the BN ptr to NULL before calling BN_dec2bn,
    otherwise that function thinks that there's a valid BN there
  - OpenSSL.Utils: Add utility functions to print and read hex numbers


Changes from 0.1 to 0.1.1
-------------------------
* Moved hidden modules from Exposed-Modules to Other-Modules.
* Added "time >= 1.1.1" to the Build-Depends.