+2005-05-12 Hrvoje Niksic <hniksic@xemacs.org>
+
+ * url.c (rewrite_shorthand_url): Don't rewrite "https://host" to
+ "ftp://https//host" when SSL is not used.
+
+2005-05-11 Hrvoje Niksic <hniksic@xemacs.org>
+
+ * openssl.c (ssl_check_server_identity): Renamed to
+ ssl_check_certificate because it does more than just checking the
+ server's identity.
+ (ssl_check_certificate): Tell the user about
+ --no-check-certificate.
+
+2005-05-11 Hrvoje Niksic <hniksic@xemacs.org>
+
+ * openssl.c (ssl_init): Always use SSL_VERIFY_NONE, so that the
+ handshake finishes even if the certificate is invalid. That way
+ ssl_check_server_identity can provide better diagnostics on why
+ the verification failed.
+
+2005-05-11 Hrvoje Niksic <hniksic@xemacs.org>
+
+ * openssl.c (pattern_match): New function.
+ (ssl_check_server_identity): Treat peer certificate common name as
+ wildcard.
+
+2005-05-10 Hrvoje Niksic <hniksic@xemacs.org>
+
+ * openssl.c (ssl_check_server_identity): Print certificate subject
+ and issuer.
+
+2005-05-10 Hrvoje Niksic <hniksic@xemacs.org>
+
+ * res.c (res_register_specs): Correctly pass pointers to
+ hash_table_get_pair.
+
+2005-05-10 Hrvoje Niksic <hniksic@xemacs.org>
+
+ * http.c (gethttp): Call ssl_check_server_identity.
+
+ * openssl.c (ssl_check_server_identity): New function, verifies
+ that the host name in the certificate matches the actual host
+ name.
+ (verify_cert_callback): Removed, since it didn't do anything
+ except returning the preverify_ok argument.
+
+ * connect.c (fd_transport_context): Allow retrieval of the context
+ pointer registered with fd_register_transport.
+
+2005-05-09 Hrvoje Niksic <hniksic@xemacs.org>
+
+ * openssl.c (verify_cert_callback): Renamed from verify_callback.
+ Always return the received "ok" value. Print the X509 name in
+ debug mode.
+ (ssl_init): Enable partial writes in SSL context.
+
2005-05-08 Hrvoje Niksic <hniksic@xemacs.org>
* http.c (http_loop): Check for wildcards in the URL path