Add a changelog

1 files changed, 55 insertions, 0 deletions

diff --git a/CHANGELOG.md b/CHANGELOG.md
new file mode 100644
index 00000000..494c15bf
--- /dev/null
+++ b/CHANGELOG.md
@@ -0,0 +1,55 @@
+# Change Log
+
+## [Unreleased]
+
+### Compatibility
+
+* openssl 0.10 still uses openssl-sys 0.9, so openssl 0.9 and 0.10 can coexist without issue.
+
+### Added
+
+* The `ssl::select_next_proto` function can be used to easily implement the ALPN selection callback
+    in a "standard" way.
+* FIPS mode support is available in the `fips` module.
+* Accessors for the Issuer and Issuer Alternative Name fields of X509 certificates have been added.
+
+### Changed
+
+* All constants have been moved to associated constants of their type. For example, `bn::MSB_ONE`
+    is now `bn::MsbOption::ONE`.
+* Asymmetric key types are now parameterized over what they contain. In OpenSSL, the same type is
+    used for key parameters, public keys, and private keys. Unfortunately, some APIs simply assume
+    that certain components are present and will segfault trying to use things that aren't there.
+
+    The `pkey` module contains new tag types named `Params`, `Public`, and `Private`, and the
+    `Dh`, `Dsa`, `EcKey`, `Rsa`, and `PKey` have a type parameter set to one of those values. This
+    allows the `Signer` constructor to indicate that it requires a private key at compile time for
+    example. Previously, `Signer` would simply segfault if provided a key without private
+    components.
+* ALPN support has been changed to more directly model OpenSSL's own APIs. Instead of a single
+    method used for both the server and client sides which performed everything automatically, the
+    `SslContextBuilder::set_alpn_protos` and `SslContextBuilder::set_alpn_select_callback` handle
+    the client and server sides respectively.
+* `SslConnector::danger_connect_without_providing_domain_for_certificate_verification_and_server_name_indication`
+    has been removed in favor of new methods which provide more control. The
+    `ConnectConfiguration::use_server_name_indication` method controls the use of Server Name
+    Indication (SNI), and the `ConnectConfiguration::verify_hostname` method controls the use of
+    hostname verification. These can be controlled independently, and if both are disabled, the
+    domain argument to `ConnectConfiguration::connect` is ignored.
+* Shared secret derivation is now handled by the new `derive::Deriver` type rather than
+    `pkey::PKeyContext`, which has been removed.
+* `ssl::Error` is now no longer an enum, and provides more direct access to the relevant state.
+
+### Removed
+
+* All deprecated APIs have been removed.
+* NPN support has been removed. It has been supersceded by ALPN, and is hopefully no longer being
+    used in practice. If you still depend on it, please file an issue!
+* Some `ssl::SslOptions` flags have been removed as they no longer do anything.
+
+## Older
+
+Look at the [release tags] for information about older releases.
+
+[Unreleased]: https://github.com/sfackler/rust-openssl/compare/v0.9.23...master
+[release tags]: https://github.com/sfackler/rust-openssl/releases
\ No newline at end of file