From d133618ce214df9c11620e54db375ae619bc9b56 Mon Sep 17 00:00:00 2001
From: Richard Levitte <levitte@openssl.org>
Date: Mon, 29 Nov 2004 11:56:57 +0000
Subject: [PATCH] Document the change.

---
 CHANGES | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/CHANGES b/CHANGES
index 73a96e6b0f..a82dd796c4 100644
--- a/CHANGES
+++ b/CHANGES
@@ -2,9 +2,19 @@
  OpenSSL CHANGES
  _______________
 
- Changes between 0.9.7d and 0.9.7f  [XX xxx XXXX]
-
-  *)
+ Changes between 0.9.7e and 0.9.7f  [XX xxx XXXX]
+
+  *) Make an explicit check during certificate validation to see that
+     the CA setting in each certificate on the chain is correct.  As a
+     side effect always do the following basic checks on extensions,
+     not just when there's an associated purpose to the check:
+
+      - if there is an unhandled critical extension (unless the user
+        has chosen to ignore this fault)
+      - if the path length has been exceeded (if one is set at all)
+      - that certain extensions fit the associated purpose (if one has
+        been given)
+     [Richard Levitte]
 
  Changes between 0.9.7d and 0.9.7e  [25 Oct 2004]
 
-- 
2.40.0