Blocking_Client fixes. Add relnote

5 files changed, 33 insertions, 27 deletions

diff --git a/doc/relnotes/1_11_2.rst b/doc/relnotes/1_11_2.rst
index 95a86cbdf..d73198f4b 100644
--- a/doc/relnotes/1_11_2.rst
+++ b/doc/relnotes/1_11_2.rst
@@ -1,14 +1,12 @@
 Version 1.11.2, Not Yet Released
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
-* The default TLS policy formerly preferred AES over RC4, and allowed
-  3DES by default. Now the default policy is to negotiate only either
-  AES or RC4, and to prefer RC4.
+* A bug in the release script caused the `botan_version.py` included
+  in :doc:`1.11.1 <1_11_1>` to be invalid, which required a manual
+  edit to fix (:pr:`226`)
 
-* The new filter :cpp:class:`Threaded_Fork` acts like a normal
-  :cpp:class:`Fork,` sending its input to a number of different
-  filters, but each subchain of filters in the fork runs in its own
-  thread. Contributed by Joel Low.
+Memory Zeroization Changes
+""""""""""""""""""""""""""""""""""""""""
 
 * Previously `clear_mem` was implemented by an inlined call to
   `std::memset`. However an optimizing compiler might notice cases
@@ -19,14 +17,31 @@ Version 1.11.2, Not Yet Released
   something like LTO) might still skip the writes. It would be nice if
   there was an automated way to test this.
 
+New Parallel Filter
+""""""""""""""""""""""""""""""""""""""""
+
+* The new filter :cpp:class:`Threaded_Fork` acts like a normal
+  :cpp:class:`Fork,` sending its input to a number of different
+  filters, but each subchain of filters in the fork runs in its own
+  thread. Contributed by Joel Low.
+
+TLS Enhancements and Bug Fixes
+""""""""""""""""""""""""""""""""""""""""
+
+* The default TLS policy formerly preferred AES over RC4, and allowed
+  3DES by default. Now the default policy is to negotiate only either
+  AES or RC4, and to prefer RC4.
+
+* New TLS :cpp:class:`Blocking_Client` provides a thread per
+  connection style API similar to that provided in 1.10
+
+Other API Changes
+""""""""""""""""""""""""""""""""""""""""
+
 * The API of `Credentials_Manager::trusted_certificate_authorities`
   has changed to return a vector of `Certificate_Store*` instead of
   `X509_Certificate`. This allows the list of trusted CAs to be
   more easily updated dynamically or loaded lazily.
 
-* A bug in the release script caused the `botan_version.py` included
-  in :doc:`1.11.1 <1_11_1>` to be invalid, which required a manual
-  edit to fix (:pr:`226`)
-
 * The `asn1_int.h` header was split into `asn1_alt_name.h`,
   `asn1_attribute.h` and `asn1_time.h`.
diff --git a/src/tls/info.txt b/src/tls/info.txt
index 47de42598..5bc64b44e 100644
--- a/src/tls/info.txt
+++ b/src/tls/info.txt
@@ -9,6 +9,7 @@ serious bugs or security issues.
 
 <header:public>
 tls_alert.h
+tls_blocking.h
 tls_channel.h
 tls_ciphersuite.h
 tls_client.h
@@ -49,6 +50,7 @@ msg_server_hello.cpp
 msg_server_kex.cpp
 msg_session_ticket.cpp
 tls_alert.cpp
+tls_blocking.cpp
 tls_channel.cpp
 tls_ciphersuite.cpp
 tls_client.cpp
diff --git a/src/tls/tls_blocking.cpp b/src/tls/tls_blocking.cpp
index e0f31b1ca..ee94f086e 100644
--- a/src/tls/tls_blocking.cpp
+++ b/src/tls/tls_blocking.cpp
@@ -25,7 +25,7 @@ Blocking_Client::Blocking_Client(std::function<size_t (byte[], size_t)> read_fn,
    m_read_fn(read_fn),
    m_channel(write_fn,
              std::bind(&Blocking_Client::process_data, this, _1, _2, _3),
-             std::bind(&Blocking_Client::handshake_complete, this, _1, _2, _3),
+             std::bind(&Blocking_Client::handshake_complete, this, _1),
              session_manager,
              creds,
              policy,
@@ -36,14 +36,6 @@ Blocking_Client::Blocking_Client(std::function<size_t (byte[], size_t)> read_fn,
    {
    }
 
-#if 0
-Blocking_Client::Blocking_Client(std::function<size_t (byte[], size_t)> read_fn,
-                                 std::function<void (const byte[], size_t)> write_fn,
-                                 const TLS_Policy& policy,
-                                 RandomNumberGenerator& rng) :
-   m_read_fn(read_fn)
-#endif
-
 bool Blocking_Client::handshake_complete_cb(const Session& session)
    {
    return this->handshake_complete(session);
diff --git a/src/tls/tls_blocking.h b/src/tls/tls_blocking.h
index d024cf894..955413be1 100644
--- a/src/tls/tls_blocking.h
+++ b/src/tls/tls_blocking.h
@@ -36,12 +36,6 @@ class BOTAN_DLL Blocking_Client
                       std::function<std::string (std::vector<std::string>)> next_protocol =
                         std::function<std::string (std::vector<std::string>)>());
 
-      // Constructor like the 1.10 Client API
-      Blocking_Client(std::function<size_t (byte[], size_t)> read_fn,
-                      std::function<void (const byte[], size_t)> write_fn,
-                      const Policy& policy,
-                      RandomNumberGenerator& rng);
-
       size_t currently_readable() const { return m_plaintext.size(); }
 
       size_t read(byte buf[], size_t buf_len); // blocking read
@@ -70,6 +64,7 @@ class BOTAN_DLL Blocking_Client
       * Can override to get notification of alerts
       */
       virtual void alert_notification(const Alert&) {}
+
    private:
 
       bool handshake_complete_cb(const Session&);
diff --git a/src/tls/tls_policy.h b/src/tls/tls_policy.h
index cc02dd9b1..125faa665 100644
--- a/src/tls/tls_policy.h
+++ b/src/tls/tls_policy.h
@@ -62,9 +62,11 @@ class BOTAN_DLL Policy
       virtual std::vector<std::string> allowed_ecc_curves() const;
 
       /**
-      * Returns a list of signature algorithms we are willing to use,
+      * Returns a list of compression algorithms we are willing to use,
       * in order of preference. Allowed values any value of
       * Compression_Method.
+      *
+      * @note Compression is not currently supported
       */
       virtual std::vector<byte> compression() const;