From 7db3bb5c8fa6684f331b2aae79b59f5749cad0b9 Mon Sep 17 00:00:00 2001
From: emboss <emboss@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Sun, 10 Jun 2012 01:31:06 +0000
Subject: [PATCH] * NEWS: Add note about the new private key export behavior.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36003 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 ChangeLog | 4 ++++
 NEWS      | 7 +++++++
 2 files changed, 11 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index 6c64707e6a..ca6f444e09 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+Sun Jun 10 10:27:34 2012  Martin Bosslet  <Martin.Bosslet@googlemail.com>
+
+	* NEWS: Add note about the new private key export behavior.
+
 Sun Jun 10 10:24:51 2012  Tanaka Akira  <akr@fsij.org>
 
 	* process.c (rb_exec_async_signal_safe): exported.
diff --git a/NEWS b/NEWS
index 7a67533b1e..f51398e948 100644
--- a/NEWS
+++ b/NEWS
@@ -131,6 +131,13 @@ with all sufficient information, see the ChangeLog file.
     also allows to programmatically decline (client) renegotiation attempts.
   * Support for "0/n" splitting of records as BEAST mitigation via
     OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS.
+  * OpenSSL requires passwords for decrypting PEM-encoded files to be at least
+    four characters long. This led to awkward situations where an export with
+    a password with fewer than four characters was possible, but accessing the
+    file afterwards failed. OpenSSL::PKey::RSA, OpenSSL::PKey::DSA and
+    OpenSSL::PKey::EC therefore now enforce the same check when exporting a
+    private key to PEM with a password - it has to be at least four characters
+    long.
 
 === Language changes
 === Compatibility issues (excluding feature bug fixes)