to make it easier to fix things.

Submitted by: "Dan S. Camper" <dan@bti.net>

crypto/rijndael.  Additionally, I applied the AES integration patch
from Stephen Sprunk <stephen@sprunk.org> and fiddled it to work
properly with the normal EVP constructs (and incidently work the same
way as all other symmetric cipher implementations).

This results in an API that looks a lot like the rest of the OpenSSL
cipher suite.

Submitted by: D P Chang <dpc@qualys.com>
Reviewed by: Bodo

Don't overwrite signing time.

(in main branch, hn_ncipher.c is already correct)

Submitted by: Richard Shapiro <rshapiro@abinitio.com>

elliptic curves are are relatively faster than on PCs anyway)

field here, which is left empty).

Various configurations are *only* in the 0.9.6 branch at the moment:
  OpenUNIX
  OpenUNIX-8-gcc-shared
  OpenUNIX-8-shared
Either Configure or CHANGES must be changed to rectify the situation.

(nearly) to the top.

Move msg_callback entry to the top as the implementation for SSL 2.0
is based on the s2_clnt.c/s2_srvr.c changes.

call ssl2_part_read again to parse error message

Important SSL 2.0 bugfixes (bugs found while implementing msg_callback).

sooner and the programs get built against the shared libraries.

This requires a bit more work.  Things like -rpath and the possibility
to still link the programs statically should be included.  Some
cleanup is also needed.  This will be worked on.

the e-mail address in the DN (i.e., it will go into a certificate
extension only).  The new configuration file option 'email_in_dn = no'
has the same effect.

Submitted by: Massimiliano Pala madwolf@openca.org

libdes (which is still used out there) or other des implementations,
the OpenSSL DES functions are renamed to begin with DES_ instead of
des_.  Compatibility routines are provided and declared by including
openssl/des_old.h.  Those declarations are the same as were in des.h
when the OpenSSL project started, which is exactly how libdes looked
at that time, and hopefully still looks today.

The compatibility functions will be removed in some future release, at
the latest in version 1.0.

never resets s->method to s->ctx->method when called from within
one of the SSL handshake functions.

Reject certificates with unhandled critical extensions.

New macros SSL[_CTX]_set_msg_callback_arg().

Message callback imlementation for SSL 3.0/TLS 1.0 (no SSL 2.0 yet).

New '-msg' option for 'openssl s_client' and 'openssl s_server'
that enable a message callback that displays all protocol messages.


In ssl3_get_client_hello (ssl/s3_srvr.c), generate a fatal alert if
client_version is smaller than the protocol version in use.
Also change ssl23_get_client_hello (ssl/s23_srvr.c) to select TLS 1.0
if the client demanded SSL 3.0 but only TLS 1.0 is enabled; then the
client will at least see that alert.

Fix SSL[_CTX]_ctrl prototype (void * instead of char * for generic
pointer).

Add/update some OpenSSL copyright notices.

to digests to retain compatibility.

Retain compatibility of EVP_DigestInit() and EVP_DigestFinal()
with existing code.

Modify library to use digest *_ex() functions.

'Handshake' protocol structures are kept in memory, including
'msg_type' and 'length'.

(This is in preparation of future support for callbacks that get to
peek at handshake messages and the like.)

Submitted by Massimo Santin <msantin@santineassociati.com>.