Many spelling fixes/typo's corrected.

  *) Add support for setting the minimum and maximum supported protocol.

     It can bet set via the SSL_set_min_proto_version() and

     SSL_set_max_proto_version(), or via the SSL_CONF's MinProtocol and

     MaxProtcol.  It's recommended to use the new APIs to disable

     MaxProtocol.  It's recommended to use the new APIs to disable

     protocols instead of disabling individual protocols using

     SSL_set_options() or SSL_CONF's Protocol.  This change also

     removes support for disabling TLS 1.2 in the OpenSSL TLS

  *) OpenSSL 1.0.0 sets SSL_OP_ALL to 0x80000FFFL and OpenSSL 1.0.1 and

     1.0.1a set SSL_OP_NO_TLSv1_1 to 0x00000400L which would unfortunately

     mean any application compiled against OpenSSL 1.0.0 headers setting

     SSL_OP_ALL would also set SSL_OP_NO_TLSv1_1, unintentionally disablng

     SSL_OP_ALL would also set SSL_OP_NO_TLSv1_1, unintentionally disabling

     TLS 1.1 also. Fix this by changing the value of SSL_OP_NO_TLSv1_1 to

     0x10000000L Any application which was previously compiled against

     OpenSSL 1.0.1 or 1.0.1a headers and which cares about SSL_OP_NO_TLSv1_1

     in unlike event, limit maximum offered version to TLS 1.0 [see below].

     [Steve Henson]

  *) In order to ensure interoperabilty SSL_OP_NO_protocolX does not

  *) In order to ensure interoperability SSL_OP_NO_protocolX does not

     disable just protocol X, but all protocols above X *if* there are

     protocols *below* X still enabled. In more practical terms it means

     that if application wants to disable TLS1.0 in favor of TLS1.1 and

     SSL_set_tlsext_opaque_prf_input(ssl, src, len) is used to set the

     opaque PRF input value to use in the handshake.  This will create

     an interal copy of the length-'len' string at 'src', and will

     an internal copy of the length-'len' string at 'src', and will

     return non-zero for success.

     To get more control and flexibility, provide a callback function

     most recently disabled ciphersuites when "HIGH" is parsed).

     Also, change ssl_create_cipher_list() (using this new

     funcionality) such that between otherwise identical

     cihpersuites, ephemeral ECDH is preferred over ephemeral DH in

     functionality) such that between otherwise identical

     ciphersuites, ephemeral ECDH is preferred over ephemeral DH in

     the default order.

     [Bodo Moeller]

     functional reference processing.

     [Steve Henson]

  *) New functions EVP_Digest{Sign,Verify)*. These are enchance versions of

  *) New functions EVP_Digest{Sign,Verify)*. These are enhanced versions of

     EVP_{Sign,Verify}* which allow an application to customise the signature

     process.

     [Steve Henson]

  *) New option SSL_OP_NO_COMP to disable use of compression selectively

     in SSL structures. New SSL ctrl to set maximum send fragment size.

     Save memory by seeting the I/O buffer sizes dynamically instead of

     Save memory by setting the I/O buffer sizes dynamically instead of

     using the maximum available value.

     [Steve Henson]

 Changes between 0.9.8l and 0.9.8m [25 Feb 2010]

  *) Always check bn_wexpend() return values for failure.  (CVE-2009-3245)

  *) Always check bn_wexpand() return values for failure.  (CVE-2009-3245)

     [Martin Olsson, Neel Mehta]

  *) Fix X509_STORE locking: Every 'objs' access requires a lock (to

     is already buffered was missing. For every new message was memory

     allocated, allowing an attacker to perform an denial of service attack

     with sending out of seq handshake messages until there is no memory

     left. Additionally every future messege was buffered, even if the

     left. Additionally every future message was buffered, even if the

     sequence number made no sense and would be part of another handshake.

     So only messages with sequence numbers less than 10 in advance will be

     buffered.  (CVE-2009-1378)

 Changes between 0.9.8g and 0.9.8h  [28 May 2008]

  *) Fix flaw if 'Server Key exchange message' is omitted from a TLS

     handshake which could lead to a cilent crash as found using the

     handshake which could lead to a client crash as found using the

     Codenomicon TLS test suite (CVE-2008-1672)

     [Steve Henson, Mark Cox]

  *) Disable the padding bug check when compression is in use. The padding

     bug check assumes the first packet is of even length, this is not

     necessarily true if compresssion is enabled and can result in false

     necessarily true if compression is enabled and can result in false

     positives causing handshake failure. The actual bug test is ancient

     code so it is hoped that implementations will either have fixed it by

     now or any which still have the bug do not support compression.

     we can fix the problem directly in the 'ca' utility.)

     [Steve Henson]

  *) Reduced header interdepencies by declaring more opaque objects in

  *) Reduced header interdependencies by declaring more opaque objects in

     ossl_typ.h. As a consequence, including some headers (eg. engine.h) will

     give fewer recursive includes, which could break lazy source code - so

     this change is covered by the OPENSSL_NO_DEPRECATED symbol. As always,

     named like the index file with '.attr' appended to the name.

     [Richard Levitte]

  *) Generate muti valued AVAs using '+' notation in config files for

  *) Generate multi-valued AVAs using '+' notation in config files for

     req and dirName.

     [Steve Henson]

     draft-ietf-tls-56-bit-ciphersuites-0[01].txt, but do not really

     appear there.

     Also deactive the remaining ciphersuites from

     Also deactivate the remaining ciphersuites from

     draft-ietf-tls-56-bit-ciphersuites-01.txt.  These are just as

     unofficial, and the ID has long expired.

     [Bodo Moeller]

  *) Add an "init" command to the ENGINE config module and auto initialize

     ENGINEs. Without any "init" command the ENGINE will be initialized

     after all ctrl commands have been executed on it. If init=1 the

     ENGINE is initailized at that point (ctrls before that point are run

     ENGINE is initialized at that point (ctrls before that point are run

     on the uninitialized ENGINE and after on the initialized one). If

     init=0 then the ENGINE will not be iniatialized at all.

     init=0 then the ENGINE will not be initialized at all.

     [Steve Henson]

  *) Fix the 'app_verify_callback' interface so that the user-defined

  *) Major restructuring to the underlying ENGINE code. This includes

     reduction of linker bloat, separation of pure "ENGINE" manipulation

     (initialisation, etc) from functionality dealing with implementations

     of specific crypto iterfaces. This change also introduces integrated

     of specific crypto interfaces. This change also introduces integrated

     support for symmetric ciphers and digest implementations - so ENGINEs

     can now accelerate these by providing EVP_CIPHER and EVP_MD

     implementations of their own. This is detailed in crypto/engine/README

     [Steve Henson]

  *) Enhance mkdef.pl to be more accepting about spacing in C preprocessor

     lines, recognice more "algorithms" that can be deselected, and make

     lines, recognize more "algorithms" that can be deselected, and make

     it complain about algorithm deselection that isn't recognised.

     [Richard Levitte]

 Changes between 0.9.6h and 0.9.6i  [19 Feb 2003]

  *) In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked

     via timing by performing a MAC computation even if incorrrect

     via timing by performing a MAC computation even if incorrect

     block cipher padding has been found.  This is a countermeasure

     against active attacks where the attacker has to distinguish

     between bad padding and a MAC verification error. (CVE-2003-0078)

     ssl_cert_dup, which is used by SSL_new, now copies DH keys in addition

     to parameters -- in previous versions (since OpenSSL 0.9.3) the

     'default key' from SSL_CTX_set_tmp_dh would always be lost, meaning

     you effectivly got SSL_OP_SINGLE_DH_USE when using this macro.

     you effectively got SSL_OP_SINGLE_DH_USE when using this macro.

     [Bodo Moeller]

  *) New s_client option -ign_eof: EOF at stdin is ignored, and

  *) ./config recognizes MacOS X now.

     [Andy Polyakov]

  *) Bug fix for BN_div() when the first words of num and divsor are

  *) Bug fix for BN_div() when the first words of num and divisor are

     equal (it gave wrong results if (rem=(n1-q*d0)&BN_MASK2) < d0).

     [Ulf Möller]

  *) Bugfix: In test/testenc, don't test "openssl <cipher>" for

     ciphers that were excluded, e.g. by -DNO_IDEA.  Also, test

     all available cipers including rc5, which was forgotten until now.

     all available ciphers including rc5, which was forgotten until now.

     In order to let the testing shell script know which algorithms

     are available, a new (up to now undocumented) command

     "openssl list-cipher-commands" is used.

to be located in the source tree while files given through DEPEND are

expected to be located in the build tree)

It's also possible to depend on static libraries explicitely:

It's also possible to depend on static libraries explicitly:

    DEPEND[foo]=libsomething.a

    DEPEND[libbar]=libsomethingelse.a

         my $extensionlessitem = extensionlesslib($item);

         if (grep { $extensionlessitem eq extensionlesslib($_) } @list) {

             if ($item ne $extensionlessitem) {

                 # If this instance of the library is explicitely static, we

                 # If this instance of the library is explicitly static, we

                 # prefer that to any shared library name, since it must have

                 # been done on purpose.

                 $replace{$extensionlessitem} = $item;

		}

	unless ($_ eq $target || /^no-/ || /^disable-/)

		{

		# "no-..." follows later after implied disactivations

		# "no-..." follows later after implied deactivations

		# have been derived.  (Don't take this too seriously,

		# we really only write OPTIONS to the Makefile out of

		# nostalgia.)

            # Additionally, we set up sharednames for libraries that don't

            # have any, as themselves.  Only for libraries that aren't

            # explicitely static.

            # explicitly static.

            foreach (grep !/\.a$/, keys %{$unified_info{libraries}}) {

                if (!defined $unified_info{sharednames}->{$_}) {

                    $unified_info{sharednames}->{$_} = $_

            }

            # Check that we haven't defined any library as both shared and

            # explicitely static.  That is forbidden.

            # explicitly static.  That is forbidden.

            my @doubles = ();

            foreach (grep /\.a$/, keys %{$unified_info{libraries}}) {

                (my $l = $_) =~ s/\.a$//;

                push @doubles, $l if defined $unified_info{sharednames}->{$l};

            }

            die "these libraries are both explicitely static and shared:\n  ",

            die "these libraries are both explicitly static and shared:\n  ",

                join(" ", @doubles), "\n"

                if @doubles;

        }

        affected functions.

      o Improved platform support for PowerPC.

      o New FIPS 180-2 algorithms (SHA-224, -256, -384 and -512).

      o New X509_VERIFY_PARAM structure to support parametrisation

      o New X509_VERIFY_PARAM structure to support parameterisation

        of X.509 path validation.

      o Major overhaul of RC4 performance on Intel P4, IA-64 and

        AMD64.

      o Automation of 'req' application

      o Fixes to make s_client, s_server work under Windows

      o Support for multiple fieldnames in SPKACs

      o New SPKAC command line utilty and associated library functions

      o New SPKAC command line utility and associated library functions

      o Options to allow passwords to be obtained from various sources

      o New public key PEM format and options to handle it

      o Many other fixes and enhancements to command line utilities

      o Added BIO proxy and filtering functionality

      o Extended Big Number (BN) library

      o Added RIPE MD160 message digest

      o Addeed support for RC2/64bit cipher

      o Added support for RC2/64bit cipher

      o Extended ASN.1 parser routines

      o Adjustations of the source tree for CVS

      o Adjustments of the source tree for CVS

      o Support for various new platforms