I thought it was about time I dusted this off. This stuff had been sitting on
my hard drive for *ages* (2003 in fact). Hasn't been tested well and may not
work properly.

Nothing uses it at present which is just as well.

Think of this as a traditional Christmas present which looks far more
impressive in the adverts and on the box, some of the bits are missing and
falls to bits if you play with it too much.

PR: 1354, 1355, 1398, 1408

(need to prevent the removal of trailing zero bits).

casts.

recent mingw modifications.

the redundant entries under the 0.9.9 heading.

in a denial of service.  (CVE-2006-2937)  [Steve Henson]

(CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team]

Fix SSL client code which could crash if connecting to a
 malicious SSLv2 server.  (CVE-2006-4343)
[Tavis Ormandy and Will Drewry, Google Security Team]

loaded. Add new function X509_CRL_get0_by_serial() to lookup a revoked
entry to avoid the need to access the structure directly.

Add new X509_CRL_METHOD to allow common CRL operations (verify, lookup) to be
redirected.

handling to support this.

ciphersuite as well

(CVE-2006-4339)

Submitted by: Ben Laurie, Google Security Team
Reviewed by: bmoeller, mjc, shenson

verify logic to try to use an unexpired CRL if possible.

them.

Send ctrls to EVP_PKEY_METHOD during signing of PKCS7 structure so
customisation is possible.

large FD: it's non-blocking mode anyway

CRYPTO_get_idptr_callback(), CRYPTO_thread_idptr() for a 'void *' type
thread ID, since the 'unsigned long' type of the existing thread ID
does not always work well.

Put ECCdraft ciphersuites back into default build (but disabled
unless specifically requested)

the BN library more generally useful.

Submitted by: Douglas Stebila

Submitted by: Masashi Fujita
Reviewed by: Bodo Moeller

coding it to "sha1".