SSL_CTX_xxx defines. What was the reason to move them to the top, even before
the copyright and #ifdef HEADER_SSL_H? Hmmm...  when there was and still is a
good reason feel free to reverse this patch, but please document why it is
needed this way.

into a single file. Need more cleanup for final release IMHO.

packages) provide.  The idea is that because of the large number of CHANGES
entries, this file summarizes the major changes for a brief overview.

questions now is the OpenSSL core team under openssl-core@openssl.org.  And
add a paragraph about the dual-license situation to make sure people recognize
that _BOTH_ the OpenSSL license _AND_ the SSLeay license apply to the OpenSSL
toolkit.

consistent in the source tree and replaced `/bin/rm' by `rm'.  Additonally
cleaned up the `make links' target: Remove unnecessary semicolons, subsequent
redundant removes, inline point.sh into mklink.sh to speed processing and no
longer clutter the display with confusing stuff. Instead only the actually
done links are displayed.

t_req.c: In function `X509_REQ_print':
t_req.c:181: warning: suggest explicit braces to avoid ambiguous `else'

it is just a place holder for functionality to be added later. Its been added
now so the X509V3_EXT_METHOD structure shouldn't (hopefully) have to change
after the release.

detached data encoding was wrong and free up public keys.

by BUF_MEM_strdup(). Added text documentation to the BUF_MEM stuff.

doc/openssl_button.{gif,html} which is similar in style to the old SSLeay
button and can be used by applications based on OpenSSL to show the
relationship to the OpenSSL project.

PS: This beast caused me three hours to create, because
    of the size I had to hand-paint the 7pt fonts in Photoshop.

ssl/ssl_lib.c and ssl/ssl.h. At least the double ctx-variable
confused some compilers.

Submitted by: Lennart Bong <lob@kulthea.stacken.kth.se>
Reviewed by: Ralf S. Engelschall

between SSLeay 0.8 and 0.9 and just looks useless and confusing.

Pointed out by: Lennart Bong <lob@kulthea.stacken.kth.se>
Submitted by: Ralf S. Engelschall

under Win32 (9X and NT) again. Note: some signed/unsigned changes recently
checked in were killing the Win32 compile.

(Pointed out by Carlos Amengual).

work correctly for the SSL_CTX_xxx situations, too. Now "make test" passes
again fine.

now change it to BN_RECURSION_MONT so it isn't compiled in.

private keys and/or callback functions which directly correspond to their
SSL_CTX_xxx() counterparts but work on a per-connection basis. This is needed
for applications which have to configure certificates on a per-connection
basis (e.g. Apache+mod_ssl) instead of a per-context basis (e.g.
s_server).

For the RSA certificate situation is makes no difference, but for the DSA
certificate situation this fixes the "no shared cipher" problem where the
OpenSSL cipher selection procedure failed because the temporary keys were not
overtaken from the context and the API provided no way to reconfigure them.

The new functions now let applications reconfigure the stuff and they are in
detail: SSL_need_tmp_RSA, SSL_set_tmp_rsa, SSL_set_tmp_dh,
SSL_set_tmp_rsa_callback and SSL_set_tmp_dh_callback.  Additionally a new
non-public-API function ssl_cert_instantiate() is used as a helper function
and also to reduce code redundancy inside ssl_rsa.c.

Submitted by: Ralf S. Engelschall
Reviewed by: Ben Laurie

because they are useful for the DSA situation and should be recognized by the
users. Thanks to Steve for the original hint.

within SSL_MKEY_MASK or SSL_AUTH_MASK, they are within SSL_EXP_MASK.  So, the
original variable has to be used instead of the already masked variable.

Submitted by: Richard Levitte <levitte@stacken.kth.se>
Reviewed by: Ralf S. Engelschall

Submitted by: Richard Levitte <levitte@stacken.kth.se>
Reviewed by: Ralf S. Engelschall

from `int' to `unsigned int' because it's a length and initialized by
EVP_DigestFinal() which expects an `unsigned int *'.

Submitted by: Richard Levitte <levitte@stacken.kth.se>
Reviewed by: Ralf S. Engelschall