to indicate that a real handshake is taking place (the value will be
lost during multiple invocations). Set s->new_session to 2 instead.

the SSL_R_LENGTH_MISMATCH error is detected.

Experimental configuration code.

Incomplete, largely untested and subject to change/deletion.

to make it easier to fix things.

Submitted by: "Dan S. Camper" <dan@bti.net>

crypto/rijndael.  Additionally, I applied the AES integration patch
from Stephen Sprunk <stephen@sprunk.org> and fiddled it to work
properly with the normal EVP constructs (and incidently work the same
way as all other symmetric cipher implementations).

This results in an API that looks a lot like the rest of the OpenSSL
cipher suite.

Submitted by: D P Chang <dpc@qualys.com>
Reviewed by: Bodo

Don't overwrite signing time.

(in main branch, hn_ncipher.c is already correct)

Submitted by: Richard Shapiro <rshapiro@abinitio.com>

elliptic curves are are relatively faster than on PCs anyway)

field here, which is left empty).

Various configurations are *only* in the 0.9.6 branch at the moment:
  OpenUNIX
  OpenUNIX-8-gcc-shared
  OpenUNIX-8-shared
Either Configure or CHANGES must be changed to rectify the situation.

(nearly) to the top.

Move msg_callback entry to the top as the implementation for SSL 2.0
is based on the s2_clnt.c/s2_srvr.c changes.

call ssl2_part_read again to parse error message

Important SSL 2.0 bugfixes (bugs found while implementing msg_callback).

sooner and the programs get built against the shared libraries.

This requires a bit more work.  Things like -rpath and the possibility
to still link the programs statically should be included.  Some
cleanup is also needed.  This will be worked on.

the e-mail address in the DN (i.e., it will go into a certificate
extension only).  The new configuration file option 'email_in_dn = no'
has the same effect.

Submitted by: Massimiliano Pala madwolf@openca.org

libdes (which is still used out there) or other des implementations,
the OpenSSL DES functions are renamed to begin with DES_ instead of
des_.  Compatibility routines are provided and declared by including
openssl/des_old.h.  Those declarations are the same as were in des.h
when the OpenSSL project started, which is exactly how libdes looked
at that time, and hopefully still looks today.

The compatibility functions will be removed in some future release, at
the latest in version 1.0.

never resets s->method to s->ctx->method when called from within
one of the SSL handshake functions.

Reject certificates with unhandled critical extensions.

New macros SSL[_CTX]_set_msg_callback_arg().

Message callback imlementation for SSL 3.0/TLS 1.0 (no SSL 2.0 yet).

New '-msg' option for 'openssl s_client' and 'openssl s_server'
that enable a message callback that displays all protocol messages.


In ssl3_get_client_hello (ssl/s3_srvr.c), generate a fatal alert if
client_version is smaller than the protocol version in use.
Also change ssl23_get_client_hello (ssl/s23_srvr.c) to select TLS 1.0
if the client demanded SSL 3.0 but only TLS 1.0 is enabled; then the
client will at least see that alert.

Fix SSL[_CTX]_ctrl prototype (void * instead of char * for generic
pointer).

Add/update some OpenSSL copyright notices.

to digests to retain compatibility.