handshake which could lead to a cilent crash as found using the
Codenomicon TLS test suite (CVE-2008-1672)

Reviewed by: openssl-security@openssl.org

Obtained from: mark@awe.com

crash found by Codenomicon TLS test suite (CVE-2008-0891)

Reviewed by: openssl-security@openssl.org

Obtained from: jorton@redhat.com

about "overcommenting"

PR: 1417, 1513
Submitted by: Erik de Castro Lopo <mle+openssl@mega-nerd.com>

from the OpenSSL distribution.

so Windows build picks it up.

Recognize new option in mk1mf.pl

Submitted by: Ben Laurie <ben@links.org>

Submitted by: Ivan Nestlerode <inestlerode@us.ibm.com>
Reviewed by: steve

(Buggy line reported by Matthias Koenig.)

Submitted by: Daniel Black <daniel.subs@internode.on.net>

PR: 1672

complaint related to the PRNG: with PURIFY policy don't feed uninitialized
memory into the PRNG.

Submitted by: Bodo Moeller <bmoeller@openssl.org> :-)

the PRNG for blinding.

PR: 1666

you need to use "enable-montasm" to see a difference.  (Huge speed
advantage, but BN_MONT_CTX is not binary compatible, so this can't be
enabled by default in the 0.9.8 branch.)

The CHANGES entry also covers the 64-bit x86 backport in November 2007
by appro.

its own TLS ticket keys.

NB, this fixes a regression relative to 0.9.7 and the documented behaviour,
but it would make sense for distro maintainers and others with an interest
in system behaviour to test with this change. The fix re-enables behaviour
that was broken and thus inherently disabled. In particular, if you
register an ENGINE implementation, and that ENGINE is able to successfully
self-initialise on the host, it will get used automatically (as claimed in
the documentation and as was the case for 0.9.7) - this was not the case
with 0.9.8 until now because of a bug.

PR: 1668
Submitted by: Ian Lister
Reviewed by: Geoff Thorpe

PR: 1667