Submitted by: Martin Peylo <martinmeis@googlemail.com>

PR: 1592

successful.

HEAD with a twist: server interoperates with non-compliant client.
PR: 1587

This never happens in normal SSL sessions but can be useful if the session
is being used as a "blob" to contain other data.

The version code of the release should have been 09086f (6=f, f=release)
but accidently it was marked "090870" (which would be "0.9.8g-dev").

Therefore we now use "090871" for the development of 0.9.8g. Once
0.9.8g is released, the problem will be "healed". We have never done
beta releases for 0.9.x-stable patch releases, so 090871 would never
be used in practice.

PR: #1589

[from HEAD].
PR: 1230

Submitted by: Alex Lam

twist: server interoperates with non-compliant pre-0.9.8f client.

server interoperates with non-compliant pre-0.9.8f.

twist: server allows for non-compliant Finished calculations in order to
enable interop with pre-0.9.8f.

HelloVerifyRequest [from HEAD].

server accepts even non-compliant encoding in order to enable interop with
pre-0.9.8f clients.

PR: 1578
Submitted by: Charles Longeau <chl@tuxfamily.org>

- no need to disable SSL 2.0 for SSL_CTRL_SET_TLSEXT_HOSTNAME
  now that ssl23_client_hello takes care of that

- fix buffer overrun checks in ssl_add_serverhello_tlsext()

resolve the Valgrind issue with random numbers. Undo the changes to
RAND_bytes() and RAND_pseudo_bytes() that are redundant in this
respect.
Update documentation and FAQ accordingly, as the PURIFY macro is
available at least since 0.9.7.