field here, which is left empty).

Various configurations are *only* in the 0.9.6 branch at the moment:
  OpenUNIX
  OpenUNIX-8-gcc-shared
  OpenUNIX-8-shared
Either Configure or CHANGES must be changed to rectify the situation.

(nearly) to the top.

Move msg_callback entry to the top as the implementation for SSL 2.0
is based on the s2_clnt.c/s2_srvr.c changes.

call ssl2_part_read again to parse error message

Important SSL 2.0 bugfixes (bugs found while implementing msg_callback).

sooner and the programs get built against the shared libraries.

This requires a bit more work.  Things like -rpath and the possibility
to still link the programs statically should be included.  Some
cleanup is also needed.  This will be worked on.

the e-mail address in the DN (i.e., it will go into a certificate
extension only).  The new configuration file option 'email_in_dn = no'
has the same effect.

Submitted by: Massimiliano Pala madwolf@openca.org

libdes (which is still used out there) or other des implementations,
the OpenSSL DES functions are renamed to begin with DES_ instead of
des_.  Compatibility routines are provided and declared by including
openssl/des_old.h.  Those declarations are the same as were in des.h
when the OpenSSL project started, which is exactly how libdes looked
at that time, and hopefully still looks today.

The compatibility functions will be removed in some future release, at
the latest in version 1.0.

never resets s->method to s->ctx->method when called from within
one of the SSL handshake functions.

Reject certificates with unhandled critical extensions.

New macros SSL[_CTX]_set_msg_callback_arg().

Message callback imlementation for SSL 3.0/TLS 1.0 (no SSL 2.0 yet).

New '-msg' option for 'openssl s_client' and 'openssl s_server'
that enable a message callback that displays all protocol messages.


In ssl3_get_client_hello (ssl/s3_srvr.c), generate a fatal alert if
client_version is smaller than the protocol version in use.
Also change ssl23_get_client_hello (ssl/s23_srvr.c) to select TLS 1.0
if the client demanded SSL 3.0 but only TLS 1.0 is enabled; then the
client will at least see that alert.

Fix SSL[_CTX]_ctrl prototype (void * instead of char * for generic
pointer).

Add/update some OpenSSL copyright notices.

to digests to retain compatibility.

Retain compatibility of EVP_DigestInit() and EVP_DigestFinal()
with existing code.

Modify library to use digest *_ex() functions.

'Handshake' protocol structures are kept in memory, including
'msg_type' and 'length'.

(This is in preparation of future support for callbacks that get to
peek at handshake messages and the like.)

Submitted by Massimo Santin <msantin@santineassociati.com>.

a few items however, most of the details are deferred to the
crypto/engine/README file.

1. if there are several symbols with the same entry number, sort those
   symbols in ASCII order.
2. Do not stop reading the header files when "BEGIN ERROR CODES" is
   found, since mkerr.pl will add a function declaration after that
   comment.  Instead, trigger on "Error codes for the \w+ function",
   which is the actual start of the error code macros.

Additionally, a few more debugging printouts that helped.

just sent a HelloRequest.

New option SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION.

reveal whether illegal block cipher padding was found or a MAC
verification error occured.

In ssl/s2_pkt.c, verify that the purported number of padding bytes is in
the legal range.

Fix X509V3 macro so they compile.

settable (proposed by "Douglas E. Engert" <deengert@anl.gov>).

(Boyd Lynn Gerber <gerberb@zenez.com>).

as the functions were only introduced a couple of days ago.

Some '*)' apparently should be '+)' as the changes do not apply
to the 0.9.6 bugfix branch.