Submitted by: "Stefan Marxen" <stefan.marxen@gmx.net>

_REENTRANT if threads support is enabled, the ./Configure entry must
define it so that it ends up in CFLAG.

Addapt VMS scripts to the newer disk layout system ODS-5, which allows more than one period and mixed size characters in file names

change)

never resets s->method to s->ctx->method when called from within one
of the SSL handshake functions.

client_version is smaller than the protocol version in use.
Also change ssl23_get_client_hello (ssl/s23_srvr.c) to select TLS 1.0
if the client demanded SSL 3.0 but only TLS 1.0 is enabled; then the
client will at least see that alert.

case of ssl3_accept

Submitted by: Toomas Kiisk <vix@cyber.ee>

  From: "Chris D. Peterson" <cpeterson@aventail.com>
  Subject: Implementation Issues with OpenSSL
  To: openssl-users@openssl.org
  Date: Wed, 22 Aug 2001 16:13:17 -0700
The patch included in the original post may improve the internal session
list handling (and is therefore worth a seperate investigation).
No change to the list handling will however solve the problems of incorrect
SSL_SESSION_free() calls. The session list is only one possible point of
failure, dangling pointers would also occur for SSL object currently
using the session. The correct solution is to only use SSL_SESSION_free()
when applicable!

such cases, a flush should *not* attempt to finalise the encoding, as
the EVP_ENCODE_CTX structure will only be filled with garbage.  For
the same reason, do the same check when a wpending is performed.

-pedantic, or some parts of the source will raise complaints from the
compiler.

Noticed by Thomas Klausner <wiz@danbala.ifoer.tuwien.ac.at>.

just sent a HelloRequest.

reveal whether illegal block cipher padding was found or a MAC
verification error occured.

In ssl/s2_pkt.c, verify that the purported number of padding bytes is in
the legal range.