except when following the specs is bound to fail.

they can sometimes be different memory structures.

if anyone had actually ever needed that they should have fixed this typo)

either and has a static and dynamic mix.

SSL_CTX and SSL, functions to set them and defaults if no values set.

yet.

Add a function X509_STORE_CTX_purpose_inherit() which implements the logic
of "inheriting" purpose and trust from a parent structure and using a default:
this will be used in the SSL code and possibly future S/MIME.

Partial documentation of the 'verify' utility. Still need to document how all
the extension checking works and the various error messages.

don't leak tons of memory.

Previously, the returned SSL_SESSION didn't have its reference count
incremented so the SSL_SESSION could be freed at any time causing
seg-faults if the pointer was subsequently used. Code that uses
SSL_get_session must now make a corresponding SSL_SESSION_free() call when
it is done to avoid memory leaks (or blocked up session caches).

Submitted By: Geoff Thorpe <geoff@eu.c2.net>

Submitted by: Lennart Bång, Bodo Möller

and verify rather than direct encrypt/decrypt.

This will soon be complemented with MacOS specific source code files and
INSTALL.MacOS.

I (Andy) have decided to get rid of a number of #include <sys/types.h>.
I've verified it's ok (both by examining /usr/include/*.h and compiling)
on a number of Unix platforms. Unfortunately I don't have Windows box
to verify this on. I really appreciate if somebody could try to compile
it and contact me a.s.a.p. in case a problem occurs.

Submitted by: Roy Wood <roy@centricsystems.ca>
Reviewed by: Andy Polyakov <appro@fy.chalmers.se>

tls1 did not survive to restarts, so get rid of it.

It's still totally untested ...

In case of a restart, v[0] and v[1] were incorrectly initialised.
This was interpreted by ssl3_get_client_key_exchange as an RSA decryption
failure (don't ask me why) and caused it to create a _random_ master key
instead (even weirder), which obviously led to incorrect input to
ssl3_generate_master_secret and thus caused "block cipher pad is
wrong" error messages from ssl3_enc for the client's Finished message.
Arrgh.

while implementing and using it.

(because now SSL_new makes a copy).

Submitted by: Richard Levitte <levitte@stacken.kth.se>