Submitted by: Masashi Fujita
Reviewed by: Bodo Moeller

one suite.

PR: 1191
Submitted by: Mika Kousa and Pasi Eronen of Nokia Corporation
Reviewed by: Nils Larsch

  error if the cipher list is empty
- fix last commit in ssl_create_cipher_list
- clean up ssl_create_cipher_list

collected (see SSL_CTX_set_cipher_list manpage). Fix handling of
"cipher1+cipher2" expressions in ssl_cipher_process_rulestr.

PR: 836 + 1005

Check if IDEA is being built or not.
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>

Therefore, change all instances of the symbol 'list' to something else.

PR: 758
Submitted by: Frédéric Giudicelli <groups@newpki.org>

Submitted by: Nils Larsch

compression identity is already present among the registered
compression methods, and if so, reject the addition request.

Declare SSL_COMP_get_compression_method() so it can be used properly.

Change ssltest.c so it checks what compression methods are available
and enumerates them.  As a side-effect, built-in compression methods
will be automagically loaded that way.  Additionally, change the
identities for ZLIB and RLE to be conformant to
draft-ietf-tls-compression-05.txt.

Finally, make update.

Next on my list: have the built-in compression methods added
"automatically" instead of requiring that the author call
SSL_COMP_add_compression_method() or
SSL_COMP_get_compression_methods().

the cipher name in the list is not guaranteed to be at least "buflen"
long.
PR: 567
Submitted by: "Matt Harren" <matth@cs.berkeley.edu>

PR: 373

ZLIB a known compression method, with the identity 1.

Submitted by: Douglas Stebila <douglas.stebila@sun.com>
(Authors: Vipul Gupta and Sumit Gupta, Sun Microsystems Laboratories)

Submitted by:
Reviewed by:
PR: 127

this construct, and Ulf provided the following insight as to why;

> ANSI C compliant compilers must substitute "??)" for "]" because your
> terminal might not have a "]" key if you bought it in the early 1970s.

So we escape the final '?' to avoid this pathological case.

missed any.

This compiles and runs on Linux, and external applications have no
problems with it.  The definite test will be to build this on VMS.

Fix AES code.

Update Rijndael source to v3.0

Add AES OIDs.

Change most references of Rijndael to AES.

Add new draft AES ciphersuites.

really undefined.
Spotted by Jeffrey Altman <jaltman@columbia.edu>

First tentative impementation of Kerberos 5 cryptos and keys for SSL/TLS.  Implemented by Vern Staats <staatsvr@asc.hpc.mil>, further hacked and distributed by Jeffrey Altman <jaltnab@columbia.edu>

of complaints from the compiler about data pointers and function
pointers not being compatible with each other.

like Malloc, Realloc and especially Free conflict with already existing names
on some operating systems or other packages.  That is reason enough to change
the names of the OpenSSL memory allocation macros to something that has a
better chance of being unique, like prepending them with OPENSSL_.

This change includes all the name changes needed throughout all C files.

yet tighter, and also put some heat on the rest of the library by
insisting (correctly) that compare callbacks used in stacks are prototyped
with "const" parameters. This has led to a depth-first explosion of
compiler warnings in the code where 1 constification has led to 3 or 4
more. Fortunately these have all been resolved to completion and the code
seems cleaner as a result - in particular many of the _cmp() functions
should have been prototyped with "const"s, and now are. There was one
little problem however;

X509_cmp() should by rights compare "const X509 *" pointers, and it is now
declared as such. However, it's internal workings can involve
recalculating hash values and extensions if they have not already been
setup. Someone with a more intricate understanding of the flow control of
X509 might be able to tighten this up, but for now - this seemed the
obvious place to stop the "depth-first" constification of the code by
using an evil cast (they have migrated all the way here from safestack.h).

Fortunately, this is the only place in the code where this was required
to complete these type-safety changes, and it's reasonably clear and
commented, and seemed the least unacceptable of the options. Trying to
take the constification further ends up exploding out considerably, and
indeed leads directly into generalised ASN functions which are not likely
to cooperate well with this.