des_old.h redefines crypt:
#define crypt(b,s)\
        DES_crypt((b),(s))

This scheme leads to failure, if header files with the OS's true definition
of crypt() are processed _after_ des_old.h was processed. This is e.g. the
case on HP-UX with unistd.h.
As evp.h now again includes des.h (which includes des_old.h), this problem
only came up after this modification.
Solution: move header files (indirectly) including e_os.h before the header
files (indirectly) including evp.h.
Submitted by:
Reviewed by:
PR:

not covered by the strength bit mask.
Submitted by:
Reviewed by:
PR: 130

(but noone uses it anyway)

fix t1_enc.c: use OPENSSL_NO_RC4, not NO_RC4

handled properly.
Part of PR 75

vulnerability workaround (included in SSL_OP_ALL).

PR: #90

in the default ciphersuite list

Notified by Bernd Matthes <bernd.matthes@gemplus.com>

Notified by Lorinczy Zsigmond <lzsiga@mail.ahiv.hu>

(the bug was introduced with message callback support)

Fix length checks in ssl3_get_client_hello().

Use s->s3->in_read_app_data differently to fix ssl3_read_internal().

Initialize cipher context in KRB5
("D. Russell" <russelld@aol.net>)

Allow HMAC functions to use an alternative ENGINE.

BIO_nwrite0/BIO_nwrite (the previous code was OK for BIO pairs but not
in general)

Undo previous patch: avoid warnings by #undef'ing
duplicate definitions.

Suggested by "Kenneth R. Robinette" <support@securenetterm.com>

Fix Kerberos warnings with VC++.

Fix ASN1 additions for KRB5

Fix various warnings when compiling with KRB5 code.

Increase internal security when using strncpy, by making sure the resulting string is NUL-terminated

Submitted by: D. K. Smetters <smetters@parc.xerox.com>
Reviewed by: Bodo Moeller

Fix for AIX.

Submitted by Dawn Whiteside <dwhitesi@tiercel.uwaterloo.ca>

Submitted by: Nils Larsch <nla@trustcenter.de>