the SSL_R_LENGTH_MISMATCH error is detected.

Submitted by: D P Chang <dpc@qualys.com>
Reviewed by: Bodo

calls.  This patch allows compilation either way.

Submitted by: Jeffrey Altman <jaltman@columbia.edu>

values really are unsigned

call ssl2_part_read again to parse error message

Important SSL 2.0 bugfixes (bugs found while implementing msg_callback).

sooner and the programs get built against the shared libraries.

This requires a bit more work.  Things like -rpath and the possibility
to still link the programs statically should be included.  Some
cleanup is also needed.  This will be worked on.

Addapt VMS scripts to the newer disk layout system ODS-5, which allows more than one period and mixed size characters in file names

change)

never resets s->method to s->ctx->method when called from within
one of the SSL handshake functions.

be called multiple times

New macros SSL[_CTX]_set_msg_callback_arg().

Message callback imlementation for SSL 3.0/TLS 1.0 (no SSL 2.0 yet).

New '-msg' option for 'openssl s_client' and 'openssl s_server'
that enable a message callback that displays all protocol messages.


In ssl3_get_client_hello (ssl/s3_srvr.c), generate a fatal alert if
client_version is smaller than the protocol version in use.
Also change ssl23_get_client_hello (ssl/s23_srvr.c) to select TLS 1.0
if the client demanded SSL 3.0 but only TLS 1.0 is enabled; then the
client will at least see that alert.

Fix SSL[_CTX]_ctrl prototype (void * instead of char * for generic
pointer).

Add/update some OpenSSL copyright notices.

variable name occured just in a function *prototype* -- so rename it

it to NULL.

to digests to retain compatibility.

Both have per-SSL_CTX defaults.
These new values can be set by calling SSL[_CTX]_[callback_]ctrl
with codes SSL_CTRL_SET_MSG_CALLBACK and SSL_CTRL_SET_MSG_CALLBACK_ARG.

So far, the callback is never actually called.


Also rearrange some SSL_CTX struct members (some exist just in
SSL_CTXs, others are defaults for SSLs and are either copied
during SSL_new, or used if the value in the SSL is not set;
these three classes of members were not in a logical order),
and add some missing assignments to SSL_dup.

Retain compatibility of EVP_DigestInit() and EVP_DigestFinal()
with existing code.

Modify library to use digest *_ex() functions.

SSL 2.0 client hellos added with the previous commit was totally wrong --
it must start with the message type, not the protocol version.
(Not that this particular header is actually used anywhere ...)

(if s23_srvr.c faked the message, s->init_num is 0).

'Handshake' protocol structures are kept in memory, including
'msg_type' and 'length'.

(This is in preparation of future support for callbacks that get to
peek at handshake messages and the like.)

case of ssl3_accept

depend on the environment, like the presence of the OpenBSD crypto
device or of Kerberos, do not change the dependencies within OpenSSL.

Submitted by Massimo Santin <msantin@santineassociati.com>.

just sent a HelloRequest.

New option SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION.