Submitted by: Douglas Stebila

Submitted by: Douglas Stebila

Submitted by: Douglas Stebila

Submitted by: Douglas Stebila

PR: 1191
Submitted by: Mika Kousa and Pasi Eronen of Nokia Corporation
Reviewed by: Nils Larsch

make "no-ssl2" work again

PR: 1217

Submitted by: Peter Sylvester

Submitted by: Peter Sylvester

 - fix indentation
 - rename some functions and macros
 - fix up confusion between SSL_ERROR_... and SSL_AD_... values

Submitted by: Peter Sylvester

Submitted by: Douglas Stebila

runtime, thus removing the need for a lock. Add a test to ssltest
to verify that the cipher lists are sorted.

for locking code. The CRYPTO_LOCK_SSL_METHOD lock is now no longer used.

    	./configure no-deprecated [no-dsa] [no-dh] [no-ec] [no-rsa]
    	make depend all test
work again

PR: 1159

have a uniform representation for those over all architectures, so a
little bit of hackery is needed.

Contributed by nagendra modadugu <nagendra@cs.stanford.edu>

("perl util/ck_errf.pl */*.c */*/*.c" still reports many more.)

tree. This further reduces header interdependencies, and makes some
associated cleanups.

Check if IDEA is being built or not.
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>

I have tried to convert 'len' type variable declarations to unsigned as a
means to address these warnings when appropriate, but when in doubt I have
used casts in the comparisons instead. The better solution (that would get
us all lynched by API users) would be to go through and convert all the
function prototypes and structure definitions to use unsigned variables
except when signed is necessary. The proliferation of (signed) "int" for
strictly non-negative uses is unfortunate.

I've covered all the memset()s I felt safe modifying, but may have missed some.

Submitted by: Sheueling Chang <Sheueling.Chang@Sun.COM>

PR: 189

PR: 189

Submitted by: "Patrick McCormick" <patrick@tellme.com>

PR: 262
PR: 291

Submitted by: Douglas Stebila <douglas.stebila@sun.com>
(Authors: Vipul Gupta and Sumit Gupta, Sun Microsystems Laboratories)

not covered by the strength bit mask.
Submitted by:
Reviewed by:
PR: 130

Fix length checks in ssl3_get_client_hello().

Use s->s3->in_read_app_data differently to fix ssl3_read_internal().

New macros SSL[_CTX]_set_msg_callback_arg().

Message callback imlementation for SSL 3.0/TLS 1.0 (no SSL 2.0 yet).

New '-msg' option for 'openssl s_client' and 'openssl s_server'
that enable a message callback that displays all protocol messages.


In ssl3_get_client_hello (ssl/s3_srvr.c), generate a fatal alert if
client_version is smaller than the protocol version in use.
Also change ssl23_get_client_hello (ssl/s23_srvr.c) to select TLS 1.0
if the client demanded SSL 3.0 but only TLS 1.0 is enabled; then the
client will at least see that alert.

Fix SSL[_CTX]_ctrl prototype (void * instead of char * for generic
pointer).

Add/update some OpenSSL copyright notices.