OpenSSL v0.9.1.c Release Notes

Release Date: 1999-03-22 // almost 23 years ago
    • Make SSL_get_peer_cert_chain() work in servers. Unfortunately, it still doesn't work when the session is reused. Coming soon!

    Ben Laurie

    • Fix a security hole, that allows sessions to be reused in the wrong context thus bypassing client cert protection! All software that uses client certs and session caches in multiple contexts NEEDS PATCHING to allow session reuse! A fuller solution is in the works.

    Ben Laurie, problem pointed out by Holger Reif, Bodo Moeller (and ???)

    • Some more source tree cleanups (removed obsolete files crypto/bf/asm/bf586.pl, test/test.txt and crypto/sha/asm/f.s; changed permission on "config" script to be executable) and a fix for the INSTALL document.

    Ulf Moeller [email protected]

    • Remove some legacy and erroneous uses of malloc, free instead of Malloc, Free.

    Lennart Bang [email protected], with minor changes by Steve

    • Make rsa_oaep_test return non-zero on error.

    Ulf Moeller [email protected]

    • Add support for native Solaris shared libraries. Configure solaris-sparc-sc4-pic, make, then run shlib/solaris-sc4.sh. It'd be nice if someone would make that last step automatic.

    Matthias Loepfe [email protected]

    • ctx_size was not built with the right compiler during "make links". Fixed.

    Ben Laurie

    • Change the meaning of 'ALL' in the cipher list. It now means "everything except NULL ciphers". This means the default cipher list will no longer enable NULL ciphers. They need to be specifically enabled e.g. with the string "DEFAULT:eNULL".

    Steve Henson

    • Fix to RSA private encryption routines: if p < q then it would occasionally produce an invalid result. This will only happen with externally generated keys because OpenSSL (and SSLeay) ensure p > q.

    Steve Henson

    • Be less restrictive and allow also perl util/perlpath.pl /path/to/bin/perl in addition to perl util/perlpath.pl /path/to/bin, because this way one can also use an interpreter named perl5 (which is usually the name of Perl 5.xxx on platforms where an Perl 4.x is still installed as perl).

    Matthias Loepfe [email protected]

    • Let util/clean-depend.pl work also with older Perl 5.00x versions.

    Matthias Loepfe [email protected]

    • Fix Makefile.org so CC,CFLAG etc are passed to 'make links' add advapi32.lib to Win32 build and change the pem test comparison to fc.exe (thanks to Ulrich Kroener [email protected] for the suggestion). Fix misplaced ASNI prototypes and declarations in evp.h and crypto/des/ede_cbcm_enc.c.

    Steve Henson

    • DES quad checksum was broken on big-endian architectures. Fixed.

    Ben Laurie

    • Comment out two functions in bio.h that aren't implemented. Fix up the Win32 test batch file so it (might) work again. The Win32 test batch file is horrible: I feel ill....

    Steve Henson

    • Move various #ifdefs around so NO_SYSLOG, NO_DIRENT etc are now selected in e_os.h. Audit of header files to check ANSI and non ANSI sections: 10 functions were absent from non ANSI section and not exported from Windows DLLs. Fixed up libeay.num for new functions.

    Steve Henson

    • Make openssl version output lines consistent.

    Ralf S. Engelschall

    • Fix Win32 symbol export lists for BIO functions: Added BIO_get_ex_new_index, BIO_get_ex_num, BIO_get_ex_data and BIO_set_ex_data to ms/libeay{16,32}.def.

    Ralf S. Engelschall

    • Second round of fixing the OpenSSL perl/ stuff. It now at least compiled fine under Unix and passes some trivial tests I've now added. But the whole stuff is horribly incomplete, so a README.1ST with a disclaimer was added to make sure no one expects that this stuff really works in the OpenSSL 0.9.2 release. Additionally I've started to clean the XS sources up and fixed a few little bugs and inconsistencies in OpenSSL.{pm,xs} and openssl_bio.xs.

    Ralf S. Engelschall

    • Fix the generation of two part addresses in perl.

    Kenji Miyake [email protected], integrated by Ben Laurie

    • Add config entry for Linux on MIPS.

    John Tobey [email protected]

    • Make links whenever Configure is run, unless we are on Windoze.

    Ben Laurie

    • Permit extensions to be added to CRLs using crl_section in openssl.cnf. Currently only issuerAltName and AuthorityKeyIdentifier make any sense in CRLs.

    Steve Henson

    • Add a useful kludge to allow package maintainers to specify compiler and other platforms details on the command line without having to patch the Configure script every time: One now can use perl Configure <id>:<details>, i.e. platform ids are allowed to have details appended to them (separated by colons). This is treated as there would be a static pre-configured entry in Configure's %table under key <id> with value <details> and perl Configure <id> is called. So, when you want to perform a quick test-compile under FreeBSD 3.1 with pgcc and without assembler stuff you can use perl Configure "FreeBSD-elf:pgcc:-O6:::" now, which overrides the FreeBSD-elf entry on-the-fly.

    Ralf S. Engelschall

    • Disable new TLS1 ciphersuites by default: they aren't official yet.

    Ben Laurie

    • Allow DSO flags like -fpic, -fPIC, -KPIC etc. to be specified on the perl Configure ... command line. This way one can compile OpenSSL libraries with Position Independent Code (PIC) which is needed for linking it into DSOs.

    Ralf S. Engelschall

    • Remarkably, export ciphers were totally broken and no-one had noticed! Fixed.

    Ben Laurie

    • Cleaned up the LICENSE document: The official contact for any license questions now is the OpenSSL core team under [email protected]. And add a paragraph about the dual-license situation to make sure people recognize that BOTH the OpenSSL license AND the SSLeay license apply to the OpenSSL toolkit.

    Ralf S. Engelschall

    • General source tree makefile cleanups: Made making xxx in yyy... display consistent in the source tree and replaced /bin/rm by rm. Additionally cleaned up the make links target: Remove unnecessary semicolons, subsequent redundant removes, inline point.sh into mklink.sh to speed processing and no longer clutter the display with confusing stuff. Instead only the actually done links are displayed.

    Ralf S. Engelschall

    • Permit null encryption ciphersuites, used for authentication only. It used to be necessary to set the preprocessor define SSL_ALLOW_ENULL to do this. It is now necessary to set SSL_FORBID_ENULL to prevent the use of null encryption.

    Ben Laurie

    • Add a bunch of fixes to the PKCS#7 stuff. It used to sometimes reorder signed attributes when verifying signatures (this would break them), the detached data encoding was wrong and public keys obtained using X509_get_pubkey() weren't freed.

    Steve Henson

    • Add text documentation for the BUFFER functions. Also added a work around to a Win95 console bug. This was triggered by the password read stuff: the last character typed gets carried over to the next fread(). If you were generating a new cert request using 'req' for example then the last character of the passphrase would be CR which would then enter the first field as blank.

    Steve Henson

    • Added the new 'Includes OpenSSL Cryptography Software' button as doc/openssl_button.{gif,html} which is similar in style to the old SSLeay button and can be used by applications based on OpenSSL to show the relationship to the OpenSSL project.

    Ralf S. Engelschall

    • Remove confusing variables in function signatures in files ssl/ssl_lib.c and ssl/ssl.h.

    Lennart Bong [email protected]

    • Don't install bss_file.c under PREFIX/include/

    Lennart Bong [email protected]

    • Get the Win32 compile working again. Modify mkdef.pl so it can handle functions that return function pointers and has support for NT specific stuff. Fix mk1mf.pl and VC-32.pl to support NT differences also. Various #ifdef WIN32 and WINNTs sprinkled about the place and some changes from unsigned to signed types: this was killing the Win32 compile.

    Steve Henson

    • Add new certificate file to stack functions, SSL_add_dir_cert_subjects_to_stack() and SSL_add_file_cert_subjects_to_stack(). These largely supplant SSL_load_client_CA_file(), and can be used to add multiple certs easily to a stack (usually this is then handed to SSL_CTX_set_client_CA_list()). This means that Apache-SSL and similar packages don't have to mess around to add as many CAs as they want to the preferred list.

    Ben Laurie

    Ben Laurie

    • Get rid of remaining C++-style comments which strict C compilers hate.

    Ralf S. Engelschall, pointed out by Carlos Amengual

    • Changed BN_RECURSION in bn_mont.c to BN_RECURSION_MONT so it is not compiled in by default: it has problems with large keys.

    Steve Henson

    • Add a bunch of SSL_xxx() functions for configuring the temporary RSA and DH private keys and/or callback functions which directly correspond to their SSL_CTX_xxx() counterparts but work on a per-connection basis. This is needed for applications which have to configure certificates on a per-connection basis (e.g. Apache+mod_ssl) instead of a per-context basis (e.g. s_server). For the RSA certificate situation is makes no difference, but for the DSA certificate situation this fixes the "no shared cipher" problem where the OpenSSL cipher selection procedure failed because the temporary keys were not overtaken from the context and the API provided no way to reconfigure them. The new functions now let applications reconfigure the stuff and they are in detail: SSL_need_tmp_RSA, SSL_set_tmp_rsa, SSL_set_tmp_dh, SSL_set_tmp_rsa_callback and SSL_set_tmp_dh_callback. Additionally a new non-public-API function ssl_cert_instantiate() is used as a helper function and also to reduce code redundancy inside ssl_rsa.c.

    Ralf S. Engelschall

    • Move s_server -dcert and -dkey options out of the undocumented feature area because they are useful for the DSA situation and should be recognized by the users.

    Ralf S. Engelschall

    • Fix the cipher decision scheme for export ciphers: the export bits are not within SSL_MKEY_MASK or SSL_AUTH_MASK, they are within SSL_EXP_MASK. So, the original variable has to be used instead of the already masked variable.

    Richard Levitte [email protected]

    • Fix port variable from int to unsigned int in crypto/bio/b_sock.c

    Richard Levitte [email protected]

    • Change type of another md_len variable in pk7_doit.c:PKCS7_dataFinal() from int to unsigned int because it is a length and initialized by EVP_DigestFinal() which expects an unsigned int *.

    Richard Levitte [email protected]

    • Don't hard-code path to Perl interpreter on shebang line of Configure script. Instead use the usual Shell->Perl transition trick.

    Ralf S. Engelschall

    • Make openssl x509 -noout -modulus' functional also for DSA certificates (in addition to RSA certificates) to match the behaviour of openssl dsa -noout -modulus as it's already the case for openssl rsa -noout -modulus. For RSA the -modulus is the real "modulus" while for DSA currently the public key is printed (a decision which was already done by openssl dsa -modulus in the past) which serves a similar purpose. Additionally the NO_RSA no longer completely removes the whole -modulus option; it now only avoids using the RSA stuff. Same applies to NO_DSA now, too.

    Ralf S. Engelschall

    • Add Arne Ansper's reliable BIO - this is an encrypted, block-digested BIO. See the source (crypto/evp/bio_ok.c) for more info.

    Arne Ansper [email protected]

    • Dump the old yucky req code that tried (and failed) to allow raw OIDs to be added. Now both 'req' and 'ca' can use new objects defined in the config file.

    Steve Henson

    • Add cool BIO that does syslog (or event log on NT).

    Arne Ansper [email protected], integrated by Ben Laurie

    • Add support for new TLS ciphersuites, TLS_RSA_EXPORT56_WITH_RC4_56_MD5, TLS_RSA_EXPORT56_WITH_RC2_CBC_56_MD5 and TLS_RSA_EXPORT56_WITH_DES_CBC_SHA, as specified in "56-bit Export Cipher Suites For TLS", draft-ietf-tls-56-bit-ciphersuites-00.txt.

    Ben Laurie

    • Add preliminary config info for new extension code.

    Steve Henson

    • Make RSA_NO_PADDING really use no padding.

    Ulf Moeller [email protected]

    • Generate errors when private/public key check is done.

    Ben Laurie

    • Overhaul for 'crl' utility. New function X509_CRL_print. Partial support for some CRL extensions and new objects added.

    Steve Henson

    • Really fix the ASN1 IMPLICIT bug this time... Partial support for private key usage extension and fuller support for authority key id.

    Steve Henson

    • Add OAEP encryption for the OpenSSL crypto library. OAEP is the improved padding method for RSA, which is recommended for new applications in PKCS

      1 v2.0 (RFC 2437, October 1998).

      OAEP (Optimal Asymmetric Encryption Padding) has better theoretical foundations than the ad-hoc padding used in PKCS #1 v1.5. It is secure against Bleichbacher's attack on RSA. Ulf Moeller [email protected], reformatted, corrected and integrated by Ben Laurie

    • Updates to the new SSL compression code

    Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)

    • Fix so that the version number in the master secret, when passed via RSA, checks that if TLS was proposed, but we roll back to SSLv3 (because the server will not accept higher), that the version number is 0x03,0x01, not 0x03,0x00

    Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)

    • Run extensive memory leak checks on SSL commands. Fixed lots of memory leaks in ssl/ relating to new X509_get_pubkey() behaviour. Also fixes in apps/ and an unrelated leak in crypto/dsa/dsa_vrf.c.

    Steve Henson

    • Support for RAW extensions where an arbitrary extension can be created by including its DER encoding. See apps/openssl.cnf for an example.

    Steve Henson

    • Make sure latest Perl versions don't interpret some generated C array code as Perl array code in the crypto/err/err_genc.pl script.

    Lars Weber [email protected]

    • Modify ms/do_ms.bat to not generate assembly language makefiles since not many people have the assembler. Various Win32 compilation fixes and update to the INSTALL.W32 file with (hopefully) more accurate Win32 build instructions.

    Steve Henson

    • Modify configure script 'Configure' to automatically create crypto/date.h file under Win32 and also build pem.h from pem.org. New script util/mkfiles.pl to create the MINFO file on environments that can't do a 'make files': perl util/mkfiles.pl >MINFO should work.

    Steve Henson

    • Major rework of DES function declarations, in the pursuit of correctness and purity. As a result, many evil casts evaporated, and some weirdness, too. You may find this causes warnings in your code. Zapping your evil casts will probably fix them. Mostly.

    Ben Laurie

    • Fix for a typo in asn1.h. Bug fix to object creation script obj_dat.pl. It considered a zero in an object definition to mean "end of object": none of the objects in objects.h have any zeros so it wasn't spotted.

    Steve Henson, reported by Erwann ABALEA [email protected]

    • Add support for Triple DES Cipher Block Chaining with Output Feedback Masking (CBCM). In the absence of test vectors, the best I have been able to do is check that the decrypt undoes the encrypt, so far. Send me test vectors if you have them.

    Ben Laurie

    • Correct calculation of key length for export ciphers (too much space was allocated for null ciphers). This has not been tested!

    Ben Laurie

    • Modifications to the mkdef.pl for Win32 DEF file creation. The usage message is now correct (it understands "crypto" and "ssl" on its command line). There is also now an "update" option. This will update the util/ssleay.num and util/libeay.num files with any new functions. If you do a: perl util/mkdef.pl crypto ssl update it will update them.

    Steve Henson

    • Overhauled the Perl interface:
      • ported BN stuff to OpenSSL's different BN library
      • made the perl/ source tree CVS-aware
      • renamed the package from SSLeay to OpenSSL (the files still contain their history because I've copied them in the repository)
      • removed obsolete files (the test scripts will be replaced by better Test::Harness variants in the future)

    Ralf S. Engelschall

    • First cut for a very conservative source tree cleanup:
      1. merge various obsolete readme texts into doc/ssleay.txt where we collect the old documents and readme texts.
      2. remove the first part of files where I'm already sure that we no longer need them because of three reasons: either they are just temporary files which were left by Eric or they are preserved original files where I've verified that the diff is also available in the CVS via "cvs diff -rSSLeay_0_8_1b" or they were renamed (as it was definitely the case for the crypto/md/ stuff).

    Ralf S. Engelschall

    • More extension code. Incomplete support for subject and issuer alt name, issuer and authority key id. Change the i2v function parameters and add an extra 'crl' parameter in the X509V3_CTX structure: guess what that's for :-) Fix to ASN1 macro which messed up IMPLICIT tag and add f_enum.c which adds a2i, i2a for ENUMERATED.

    Steve Henson

    • Preliminary support for ENUMERATED type. This is largely copied from the INTEGER code.

    Steve Henson

    • Add new function, EVP_MD_CTX_copy() to replace frequent use of memcpy.

    Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)

    • Make sure make rehash target really finds the openssl program.

    Ralf S. Engelschall, Matthias Loepfe [email protected]

    • Squeeze another 7% of speed out of MD5 assembler, at least on a P2. I'd like to hear about it if this slows down other processors.

    Ben Laurie

    • Add CygWin32 platform information to Configure script.

    Alan Batie [email protected]

    • Fixed ms/32all.bat script: no_asm -> no-asm

    Rainer W. Gerling [email protected]

    • New program nseq to manipulate netscape certificate sequences

    Steve Henson

    • Modify crl2pkcs7 so it supports multiple -certfile arguments. Fix a few typos.

    Steve Henson

    • Fixes to BN code. Previously the default was to define BN_RECURSION but the BN code had some problems that would cause failures when doing certificate verification and some other functions.

    Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)

    • Add ASN1 and PEM code to support netscape certificate sequences.

    Steve Henson

    • Add ASN1 and PEM code to support netscape certificate sequences.

    Steve Henson

    • Add several PKIX and private extended key usage OIDs.

    Steve Henson

    • Modify the 'ca' program to handle the new extension code. Modify openssl.cnf for new extension format, add comments.

    Steve Henson

    • More X509 V3 changes. Fix typo in v3_bitstr.c. Add support to 'req' and add a sample to openssl.cnf so req -x509 now adds appropriate CA extensions.

    Steve Henson

    • Continued X509 V3 changes. Add to other makefiles, integrate with the error code, add initial support to X509_print() and x509 application.

    Steve Henson

    • Takes a deep breath and start adding X509 V3 extension support code. Add files in crypto/x509v3. Move original stuff to crypto/x509v3/old. All this stuff is currently isolated and isn't even compiled yet.

    Steve Henson

    • Continuing patches for GeneralizedTime. Fix up certificate and CRL ASN1 to use ASN1_TIME and modify print routines to use ASN1_TIME_print. Removed the versions check from X509 routines when loading extensions: this allows certain broken certificates that don't set the version properly to be processed.

    Steve Henson

    • Deal with irritating shit to do with dependencies, in YAAHW (Yet Another Ad Hoc Way) - Makefile.ssls now all contain local dependencies, which can still be regenerated with "make depend".

    Ben Laurie

    • Spelling mistake in C version of CAST-128.

    Ben Laurie, reported by Jeremy Hylton [email protected]

    • Changes to the error generation code. The perl script err-code.pl now reads in the old error codes and retains the old numbers, only adding new ones if necessary. It also only changes the .err files if new codes are added. The makefiles have been modified to only insert errors when needed (to avoid needlessly modifying header files). This is done by only inserting errors if the .err file is newer than the auto generated C file. To rebuild all the error codes from scratch (the old behaviour) either modify crypto/Makefile.ssl to pass the -regen flag to err_code.pl or delete all the .err files.

    Steve Henson

    • CAST-128 was incorrectly implemented for short keys. The C version has been fixed, but is untested. The assembler versions are also fixed, but new assembler HAS NOT BEEN GENERATED FOR WIN32 - the Makefile needs fixing to regenerate it if needed. Ben Laurie, reported (with fix for C version) by Jun-ichiro itojun Hagino [email protected]

    • File was opened incorrectly in randfile.c.

    Ulf Möller [email protected]

    • Beginning of support for GeneralizedTime. d2i, i2d, check and print functions. Also ASN1_TIME suite which is a CHOICE of UTCTime or GeneralizedTime. ASN1_TIME is the proper type used in certificates et al: it's just almost always a UTCTime. Note this patch adds new error codes so do a "make errors" if there are problems.

    Steve Henson

    • Correct Linux 1 recognition in config.

    Ulf Möller [email protected]

    • Remove pointless MD5 hash when using DSA keys in ca.

    Anonymous [email protected]

    • Generate an error if given an empty string as a cert directory. Also generate an error if handed NULL (previously returned 0 to indicate an error, but didn't set one).

    Ben Laurie, reported by Anonymous [email protected]

    • Add prototypes to SSL methods. Make SSL_write's buffer const, at last.

    Ben Laurie

    • Fix the dummy function BN_ref_mod_exp() in rsaref.c to have the correct parameters. This was causing a warning which killed off the Win32 compile.

    Steve Henson

    • Remove C++ style comments from crypto/bn/bn_local.h.

    Neil Costigan [email protected]

    • The function OBJ_txt2nid was broken. It was supposed to return a nid based on a text string, looking up short and long names and finally "dot" format. The "dot" format stuff didn't work. Added new function OBJ_txt2obj to do the same but return an ASN1_OBJECT and rewrote OBJ_txt2nid to use it. OBJ_txt2obj can also return objects even if the OID is not part of the table.

    Steve Henson

    • Add prototypes to X509 lookup/verify methods, fixing a bug in X509_LOOKUP_by_alias().

    Ben Laurie

    • Sort openssl functions by name.

    Ben Laurie

    • Get the gendsa command working and add it to the list command. Remove encryption from sample DSA keys (in case anyone is interested the password was "1234").

    Steve Henson

    • Make all *_free functions accept a NULL pointer.

    Frans Heymans [email protected]

    • If a DH key is generated in s3_srvr.c, don't blow it by trying to use NULL pointers.

    Anonymous [email protected]

    • s_server should send the CAfile as acceptable CAs, not its own cert.

    Bodo Moeller [email protected]

    • Don't blow it for numeric -newkey arguments to apps/req.

    Bodo Moeller [email protected]

    • Temp key "for export" tests were wrong in s3_srvr.c.

    Anonymous [email protected]

    • Add prototype for temp key callback functions SSL_CTX_set_tmp_{rsa,dh}_callback().

    Ben Laurie

    • Make DH_free() tolerate being passed a NULL pointer (like RSA_free() and DSA_free()). Make X509_PUBKEY_set() check for errors in d2i_PublicKey().

    Steve Henson

    • X509_name_add_entry() freed the wrong thing after an error.

    Arne Ansper [email protected]

    • rsa_eay.c would attempt to free a NULL context.

    Arne Ansper [email protected]

    • BIO_s_socket() had a broken should_retry() on Windoze.

    Arne Ansper [email protected]

    • BIO_f_buffer() didn't pass on BIO_CTRL_FLUSH.

    Arne Ansper [email protected]

    • Make sure the already existing X509_STORE->depth variable is initialized in X509_STORE_new(), but document the fact that this variable is still unused in the certificate verification process.

    Ralf S. Engelschall

    • Fix the various library and apps/ files to free up pkeys obtained from X509_PUBKEY_get() et al. Also allow x509.c to handle netscape extensions.

    Steve Henson

    • Fix reference counting in X509_PUBKEY_get(). This makes demos/maurice/example2.c work, amongst others, probably.

    Steve Henson and Ben Laurie

    • First cut of a cleanup for apps/. First the ssleay program is now named openssl and second, the shortcut symlinks for the openssl <command> are no longer created. This way we have a single and consistent command line interface openssl <command>, similar to cvs <command>.

    Ralf S. Engelschall, Paul Sutton and Ben Laurie

    • ca.c: move test for DSA keys inside #ifndef NO_DSA. Make pubkey BIT STRING wrapper always have zero unused bits.

    Steve Henson

    • Add CA.pl, perl version of CA.sh, add extended key usage OID.

    Steve Henson

    • Make the top-level INSTALL documentation easier to understand.

    Paul Sutton

    • Makefiles updated to exit if an error occurs in a sub-directory make (including if user presses C) [Paul Sutton]

    • Make Montgomery context stuff explicit in RSA data structure.

    Ben Laurie

    • Fix build order of pem and err to allow for generated pem.h.

    Ben Laurie

    • Fix renumbering bug in X509_NAME_delete_entry().

    Ben Laurie

    • Enhanced the err-ins.pl script so it makes the error library number global and can add a library name. This is needed for external ASN1 and other error libraries.

    Steve Henson

    • Fixed sk_insert which never worked properly.

    Steve Henson

    • Fix ASN1 macros so they can handle indefinite length constructed EXPLICIT tags. Some non standard certificates use these: they can now be read in.

    Steve Henson

    • Merged the various old/obsolete SSLeay documentation files (doc/xxx.doc) into a single doc/ssleay.txt bundle. This way the information is still preserved but no longer messes up this directory. Now it's new room for the new set of documentation files.

    Ralf S. Engelschall

    • SETs were incorrectly DER encoded. This was a major pain, because they shared code with SEQUENCEs, which aren't coded the same. This means that almost everything to do with SETs or SEQUENCEs has either changed name or number of arguments.

    Ben Laurie, based on a partial fix by GP Jayan [email protected]

    • Fix test data to work with the above.

    Ben Laurie

    • Fix the RSA header declarations that hid a bug I fixed in 0.9.0b but was already fixed by Eric for 0.9.1 it seems.

    Ben Laurie - pointed out by Ulf Möller [email protected]

    • Autodetect FreeBSD3.

    Ben Laurie

    • Fix various bugs in Configure. This affects the following platforms: nextstep ncr-scde unixware-2.0 unixware-2.0-pentium sco5-cc.

    Ben Laurie

    • Eliminate generated files from CVS. Reorder tests to regenerate files before they are needed.

    Ben Laurie

    • Generate Makefile.ssl from Makefile.org (to keep CVS happy).

    Ben Laurie