0.6.1 The main functional changes since 0.6.0 are as follows - Bad news, the Microsoft 060 DLL's are not compatable, but the good news is that from now on, I'll keep the .def numbers the same so they will be. - RSA private key operations are about 2 times faster that 0.6.0 - The SSL_CTX now has more fields so default values can be put against it. When an SSL structure is created, these default values are used but can be overwritten. There are defaults for cipher, certificate, private key, verify mode and callback. This means SSL session creation can now be ssl=SSL_new() SSL_set_fd(ssl,sock); SSL_accept(ssl) .... All the other uglyness with having to keep a global copy of the private key and certificate/verify mode in the server is now gone. - ssl/ssltest.c - one process talking SSL to its self for testing. - Storage of Session-id's can be controled via a session_cache_mode flag. There is also now an automatic default flushing of old session-id's. - The X509_cert_verify() function now has another parameter, this should not effect most people but it now means that the reason for the failure to verify is now available via SSL_get_verify_result(ssl). You don't have to use a global variable. - SSL_get_app_data() and SSL_set_app_data() can be used to keep some application data against the SSL structure. It is upto the application to free the data. I don't use it, but it is available. - SSL_CTX_set_cert_verify_callback() can be used to specify a verify callback function that completly replaces my certificate verification code. Xcert should be able to use this :-). The callback is of the form int app_verify_callback(arg,ssl,cert). This needs to be documented more. - I have started playing with shared library builds, have a look in the shlib directory. It is very simple. If you need a numbered list of functions, have a look at misc/crypto.num and misc/ssl.num. - There is some stuff to do locking to make the library thread safe. I have only started this stuff and have not finished. If anyone is keen to do so, please send me the patches when finished. So I have finally made most of the additions to the SSL interface that I thought were needed. There will probably be a pause before I make any non-bug/documentation related changes to SSLeay since I'm feeling like a bit of a break. eric - 12 Jul 1996 .