Version 0.4.3b ??/06/1995 eay
	- Fixed a bug in time_cmp (stuffed up different years :-(.
	- Fixed things so that I can accept more that one SEQUENCE in
	  a SET in X509_NAME structures.  Again this will not work to
	  'text' mode but does for der/pem.
	- Added PEM_Open(Init,Update,Final) - needs testing
	- Added PEM_Seal(Init,Update,Final) - needs testing
	- Added PEM_Digest(Init,Update,Final)
	- Added PEM_Sign(Init,Update,Final)
	- Added PEM_Verify(Init,Update,Final)
	- %70 speedup in RC4_set_key.
	- File names shortened so windows can compile them.
	- Configure perl script at top level.
	- Speedups in md2/md5/rc4.
	- Add -days to x509
	- Can now build with gcc -Wall and not get too many complaints.
	- Text mode operations will input and output the text object
	  strings as well are object number sequences.
	- I have changed the short form of stateOrProvince from SOP to
	  SP which is what is used by other people.  This will break
	  all current hash values :-(.
	- Fixed a typo in STRING_CERTIFICATE_BEGIN and
	  STRING_CERTIFICATE_END.  This will affect text mode
	  operations.
	- Some speedups in bn_mul() when LONGLONG is not defined.
	- Changed makefile so it now builds a distribution to unpack
	  into SSLeay-0.4.3b/ and I don't use perl for make dclean.  I
	  actually had a read of the sed man page and put it in
	  instead :-).
	- Finished reworking the error system.  This should make the
	  windows DLL porting much easier.  It also cleans things up
	  and make a single interface.  It also allows people to not
	  bother loading all the text strings for the errors.
	- Bug fix in call to gethostbyname() in socket, and a
	  reordering of my server_verify() and get_client_finished()
	  calls in SSL_accept() so that we work with netscape clients
	  :-). Thanks to holtzman@mit.edu.
	  Adam Douglas Cain <acain@ncsa.uiuc.edu> has also confirmed
	  that with these changes SSLeay servers can have netscape
	  clients talk to it.
	- Bug in RSAref.c, calling decrypt instead of encrypt :-(.
	- Added support for -DNOIDEA and -DNORC4 to build without
	  these algorithms.
	- ssl_client/ssl_server now print the certificate they
	  retrieve. SSL_get_peer_certificate() works.  It is assuming
	  X509 but when more type become defined I'll rework this
	  code.
	- Found and removed some code that did nothing in ssl/.
	- Added IDEA encryption of public key when in PEM
	  encoding.
	- Finished der_chopup.  This command will take a DER file (as
	  sent by RSA and printout in PEM encodeing any X509 certs or
	  CRL it finds in the file.
	- Added a header length field to der_parse.
	- Adding CRL.  We can now load and manipulate them.
Version 0.4.3a 19/06/1995 eay
	- RSAref support added.  It needs to be tested since I have
	  been unable to do so since I don't have access to the code.
	- All bcopy/bcmp/bzero references have been removed, I
	  actually did this last week but forgot to add it to this file :-).
Version 0.4.3 15/06/1995 eay
	- PROTOTYPES!
	- Fixed a bug in SSL_write.  When writes were larger than the
	  max for 3 byte headers, the padding variable was being
	  stuffed up.  Another Tim Hudson <tjh@mincom.oz.au> discovery, 
	  it turned up under IRIX with ftpd.
	- Removed some code in socket.c that caused an endless loop on
	  machines with 2+ ethernet interfaces.  Fixed some errors in
	  ssl/ssl_server.c.  Tim Hudson <tjh@mincom.oz.au> discoveries.
	- Removed RSA->num and RSA->buf from the RSA struct, they are
	  now 'created' as needed in the RSA routines.
	- Fixed a 'memory reuse' bug in x509.
	- der_parse was a quick 'throw away' program to use a routine
	  that I saw in my code when I was cleaning :-).  I have
	  made it useful now.
	- Make depend added, make dclean removes the dependancies.
	- Changed the make test is rsa/ so that it runs gentest which
	  generate self signs and the certifies a certificate.
	- Add a flag so that RSA_generate_key can set 'e' to
	  0x03 or 0x10001.
	- Bug in IDEA code, data overrun in idea_set_key.
	- Was setting key_file to TEST_CERT in ssl/ssl_server, now
	  set to NULL, also other problems with signing certificates,
	  to certify, it MUST be self signed now.
	  thank Dave Goldblatt <dg@server.net>.
	- 2 Makefile fixes for NeXT (intel) from
	  Richard Frith-Macdonald <richard@brainstorm.co.uk>
Version 0.4.2b 07/06/1995 eay
	- Missed a htons() in ssl/net.h that needed to be removed :-(.
	- As was pointed out by Paul Riethmuller <par@sequent.com>,
	  my bn_mul() had 19 lines of code to deal with the 'carry'
	  bits from r=a*b[i].  This was all unneeded.  I must have
	  been working on the r=a+b stuff (where a is larger that b)
	  just before :-).  This will not speed things up much, but it
	  definitly make the code look nicer :-).
Version 0.4.2 06/06/1995 eay
	- Quickly hacked into ssl/ssl_client.c some code to report
	  cipher that can be used.  Evil code accessing things that
	  should not be known to an application.  I'll probably put a
	  nice interface in place in the next release :-).
	- I had broken rsa/x509.c when I changed X509_verify to cause
	  an error for the callback for a 'depth 0' self signed
	  certificate.  I have this as an error because there is no
	  way to authenticate the certificate in this case.  Thanks to
	  Dave Goldblatt <dg@server.net> for pointing out this error.
	- destest now return a non-zero value on failure.
	- Quickly put in CBC-IDEA-MD5 :-)  I was preparing the new
	  release when Andreas Bogk <bogk@inf.fu-berlin.de> sends
	  email saying that he has nearly finished IDEA as well.  And my
	  god is his code nearly the same as mine :-).  In fact there
	  are whole sections (files and subroutines I should say) that are
	  %90 identical :-)  So if I had not done it last night,
	  Andreas would have gotten the credit for adding IDEA :-)
	- added des_ncbc_encrypt() to the DES library.  This is a
	  'normal' des_cbc that copies back the new value to the
	  passed iv variable.  I also changed the des_ede3_encrypt()
	  call to do the same.
	- Added a file contains the differences between
	  https://www.netscape.com and the SSL documentation from
	  netscape; bugs/SSLref.diff.
	- Put in some missing htons(), in ssl/ssl_client.c and
	  ssl/ssl_server.c.  Error reported by
	  James G. Speth <speth@end.com>.
	- Expanded and improved the RAMBLINGS file after traffic on
	  ssl-users@mincom.oz.au and solicited comments from
	  Seth Robertson <seth@soscorp.com>.
	- Added the -cipher option to ssl/ssl_client.c
	- Ran ispell over a few of my files (my spelling was never good but I
	  now just call them all typos :-)
	- An optimisation for md/md5_locl.h that reduces the F() and
	  G() functions from 4 operations to 3.  For more evil xor magic,
	  look at the IP() and FP() macros from des/des_locl.h if you
	  want to see more of this type of thing :-).  Thanks to
	  Wei Dai <weidai@eskimo.com> pointed this one out, he
	  attributes the optimisations to Peter Gutmann's SHS code,
	  and Peter attributes it to Rich Schroeppel.

Version 0.4.1 01/06/1995 eay
	- www.rsa.com has a certificate with a DN containing a type
	  T61STRING instead of a PRINTABLESTRING.  It now handles any type,
	  except the TEXT format routines expect them to be PRINTABLESTRINGs.
	  So conversion to and from TEXT converts all DN fields to type
	  PRINTABLESTRING.  In theory the DN fields can be any type, so I
	  will not bother to fix the TEXT format limitation unless people
	  really want me to or I become a perfectionist (which means I
	  probably will :-).
	- A Couple of tweaks so that things will compile under linux,
	  Thanks to Bill P <wmperry@spry.com> for the patches to
	- ssl/client.c and ssl/server.c have been renamed to
	  ssl_client and ssl_server and have been given lots of
	  parameters and they now support testing of authentication.
	  They are actual useful now :-)  The full authentication
	  model is now working and tested.  ssl/README covers the
	  authentication model and runs though how it works.
	- Fixed a fclose of an 'undefined' file handle in rsa/x509.c.
	  It caused a core dump on some boxes when the -noout option
	  was used.

Version 0.4 31/05/1995 eay - Initial alpha release.

Version 0.1 01/04/1995 eay - Started work and soon realised that SSL
	is a hell of a lot more than just SSL.  Thanks to
	Tim Hudson (tjh@mincom.oz.au) for pointing me at the SSL spec.
	as a worthy 'library' to implement since I was in the mood for
	some mindless obsesive programming :-).

Large numbers of the unattributed bugs have been found by
Tim Hudson (tjh@mincom.oz.au).

