Version 0.6.1 01/07/1996 eay
	- WIN32_rename added for apps/ca.c, thanks to 
	  Andy Brown <a.brown@nexor.co.uk> for the patch.
	- Added doc/ssl.doc which is a minimal function list.
	- Added lots of SSL_CTX_xxx calls to set default values.
	- I have added a session_cache_mode to the SSL_CTX structure.  This
	  is used to control how the session-id cache is used.
	  SSL_set_session_cache_mode(ctx,mode) and
	  SSL_get_session_cache_mode(ctx) manipulate this variable.
	  SSL_SESS_CACHE_OFF means the library does not automatically add
	  to the cache
	  SSL_SESS_CACHE_CLIENT means that SSL_connect() add the session id
	  to the cache if everything works
	  SSL_SESS_CACHE_SERVER means that SSL_accept() adds session id's
	  to the cache.  This is on my default.
	  SSL_SESS_CACHE_BOTH - what you think it means :-)
	  SSL_SESS_CACHE_AUTO_CLEAR.  This, which is on by default, will
	  'flush' timed up entries from the cache automatically whenever
	  a new SSL_accept() or SSL_connect() complete successfully.  This
	  potentially will be expensive on a heavily loaded server, so in this
	  case it would be better to turn this off and manualy flush the cache
	  every 20-30 connections via SSL_flush_sessions(ctx,time(NULL));
	  Please note that you need to 'or' the auto_clear with whatever mode
	  you want, if you want it on, that or play funny tricks like
	  (SSL_get_sesson_cache(ctx)&~SSL_SESS_CACHE_BOTH)|mode_we_want
	- Memory leak in crypto/x509/x509_crt.c, thanks to
	  Ruben Osendarp <rosen@philips.oz.au> for the fix.
	- Error in use of DEVRANDOM, thanks to
	  Gertjan van Oosten <gertjan@West.NL>
	- Put in montgomery multiplication and the improved expotentaion (sp?)
	  windowing system used by Colin Pump.  
	  The RSA times for the old and new version on linux pentium 100
	  	     512   1024   2048   4096
	  0.6.0    0.048  0.222  1.413  9.955
	  0.6.1    0.024  0.119  0.749  5.425
	  Just about 2 times faster.  I'm finally happy with my maths library
	  performance :-).  Montgomery muliplication requires an odd
	  modulus and for my implementation, the modulus must be a multiple
	  of the word size.  If these conditions are not met, I fall back
	  to my old reciprical system which is basically the old numbers
	  with a 20% speedup.
	  Many many thanks to Colin Pumb for putting up with my questions
	  about montgomery multiplication and his exponetiation (sp?) system.
	  Also thanks to Wei Dai <weidai@eskimo.com> for helpfull comments in
	  the past.  I have looked at the big number libraries of
	  both these people and have now surpased the performance of
	  their libraries, at least on my linux pentium x86 (I compared
	  my non-assember version with Colin Plums library since he had
	  no assember for linux).

Version 0.6.0a 24/06/1996 eay
	- BN_sqr() 20% faster and speed up BN_mul() by %5,, mostly by removing
	  BN_clear() calls.  512 bit RSA operations are now %20 faster and
	  1024 bit operations are %9 faster.  This picked up an error in
	  BN_rshift(), is was expecting bn->d[bn->top] to be zero which
	  was never a reasonable thing to expect.
	- Thanks to Clifford Heath <cjh@osa.com.au> who sent me a patch
	  to put in the macros I had left out for the BIO functions, so 
	  there are now the full set of PEM_write_xxx and PEM_read_xxx macros..
	- Had a 'bug' in that a cert with a signature type of rsa, instead
	  of rsaEncryption was not being accepted.  I broke this and so
	  it now works again and has a test certificate.
	- We were not making externally visable DSA in DLL's
	- More patches for FreeBSD from Mark Murry <xxxx???>
	- correct negaitve support for BN_div.c
	- ssltest, a program that talks SSL to it's self :-)
	- a few tweaks to distribution.

Version 0.6.0 21/06/1996 eay
	- I've decided to go to version 0.6.0 due to all the API changes.

Version 0.5.3
	- LOTS AND LOTS OF THINGS NOT LISTED IN THIS FILE
	- Added a 'default' prompt, see EVP_set_pw_prompt() and
	  EVP_get_pw_prompt().
	- Lots of other minor tweaks.
	- Lots and lots of fixes and enhancments (80k) from
	  Gordon Chaffee <chaffee@odie.cs.berkeley.edu>.  He added the
	  crl2pkcs7 program which wraps a crl and x509's into a pkcs7
	  structure.  Gordon obviouly has been working with the ca
	  program quite a lot since lots of his fixes and enhancements
	  were in that area.
	  He also provided about unreported 15 bug fixes.  Some were
	  'real bad' and some were benign but wrong.
	- Many thanks to Steven Schoch <schoch@sheba.arc.nasa.gov> for
	  full patches for DSA support.  The library can now accept DSS
	  signed certificates.
	- I have now written BIO_ssl, BIO_null and BIO_md, they need testing.
	- Changed the EVP_ routines over to use EVP_PKEY, which contains
	  a 'public key', one of RSA, DSA or DH.  This is needed for DSA code.
	- I have added the patches supplied by a 'contributer' for DSA support
	  for signature verification.  I have not yet added the stuff required
	  to generate DSA certificates.
	- unsigned int bugs, thanks to Ian Goldberg <iang@cs.berkeley.edu>
	- crypto/asn1/x_cinf.c version checking had problems.
	- free(NULL) in ssl/ssl_srvr.c - Ben Groeneveld <bjg@snowmass.inel.gov>
	- Small memset(str,0,SIZE) overeagerness in apps/enc.c
	  Thanks to Larry J. Hughes Jr. <hughes@indiana.edu>
	- A few Nextstep tweaks, thanks to Juergen Moellenhoff <jurgen@oic.de>.
	- Lots of mods of Windows 3.1 and NT.  I have completly removes
	  FILE pointer access to the libraries under Win16.  There are now
	  _bio routines for all the functions and the _fp functions now
	  setup a BIO structure and call the _bio form.  What is a BIO I
	  hear you ask?  It is what I have renamed the BUF_IO stuff too.
	  Each one consists of a set of functions and data to do IO
	  as either a source or a sink or both.  The semantics are that
	  of non-blocking IO on a socket :-).  I will document this stuff
	  further.
	- Added a linux/FreeBSD mod for use of /dev/rand devices,
	  define DEVRANDOM when building to be the device and it will
	  be used during initalisation.  Thanks to
	  Anthony Rumble <anthony@rumble.waratah.id.au> for sending in
	  the patch.
	- Big speedups in MD5 for little endian 32bit (if L_ENDIAN is
	  defined) and speedups in SHA/SHA1 on big endian 32bit
	  machines if (B_ENDIAN) is defined.  Thanks to
	  Wei Dai <weidai@eskimo.com> for this
	- Fixed quite a few things the 16bit VC compiler complained about.
	  I now have a test.bat script in the ms directory that should
	  be run to test things.  It picked up a few problems in base64
	  encoding.  Also it should be noted that BN_mod_word() has problems
	  if 'long' < 32 bits.
	- I've been building DLL's under NT and due to the fact that
	  exporting variables is a big no-no, all the EVP_md5 type
	  variables are now functions that return their value.
	  This does not really affect things much other than having to
	  put in some brackets.
	- I had stuffed up the client authenication when I did the 
	  SSL_SESSION stuff :-(, all fixed now.
	- Using the BUF_IO functions, all the *_print(FILE *fp,..)
	  functions have been converted to use *_print_buf(BUF_IO *bp,..)
	  functions.  These new functions are also visable to applications
	  and can be used to print/read from a, MEM_BUF *, and FILE * or
	  a file descriptor.  I still need to document the BUF_IO
	  functions.
	- Netscape spki format routines now present, they were
	  sent to me by Pat Richard <patr@x509.com>.
	- Added BUF_IO functions and renamed BUFFER to BUF_MEM
	  and all the BUF_ functions to BUF_MEM.  The new
	  BUF_IO functions are used as a source/since for a memory
	  buffer of file descriptor/pointer, depending on how they
	  are setup.  Various library routines are going to be
	  modified to use this interface.
	- More work on mk1mf.pl

Version 0.5.2a
	- All operating system dependant stuff is in os.h at the top
	  level.
	- More memory leaks and purify complaints fixed.  Mostly in
	  the ssl library.  Reworked where 'peer' is kept.
	- Changed SSL_copy_session_id() back to a function.  It needs to
	  not only copy the SSL_SESSION but also the 'CERT' (which is
	  the certificate and private key) and the 'peer' certificate.
	  I have also fixed things so that if the 'CERT' is missing,
	  it does not matter if the session can be reused.
	- I've added options to util/mk1mf.pl to build the 'makefile.one'
	  without RC2, RC4, IDEA or socket based demos.  There is also
	  the option to not build in my md2, md5 or des libraries, but
	  to use system ones.  This maps the MD5_Update etc over to
	  the more normal MD5Update.  I did make the name different
	  for a reason :-).
	- Cleaned things up in the apps directory so all those
	  #ifdef WIN32's are now gone.  All apps now include apps.h
	  which is the correct place to put these 'hacks'.
	- Memory leaks in apps/req.c, apps/x509.c and apps/ssleay.c.
	  Most of these relate to not free()ing the CONF structure,
	  rather benign.
	- Fixed an 'Array bounds read' in crypto/bn/bn_div.c.
	- Put in a 'free' function to clean up the 'cipher' state when
	  a SSL structre is free()ed.  I'm told this makes BSAFE
	  easier.  Thanks to Bill O'Donnell <billo@server.net> for the patches.
	- C++ mods from Neil Sharman <neil@mds.rmit.edu.au>.
	- Lots of little problems fixed, thank to
	  Eugene Crosser <crosser@online.ru>
	  Martin Carpenter <mjc@uk.ibm.com>
	  Eike Dierks <eike@ilink.de>
	- Modified crypto/asn1/f_int.c so that f2i_ASN1_INTEGER() can
	  operate when there is 'stuff' on the end of the line and/or
	  the newline is missing.  This plus other fixes were from
	  Holger Reif <Holger.Reif@PrakInf.TU-Ilmenau.DE>

Version 0.5.2 29/04/1996 eay
	- Added s_mult to ssleay.  The code needs cleaning up (I currently
	  don't do any close(2)s :-).  It is a demo event loop app that will
	  multiplex multiple sockets.  It can run in non-blocking mode using
	  SSL connections.  Yes, I have finally gotten the non-blocking to
	  include the SSL_accept(), which normally will block twice if the
	  client is running with the -pause option.
	- Added a debug flag to the SSL structure which if 0x01, will
	  cause a 1 second sleep after each read(2) and write(2) made
	  by the library.  This has been added to help test non-blocking
	  and ultimatly muli-threading the library.
	- Changed SSL_set_pref_cipher() to SSL_set_cipher_list() because
	  the meanings are different for server/client SSL connection and
	  'pref' was confusing the issue for the server side.
	  I have also added SSL_CTX_set_cipher_list() so a 'system'
	  default can be specified, not a per SSL basis.  A SSL cipher
	  preference list overrules a SSL_CTX list which over rules the
	  library default.
	- Added more memset(ctx,0,sizeof(ctx)) to clear cipher and message
	  digest contexts.
	- I've globally changed the CONN type to SSL_SESSION in the ssl
	  directory.  It was sort of miss named and calling it SSL_SESSION
	  better describes what it is.  This will make diff's between
	  0.5.1 and 0.5.2 blow out a bit :-).  Session reuse may not
	  have been working quite as expected.  I belive I have fixed this
	  now and I have also added some stats gathering routines for
	  server side session id reuse.  I've basically reworked the complete
	  sesson caching system.  Have a read of doc/session.doc.
	- Make makefile.one generates a single makefile by using util/mk1mf.pl
	  and the file MINFO which is generated from the other makefiles.
	- Added a 'version' command to ssleay.
	- Added ASN1_HEADER data type, it is used to read/write the
	  netscape certificates/public keys.
	- 'asn1parse' and 'enc' have been changed to 'scan' for base64
	  encoded data.  The lines must be > 60 bytes long which seems ok.
	- Fixed a bug in 'enc -a -d' where the base64 decoding of the input
	  file was not processing the complete file.  We now also have a
	  flag to specify buffer size, mostly for testing.
	- Fixed and generally fixed up apps/x509 so that the generation of
	  self signed certificates works again and is similer to follow.  I
	  added test/sstest to check generation of self signed certificates.
	- Bug in x509.c, missing a 'x509'->references++, just after the call
	  to X509_add_cert().  This function 'keeps' the passed 'x509' and so
	  the reference count needs to be incremented otherwise, there
	  are 2 free()'s done on the structure.
	- Free()ing a null pointer in apps/x509.c - thanks to
	  David Eagles <eaglesd@planets.com.au>
	- Fixed a problem where disabled ciphers could be used by the server.
	- Fixed a strcmp() which should have been a strncmp() in
	  d2i_Netscape_RSA(), thanks to
	  Wolfgang Platzer <wplatzer@iaik.tu-graz.ac.at>
	- Fixed the perl scripts to work with perl5.
	- Moved certs/tools to tools, and improved c_rehash so that
	  it works much better.
	- The bignum libraries can be compiled to run with 8 bit words :-).
	  Why people would want to do this I don't know but it was very
	  usefull for testing the division routines :-)
	- Re-wrote BN_div/BN_mod.  It now runs 10 times faster :-).
	  See 'Seminumerical Algorithms vol 2' by Knuth, section 4.3.1,
	  Algorithm D.  I have implemented both a bignum div and a
	  'double word'/word => word.  The second is needed on machines that
	  don't support the 'long long' type and for which I have not written
	  an assembler version.
	- Fixed the linux assember version of crypto/bn/bn_mulw.c and also
	  Tweaked the assember for all x86 boxes and got a %10 speedup.
	- Fixed a few problems with ASN1_dup and i2d_X509_NAME().
	  Thanks to Pat Richard <patr@cyberstore.ca>.
	- From Steven Schoch <schoch@sheba.arc.nasa.gov>
	  > However, there is one element in the CONN structure that
	  > is connection-specific: key_material.  The problem arises when
          > SSL_copy_session_id() is called, which causes two SSL
	  > (connections) to share one CONN (session?).
	  > When the SSL_connect is called, key_material is updated on
	  > the 1 CONN structure.  This breaks the MAC check on
	  > the first SSL connection.
	  Thats what happens when one normally writes programs that
	  only do single socket connects :-(.
	- Extended X509_NAME_oneline() and fixed a bug in it.
	- Changes to d2i_asn1_print_type() (crypto/asn1/a_print.c).
	  The type argument is now a bitmap of acceptable types.
	  See asn1.h for the B_ASN1 types supported.  This is mostly
	  used to load X509 RDNs.
	- PEM header for certificates requests changed from
	  'NEW CERTIFICATE REQUEST' to 'CERTIFICATE REQUEST', backward
	  compatable.
	- PEM header for certificates changed from 'X509 CERTIFICATE'
	  to 'CERTIFICATE', backward compatable.
	- modified a few macro names in the ASN.1 stuff, I now do
	  X509v3 correctly I belive.  It was wrong before :-(.
	- Fixed Tim's fix in the certificate request stuff.
	- Fixed a bug in crypto/rand/randfile.c.  The rand_load_file() was
	  only loading the 'stat' structure from the random file, not any of
	  the contents :-(.  Many thanks to
	  John B. Plevyak <jplevyak@cs.uiuc.edu> for this one.
	- Wrong error filename in apps/ca.c, thanks to
	  Patrick Richard <patr@cyberstore.ca>

Version 0.5.1b 22/12/1995 tjh
        - fixed the prototype for BN_CTX_new *again* ... will kick Eric
	  for having .org files around to complicate maintainence :-)
	- removed the ASM reference for solaris-x86-gcc until I can test
	  it as it appears broken
	- added unixware support to the Configure script
	- allow for new and class being reserved words in C++
	- fixed choosing of negotiated ciphers (which broke connecting to 
	  export versions of the netscape server) ... thanks to 
	  Paul Wilkinson <paulw@sydsun1.comtech.com.au> for reporting the
	  problem and pointing me at a system to test my fixes against :-).

Version 0.5.1a 22/12/1995 tjh

	Eric will edit the following to include/remove whatever he thinks
	should be ... for the moment this is a note from tjh to eay about
	what's been changed (in order of the changes ...)

        - fixed typo in ssl_locl.h (-l -> -1 for MISSING_IDEA) thanks to
	  David Weisman <weisman@osf.org>
        - crypto/asn1/n_pkey.c NORC4 wasn't there needed <weisman@osf.org>
        - apps/gendh.c <sys/types.h> before <sys/stat.h> for FreeBSD (sameer)
	- apps/req.c ... yet another problem with fclose() thanks to
	  Dean Roth <dean@myp.com>
	- README ... tjh edited typing/spelling errors out (finally)
	- Changed makefile in crypto/bn to remove bn_mulw.s during make
	  clean.  It stuffs up the build and should never be present.
	- bsdi-gcc config modified - sameer <sameer@c2.org>.
	- Added more #ifdef FIONBIO to make sure things run when it is
	  not defined :-)
	- SSL_free() -> fixed problems with freeing the ctx which is
	  the wrong thing to do - sameer <sameer@c2.org> pointed out
	  the problem that was causing FreeBSD Apache-SSL to coredump

Version 0.5.1 21/12/1995 eay
	- s_time added, it times SSL connections, written and donated by
	  Larry Streepy <streepy@healthcare.com>
	- Flipped things so proto types are on unless -DNOPROTO
	- I can now read/write netscape comercial server RSA private
	  keys.  Try the -inform n and -outform n with the rsa
	  program.
	- Moved around the configuration again.
	- Added back assember versions of crypto/bn/bn_mulw.c.  I have
	  writen the x86 (since there are so few registers) and DEC alpha
	  (so I can get access to the 128bit result).
	- Added a fclose(io) in x509.c, thanks to
	  Tim Hudson <tjh@mincom.oz.au>.  I should also add that Tim
	  has found lots of other bugs that have not been mentioned in
	  the file.
	- Messing with the BN_mul/BN_sqr routines again.
	- Changed a few things for BSDI - thanks to
	  Vivek Khera <khera@kci.kciLink.com>

Version 0.5.0a 13/12/1995 eay
	- Fixed the version number in certificate requests, I was
	  setting it to one for some reason :-(.
	- Fixed a few Makefile problems
	- Fixed the prototypes.
	- Fixed a bug in x509_vrf.c, I was verifying the signature of
	  the issuer instead of the subject :-(

Version 0.5.0 12/12/1995 eay
	- TOO MANY OTHER CHANGES TO MENTION
	- Added an ERR_free_strings, Larry Streepy <streepy@healthcare.com>
	  for the prompting and for reporting the memory leak in the
	  lhash library.
	- Checking the wrong field for NULL in SSL_accept, thanks
	  to sameer <sameer@c2.org>
	- Quite a few more last minute bugs :-(
	- Many thanks to Rhys Weatherley <rweather@us.oracle.com>
	  for pointing out that I was
	  assuming little endian byte order for input objects when idea 
	  actually used bigendian.  No where in the spec does it mention 
	  this, it is all in terms of 16 bit numbers and even the
	  example does not use byte streams for the input example :-(.
	- %5 speedup in the idea routines, thanks to 
	  Colin Plumb <colin@nyx10.cs.du.edu> for the pointers.  He
	  has also be a great help in pointing out areas for
	  improvment in the future.
	- Bug in pem_lib.c, Simon J. Gerraty <sjg@frodo.dn.itg.telecom.com.au>
	- Bug in x509 with fclose(io); - Archie Cobbs <archie@tribe.com>
	- An potential runtime error in ssl_srvr.c - sameer <sameer@c2.org>.
	- Fixed 15 memory leaks, and 8 errors thanks to the Purify package :-).
	- Fix for make install, thanks to Nicolas Pioch <pioch@Email.ENST.Fr>.
	- Error in x509_vrf.c, missing a ERR_GET_REASON(), thanks to
	  Larry Streepy <streepy@healthcare.com>.
	- Lots and lots and lots of internal changes.  Too many to
	  mention.
	- Client authentication was sending back the wrong checksum.
	  It should have been encoded with the digest algorithm
	  encoded as well as just the checksum.  My stupidity,
	  Marc VanHeyningen <marcvh@spry.com> pointed this out.
	  
Version 0.4.5? 28/10/1995 eay
	- It appears that '*' can only appear in T61STRING type,
	  not PRINTABLESTRING.
	- Lots and Lots of ASN1 parsing rewriting.
	- Bug in client authenication fixed, thanks to
	  Stephen O. Berger <sberger@tlogic.com> for pointing this one
	  out.
	- Major code renaming and reoganisation.
	- Fixed a problem with SSL, a clear text master key was
	  acceptable by the server process, not anymore.
	- X509_CRL, the actual list of cancled certificates is optional, I
	  have fixed this in my code now.
	- By parts base64 encoding is working.
	- All the object routines have been renamed from PEM_ to OBJ_
	- By parts encryption and message digest is working.
	- I've been mutilating the verification routines.
	- Fixed the use of the wrong variable in cipher to determin
	  the size of the master key.  This was causing NULL-MD5
	  to break.
	- Changed the ssl library to use bsearch and qsort to make
	  matching of ciphers more efficent.  The linear search I was
	  using was ugly, especially when there were lots and lots of
	  ciphers (I currently have 9).
	- Changed the 'object' look up tables so that instead of using
	  a hash table initiated at runtime, I now use a 'static'
	  pregenerated table, which used bseach to look things up.
	  Part of the plan to remove all global variables :-).
	- A few tweaks for BSD/OS 2.0.1 but they are general fixes
	  from Vivek Khera <khera@kciLink.com>
	- A few mixed variables in PEM_proc_type() - thanks to
	  emanuele@freenet.hut.fi <Emanuele Pucciarel>
	- SHA added and tested.  DES_CBC_SHA and DES_EDE_SHA added,
	  needed for SSLv3.

Version 0.4.5b 28/08/1995 eay
	- A few stupid errors on my part in the previous release :-(.
	- I have been leaving out attribution to Tim Hudson (tjh@mincom.oz.au)
	  for doing the body of the port and testing of the windows DLL's.
	  He found quite a few 'interesting features' of the Borland
	  C compiler.  Many thanks to him for doing this work.

Version 0.4.5a 27/08/1995 eay
	- Improved 'req' so that it can be used to generate
	  certificate requests directly.
	- Finally got certificate requests correct.  My sign code has
	  also probably been doing the wrong thing for quite some time
	  now.
	- Fixed a 'bug' in lib/ssl/ssl_pkt.c, SSL->act_data is now
	  SSL->ract_data and SSL->wact_data, if there is data still
	  to be read and a write occurs, the pointer was pointing in
	  the wrong place when we tried to read again.
	- Fixed some memory leaks pointed out thanks to
	  Alex Tang <altitude@cic.net> and the Purify package.
	- Changed lib/x509/x509_req so that REQ verification checks
	  that the algorithm in the checksum agrees with what is in
	  the REQ object.

Version 0.4.5 24/08/1995 eay
	- bn_mul is faster and there is support for the use of asm.
	  I now ship an x86 asm version, makes the routines 2 times
	  faster.
	- Apps all build into a monster program - ssleay
	- non-blocking io finished in the ssl client and server.
	- 'Bug' in lib/der_lib.c DER_put_object().  There are 2 ways
	  to encode length of 0, I was doing the wrong one :-(.
	  Thanks to the long suffering Alex Tang <altitude@cic.net>
	  for 'testing' the fuctionality of the certificate request
	  generation code.
	- ssl_pkt.c rewritten SSL_write to handle non-blocking io.
	- ssl_cnt.c rewriten to be able to handle non-blocking io.
	- Found a bug in s_socket.c, returning a non static variable.
	- Merged most programs in apps into one big one.
	- Tweaked lib/md/md_rand.c to hopefully do better random
	  numbers :-) thanks to Robert J. LeBlanc <rjl@renaissoft.com>
	  for comments.
	- Reorganised the directory layout and makefiles.
	- Fixed a deficency in the loading of X509_ALGOR type objects.
	  Many thanks to Steven Schoch <schoch@sheba.arc.nasa.gov> for
	  the patches for this.

Version 0.4.4 17/07/1995 eay
	- Fixed a bug in time_cmp (stuffed up different years :-(.
	- Fixed things so that I can accept more that one SEQUENCE in
	  a SET in X509_NAME structures.  Again this will not work to
	  'text' mode but does for der/pem.
	- Added PEM_Open(Init,Update,Final) - needs testing
	- Added PEM_Seal(Init,Update,Final) - needs testing
	- Added PEM_Digest(Init,Update,Final)
	- Added PEM_Sign(Init,Update,Final)
	- Added PEM_Verify(Init,Update,Final)
	- %70 speedup in RC4_set_key.
	- File names shortened so windows can compile them.
	- Configure perl script at top level.
	- Speedups in md2/md5/rc4.
	- Add -days to x509
	- Can now build with gcc -Wall and not get too many complaints.
	- Text mode operations will input and output the text object
	  strings as well are object number sequences.
	- I have changed the short form of stateOrProvince from SOP to
	  SP which is what is used by other people.  This will break
	  all current hash values :-(.
	- Fixed a typo in STRING_CERTIFICATE_BEGIN and
	  STRING_CERTIFICATE_END.  This will affect text mode
	  operations.
	- Some speedups in bn_mul() when LONGLONG is not defined.
	- Changed makefile so it now builds a distribution to unpack
	  into SSLeay-0.4.3b/ and I don't use perl for make dclean.  I
	  actually had a read of the sed man page and put it in
	  instead :-).
	- Finished reworking the error system.  This should make the
	  windows DLL porting much easier.  It also cleans things up
	  and make a single interface.  It also allows people to not
	  bother loading all the text strings for the errors.
	- Bug fix in call to gethostbyname() in socket, and a
	  reordering of my server_verify() and get_client_finished()
	  calls in SSL_accept() so that we work with netscape clients
	  :-). Thanks to holtzman@mit.edu.
	  Adam Douglas Cain <acain@ncsa.uiuc.edu> has also confirmed
	  that with these changes SSLeay servers can have netscape
	  clients talk to it.
	- Bug in RSAref.c, calling decrypt instead of encrypt :-(.
	- Added support for -DNOIDEA and -DNORC4 to build without
	  these algorithms.
	- ssl_client/ssl_server now print the certificate they
	  retrieve. SSL_get_peer_certificate() works.  It is assuming
	  X509 but when more type become defined I'll rework this
	  code.
	- Found and removed some code that did nothing in ssl/.
	- Added IDEA encryption of public key when in PEM
	  encoding.
	- Finished der_chopup.  This command will take a DER file (as
	  sent by RSA and printout in PEM encodeing any X509 certs or
	  CRL it finds in the file.
	- Added a header length field to der_parse.
	- Adding CRL.  We can now load and manipulate them.
Version 0.4.3a 19/06/1995 eay
	- RSAref support added.  It needs to be tested since I have
	  been unable to do so since I don't have access to the code.
	- All bcopy/bcmp/bzero references have been removed, I
	  actually did this last week but forgot to add it to this file :-).
Version 0.4.3 15/06/1995 eay
	- PROTOTYPES!
	- Fixed a bug in SSL_write.  When writes were larger than the
	  max for 3 byte headers, the padding variable was being
	  stuffed up.  Another Tim Hudson <tjh@mincom.oz.au> discovery, 
	  it turned up under IRIX with ftpd.
	- Removed some code in socket.c that caused an endless loop on
	  machines with 2+ ethernet interfaces.  Fixed some errors in
	  ssl/ssl_server.c.  Tim Hudson <tjh@mincom.oz.au> discoveries.
	- Removed RSA->num and RSA->buf from the RSA struct, they are
	  now 'created' as needed in the RSA routines.
	- Fixed a 'memory reuse' bug in x509.
	- der_parse was a quick 'throw away' program to use a routine
	  that I saw in my code when I was cleaning :-).  I have
	  made it useful now.
	- Make depend added, make dclean removes the dependancies.
	- Changed the make test is rsa/ so that it runs gentest which
	  generate self signs and the certifies a certificate.
	- Add a flag so that RSA_generate_key can set 'e' to
	  0x03 or 0x10001.
	- Bug in IDEA code, data overrun in idea_set_key.
	- Was setting key_file to TEST_CERT in ssl/ssl_server, now
	  set to NULL, also other problems with signing certificates,
	  to certify, it MUST be self signed now.
	  thank Dave Goldblatt <dg@server.net>.
	- 2 Makefile fixes for NeXT (intel) from
	  Richard Frith-Macdonald <richard@brainstorm.co.uk>
Version 0.4.2b 07/06/1995 eay
	- Missed a htons() in ssl/net.h that needed to be removed :-(.
	- As was pointed out by Paul Riethmuller <par@sequent.com>,
	  my bn_mul() had 19 lines of code to deal with the 'carry'
	  bits from r=a*b[i].  This was all unneeded.  I must have
	  been working on the r=a+b stuff (where a is larger that b)
	  just before :-).  This will not speed things up much, but it
	  definitly make the code look nicer :-).
Version 0.4.2 06/06/1995 eay
	- Quickly hacked into ssl/ssl_client.c some code to report
	  cipher that can be used.  Evil code accessing things that
	  should not be known to an application.  I'll probably put a
	  nice interface in place in the next release :-).
	- I had broken rsa/x509.c when I changed X509_verify to cause
	  an error for the callback for a 'depth 0' self signed
	  certificate.  I have this as an error because there is no
	  way to authenticate the certificate in this case.  Thanks to
	  Dave Goldblatt <dg@server.net> for pointing out this error.
	- destest now return a non-zero value on failure.
	- Quickly put in CBC-IDEA-MD5 :-)  I was preparing the new
	  release when Andreas Bogk <bogk@inf.fu-berlin.de> sends
	  email saying that he has nearly finished IDEA as well.  And my
	  god is his code nearly the same as mine :-).  In fact there
	  are whole sections (files and subroutines I should say) that are
	  %90 identical :-)  So if I had not done it last night,
	  Andreas would have gotten the credit for adding IDEA :-)
	- added des_ncbc_encrypt() to the DES library.  This is a
	  'normal' des_cbc that copies back the new value to the
	  passed iv variable.  I also changed the des_ede3_encrypt()
	  call to do the same.
	- Added a file contains the differences between
	  https://www.netscape.com and the SSL documentation from
	  netscape; bugs/SSLref.diff.
	- Put in some missing htons(), in ssl/ssl_client.c and
	  ssl/ssl_server.c.  Error reported by
	  James G. Speth <speth@end.com>.
	- Expanded and improved the RAMBLINGS file after traffic on
	  ssl-users@mincom.oz.au and solicited comments from
	  Seth Robertson <seth@soscorp.com>.
	- Added the -cipher option to ssl/ssl_client.c
	- Ran ispell over a few of my files (my spelling was never good but I
	  now just call them all typos :-)
	- An optimisation for md/md5_locl.h that reduces the F() and
	  G() functions from 4 operations to 3.  For more evil xor magic,
	  look at the IP() and FP() macros from des/des_locl.h if you
	  want to see more of this type of thing :-).  Thanks to
	  Wei Dai <weidai@eskimo.com> pointed this one out, he
	  attributes the optimisations to Peter Gutmann's SHS code,
	  and Peter attributes it to Rich Schroeppel.

Version 0.4.1 01/06/1995 eay
	- www.rsa.com has a certificate with a DN containing a type
	  T61STRING instead of a PRINTABLESTRING.  It now handles any type,
	  except the TEXT format routines expect them to be PRINTABLESTRINGs.
	  So conversion to and from TEXT converts all DN fields to type
	  PRINTABLESTRING.  In theory the DN fields can be any type, so I
	  will not bother to fix the TEXT format limitation unless people
	  really want me to or I become a perfectionist (which means I
	  probably will :-).
	- A Couple of tweaks so that things will compile under linux,
	  Thanks to Bill P <wmperry@spry.com> for the patches to
	- ssl/client.c and ssl/server.c have been renamed to
	  ssl_client and ssl_server and have been given lots of
	  parameters and they now support testing of authentication.
	  They are actual useful now :-)  The full authentication
	  model is now working and tested.  ssl/README covers the
	  authentication model and runs though how it works.
	- Fixed a fclose of an 'undefined' file handle in rsa/x509.c.
	  It caused a core dump on some boxes when the -noout option
	  was used.

Version 0.4 31/05/1995 eay - Initial alpha release.

Version 0.1 01/04/1995 eay - Started work and soon realised that SSL
	is a hell of a lot more than just SSL.  Thanks to
	Tim Hudson (tjh@mincom.oz.au) for pointing me at the SSL spec.
	as a worthy 'library' to implement since I was in the mood for
	some mindless obsesive programming :-).

Large numbers of the unattributed bugs have been found by
Tim Hudson (tjh@mincom.oz.au).

