Version 0.5.1 21/12/1995 eay
	- s_time added, it times SLL connections, written and donated by
	  Larry Streepy <streepy@healthcare.com>
	- Flipped things so proto types are on unless -DNOPROTO
	- I can now read/write netscape comercial server RSA private
	  keys.  Try the -inform n and -outform n with the rsa
	  program.
	- Moved around the configuration again.
	- Added back assember versions of crypto/bn/bn_mulw.c.  I have
	  writen the x86 (since there are so few registers) and DEC alpha
	  (so I can get access to the 128bit result).
	- Added a fclose(io) in x509.c, thanks to
	  Tim Hudson <tjh@mincom.oz.au>.  I should also add that Tim
	  has found lots of other bugs that have not been mentioned in
	  the file.
	- Messing with the BN_mul/BN_sqr routines again.
	- Changed a few things for BSDI - thanks to
	  Vivek Khera <khera@kci.kciLink.com>

Version 0.5.0a 13/12/1995 eay
	- Fixed the version number in certificate requests, I was
	  setting it to one for some reason :-(.
	- Fixed a few Makefile problems
	- Fixed the prototypes.
	- Fixed a bug in x509_vrf.c, I was verifying the signature of
	  the issuer instead of the subject :-(

Version 0.5.0 12/12/1995 eay
	- TOO MANY OTHER CHANGES TO MENTION
	- Added an ERR_free_strings, Larry Streepy <streepy@healthcare.com>
	  for the prompting and for reporting the memory leak in the
	  lhash library.
	- Checking the wrong field for NULL in SSL_accept, thanks
	  to sameer <sameer@c2.org>
	- Quite a few more last minute bugs :-(
	- Many thanks to Rhys Weatherley <rweather@us.oracle.com>
	  for pointing out that I was
	  assuming little endian byte order for inmput objects when idea 
	  actually used bigendian.  No where in the spec does it mention 
	  this, it is all in terms of 16 bit numbers and even the
	  example does not use byte streams for the input example :-(.
	- %5 speedup in the idea routines, thanks to 
	  Colin Plumb <colin@nyx10.cs.du.edu> for the pointers.  He
	  has also be a great help in pointing out areas for
	  improvment in the future.
	- Bug in pem_lib.c, Simon J. Gerraty <sjg@frodo.dn.itg.telecom.com.au>
	- Bug in x509 with fclose(io); - Archie Cobbs <archie@tribe.com>
	- An potential runtime error in ssl_srvr.c - sameer <sameer@c2.org>.
	- Fixed 15 memory leaks, and 8 errors thanks to the Purify package :-).
	- Fix for make install, thanks to Nicolas Pioch <pioch@Email.ENST.Fr>.
	- Error in x509_vrf.c, missing a ERR_GET_REASON(), thanks to
	  Larry Streepy <streepy@healthcare.com>.
	- Lots and lots and lots of internal changes.  Too many to
	  mention.
	- Client authentication was sending back the wrong checksum.
	  It should have been encoded with the digest algorithm
	  encoded as well as just the checksum.  My stupidity,
	  Marc VanHeyningen <marcvh@spry.com> pointed this out.
	  
Version 0.4.5? 28/10/1995 eay
	- It appears that '*' can only appear in T61STRING type,
	  not PRINTABLESTRING.
	- Lots and Lots of ASN1 parsing rewriting.
	- Bug in client authenication fixed, thanks to
	  Stephen O. Berger <sberger@tlogic.com> for pointing this one
	  out.
	- Major code renaming and reoganisation.
	- Fixed a problem with SSL, a clear text master key was
	  acceptable by the server process, not anymore.
	- X509_CRL, the actual list of cancled certificates is optional, I
	  have fixed this in my code now.
	- By parts base64 encoding is working.
	- All the object routines have been renamed from PEM_ to OBJ_
	- By parts encryption and message digest is working.
	- I've been mutilating the verification routines.
	- Fixed the use of the wrong variable in cipher to determin
	  the size of the master key.  This was causing NULL-MD5
	  to break.
	- Changed the ssl library to use bsearch and qsort to make
	  matching of ciphers more efficent.  The linear search I was
	  using was ugly, especially when there were lots and lots of
	  ciphers (I currently have 9).
	- Changed the 'object' look up tables so that instead of using
	  a hash table initiated at runtime, I now use a 'static'
	  pregenerated table, which used bseach to look things up.
	  Part of the plan to remove all global variables :-).
	- A few tweaks for BSD/OS 2.0.1 but they are general fixes
	  from Vivek Khera <khera@kciLink.com>
	- A few mixed variables in PEM_proc_type() - thanks to
	  emanuele@freenet.hut.fi <Emanuele Pucciarel>
	- SHA added and tested.  DES_CBC_SHA and DES_EDE_SHA added,
	  needed for SSLv3.

Version 0.4.5b 28/08/1995 eay
	- A few stupid errors on my part in the previous release :-(.
	- I have been leaving out attribution to Tim Hudson (tjh@mincom.oz.au)
	  for doing the body of the port and testing of the windows DLL's.
	  He found quite a few 'interesting features' of the Borland
	  C compiler.  Many thanks to him for doing this work.

Version 0.4.5a 27/08/1995 eay
	- Improved 'req' so that it can be used to generate
	  certificate requests directly.
	- Finally got certificate requests correct.  My sign code has
	  also probably been doing the wrong thing for quite some time
	  now.
	- Fixed a 'bug' in lib/ssl/ssl_pkt.c, SSL->act_data is now
	  SSL->ract_data and SSL->wact_data, if there is data still
	  to be read and a write occurs, the pointer was pointing in
	  the wrong place when we tried to read again.
	- Fixed some memory leaks pointed out thanks to
	  Alex Tang <altitude@cic.net> and the Purify package.
	- Changed lib/x509/x509_req so that REQ verification checks
	  that the algorithm in the checksum agrees with what is in
	  the REQ object.

Version 0.4.5 24/08/1995 eay
	- bn_mul is faster and there is support for the use of asm.
	  I now ship an x86 asm version, makes the routines 2 times
	  faster.
	- Apps all build into a monster program - ssleay
	- non-blocking io finished in the ssl client and server.
	- 'Bug' in lib/der_lib.c DER_put_object().  There are 2 ways
	  to encode length of 0, I was doing the wrong one :-(.
	  Thanks to the long suffering Alex Tang <altitude@cic.net>
	  for 'testing' the fuctionality of the certificate request
	  generation code.
	- ssl_pkt.c rewritten SSL_write to handle non-blocking io.
	- ssl_cnt.c rewriten to be able to handle non-blocking io.
	- Found a bug in s_socket.c, returning a non static variable.
	- Merged most programs in apps into one big one.
	- Tweaked lib/md/md_rand.c to hopefully do better random
	  numbers :-) thanks to Robert J. LeBlanc <rjl@renaissoft.com>
	  for comments.
	- Reorganised the directory layout and makefiles.
	- Fixed a deficency in the loading of X509_ALGOR type objects.
	  Many thanks to Steven Schoch <schoch@sheba.arc.nasa.gov> for
	  the patches for this.

Version 0.4.4 17/07/1995 eay
	- Fixed a bug in time_cmp (stuffed up different years :-(.
	- Fixed things so that I can accept more that one SEQUENCE in
	  a SET in X509_NAME structures.  Again this will not work to
	  'text' mode but does for der/pem.
	- Added PEM_Open(Init,Update,Final) - needs testing
	- Added PEM_Seal(Init,Update,Final) - needs testing
	- Added PEM_Digest(Init,Update,Final)
	- Added PEM_Sign(Init,Update,Final)
	- Added PEM_Verify(Init,Update,Final)
	- %70 speedup in RC4_set_key.
	- File names shortened so windows can compile them.
	- Configure perl script at top level.
	- Speedups in md2/md5/rc4.
	- Add -days to x509
	- Can now build with gcc -Wall and not get too many complaints.
	- Text mode operations will input and output the text object
	  strings as well are object number sequences.
	- I have changed the short form of stateOrProvince from SOP to
	  SP which is what is used by other people.  This will break
	  all current hash values :-(.
	- Fixed a typo in STRING_CERTIFICATE_BEGIN and
	  STRING_CERTIFICATE_END.  This will affect text mode
	  operations.
	- Some speedups in bn_mul() when LONGLONG is not defined.
	- Changed makefile so it now builds a distribution to unpack
	  into SSLeay-0.4.3b/ and I don't use perl for make dclean.  I
	  actually had a read of the sed man page and put it in
	  instead :-).
	- Finished reworking the error system.  This should make the
	  windows DLL porting much easier.  It also cleans things up
	  and make a single interface.  It also allows people to not
	  bother loading all the text strings for the errors.
	- Bug fix in call to gethostbyname() in socket, and a
	  reordering of my server_verify() and get_client_finished()
	  calls in SSL_accept() so that we work with netscape clients
	  :-). Thanks to holtzman@mit.edu.
	  Adam Douglas Cain <acain@ncsa.uiuc.edu> has also confirmed
	  that with these changes SSLeay servers can have netscape
	  clients talk to it.
	- Bug in RSAref.c, calling decrypt instead of encrypt :-(.
	- Added support for -DNOIDEA and -DNORC4 to build without
	  these algorithms.
	- ssl_client/ssl_server now print the certificate they
	  retrieve. SSL_get_peer_certificate() works.  It is assuming
	  X509 but when more type become defined I'll rework this
	  code.
	- Found and removed some code that did nothing in ssl/.
	- Added IDEA encryption of public key when in PEM
	  encoding.
	- Finished der_chopup.  This command will take a DER file (as
	  sent by RSA and printout in PEM encodeing any X509 certs or
	  CRL it finds in the file.
	- Added a header length field to der_parse.
	- Adding CRL.  We can now load and manipulate them.
Version 0.4.3a 19/06/1995 eay
	- RSAref support added.  It needs to be tested since I have
	  been unable to do so since I don't have access to the code.
	- All bcopy/bcmp/bzero references have been removed, I
	  actually did this last week but forgot to add it to this file :-).
Version 0.4.3 15/06/1995 eay
	- PROTOTYPES!
	- Fixed a bug in SSL_write.  When writes were larger than the
	  max for 3 byte headers, the padding variable was being
	  stuffed up.  Another Tim Hudson <tjh@mincom.oz.au> discovery, 
	  it turned up under IRIX with ftpd.
	- Removed some code in socket.c that caused an endless loop on
	  machines with 2+ ethernet interfaces.  Fixed some errors in
	  ssl/ssl_server.c.  Tim Hudson <tjh@mincom.oz.au> discoveries.
	- Removed RSA->num and RSA->buf from the RSA struct, they are
	  now 'created' as needed in the RSA routines.
	- Fixed a 'memory reuse' bug in x509.
	- der_parse was a quick 'throw away' program to use a routine
	  that I saw in my code when I was cleaning :-).  I have
	  made it useful now.
	- Make depend added, make dclean removes the dependancies.
	- Changed the make test is rsa/ so that it runs gentest which
	  generate self signs and the certifies a certificate.
	- Add a flag so that RSA_generate_key can set 'e' to
	  0x03 or 0x10001.
	- Bug in IDEA code, data overrun in idea_set_key.
	- Was setting key_file to TEST_CERT in ssl/ssl_server, now
	  set to NULL, also other problems with signing certificates,
	  to certify, it MUST be self signed now.
	  thank Dave Goldblatt <dg@server.net>.
	- 2 Makefile fixes for NeXT (intel) from
	  Richard Frith-Macdonald <richard@brainstorm.co.uk>
Version 0.4.2b 07/06/1995 eay
	- Missed a htons() in ssl/net.h that needed to be removed :-(.
	- As was pointed out by Paul Riethmuller <par@sequent.com>,
	  my bn_mul() had 19 lines of code to deal with the 'carry'
	  bits from r=a*b[i].  This was all unneeded.  I must have
	  been working on the r=a+b stuff (where a is larger that b)
	  just before :-).  This will not speed things up much, but it
	  definitly make the code look nicer :-).
Version 0.4.2 06/06/1995 eay
	- Quickly hacked into ssl/ssl_client.c some code to report
	  cipher that can be used.  Evil code accessing things that
	  should not be known to an application.  I'll probably put a
	  nice interface in place in the next release :-).
	- I had broken rsa/x509.c when I changed X509_verify to cause
	  an error for the callback for a 'depth 0' self signed
	  certificate.  I have this as an error because there is no
	  way to authenticate the certificate in this case.  Thanks to
	  Dave Goldblatt <dg@server.net> for pointing out this error.
	- destest now return a non-zero value on failure.
	- Quickly put in CBC-IDEA-MD5 :-)  I was preparing the new
	  release when Andreas Bogk <bogk@inf.fu-berlin.de> sends
	  email saying that he has nearly finished IDEA as well.  And my
	  god is his code nearly the same as mine :-).  In fact there
	  are whole sections (files and subroutines I should say) that are
	  %90 identical :-)  So if I had not done it last night,
	  Andreas would have gotten the credit for adding IDEA :-)
	- added des_ncbc_encrypt() to the DES library.  This is a
	  'normal' des_cbc that copies back the new value to the
	  passed iv variable.  I also changed the des_ede3_encrypt()
	  call to do the same.
	- Added a file contains the differences between
	  https://www.netscape.com and the SSL documentation from
	  netscape; bugs/SSLref.diff.
	- Put in some missing htons(), in ssl/ssl_client.c and
	  ssl/ssl_server.c.  Error reported by
	  James G. Speth <speth@end.com>.
	- Expanded and improved the RAMBLINGS file after traffic on
	  ssl-users@mincom.oz.au and solicited comments from
	  Seth Robertson <seth@soscorp.com>.
	- Added the -cipher option to ssl/ssl_client.c
	- Ran ispell over a few of my files (my spelling was never good but I
	  now just call them all typos :-)
	- An optimisation for md/md5_locl.h that reduces the F() and
	  G() functions from 4 operations to 3.  For more evil xor magic,
	  look at the IP() and FP() macros from des/des_locl.h if you
	  want to see more of this type of thing :-).  Thanks to
	  Wei Dai <weidai@eskimo.com> pointed this one out, he
	  attributes the optimisations to Peter Gutmann's SHS code,
	  and Peter attributes it to Rich Schroeppel.

Version 0.4.1 01/06/1995 eay
	- www.rsa.com has a certificate with a DN containing a type
	  T61STRING instead of a PRINTABLESTRING.  It now handles any type,
	  except the TEXT format routines expect them to be PRINTABLESTRINGs.
	  So conversion to and from TEXT converts all DN fields to type
	  PRINTABLESTRING.  In theory the DN fields can be any type, so I
	  will not bother to fix the TEXT format limitation unless people
	  really want me to or I become a perfectionist (which means I
	  probably will :-).
	- A Couple of tweaks so that things will compile under linux,
	  Thanks to Bill P <wmperry@spry.com> for the patches to
	- ssl/client.c and ssl/server.c have been renamed to
	  ssl_client and ssl_server and have been given lots of
	  parameters and they now support testing of authentication.
	  They are actual useful now :-)  The full authentication
	  model is now working and tested.  ssl/README covers the
	  authentication model and runs though how it works.
	- Fixed a fclose of an 'undefined' file handle in rsa/x509.c.
	  It caused a core dump on some boxes when the -noout option
	  was used.

Version 0.4 31/05/1995 eay - Initial alpha release.

Version 0.1 01/04/1995 eay - Started work and soon realised that SSL
	is a hell of a lot more than just SSL.  Thanks to
	Tim Hudson (tjh@mincom.oz.au) for pointing me at the SSL spec.
	as a worthy 'library' to implement since I was in the mood for
	some mindless obsesive programming :-).

Large numbers of the unattributed bugs have been found by
Tim Hudson (tjh@mincom.oz.au).

