2002-05-28  Scott Goodwin  <scott@scottg.net>

	* init.c: added some user-friendly error messages when key fails
	to load in LoadKey routine.

2002-05-27  Scott Goodwin  <scott@scottg.net>

	* ssl.c: in NsOpenSSLDestroyConn, if socket is valid, we shut it
	down before freeing the ccPtr datastructures. Apparently, the
	BIO_free_all causes two bytes to be sent over the socket that
	confuses Win32 clients. Thanks to Piotr Szuca
	<pszuca@radix.com.pl> for this addition.

2002-04-23  Scott Goodwin  <scott@localhost.localdomain>

	* Makefile: added 'install: all' directive that overrides the
	'install: all' directive in Makefile.module so that I can have the
	install process install https.tcl as well (I need to update the
	online docs). Thanks to Pierre Asselin.

2002-03-05  Scott S. Goodwin  <scott@scottg.net>

	* nsopenssl.c, nsopenssl.c: cleaned up NsOpenSSLDriver and
	Ns_OpenSSLConn structures some more, and cleaned up the
	initialization of an Ns_OpenSSLConn in SockThread. Some items
	weren't being initialized (they aren't yet being used, but should
	still be initialized). Tag: nsopenssl-2_2_beta_4.

	* nsopenssl.c, nsopenssl.h, tclcmds.c: rearranged the
	NsOpenSSLDriver and Ns_OpenSSLConn structures to make it clearer
	what items needed to be freed by what routines. Also changed port
	to peerport in Ns_OpenSSLConn, and added the 'ns_openssl peerport'
	command, which is the same as the 'ns_openssl port' command.  Tag:
	nsopenssl-2_2_beta_3.

	* all: ran *.c and *.h through indent: indent -i2 -br -brs -ce
	-hnl -psl -sob <filename.c>.

2002-03-04  Scott S. Goodwin  <scott@scottg.net>

	* ssl.c, nsopenssl.c, nsopenssl.h, tclcmds.c: Added 'ns_openssl
	module name' and 'ns_openssl module port' commands. The first
	tells you what the name of the loaded module is for the current
	connection (you may have more than one copy of nsopenssl
	loaded). The second tells you which port your current connection's
	nsopenssl driver is listening on. This would allow you to do
	access control by determining what module name and or module port
	the connection is coming through.

2002-02-18  Scott S. Goodwin  <scott@scottg.net>

	* tclcmds.c: added ns_openssl port command. It returns the
	scPtr->port value, which happens to be the local port the conn is
	using, not the port the server is listening on. I need to do a
	query on the port the server is listening on by grabbing the port
	number from the nsd.tcl based on the module name (as you may have
	multiple instances of nsopenssl up and running).

2002-02-15  Scott S. Goodwin  <scott@scottg.net>

	* ssl.c: I was decrementing towrite by rc bytes. Problem is that
	if rc < 0 which it will be on SSL_write error, towrite will get
	bigger. This was a late night error. The #if'd out debug portion
	worked properly. Adam Zell pointed this out.

	* dumb: The previous two changes were made once before. The
	tclcmd.c fix reverted when I received a fix for some other problem
	in tclcmd.c; I neglected to do a diff between my copy and the
	fixed one that was sent to me. In the case of init.c, I'm
	uncertain how that creeped back in. Thanks to Adam Zell for
	pointing these out. Lessons learned: Always commit your changes
	right after your tests work. Always diff a file sent to you
	against your current working copy from the repository. There may
	be changes you made to your file that aren't in the contributed
	file.

	* init.c: Fixed NsOpenSSLCreateDriver; sdPtr->randomFile wasn't
	set before being possibly used.

	* tclcmds.c: Fixed SSLSockListenCallback so that the interp was
	initialized before it was possibly used.

2002-02-14  Scott S. Goodwin  <scott@scottg.net>

	* nsopenssl 2.1 released.

2002-02-13  Scott S. Goodwin  <scott@scottg.net>

	* ssl.c: The nonblocking socket fix in RunServerSSLHandshake fixed
	the Solaris problem. #if'd out debug code in NsOpenSSLSend
	function. Maybe I can go back and retry the BIO_handshake by
	unblocking the socket before I run it.

2002-02-12  Scott S. Goodwin  <scott@scottg.net>

	* ssl.c: made the socket non-blocking at the beginning of
	RunServerSSLHandshake, and set it back to blocking before the
	function returns.

	* ssl.c: took out #if 0 for the SetNonBlocking function. It's
	not used right now, but it had nested #if 0's, which makes me
	nervous.

	* ssl.c: moved SSL_set_app_data call from before to after
	SSL_set_accept_state call, as it was in 1.1c.

	* ssl.c: added some debug code in NsOpenSSLSend to help debug
	Solaris problem.

2002-02-08  Scott S. Goodwin  <scott@scottg.net>

	* ssl.c: reverted NsOpenSSLSend back to the way nsopenssl 1.1c
	worked to try and resolve a problem on Solaris where images and
	possibly pages of certain sizes fail to download
	correctly. Haven't tested yet.

2002-02-08  Scott S. Goodwin  <scott@scottg.net>

	* ssl.c: added some debugging code to log errors when
	NsOpenSSLSend fails. This is to try and debug a Solaris issue.

2001-12-27  Scott S. Goodwin  <scott@scottg.net>

	* https.tcl: cleaned up the ns_httpspost proc and got rid of the
	debugging statements.

2001-12-12  Scott S. Goodwin  <scott@scottg.net>

	* https.tcl: form.tcl doesn't respect the fact that a boundary
	value declaration may be wrapped in double quotes. It will work
	with this:

          multipart/form-data, boundary=--123456789

        but not this:

          multipart/form-data, boundary="--123456789"

	Changed https.tcl to work with form.tcl (for now).

2001-12-02  Scott S. Goodwin  <scott@scottg.net>

	* config.h: Added the CONFIG_MODULEDIR to create the ModuleDir
	parameter name.

	* init.c: Altered CheckModuleDir so that the config parameter
	ModuleDir can be used to point to somewhere outside of the
	AOLserver directory area. If ModuleDir is specified, the
	CheckModuleDir does *not* try and create the directory for you but
	assumes if you've already got it set up.

	* config.c: Used Ns_MakePath in place of Ns_DStringVarAppend to
	ensure that slashes always appear between path elements when
	ConfigPathDefault constructs a path.

	* init.c: Renamed MakeModuleDir to CheckModuleDir, and instead of
	passing in *server, *module and **dirp, now only *sdPtr is passed
	in.

2001-11-29  Scott S. Goodwin  <scott@scottg.net>
	
	* https.tcl: Added '--' to prepend the boundary markers in
	ns_httpspost. I should have read the MIME RFC, as a boundary
	marker that is declared as

	    --myboundarymarkerhere

	looks like this when actually used:

	    ----myboundarymarkerhere

2001-11-19  Scott S. Goodwin  <scott@scottg.net>

	* https.tcl: Fixed boundary problem when doing multpart form data
	with ns_httpspost. This code:

	    set qsset [ns_set new qsset]
	    ns_set put $qsset user goodwin
	    ns_set put $qsset pass blahblah
	    set page [ns_httpspost \
	       "https://192.168.0.1:8001/test.cgi" "" \
	       $qsset "multipart/form-data"]

	Posts this content:
	
	-----------------------------16931435195472910531915358310
	Content-Disposition: form-data; name="user"

	goodwin
	-----------------------------16931435195472910531915358310
	Content-Disposition: form-data; name="pass"

	blahblah
	-----------------------------16931435195472910531915358310--

2001-10-13  Scott S. Goodwin  <scott@scottg.net>

	* https.tcl: Added ability for ns_httpspost to do
	multiport/form-data. (Not Yet Tested!!!).

	* ssl.c: The NsOpenSSLSend function simply did an
	SSL_write. Robert Spassky Cabacungan found that this wasn't
	working for long file transfers. Specifically, in his own words:

	The problem is the NsOpenSSLSend() function in ssl.c, in
	nsopenssl-2.0. BIO_write is returning a "resource not available,
	try again" error, but NsOpenSSLSend is not checking for that, and
	so behaves as though it were a non-recoverable error, aborting the
	write instead of trying again.

        A simple loop over the SSL_write() fixes this.  Ironically, there
	is commented out code at the bottom of the function which would
	handle retries.  However, the comment reads "this BIO_write loop
	doesn't work, but seems like it should".  So it looks like Scott
	did consider this possibility, but it kind of slipped through the
	cracks in the final release.  Indeed, NsOpenSSLRecv() does loop
	and handle retries.

	Rob change the SSL_write to be inside of a loop that checks
	BIO_should_retry on the write BIO.

2001-09-28  Scott S. Goodwin  <scott@scottg.net>

	* Makefile: Added better make instructions when OPENSSL var isn't
	set.

	* Makefile: Cleaned up the Makefile considerably so it's easier to
	read and understand.

2001-09-27  Scott S. Goodwin  <scott@scottg.net>

	* tclcmds.c: Bug fixes contributed by Rich Fredericks, AOL Local
	Technology group. In his own words: "As I said on the phone, All I
	really did was make sure NsTclOpenSSLCmd returns out (TCL_ERROR)
	if the argc req isn't met (line 205) and add a check for NULL on
	scPtr (lines 220-223). I also moved the "scPtr =
	NsOpenSSLGetConn(interp)" statement to below the code for the
	"info" option to the tcl ns_openssl command (previously it was
	executed first), since that specific variant of the command does
	not require an SSL conn context." Thanks, Rich!

2001-08-29  Scott S. Goodwin  <scott@scottg.net>

	* https.tcl: made fixes to ns_httpspost per Rick Lansky at
	bom.com. He also suggested I allow the Content-type to be passed
	in as a parameter, so I've added that too.

2001-08-27  Soctt S. Goodwin  <scott@scottg.net>

	* https.tcl: added ns_httpspost, that is called with url, rqset,
	qsset and timeout. The qsset is an ns_set with key/values that
	will be turned into user=scottg&pass=1234, for example, and passed
	as content in the POST.

2001-08-21  Scott S. Goodwin  <scott@scottg.net>

	* https.tcl: removed some debugging statements; commented out the
	debug notice that the url was local.

	* https.tcl: fixed a bug that was fixed once before but apparently
	I got my files mixed up. rqset wasn't being passed from
	ns_httpsget to ns_httpsopen.

2001-08-20  Scott S. Goodwin  <scott@scottg.net>

	* https.tcl: changed ns_httpsopen such that when it's passed a url
	that does not begin with "https://", it will first try to prepend
	the ServerLocation param, then the ServerHostname param, then the
	ServerAddress param. If all of them fail, it will log an error,
	but continue processing. Should probably make it a fatal error for
	nsopenssl to load if one or more of these parameters are not set.

	* ssl.c: bug fix: trying to use module and type from ccPtr after
	ccPtr had been destroyed.

2001-08-17  Scott S. Goodwin  <scott@scottg.net>

	* ssl.c: tested the sock client and sockserver's ability to
	validate their peer's certificate. Tested nsdserver's ability to
	validate client's certificate.

	* nsopenssl.h: defined version for OpenSSL 0.9.6b.

        * https.tcl: made rqset the second to last arg passed to
        ns_httpsget.

2001-08-16  Scott S. Goodwin  <scott@scottg.net>

        * init.c: turned on the peerVerify code for SSL sock server and
        sock clients (as opposed to NSD-driven conns). Need to test.

        * tclcmds.c: was using an interp before it was allocated. Pretty
        amazing. Adam Zell pointed this out.

        * init.c: boneheadedly #if 0'd out the client cert verification
        code for NSD-driven conns. Works now. Sean Yamamoto noticed the
        problem.

        * init.c: should have been initializin sdPtr->randomFile *before*
        calling SeedPRNG. Also should have been freeing randomFile when
        freein the driver. Thanks to Adam Zell for pointing these out.

2001-08-15  Scott S. Goodwin  <scott@scottg.net>

        * https.tcl: add the rqset parameter to ns_httpsget so that
        cookies can be used.

2001-08-09  Scott S. Goodwin  <scott@scottg.net>

	* nsopenssl 2.0 released.

	* tests: tested with OpenSSL 0.9.6a Solaris.

	* tests: tested with OpenSSL 0.9.6, 0.9.6a and 0.9.6b on Linux.

	* ssl.c: Had to return to the non-BIO method of running the SSL
	server handshake. Solaris *hates* the BIO method. Where normally
	it'll try to read the client cert twice (even if you've told it
	not to ask for a client cert!), with the BIO method, it attempts
	to read the client cert up to 60 times!

2001-08-08  Scott S. Goodwin  <scott@scottg.net>

	* init.c: the OpenSSL PRNG is now seeded at start time when
        NsOpenSSLCreateDriver is run. This will have no effect on Linux,
        but it will hopefully ease the pain of Solaris and other users.

	* docs: go see http://scottg.net for the new documentation on
	nsopenssl.

	* All: added ns_openssl_sock* commands and C API. The C API isn't
	ready for prime time, and there's more work to do on how the Tcl
	commands are going to use cert validation, but it can make
	outgoing SSL conns and set up SSL ports to listen on, from Tcl or
	C.

        * TODO: removed this file from distribution. Will host
        it on http://scottg.net.

2001-08-08  Scott S. Goodwin  <scott@scottg.net>

	* nsopenssl 1.1c released.

	* all: Bug fix. If a file upload is interrupted, the connection
	doesn't go away, and the thread continues consuming CPU and
	memory. This fix checks to see if the client has gone away and
	forces an error, at which point the connection is cleaned up
	properly.

2001-06-20  Scott S. Goodwin  <scott@scottg.net>

	* init.c: changed SetProtocols to allow putting all protocols on
	one line instead of one per line.

2001-06-15  Scott S. Goodwin  <scott@scottg.net>

	* nsopenssl 1.1b released.

	* all: Updated to allow the server to pass its certificate chain
	to the client. To use this feature, simply append your certificate
	chain to the end of your server certificate PEM file and start
	your server.
	
	
2001-06-08  Scott S. Goodwin  <scott@scottg.net>

	* nsopenssl 1.1a released.

	* all: Bug fix to allow session caching and client certificate
	verification to work at the same time. Session caching is on by
	default in version 1.1, but client verify is not.

2001-05-05  Scott S. Goodwin  <scott@scottg.net>

	* nsopenssl 1.1 released.
 
2001-05-04  Scott S. Goodwin  <scott@scottg.net>

	* ssl.c: Now checking for errors returned by BIO_flush in
	NsOpenSSLFlush; we don't return an error though from the function
	though, we just report it in the log.

	* init.c, config.h: made seedbytes a config parameter, which
	allows you to set the number of bytes that will be used to seed
	the PRNG.

2001-05-03  Scott S. Goodwin  <scott@scottg.net>

	* test.adp: renamed test.adp to nsopenssl-tests.adp.

	* init.c: cleanup code; moved PRNG functions to bottom;
	cleaned up NsOpenSSLInitSessionCache.

2001-05-01  Scott S. Goodwin  <scott@scottg.net>

	* init.c: Solaris problem: SeedPRNG failed because I wasn't
	adding enough randomness; I bumped up the number of bytes
	from 16 to 1024 and it's working now. Yay!

2001-04-30  Scott S. Goodwin  <scott@scottg.net>

	* nsd.tcl: added ns_param RandomFile.
	
	* 40-bit export browsers now work!!! The recent changes you see
	were to fix problems with 40-bit export browsers, which could not
	connect when your server certificate had 1024 public key (which
	most if not all server certs do).

	* TODO: added link to nsopenssl release info on my site.

	* tclcmds.c, test.adp: Added new Tcl commands to report protocol
	and cipher name, strength:

	   ns_openssl protocol
	   ns_openssl cipher name
	   ns_openssl cipher strength

	* init.c: initialized sdPtr->randomFile from the RandomFile
	nsd.tcl parameter in NsOpenSSLCreateDriver(). Added
	AddEntropyFromRandomFile(), PRNGIsSeeded(), SeedPRNG() and
	IssueTmpRSAKey().

	* config.h: added CONFIG_RANDOM parameter; uses "RandomFile" in
	nsd.tcl to allow you to specify a file to use as a source of
	random bits for seeding the PRNG.

	* config.c: modified ConfigPathDefault to allow NULL as a default.

	* nsopenssl.h: removed Ns_Cache pointer from nsopenssl driver
	structure. Added pointer to file specified with the RandomFile
	parameter.

2001-04-17  scottg  <scott@scottg.net>

	* TODO: Updated.

        * config.h: Session caching is now on by default.
	
	* Makefile: Updated to reflect absence of cache.c.
	
	* cache.c, cache.h: Removed these files. See item below.
	
	* init.c, cache.c: Moved NsOpenSSLInitSessionCache from cache.c to
	init.c and removed the callback setups. We don't need to use our
	own caching mechanism; OpenSSL already has one
	built-in. Apparently when the nsopenssl module was created, it was
	based on mod_ssl which needs an external, disk-based session
	caching mechanism because Apache isn't multithreaded.

2001-03-12  root  <scott@scottg.net>

	* tclcmds.c: Replaced Ns_GetConn with Ns_TclGetConn. Latest
	AOLserver 4.x no longer offers Ns_GetConn.

2000-12-12  root  <scott@scottg.net>

	* nsopenssl.c: made it a fatal error to bind to a socket already
	in use. What sometimes happens is someone will forget to take out
	nsssl at startup and it'll bind to the https socket
	first. nsopenssl would just log the error but most people would
	assume it was working since they could connect via SSL.

	* sock.c: somehow this file was left lying around. All of these
	functions are in nsopenssl.c, so I removed sock.c.

2000-11-18  root  <scott@scottg.net>

	* nsopenssl.h: changed library version to 0.9.6. Gotta find a way
	to automatically set this based on what version of OpenSSL you
	compile against. Right now, OpenSSL 0.9.6 is required. Shouldn't
	be difficult to make this module work with 0.9.5a if you really
	want.

2000-11-18  root  <scott@scottg.net>

	* production-ready: Although there is still more to do (see below
	and the TODO file), I have done extensive load-testing on RedHat
	6.2 and Debian 2.2 and consider this code to be
	production-ready. Note that I haven't had time to run load tests
	on a Solaris box yet.

	* init.c: fixed LoadCACerts; the CA directory was forced to NULL
	when calling SSL_CTX_load_verify_locations.

	* all: Rob Mayoff has taken the module and really done an
	excellent job of refactoring and cleaning it up. Most notable changes:

	Extensive reformatting to bring code (mostly) in line with
	AOLserver standards.

        Consolidated structures.  Now there is a single struct
	representing the driver and a single struct for each connection,
	instead of two in each case.

	Driver initialization factored mostly into init.c.

	Implemented timeout during SSL handshake.

	Revised Makefile.  Now detects OPENSSL not set in a way that
	doesn't involve bracketing the whole Makefile in an ifdef.

	I modified the cache code extensively; however, it probably
	doesn't manage reference counts quite right.  See next item
	anyway.

	The cache is disabled by default. This code was (I assume) blindly
	modelled on mod_ssl's cache. The reason mod_ssl needs it is
	because the Apache children don't share one SSL_CTX. Since nsd
	threads do share one SSL_CTX, and the SSL_CTX has its own session
	cache anyway, there's no point in building our own in this way.

	Config utilities in config.c.  All config #defines in config.h.

	Added thread (mutex) callbacks in thread.c.

	If the client sends an invalid certificate, the connection is
	still accepted.  I added a new command, [ns_openssl clientcert
	valid], that returns 1 if the client sent a certificate AND we
	were able to verify it.

2000-11-05  root  <scott@scottg.net>

	* tclcmds.c: added 'ns_openssl clientcert exists' command.

	* readme.txt: updated with Tcl interface and with parameters for
	nsd.tcl.

	* nsopenssl.c: left it in SSL_VERIFY_PEER mode by mistake. It now
	uses the config file parameter ClientVerify properly. Also did
	some cleanup.

	* sock.c: the 'ssl' command has been changed to 'ns_openssl'.

2000-11-04  root  <scott@scottg.net>

	* tclcmds: Changed the tcl command names. All nsopenssl Tcl
	commands now start with 'ssl'; all new commands should also start
	with 'ssl':

          ssl info
          ssl clientcert version
	  ssl clientcert serial
	  ssl clientcert subject
	  ssl clientcert issuer
	  ssl clientcert notbefore
	  ssl clientcert notafter
	  ssl clientcert signature_algorithm
	  ssl clientcert key_algorithm
	  ssl clientcert pem
		
	* nsopenssl.c, sock.c: Moved default ca chain processing from
	nsopenssl.c to sock.c.

	* nsopenssl.c: took out FIONBIO ifdef'd code.

2000-10-30  [ ROOT I ]  <scott@scottg.net>

	* nsd.tcl, nsopenssl.h, nsopenssl.c, sock.c: added CACertPath and
	CACertFile parameters to config file processing; these now get
	passed from nsd.tcl to Ns_SSLCreateServer.

	* nsopenssl.h, nsopenssl.c, sock.c: Created SSLConf data
	structure to hold config parameters that are passed from
	Ns_ModuleInit to Ns_SSLCreateServer. Changed all 'keyfile'
	variable name types to 'config->keyfile'. This seems like
	double-duty since the SSLServer data structure contains some of
	the same information. To get rid of SSLConf we'd have to move the
	code that's currently in Ns_SSLCreateServer into Ns_ModuleInit
	which wouldn't be wise. First, you want to factor out any code you
	can to keep each function as simple as possible. Second, we might
	want to create multiple servers using Ns_SSLCreateServer
	(say for virtual hosting); having it a separate function that you
	pass these parameters to is useful, I think.

2000-10-27  Scott S. Goodwin  <scott@scottg.net>

	* tclcmds.c: added CertInfoCmd which is called in Tcl as:

	  client_cert_info version
	  client_cert_info serial
	  client_cert_info subject
	  client_cert_info issuer
	  client_cert_info notbefore
	  client_cert_info notafter
	  client_cert_info sig_algorithm
	  client_cert_info key_algorithm
	  client_cert_info pem_certificate

	I also added three functions to support the above Tcl commands:
	ValidTime, which is used to return the notbefore and notafter
	strings in the format "Aug 28 20:00:38 2000 GMT"; SerialNumber
	which returns the serial number as a string (serial number is in
	hex); and PEMCertificate, which returns the PEM format of the
	client certificate.

2000-10-25  Scott S. Goodwin  <scott@scottg.net>

	* tclcmds.c: added InfoCmd which returns a true Tcl list with the
	SSL library name (OpenSSL), version (0.9.5a), crypto library name
	(OpenSSL, but could be BSAFE/Crypto-C), and crypto library version
	(0.9.5a). It's called as 'openssl_info' from Tcl (though this may
	change to ssl_info later -- I didn't want to clash with nssock's
	ssl_info Tcl command).

2000-10-24  Scott S. Goodwin  <scott@scottg.net>

	* all: ifdef'd all client verification specific code so they won't
	be included in a normal compile. Eventually all of this code
	should be conditionally run if the config file says to do client
	verification. To use it, set VERIFY_CLIENT=1 as a make argument.

2000-10-23  Scott S. Goodwin  <scott@scottg.net>

	* nsopenssl.c: Went back to "standard" SSL handshaking
	loop. Freddie's explicit select loop *works* better in that it
	allows more connections before it gets balled up (probably due to
	a threading problem) but that problem still exists. I'm still
	learning C, and I'm using the Apache/mod_ssl combo as my
	reference, as well as RSA's SSL-C toolkit, so for now I want to
	use the "standard" method until I can get the other stuff fixed
	and I understand what's going on. I'll then check to see if
	Freddie's changes improve performance without sacrificing
	maintainability across platforms and put it back in.
	
2000-10-17  Scott S. Goodwin  <scott@scottg.net>

	* nsopenssl.c: BIO_free'd conPtr->ssl_bio in
	NsSSLCreateConn. Should I be using SSL_free() here instead???
	Nope, that makes it crash. Ok.

2000-10-13  Scott S. Goodwin  <scott@scottg.net>

	* sock.c: Added protocol parameter parsing in NsModuleInit. You
	specify protocols thusly: "SSLv2, SSLv3, TLSv1, ALL". Case doesn't
	matter, order doesn't matter. Commas are necessary. When the
	protocol parser sees 'ALL', none of the others are parsed (unlike
	Apache -- see the comments in the code).

	* sock.c: Ns_ModuleInit was changing the config file ciphersuite
	parameter in memory -- that's probably a no-no. Now it mallocs if
	the ciphersuite paramater doesn't exist, and strdup's if it does.
	
2000-10-02  Scott S. Goodwin  <scott@scottg.net>

	* .c, .h: replaced all ConfigGet calls with ConfigGetValue;
	ConfigGet is obsolete.

	* debug: Why were we using our own debug variable? I took out all
	of the 'if (debug)' statements so Debug to the log file works like
	the rest of aolserver's debug statements.

2000-09-30  Scott S. Goodwin  <scott@scottg.net>

	* Split Files: I've split the code into four files: nsopenssl.h,
	nsopenssl.c, sock.c and cache.c. Fewer pages to print when all I
	really want to see right now is the SSL portion of the code :)

2000-21-12  Scott S. Goodwin  <scott@scottg.net>

	* logging: Added more debug log statements

2000-09-12  Scott S. Goodwin  <scott@scottg.net>

	* nsopenssl.c: Integrated changes made by Freddie Mendoza
	(avm@satori.com). These included: changed NsSSLRecv and
	NsSSLCreateConn to use OpenSSL BIO routines, added more debugging
	in the SSL negotiations, changes made to make caching work better,
	removed some redundant functions that are now part of the
	AOLserver core. He tested his changes with OpenSSL 0.9.5a and
	0.9.4. I'm using it with 0.9.5a without any problems.

	* Makefile: Added ability to pass BSAFE directory as a parameter
	to make. This allows you to compile OpenSSL with BSAFE. See the
	readme.txt file.

	* readme.txt: Added notes on how to compile with BSAFE.
		
2000-08-20  Kriston J. Rehberg  <Kriston@AOL.NET>

	* readme.txt: Updated build and installation instructions.  Added
	notes about -fPIC and no-asm options when building the OpenSSL
	library.
	
	* Added to $TOP/nsopenssl with new Makefile.