OpenSSL is a collaborative effort to develop a robust, commercial-grade, fully featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. The OpenSSL project is managed and maintained by a worldwide community of volunteers that use the Internet to plan, communicate, and develop the OpenSSL toolkit and its related documentation.OpenSSL is based on the excellent SSLeay library developed from Eric A. Young and Tim J. Hudson.NOTE: The OpenSSL toolkit is licensed under an Apache-style licence, which basically means that you are free to get and use it for commercial and non-commercial purposes subject to some simple license conditions.What's New in This Release: [ read full changelog ]· Fix a state transitition in s3_srvr.c and d1_srvr.c (was using SSL3_ST_CW_CLNT_HELLO_B, should be ..._ST_SW_SRVR_...).· The fix in 0.9.8c that supposedly got rid of unsafe double-checked locking was incomplete for RSA blinding, addressing just one layer of what turns out to have been doubly unsafe triple-checked locking. So now fix this for real by retiring the MONT_HELPER macro in crypto/rsa/rsa_eay.c.· Avoid size_t integer overflow in HASH_UPDATE (md32_common.h).· Avoid a buffer overflow in d2i_SSL_SESSION() (ssl_asn1.c). (NB: This would require knowledge of the secret session ticket key to exploit, in which case you'd be SOL either way.)· Change bn_nist.c so that it will properly handle input BIGNUMs outside the expected range.· Enforce the 'num' check in BN_div() (bn_div.c) for non-BN_DEBUG builds.· Add support for Local Machine Keyset attribute in PKCS#12 files.· Fix BN_GF2m_mod_arr() top-bit cleanup code.· Expand ENGINE to support engine supplied SSL client certificate functions.· Add CryptoAPI ENGINE to support use of RSA and DSA keys held in Windows keystores. Support for SSL/TLS client authentication too. Not compiled unless enable-capieng specified to Configure.· Allow engines to be "soft loaded"i.e. optionally don't die if the load fails. Useful for distros.