diff --git a/CHANGES b/CHANGES
index f3f345ac1..73bc3479c 100644
--- a/CHANGES
+++ b/CHANGES
@@ -11,6 +11,13 @@
          *) applies to 0.9.6a (/0.9.6b) and 0.9.7
          +) applies to 0.9.7 only
 
+  *) Fix for compatibility mode trust settings: ignore trust settings
+     unless some valid trust or reject settings are present.
+     [Steve Henson]
+
+  *) Fix for blowfish EVP: its a variable length cipher.
+     [Steve Henson]
+
   +) Increase ENTROPY_NEEDED to 32 bytes, as Rijndael can operate with
      256 bit (=32 byte) keys. Of course seeding with more entropy bytes
      than this minimum value is recommended.
@@ -97,7 +104,7 @@
      ENGINE structure.
      [Geoff]
 
-  +) Fix various bugs related to DSA S/MIME verification. Handle missing
+  *) Fix various bugs related to DSA S/MIME verification. Handle missing
      parameters in DSA public key structures and return an error in the
      DSA routines if parameters are absent.
      [Steve Henson]
diff --git a/crypto/evp/e_bf.c b/crypto/evp/e_bf.c
index 00b069f02..e9a19d57d 100644
--- a/crypto/evp/e_bf.c
+++ b/crypto/evp/e_bf.c
@@ -67,7 +67,7 @@ static int bf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 		       const unsigned char *iv, int enc);
 
 IMPLEMENT_BLOCK_CIPHER(bf, bf_ks, BF, bf_ks, NID_bf, 8, 16, 8,
-			0, bf_init_key, NULL, 
+			EVP_CIPH_VARIABLE_LENGTH, bf_init_key, NULL, 
 			EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL)
 	
 static int bf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
diff --git a/crypto/x509/x509_trs.c b/crypto/x509/x509_trs.c
index c164badbe..f0b93489d 100644
--- a/crypto/x509/x509_trs.c
+++ b/crypto/x509/x509_trs.c
@@ -241,7 +241,8 @@ int X509_TRUST_get_trust(X509_TRUST *xp)
 
 static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags)
 {
-	if(x->aux) return obj_trust(trust->arg1, x, flags);
+	if(x->aux && (x->aux->trust || x->aux->reject))
+		return obj_trust(trust->arg1, x, flags);
 	/* we don't have any trust settings: for compatibility
 	 * we return trusted if it is self signed
 	 */