Add some more cleanups

SSL_F_SSL_CERT_SET0_CHAIN:340:ssl_cert_set0_chain

SSL_F_SSL_CHECK_PRIVATE_KEY:163:SSL_check_private_key

SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT:280:*

SSL_F_SSL_CHECK_SRP_EXT_CLIENTHELLO:606:ssl_check_srp_ext_ClientHello

SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG:279:ssl_check_srvr_ecc_cert_and_alg

SSL_F_SSL_CHOOSE_CLIENT_VERSION:607:ssl_choose_client_version

SSL_F_SSL_CIPHER_LIST_TO_BYTES:425:ssl_cipher_list_to_bytes

SSL_F_SSL_CIPHER_PROCESS_RULESTR:230:ssl_cipher_process_rulestr

SSL_F_SSL_CIPHER_STRENGTH_SORT:231:ssl_cipher_strength_sort

# define SSL_F_SSL_CERT_SET0_CHAIN                        340

# define SSL_F_SSL_CHECK_PRIVATE_KEY                      163

# define SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT               280

# define SSL_F_SSL_CHECK_SRP_EXT_CLIENTHELLO              606

# define SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG            279

# define SSL_F_SSL_CHOOSE_CLIENT_VERSION                  607

# define SSL_F_SSL_CIPHER_LIST_TO_BYTES                   425

# define SSL_F_SSL_CIPHER_PROCESS_RULESTR                 230

# define SSL_F_SSL_CIPHER_STRENGTH_SORT                   231

    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CHECK_PRIVATE_KEY, 0),

     "SSL_check_private_key"},

    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT, 0), ""},

    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CHECK_SRP_EXT_CLIENTHELLO, 0),

     "ssl_check_srp_ext_ClientHello"},

    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, 0),

     "ssl_check_srvr_ecc_cert_and_alg"},

    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CHOOSE_CLIENT_VERSION, 0),

     "ssl_choose_client_version"},

    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CIPHER_LIST_TO_BYTES, 0),

     "ssl_cipher_list_to_bytes"},

    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CIPHER_PROCESS_RULESTR, 0),

__owur int ssl_set_version_bound(int method_version, int version, int *bound);

__owur int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello,

                                     DOWNGRADE *dgrd);

__owur int ssl_choose_client_version(SSL *s, int version, int checkdgrd,

                                     int *al);

__owur int ssl_choose_client_version(SSL *s, int version, int checkdgrd);

int ssl_get_min_max_version(const SSL *s, int *min_version, int *max_version);

__owur long tls1_default_timeout(void);

/*

 * Gather a list of all the extensions from the data in |packet]. |context|

 * tells us which message this extension is for. The raw extension data is

 * stored in |*res| on success. In the event of an error the alert type to use

 * is stored in |*al|. We don't actually process the content of the extensions

 * yet, except to check their types. This function also runs the initialiser

 * functions for all known extensions if |init| is nonzero (whether we have

 * collected them or not). If successful the caller is responsible for freeing

 * the contents of |*res|.

 * stored in |*res| on success. We don't actually process the content of the

 * extensions yet, except to check their types. This function also runs the

 * initialiser functions for all known extensions if |init| is nonzero (whether

 * we have collected them or not). If successful the caller is responsible for

 * freeing the contents of |*res|.

 *

 * Per http://tools.ietf.org/html/rfc5246#section-7.4.1.4, there may not be

 * more than one extension of the same type in a ClientHello or ServerHello.

 * given |context| and the parser has not already been run. If this is for a

 * Certificate message, then we also provide the parser with the relevant

 * Certificate |x| and its position in the |chainidx| with 0 being the first

 * Certificate. Returns 1 on success or 0 on failure. In the event of a failure

 * |*al| is populated with a suitable alert code. If an extension is not present

 * this counted as success.

 * Certificate. Returns 1 on success or 0 on failure. If an extension is not

 * present this counted as success.

 */

int tls_parse_extension(SSL *s, TLSEXT_INDEX idx, int context,

                        RAW_EXTENSION *exts, X509 *x, size_t chainidx)

 * finalisation for all extensions at the end if |fin| is nonzero, whether we

 * collected them or not. Returns 1 for success or 0 for failure. If we are

 * working on a Certificate message then we also pass the Certificate |x| and

 * its position in the |chainidx|, with 0 being the first certificate. On

 * failure, |*al| is populated with a suitable alert code.

 * its position in the |chainidx|, with 0 being the first certificate.

 */

int tls_parse_all_extensions(SSL *s, int context, RAW_EXTENSION *exts, X509 *x,

                             size_t chainidx, int fin)

 * Built in extension finalisation and initialisation functions. All initialise

 * or finalise the associated extension type for the given |context|. For

 * finalisers |sent| is set to 1 if we saw the extension during parsing, and 0

 * otherwise. These functions return 1 on success or 0 on failure. In the event

 * of a failure then |*al| is populated with a suitable error code.

 * otherwise. These functions return 1 on success or 0 on failure.

 */

static int final_renegotiate(SSL *s, unsigned int context, int sent)