Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

MR: #2452

Session resumption involves a version check, so version negotiation must
happen first. Currently, the DTLS implementation cannot do session
resumption in DTLS 1.0 because the ssl_version check always checks
against 1.2.

Switching the order also removes the need to fixup ssl_version in DTLS
version negotiation.

Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

RT: #4392, MR: #2452

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

MR: #2452

We now send the highest supported version by the client, even if the session
uses an older version.

This fixes 2 problems:
- When you try to reuse a session but the other side doesn't reuse it and
  uses a different protocol version the connection will fail.
- When you're trying to reuse a session with an old version you might be
  stuck trying to reuse the old version while both sides support a newer
  version

Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

GH: #852, MR: #2452

According to documentation, perl's Math::BigInt does floored division,
i.e. the bdiv function does 1 / -4 = -1.  OpenSSL's BN_div, as well as
bc, do truncated division, i.e. 1 / -4 = 0.

We need to compensate for that difference in test/recipes/bc.pl to
make sure to verify the bntest results under its own conditions, by
dividing the absolute values of the given numbers and fixup the
result's negativity afterwards.

Closes RT#4485

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

Reviewed-by: Richard Levitte <levitte@openssl.org>

These logical names are used to make the C RTL change certain
behaviors, sometimes to make it act more like Unix.  While they can
make life easier in some cases, they can be disruptive as well.  When
building and testing OpenSSL, the latter is the case, so we ask people
to avoid using them.

Reviewed-by: Tim Hudson <tjh@openssl.org>

This allows developer to glue DLL built with VC into their application
compiled with Borland C.

Reviewed-by: Andy Polyakov <appro@openssl.org>

And thanks to Miod Vallat for the nudge about ERR_PACK :)

Reviewed-by: Richard Levitte <levitte@openssl.org>

Reviewed-by: Rich Salz <rsalz@openssl.org>

Reviewed-by: Rich Salz <rsalz@openssl.org>

Reviewed-by: Rich Salz <rsalz@openssl.org>

On Windows and Unix, the staging directory $(DESTDIR) can simply be
prepended to the installation directory.  An attempt was made to do
something similar on VMS, but that ended up being a half measure
solution.  Instead of that, simply use the staging directory as a
prefix under which [.OPENSSL-INSTALL] and [.OPENSSL-COMMON] will hold
the two directory trees that should end up in the directories
indicated by --prefix and --openssldir, and finish the installation
with appropriate instructions on what to do next.

Reviewed-by: Rich Salz <rsalz@openssl.org>

Reviewed-by: Rich Salz <rsalz@openssl.org>

- on VMS, SYS$COMMON:[SSL] is already used as installation directory
  by HP SSL, so we make our default for --openssldir
  SYS$COMMON:[OPENSSL-COMMON] instead.
- Updated notes on default installation dirs fir Unix and Windows

Reviewed-by: Rich Salz <rsalz@openssl.org>

In this OpenSSL version, we deliver engines with lower case symbol
names.  The DSO symbol finder must be updated to allow for mixed case
symbols or it won't fine them.

Reviewed-by: Rich Salz <rsalz@openssl.org>

Sometimes, you might end up with a rather long compile line due to
excessively long /INCLUDE directories.  Compensate for it by making
a temporary logical name with them and using said logical name as
/INCLUDE argument.

A note was added to NOTES.VMS regarding these limitations.

Reviewed-by: Rich Salz <rsalz@openssl.org>

Reviewed-by: Richard Levitte <levitte@openssl.org>

Removed the following:
    DSO_bind_var, DSO_bind_var, DSO_get_default_method,
    DSO_get_loaded_filename, DSO_get_loaded_filename, DSO_get_method,
    DSO_new_method, DSO_pathbyaddr, DSO_set_default_method, DSO_set_method,
    DSO_set_name_converter, DSO_set_name_converter

Reviewed-by: Richard Levitte <levitte@openssl.org>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>

- VMS configs had no dso_scheme
- Incorrect return of NULL method.

Reviewed-by: Tim Hudson <tjh@openssl.org>

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>

algo_strength contains 2 parts that need to be checked by their own.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

MR: #2082

Reviewed-by: Rich Salz <rsalz@openssl.org>

Instead of have every DSO_METHOD_xxx in all platforms, ensure that only
one DSO_METHOD_openssl is available on all platforms.

Reviewed-by: Tim Hudson <tjh@openssl.org>

This was really easy.

Reviewed-by: Tim Hudson <tjh@openssl.org>

Reviewed-by: Matt Caswell <matt@openssl.org>

Reviewed-by: Matt Caswell <matt@openssl.org>

Reviewed-by: Matt Caswell <matt@openssl.org>

Reviewed-by: Matt Caswell <matt@openssl.org>

Reviewed-by: Matt Caswell <matt@openssl.org>

Reviewed-by: Matt Caswell <matt@openssl.org>

BIO_new, etc., don't need a non-const BIO_METHOD. This allows all the
built-in method tables to live in .rodata.

Reviewed-by: Richard Levitte <levitte@openssl.org>

On VMS, we downcase option names, which means that config names are
downcased as well, so they need to be downcased in the target table to
be found.

Reviewed-by: Rich Salz <rsalz@openssl.org>

Reviewed-by: Rich Salz <rsalz@openssl.org>

Allows CONF files for certificate requests to specify that a pre-
certificate should be created (see RFC6962).

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>

ASYNC_WAIT_CTX_free

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>

Reviewed-by: Richard Levitte <levitte@openssl.org>

Misc fixes for no-sock

Reviewed-by: Richard Levitte <levitte@openssl.org>