Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 3bd54819)

PR#3452
(cherry picked from commit ca2015a6)

Use same logic when determining when to expect a client
certificate for both TLS and DTLS.

PR#3452
(cherry picked from commit c8d710dc)

PR#3449
(cherry picked from commit 2054eb77)

The options which emulate a web server don't make sense when doing DTLS.
Exit with an error if an attempt is made to use them.

PR#3453
(cherry picked from commit 58a2aaeade8bdecd0f9f0df41927f7cff3012547)

PR#3445
(cherry picked from commit 1c3e9a7c)

(cherry picked from commit 7aabd9c92fe6f0ea2a82869e5171dcc4518cee85)

This is actually ok for this function, but initialised to zero anyway if
PURIFY defined.

This does have the impact of masking any *real* unitialised data reads in bn though.

Patch based on approach suggested by Rich Salz.

PR#3415

(cherry picked from commit 77747e2d9a5573b1dbc15e247ce18c03374c760c)

PR#3440
(cherry picked from commit 924e5eda)

Conflicts:

	ssl/ssl_ciph.c

  Detected by dcruette@qualitesys.com

(cherry picked from commit 8b5dd340)

Based on an original patch by Neitrino Photonov <neitrinoph@gmail.com>

PR#3439

(cherry picked from commit 66816c53)

PR#2985
(cherry picked from commit 9d23f422)

(cherry picked from commit a07f514f)

Conflicts:

	doc/apps/s_client.pod
	doc/apps/s_server.pod
(cherry picked from commit b197c770)

(cherry picked from commit a23a6e85)

PR#2277
(cherry picked from commit 733a6c882e92f8221bd03a51643bb47f5f81bb81)

(cherry picked from commit 07255f0a76d9d349d915e14f969b9ff2ee0d1953)

PR#3418.
(cherry picked from commit fdea4fff)

PR#319 (reoponed version).
(cherry picked from commit 7f6e9578)

Conflicts:

	ssl/s3_srvr.c

(cherry picked from commit 55707a36)

(cherry picked from commit 2cfbec1c)
(cherry picked from commit a9661e45)

(cherry picked from commit f1112985)

ERR_get_error(3) references the non-existent
ERR_get_last_error_line_data instead of the one that does exist,
ERR_peek_last_error_line_data.

PR#3283
(cherry picked from commit 5cc99c6c)

(cherry picked from commit 7cb472bd)

Gets rid of this;

defined(@array) is deprecated at ../util/mkerr.pl line 792.
        (Maybe you should just omit the defined()?)
defined(@array) is deprecated at ../util/mkerr.pl line 800.
        (Maybe you should just omit the defined()?)

Signed-off-by: Geoff Thorpe <geoff@openssl.org>
(cherry picked from commit 647f360e)

Primitive encodings shouldn't use indefinite length constructed
form.

PR#2438 (partial).
(cherry picked from commit 398e99fe)

IN parameter.

Under the old docs, the only thing stated was "at most
EVP_PKEY_size(pkey) bytes will be written". It was kind of misleading
since it appears EVP_PKEY_size(pkey) WILL be written regardless of the
signature's buffer size.

(cherry picked from commit 6e6ba36d)

PR#2531.

PR#3173
(cherry picked from commit 76ed5a42)

If CSR verify fails in ca utility print out error messages.
Otherwise some errors give misleading output: for example
if the key size exceeds the library limit.

PR#2875
(cherry picked from commit a30bdb55)

(cherry picked from commit 7ae6a4b6)

PR#3107
(cherry picked from commit 7c206db9)

Some state strings were erronously not compiled when no-ssl2
was set.

PR#3295
(cherry picked from commit 0518a3e1)

(cherry picked from commit d1d4382d)

PR#3174
(cherry picked from commit fd331c0bb9b557903dd2ce88398570a3327b5ef0)

In EVP_PBE_alg_add don't use the underlying NID for the cipher
as it may have a non-standard key size.

PR#3206
(cherry picked from commit efb7caef637a1de8468ca109efd355a9d0e73a45)

PR#3014
(cherry picked from commit 11da66f8)