(cherry picked from commit 96cfba0f)

(cherry picked from commit 7c8ac505)

(cherry picked from commit b5cadfb5)

(cherry picked from commit 68575593)

just like a "real" server making it easier to trace any problems.

(manually applied from commit 35b0ea4e)

(cherry picked from commit 14536c8c)

by client and send back to server. Also prints an abbreviated summary of
the connection parameters.
(cherry picked from commit 4f3df8be)

New option -verify_quiet to shut up the verify callback unless there is
an error.

(manually applied from commit 2a7cbe77)

Preliminary documentation for chain and verify stores and certificate chain
setting functions.
(cherry picked from commit eeb15452)

(cherry picked from commit 42082eda)

This fix ensures that
* A HelloRequest is retransmitted if not responded by a ClientHello
* The HelloRequest "consumes" the sequence number 0. The subsequent
ServerHello uses the sequence number 1.
* The client also expects the sequence number of the ServerHello to
be 1 if a HelloRequest was received earlier.
This patch fixes the RFC violation.
(cherry picked from commit b62f4daa)

Reported by: Prashant Jaikumar <rmstar@gmail.com>

Fix handling of application data received before a handshake.
(cherry picked from commit 0c75eeac)

PR #3090
Reported by: Franck Youssef <fry@open.ch>

If no new reason codes are obtained after checking a CRL exit with an
error to avoid repeatedly checking the same CRL.

This will only happen if verify errors such as invalid CRL scope are
overridden in a callback.
(cherry picked from commit 4b26645c)

PR: 3028
Fix bug introduced in PEM_X509_INFO_bio which wouldn't process RSA keys
correctly if they appeared first.
(cherry picked from commit 5ae8d6bc)

Bug would emerge when XTS is added to bsaes-armv7.pl. Pointed out by
Ard Biesheuvel of Linaro.
(cherry picked from commit 044f63086051d7542fa9485a1432498c39c4d8fa)

(cherry picked from commit fd8ad019)

(cherry picked from commit 00678437)

(cherry picked from commit 5c57c69f)

(cherry picked from commit 852f837f)

Submitted by: Gisle Vanem
(cherry picked from commit 241fba4e)

(cherry picked from commit f5b132d6)

Conflicts [resloved]:

	Configure

RT: 2582, 2850
(cherry picked from commit ca48ace5)

Conflicts:

	Configure

RT: 2582, 2850
(cherry picked from commit 0b4bb91d)

(cherry picked from commit 26e43b48)

(cherry picked from commit cbce8c46)

Add support for arbitrary TLS extensions.

Contributed by Trevor Perrin.

Conflicts:

	CHANGES
	ssl/ssl.h
	ssl/ssltest.c
	test/testssl

Fix compilation due to #endif.

Cherrypicking more stuff.

Cleanup of custom extension stuff.

serverinfo rejects non-empty extensions.

Omit extension if no relevant serverinfo data.

Improve error-handling in serverinfo callback.

Cosmetic cleanups.

s_client documentation.

s_server documentation.

SSL_CTX_serverinfo documentation.

Cleaup -1 and NULL callback handling for custom extensions, add tests.

Cleanup ssl_rsa.c serverinfo code.

Whitespace cleanup.

Improve comments in ssl.h for serverinfo.

Whitespace.

Cosmetic cleanup.

Reject non-zero-len serverinfo extensions.

Whitespace.

Make it build.

Conflicts:

	test/testssl

Submitted by: Bryan Drewery
PR: 3075
(cherry picked from commit c256e69d)

(cherry picked from commit b74ce8d9)

(cherry picked from commit a9d14832)

(cherry picked from commit 42386fdb)

PR: 3074
(cherry picked from commit 02450ec6)

(cherry picked from commit 8ee3c7e6)

Improve RSA sing performance by 20-30% by:
- switching from floating-point to integer conditional moves;
- daisy-chaining sqr-sqr-sqr-sqr-sqr-mul sequences;
- using MONTMUL even during powers table setup;
(cherry picked from commit 4ddacd99)

(cherry picked from commit 3b848d34)