Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Make session tickets work with DTLS.

Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Typo in PR#1949 bug, oops!

out any we added using ERR_set_mark() and ERR_pop_to_mark() otherwise
errors from other sources (e.g. SSL library) can be wiped.

pod2man test. Use ./util instead to avoid this.

calling underlying method directly.

Submitted by: steve@openssl.org

More robust fix and workaround for PR#1949. Don't try to work out if there
is any write pending data as this can be unreliable: always flush.

Submitted by: Kevin Regan <k.regan@f5.com>

Clear stat structure if -DPURIFY is set to avoid problems on some
platforms which include unitialised fields.

Submitted by: Douglas Stebila <douglas@stebila.ca>

Fix wap OIDs.

ctrl is incorrectly implemented (e.g. some versions of Apache). As a workaround
call both BIO_CTRL_INFO and BIO_CTRL_WPENDING if it returns zero. This should
both address the original bug and retain compatibility with the old behaviour.

server attempts to renegotiate with an unpatched client.

PR: 2094,2095

Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Better fix for PR#2144

don't suffer from the problem after Win64 SEH support was added.
PR: 2075
Submitted by: Peter Klotz

Submitted by: steve@openssl.org

Fix DTLS connection so new_session is reset if we read second client hello:
new_session is used to detect renegotiation.

Submitted by: steve@openssl.org

Add missing DTLS state strings.

Submitted by: steve@openssl.org

Fix bug in 0.9.8-stable time handling in ca.c . NB: this only handles cases
where times are not being checked or printed properly. Issues relating to
time_t becoming negative or wrapping around are *NOT* addressed. OpenSSL
1.0.0 and later does fix these issues by using its own time routines.

Although it will be many years before TLS v2.0 or later appears old versions
of servers have a habit of hanging around for a considerable time so best
if we handle this properly now.

stops applications that call CRYPTO_free_all_ex_data() prematurely leaking
memory.

1. Send SCSV is not renegotiating, never empty RI.
2. Send RI if renegotiating.