PR#1675
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 197400c3f0d617d71ad8167b52fb73046d334320)

PR#3456
Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit d48e78f0)

PR#3442

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 2097a17c)

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 3bd54819)

PR#3452
(cherry picked from commit ca2015a6)

Use same logic when determining when to expect a client
certificate for both TLS and DTLS.

PR#3452
(cherry picked from commit c8d710dc)

The options which emulate a web server don't make sense when doing DTLS.
Exit with an error if an attempt is made to use them.

PR#3453
(cherry picked from commit 58a2aaeade8bdecd0f9f0df41927f7cff3012547)

PR#3449

PR#3445
(cherry picked from commit 1c3e9a7c)

Add description of the option to advertise support of
Next Protocol Negotiation extension (-nextprotoneg) to
man pages of s_client and s_server.

PR#3444
(cherry picked from commit 7efd0e77)

Conflicts:

	doc/apps/s_server.pod

(cherry picked from commit 7aabd9c92fe6f0ea2a82869e5171dcc4518cee85)

This is actually ok for this function, but initialised to zero anyway if
PURIFY defined.

This does have the impact of masking any *real* unitialised data reads in bn though.

Patch based on approach suggested by Rich Salz.

PR#3415

(cherry picked from commit 77747e2d9a5573b1dbc15e247ce18c03374c760c)

PR#3440
(cherry picked from commit 924e5eda)

  Detected by dcruette@qualitesys.com

(cherry picked from commit 8b5dd340)

(cherry picked from commit c1d1b011)

Based on an original patch by Neitrino Photonov <neitrinoph@gmail.com>

PR#3439

(cherry picked from commit 66816c53)

PR#2985
(cherry picked from commit 9d23f422)

(cherry picked from commit ee724df7)

(cherry picked from commit cba3f1c7)

Conflicts:

	doc/apps/s_client.pod
	doc/apps/s_server.pod

(cherry picked from commit a44f219c)

(cherry picked from commit a23a6e85)

PR#2277
(cherry picked from commit 733a6c882e92f8221bd03a51643bb47f5f81bb81)

(cherry picked from commit 07255f0a76d9d349d915e14f969b9ff2ee0d1953)

PR#3418.
(cherry picked from commit fdea4fff)

PR#319 (reoponed version).
(cherry picked from commit 7f6e9578)

(cherry picked from commit 2cfbec1c)
(cherry picked from commit a9661e45)

(cherry picked from commit 55707a36)

(cherry picked from commit f1112985)

PR: #3397
(cherry picked from commit eca441b2)

ERR_get_error(3) references the non-existent
ERR_get_last_error_line_data instead of the one that does exist,
ERR_peek_last_error_line_data.

PR#3283
(cherry picked from commit 5cc99c6c)

(cherry picked from commit 7cb472bd)

Gets rid of this;

defined(@array) is deprecated at ../util/mkerr.pl line 792.
        (Maybe you should just omit the defined()?)
defined(@array) is deprecated at ../util/mkerr.pl line 800.
        (Maybe you should just omit the defined()?)

Signed-off-by: Geoff Thorpe <geoff@openssl.org>
(cherry picked from commit 647f360e)

Primitive encodings shouldn't use indefinite length constructed
form.

PR#2438 (partial).
(cherry picked from commit 398e99fe)

Internal pointers in CCM, GCM and XTS contexts should either be
NULL or set to point to the appropriate key schedule. This needs
to be adjusted when copying contexts.
(cherry picked from commit c2fd5d79)

IN parameter.

Under the old docs, the only thing stated was "at most
EVP_PKEY_size(pkey) bytes will be written". It was kind of misleading
since it appears EVP_PKEY_size(pkey) WILL be written regardless of the
signature's buffer size.

(cherry picked from commit 6e6ba36d)

PR#3272
(cherry picked from commit 370bf1d7)