Submitted by: James Beckett <jmb.openssl@nospam.hackery.net>, steve
Approved by: steve@openssl.org

Fix documentation errors in d2i_X509 manual pages.

Submitted by: Tomas Mraz <tmraz@redhat.com>
Approved by: steve@openssl.org

Constify SSL_CIPHER_description

Submitted by: steve@openssl.org

Allow use of trusted certificates in SSL_CTX_use_chain_file()

Submitted by: Artem Chuprina <ran@cryptocom.ru>
Approved by: steve@openssl.org

Avoid double call to BIO_free().

Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

DTLS listen support.

in devteam warnings into other configurations.

possible PRNG state duplication.

Submitted by: steve@openssl.org

Tolerate application/timestamp-response which some servers send out.

Submitted by: steve@openssl.org

Fix to make DHparams_dup() et al work in C++.

For 1.0 fix the final argument to ASN1_dup() so it is void *. Replace some
*_dup macros with functions.

Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

Fix DTLS cookie management bugs.

Submitted by: Keith Beckman <kbeckman@mcg.edu>,  Tomas Mraz <tmraz@redhat.com>
Checked by: steve@openssl.org

Fix improperly capitalized references to WWW::Curl::Easy.

Submitted by: Tomas Mraz <tmraz@redhat.com>
Checked by: steve@openssl.org

Fix so that the legacy digest EVP_dss1() still works.

Submitted by: steve@openssl.org

Include a flag ASN1_STRING_FLAG_MSTRING when a multi string type is created.
This makes it possible to tell if the underlying type is UTCTime,
GeneralizedTime or Time when the structure is reused and X509_time_adj_ex()
can handle each case in an appropriate manner.

Add error checking to CRL generation in ca utility when nextUpdate is being
set.

Submitted by: "Alexei Khlebnikov" <alexei.khlebnikov@opera.com>
Approved by: steve@openssl.org

Avoid memory leak and fix error reporting in d2i_SSL_SESSION(). NB: although
the ticket mentions buffer overruns this isn't a security issue because
the SSL_SESSION structure is generated internally and it should never be
possible to supply its contents from an untrusted application (this would
among other things destroy session cache security).

Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

Fix DTLS record header length bug.

obsolete functions and enhance to handle new conditions such as policy
printing.

Submitted by: steve@openssl.org

Some systems have broken IPv6 headers and/or implementations. If
OPENSSL_USE_IPV6 is set to 0 IPv6 is not used, if it is set to 1 it is used
and if undefined an attempt is made to detect at compile time by checking
if AF_INET6 is set and excluding known problem platforms.

Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

Do not use multiple DTLS records for a single user message

Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

Define LIBDIR properly.

Put it back where it was and place an inclusion of e_os2.h to get platform
macros defined...

Make sure _XOPEN_SOURCE_EXTENDED is defined in opensslconf.h

Submitted by Zoltan Arpadffy <zoli@polarhome.com>

Don't have separate installation directory variables for VAX and AXP.

Submitted by Zoltan Arpadffy <zoli@polarhome.com>

Make sure S_SOCKET also gets compiled with _POSIX_C_SOURCE defined.

Submitted by Zoltan Arpadffy <zoli@polarhome.com>

to be properly defined.

Submitted by Zoltan Arpadffy <arpadffy@polarhome.com>

Parse file types in a more secure manner.

Submitted by sms@antinode.info (Steven M. Schweda)

Submitted by Arpadffy Zoltan <Zoltan.Arpadffy@scientificgames.se>

Submitted by Arpadffy Zoltan <Zoltan.Arpadffy@scientificgames.se>

Make error name discrepancies a fatal error.
Fix error codes.
make update

Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

DTLS timeout handling fix.