traditional format uses MD5 which is prohibited in FIPS mode.

Submitted by: Pierre Delaage

Use -1 to check all extensions in CRLs.
Always set flag for freshest CRL.

Submitted by: jean-etienne.schwartz@bull.net

In OCSP_basic_varify return an error if X509_STORE_CTX_init fails.

Submitted by: Dmitry Belyavsky <beldmit@gmail.com>

Fix DH double free if parameter generation fails.

Submitted by: "Florian Rüchel" <florian.ruechel@ruhr-uni-bochum.de>

Correctly handle local machine keys in the capi ENGINE.

PR: 2896

Submitted by: Adam Langley

Submitted by: Adam Langley

change the current certificate (in s->cert->key) to the one used and then
SSL_get_certificate and SSL_get_privatekey will automatically work.

Note for 1.0.1 and earlier also includes backport of the function
ssl_get_server_send_pkey.

  debugging code that's seldom used.

Submitted by: Chromium Authors

right response is stapled. Also change SSL_get_certificate() so it
returns the certificate actually sent.

See http://rt.openssl.org/Ticket/Display.html?id=2836.

PR: 2874
Submitted by: Tomas Mraz

assembler [from HEAD].

Multiple copies of the ENGINE will cause problems when it is cleaned up as
the methods are stored in static structures which will be overwritten and
freed up more than once.

Set static methods to NULL when the ENGINE is freed so it can be reloaded.

Reported by: Tomas Mraz <tmraz@redhat.com>

Treat a NULL value passed to drbg_free_entropy callback as non-op. This
can happen if the call to fips_get_entropy fails.