PR: 2896

Submitted by: Adam Langley

Submitted by: Adam Langley

change the current certificate (in s->cert->key) to the one used and then
SSL_get_certificate and SSL_get_privatekey will automatically work.

Note for 1.0.1 and earlier also includes backport of the function
ssl_get_server_send_pkey.

  debugging code that's seldom used.

Submitted by: Chromium Authors

right response is stapled. Also change SSL_get_certificate() so it
returns the certificate actually sent.

See http://rt.openssl.org/Ticket/Display.html?id=2836.

PR: 2874
Submitted by: Tomas Mraz

assembler [from HEAD].

Multiple copies of the ENGINE will cause problems when it is cleaned up as
the methods are stored in static structures which will be overwritten and
freed up more than once.

Set static methods to NULL when the ENGINE is freed so it can be reloaded.

Reported by: Tomas Mraz <tmraz@redhat.com>

Treat a NULL value passed to drbg_free_entropy callback as non-op. This
can happen if the call to fips_get_entropy fails.

PR: 2863
Submitted by: Duane Sand

[from HEAD].

PR: 2858

[from HEAD].

PR: 2838

PR: 2859
Submitted by: John Foley

the 31 character limit is reached (on a 80 column display, do the math)

Reported by: David McCullough <david_mccullough@mcafee.com>

Restore fips configuration module from 0.9.8.

Always perform nexproto callback argument initialisation in s_server
otherwise we use uninitialised data if -nocert is specified.

on path with spaces [from HEAD].

PR: 2835

PR: 2833

PR: 2810

Reported by: Constantine Sapuntzakis <csapuntz@gmail.com>

Fix possible deadlock when decoding public keys.

Reported by: Phil Pennock <openssl-dev@spodhuis.org>

Make renegotiation work for TLS 1.2, 1.1 by not using a lower record
version client hello workaround if renegotiating.