Make sure there is an extra 4 bytes for server done message when
NETSCAPE_HANG_BUG is defined.

PR#3361

PR#3313

PR#3319

the verify app man page didn't describe the usage of attime option
even though it was listed as a valid option in the -help message.

This patch fixes this omission.

While the -help message references this option, the man page
doesn't mention the -no_ecdhe option.
This patch fixes this omission.

Submitted by: Ard Biesheuvel.

PR#3249

PR#3278

10-19% improvement depending on key length and endianness.

Closes #74.

Closes #31.

When looking for the issuer of a certificate, if current candidate is
expired, continue looking. Only return an expired certificate if no valid
certificates are found.

PR#3359

Add an NSS output format to sess_id to export to export the session id and the master key in NSS keylog format. PR#3352

subjectAltName field. The Name Contraint example in x509v3_config(5) even use IP
as an example:

	nameConstraints=permitted;IP:192.168.0.0/255.255.0.0

However, until now, the verify code for IP name contraints did not exist. Any
check with a IP Address Name Constraint results in a "unsupported name constraint
type" error.

This patch implements support for IP Address Name Constraint (v4 and v6). This code
validaded correcly certificates with multiple IPv4/IPv6 address checking against
a CA certificate with these constraints:

	permitted;IP.1=10.9.0.0/255.255.0.0
	permitted;IP.2=10.48.0.0/255.255.0.0
	permitted;IP.3=10.148.0.0/255.255.0.0
	permitted;IP.4=fdc8:123f:e31f::/ffff:ffff:ffff::

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>

Replaces the entire test with a trivial implementation when
OPENSSL_NO_HEARTBEATS is defined.

Fixes to host checking wild card support and add support for
setting host checking flags when verifying a certificate
chain.