PR#2800

PR#2783

PR#3374

Document that the certificate passed to SSL_CTX_add_extra_chain_cert()
should not be freed by the application.

PR#3409

OIDs with one component don't have an encoding.

PR#2556 (Bug#1)

PR#3403

PR#3410

This ensures high performance is situations when assembler supports
AVX2, but not AD*X.

This is to compensate for higher aes* instruction latency on Cortex-A57.

Implemented as STACK_OF(OPENSSL_STRING).

Just store NUL-terminated strings.  This works better when we add
support for multiple hostnames.

In the ssl_cipher_get_evp() function, fix off-by-one errors in index validation before accessing arrays.

Bug discovered and fixed by Miod Vallat from the OpenBSD team.

PR#3375

This reverts commit abfb989f.

Incorrect attribution

cms, ocsp, s_client, s_server and smime tools also use args_verify()
for parsing options, that makes them most of the same options
verify tool does. Add those options to man pages and reference
their explanation in the verify man page.

just making sure the options are listed in the alphabetical order
both in SYNOPSIS and DESCRIPTION, no text changes

The options related to policy used for verification, verification
of subject names in certificate and certificate chain handling
were missing in the verify(1) man page. This fixes this issue.

-CAfile and -CApath is documented in OPTIONS but is missing
in SYNOPSIS, add them there

Add -trusted_first description to help messages and man pages
of tools that deal with certificate verification.