Fix -signer option in smime utility to output signer certificates
when verifying.

Add support for format SMIME for -inform and -outform with cms and
smime utilities.

PR#4215

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

Reviewed-by: Rich Salz <rsalz@openssl.org>

* Configure: Replaced -DTERMIO by -DTERMIOS in CFLAGS.

* crypto/bio/bss_dgram.c [WATT32]: Remove obsolete redefinition of
  function names: sock_write, sock_read and sock_puts.

* crypto/bio/bss_sock.c [WATT32]: For Watt-32 2.2.11 sock_write,
  sock_read and sock_puts are redefined to their private names so
  their names must be undefined first before they can be redefined
  again.

* crypto/bio/bss_file.c (file_fopen) [__DJGPP__]: Make a copy of the
  passed file name and replace the leading dots in the dirname part
  and the basname part of the file name, unless LFN is supported.

* e_os.h [__DJGPP__]: Undefine macro DEVRANDOM_EGD. Neither MS-DOS nor
  FreeDOS provide 'egd' sockets.
  New macro HAS_LFN_SUPPORT checks if underlying file system supports
  long file names or not.
  Include sys/un.h.
  Define WATT32_NO_OLDIES.

* INSTALL.DJGPP: Update URL of WATT-32 library.

Submitted by Juan Manuel Guerrero <juan.guerrero@gmx.de>

RT#4217

Reviewed-by: Andy Polyakov <appro@openssl.org>

DJGPP is a 3rd party configuration, we rely entirely on the OpenSSL to
help us fine tune and test.  Therefore, it's moved to its own config.

Reviewed-by: Andy Polyakov <appro@openssl.org>

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>

The old proxy tests test the implementation of an application proxy
policy callback defined in the test itself, which is not particularly
useful.

It is, however, useful to test cert verify overrides in
general. Therefore, replace these tests with tests for cert verify
callback behaviour.

Also glob the ssl test inputs on the .in files to catch missing
generated files.

Reviewed-by: Rich Salz <rsalz@openssl.org>

ERR_LIB_USER has value 128, and shifting into the sign bit upsets the
shift sanitizer.

Reviewed-by: Rich Salz <rsalz@openssl.org>

Multiple digest options to the ocsp utility are allowed: e.g. to use
different digests for different certificate IDs. A digest option without
a following certificate is however illegal.

RT#4215

Reviewed-by: Rich Salz <rsalz@openssl.org>

While it seemed like a good idea to have this file once upon a time,
this kind of file belongs with the package maintainer rather than in
our source.

Reviewed-by: Rich Salz <rsalz@openssl.org>

RT#4207

Reviewed-by: Tim Hudson <tjh@openssl.org>

RT#4438

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>

RT#4403

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

This makes it possible to just run ./config on a x86_64 machine with
no extra fuss.

RT#4356

Reviewed-by: Tim Hudson <tjh@openssl.org>

Reviewed-by: Richard Levitte <levitte@openssl.org>

Reviewed-by: Richard Levitte <levitte@openssl.org>

Reviewed-by: Rich Salz <rsalz@openssl.org>

RT#4442

Reviewed-by: Emilia Käsper <emilia@openssl.org>

Update pkcs8 utility to use 256 bit AES using SHA256 by default.

Update documentation.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

RT#4363

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>

The old cipherlist test in ssltest.c only tests the internal order of
the cipher table, which is pretty useless.

Replace this test with a test that catches inadvertent changes to the
default cipherlist.

Fix run_tests.pl to correctly filter tests that have "list" in their name.

(Also includes a small drive-by fix in .gitignore.)

Reviewed-by: Rich Salz <rsalz@openssl.org>

Reviewed-by: Stephen Henson <steve@openssl.org>

The V2ClientHello code creates an empty compression list, but the
compression list must explicitly contain the null compression (and later
code enforces this).

RT#4387

Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>

RT#4256

Reviewed-by: Matt Caswell <matt@openssl.org>

When *pp is NULL, don't write garbage, return an unexpected pointer
or leak memory on error.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>

RT#4402

Reviewed-by: Richard Levitte <levitte@openssl.org>

RT#4224

Reviewed-by: Richard Levitte <levitte@openssl.org>

Reviewed-by: Rich Salz <rsalz@openssl.org>

Reviewed-by: Richard Levitte <levitte@openssl.org>

Reviewed-by: Richard Levitte <levitte@openssl.org>

Reviewed-by: Richard Levitte <levitte@openssl.org>

- some Perl versions are allergic to missing ';';
- don't stop if del fails;
- omit unused environment variable;

Reviewed-by: Stephen Henson <steve@openssl.org>

Reviewed-by: Stephen Henson <steve@openssl.org>

RT#4538

Reviewed-by: Matt Caswell <matt@openssl.org>

Don't primarly recommend using OPENSSL_thread_stop(), as that's a last
resort.  Instead, recommend leaving it to automatic mechanisms.

Reviewed-by: Matt Caswell <matt@openssl.org>

The ERR_remove_thread_state() API is restored to take a pointer
argument, but does nothing more.  ERR_remove_state() is also made into
a no-op.  Both functions are deprecated and users are recommended to
use OPENSSL_thread_stop() instead.

Documentation is changed to reflect this.

Reviewed-by: Matt Caswell <matt@openssl.org>

Reviewed-by: Andy Polyakov <appro@openssl.org>

They were using the wrong variables.

Reviewed-by: Andy Polyakov <appro@openssl.org>

Reviewed-by: Richard Levitte <levitte@openssl.org>

Reviewed-by: Richard Levitte <levitte@openssl.org>

Reviewed-by: Richard Levitte <levitte@openssl.org>