Start ensuring all OpenSSL "free" routines allow NULL, and remove
any if check before calling them.
This gets ASN1_OBJECT_free and ASN1_STRING_free.
Reviewed-by: NMatt Caswell <matt@openssl.org>

Reviewed-by: NAndy Polyakov <appro@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Signed-off-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NTim Hudson <tjh@openssl.org>

ACKNOWLEDGEMENTS is now spelled correctly :)
README.ASN1 talked about 0.9.6, so it's deleted.
I turned doc/standards.txt into a set of one-line summaries of RFCs, and
also updated the pointers to original sources (to be web links)
Reviewed-by: NRichard Levitte <levitte@openssl.org>

the "-hack" option from s_server that set this option.
Reviewed-by: NTim Hudson <tjh@openssl.org>

Updates to include SHA224, SHA256, SHA384 and SHA512. In particular note
the restriction on setting md to NULL with regards to thread safety.
Reviewed-by: NTim Hudson <tjh@openssl.org>

the extract-names.pl script.

RT#3718
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NEmilia Käsper <emilia@openssl.org>

Reviewed-by: NEmilia Käsper <emilia@openssl.org>

Reviewed-by: NEmilia Käsper <emilia@openssl.org>

the X509_V_FLAG_NO_ALT_CHAINS flag.
Reviewed-by: NDr. Stephen Henson <steve@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NKurt Roeckx <kurt@openssl.org>

Reviewed-by: NMatt Caswell <matt@openssl.org>

Reviewed-by: NTim Hudson <tjh@openssl.org>

SSL_SESSION_get_ticket_lifetime_hint. The latter has been reported as
required to fix Qt for OpenSSL 1.1.0. I have also added the former in order
to determine whether a ticket is present or not - otherwise it is difficult
to know whether a zero lifetime hint is because the server set it to 0, or
because there is no ticket.
Reviewed-by: NTim Hudson <tjh@openssl.org>

Specifically, an ASN.1 NumericString in the certificate CN will fail UTF-8 conversion
and result in a negative return value, which the "x509 -checkhost" command-line option
incorrectly interpreted as success.

Also update X509_check_host docs to reflect reality.

Thanks to Sean Burford (Google) for reporting this issue.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

There is no mechanism to do that at the moment - SSL_set_bio makes changes
to the wbio even if you pass in SSL_get_wbio().

This commit introduces two new API functions SSL_set_rbio() and
SSL_set_wbio(). These do the same job as SSL_set_bio() except they enable
you to manage the rbio and wbio individually.
Reviewed-by: NTim Hudson <tjh@openssl.org>

This is an ancient bug workaround for Netscape clients. The documentation
talks about versions 3.x and 4.x beta.
Reviewed-by: NTim Hudson <tjh@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Document SSL_get_extms_support().

Modify behaviour of SSL_get_extms_support() so it returns -1 if the
master secret support of the peer is not known (e.g. handshake in progress).
Reviewed-by: NTim Hudson <tjh@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>

Remove outdated doc files.
Fix windows build after old_des was removed.
Reviewed-by: NTim Hudson <tjh@openssl.org>

Reviewed-by: NMatt Caswell <matt@openssl.org>

Reviewed-by: NTim Hudson <tjh@openssl.org>

Not interested in helping the NSA in the slightest.
And anyway, it was never implemented, #if'd out.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Remove OPENSSL_NO_BUF_FREELISTS. This was turned on by default,
so the work here is removing the 'maintain our own freelist' code.
Also removed a minor old Windows-multibyte/widechar conversion flag.
Reviewed-by: NAndy Polyakov <appro@openssl.org>

Remove support for SHA0 and DSS0 (they were broken), and remove
the ability to attempt to build without SHA (it didn't work).
For simplicity, remove the option of not building various SHA algorithms;
you could argue that SHA_224/256/384/512 should be kept, since they're
like crypto algorithms, but I decided to go the other way.
So these options are gone:
	GENUINE_DSA         OPENSSL_NO_SHA0
	OPENSSL_NO_SHA      OPENSSL_NO_SHA1
	OPENSSL_NO_SHA224   OPENSSL_NO_SHA256
	OPENSSL_NO_SHA384   OPENSSL_NO_SHA512
Reviewed-by: NRichard Levitte <levitte@openssl.org>

A DES algorithm mode, known attacks, no EVP support.
Flushed.
Reviewed-by: NAndy Polyakov <appro@openssl.org>

functions.
Reviewed-by: NAndy Polyakov <appro@openssl.org>

Per discussion: should not exit. Should not print to stderr.
Errors are ignored.  Updated doc to reflect that, and the fact
that this function is to be avoided.
Reviewed-by: NMatt Caswell <matt@openssl.org>
Reviewed-by: NTim Hudson <tjh@openssl.org>
Reviewed-by: NViktor Dukhovni <viktor@openssl.org>

Removed CHANGES.SSLeay

Udpate README to be current.

Updated fignerprints.txt to list only current release signers and
to explain that is what it's used for.

Removed the following:
	c-indentation.el -- doesn't go with our coding style
	openssl-shared.txt -- old info about shared library aides
	openssl.txt -- old info about X509v3 extension support/syntax
	ssleay.txt -- old info about OpenSSL's predecessor, back when
		programmers coded on COBOL sheets by candlelight
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Show only the #define, not the values, in BIO_f_buffer.  Data
abstraction and we can remove a "see also" entry.

Remove internal forward reference to NOTES in EVP_EncryptInit; just
say "see below" as we do in the other pages.

Add missing (3) in pem.pod so the L<> entry is consistent.
Fix entry to point to the "master" page, not the symlink'd one.
Reviewed-by: NMatt Caswell <matt@openssl.org>

OpenSSL clients would tolerate temporary RSA keys in non-export
ciphersuites. It also had an option SSL_OP_EPHEMERAL_RSA which
enabled this server side. Remove both options as they are a
protocol violation.

Thanks to Karthikeyan Bhargavan for reporting this issue.
(CVE-2015-0204)
Reviewed-by: NMatt Caswell <matt@openssl.org>

MS Server gated cryptography is obsolete and dates from the time of export
restrictions on strong encryption and is only used by ancient versions of
MSIE.
Reviewed-by: NMatt Caswell <matt@openssl.org>

Signed-off-by: NKurt Roeckx <kurt@roeckx.be>
Reviewed-by: NRichard Levitte <levitte@openssl.org>

* adds links to various related documents.
* fixes a few typos.
* rewords a few sentences.
Reviewed-by: NRichard Levitte <levitte@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NStephen Henson <steve@openssl.org>

In EVP_EncryptInit remove duplicate mention of EVP_idea_cbc()
In EVP_PKEY_CTX_ctrl.pod remove EVP_PKEY_get_default_digest_nid
since it is documented elsewhere.
Reviewed-by: NRichard Levitte <levitte@openssl.org>