Reviewed-by: NStephen Henson <steve@openssl.org>

The V2ClientHello code creates an empty compression list, but the
compression list must explicitly contain the null compression (and later
code enforces this).

RT#4387
Reviewed-by: NStephen Henson <steve@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>

RT#4256
Reviewed-by: NMatt Caswell <matt@openssl.org>

When *pp is NULL, don't write garbage, return an unexpected pointer
or leak memory on error.
Reviewed-by: NDr. Stephen Henson <steve@openssl.org>

RT#4402
Reviewed-by: NRichard Levitte <levitte@openssl.org>

RT#4224
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

- some Perl versions are allergic to missing ';';
- don't stop if del fails;
- omit unused environment variable;
Reviewed-by: NStephen Henson <steve@openssl.org>

Reviewed-by: NStephen Henson <steve@openssl.org>

RT#4538
Reviewed-by: NMatt Caswell <matt@openssl.org>

Don't primarly recommend using OPENSSL_thread_stop(), as that's a last
resort.  Instead, recommend leaving it to automatic mechanisms.
Reviewed-by: NMatt Caswell <matt@openssl.org>

The ERR_remove_thread_state() API is restored to take a pointer
argument, but does nothing more.  ERR_remove_state() is also made into
a no-op.  Both functions are deprecated and users are recommended to
use OPENSSL_thread_stop() instead.

Documentation is changed to reflect this.
Reviewed-by: NMatt Caswell <matt@openssl.org>

Reviewed-by: NAndy Polyakov <appro@openssl.org>

They were using the wrong variables.
Reviewed-by: NAndy Polyakov <appro@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Originally submitted by Kurt Cancemi <kurt@x64architecture.com>

Closes RT#4533
Reviewed-by: NMatt Caswell <matt@openssl.org>

Per RFC 5246,

    Note: this extension is not meaningful for TLS versions prior to 1.2.
    Clients MUST NOT offer it if they are offering prior versions.
    However, even if clients do offer it, the rules specified in [TLSEXT]
    require servers to ignore extensions they do not understand.

Although second sentence would suggest that there would be no interop
problems in always offering the extension, WebRTC has reported issues
with Bouncy Castle on < TLS 1.2 ClientHellos that still include
signature_algorithms. See also
https://bugs.chromium.org/p/webrtc/issues/detail?id=4223

RT#4390
Reviewed-by: NMatt Caswell <matt@openssl.org>
Reviewed-by: NStephen Henson <steve@openssl.org>

BIO_eof() was always returning true when using a BIO pair. It should only
be true if the peer BIO is empty and has been shutdown.

RT#1215
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Issue was introduced in
https://github.com/openssl/openssl/commit/a0a82324f965bbcc4faed4e1ee3fcaf81ea52166

This patch fixes an issue which causes the 'openssl ca' commands to
fail if '-config' is not specified even if it says so otherwise.
Problem is that the default config is not loaded and the conf variable
is NULL which causes an exception.
Reviewed-by: NMatt Caswell <matt@openssl.org>
Reviewed-by: NRichard Levitte <levitte@openssl.org>

With Unixly Makefiles as well as with nmake, make variables are
transferred to the shell running the commands as envinronment
variables.  This principle doesn't apply with MMS, so we must
explicitely define VERBOSE as commands when it's needed.
Reviewed-by: NRich Salz <rsalz@openssl.org>

PR#4462
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

The tests was incorrectly repeated multiple times when using the
async_jobs options
Reviewed-by: NKurt Roeckx <kurt@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>

When setting a new SRTP connection profile using
SSL_CTX_set_tlsext_use_srtp() or SSL_set_tlsext_use_srtp() we should
free any existing profile first to avoid a memory leak.
Reviewed-by: NKurt Roeckx <kurt@openssl.org>

If environment variables are not explanded early enough, expanded
strings are passed with single backslash to C compiler, e.g.
C:\Program Files, which effectively results in OpenSSL looking for
engines and certificates in C:Program Files.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

No code change
Reviewed-by: NKurt Roeckx <kurt@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>

Reviewed-by: NKurt Roeckx <kurt@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>

- Missing checks for allocation failure.
- releasing memory in few missing error paths
Reviewed-by: NKurt Roeckx <kurt@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>

Reviewed-by: NEmilia Käsper <emilia@openssl.org>

Reviewed-by: NEmilia Käsper <emilia@openssl.org>

PR#4449
Reviewed-by: NRich Salz <rsalz@openssl.org>

PR#4478
Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NStephen Henson <steve@openssl.org>

PR#4466
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NMatt Caswell <matt@openssl.org>
Reviewed-by: NRichard Levitte <levitte@openssl.org>