Submitted by: steve@openssl.org

More robust fix and workaround for PR#1949. Don't try to work out if there
is any write pending data as this can be unreliable: always flush.

Submitted by Steven M. Schweda <sms@antinode.info>

Submitted by: steve@openssl.org

The original fix for PR#2125 broke compilation on some Unixware platforms:
revert and make conditional on VMS.

ctrl is incorrectly implemented (e.g. some versions of Apache). As a workaround
call both BIO_CTRL_INFO and BIO_CTRL_WPENDING if it returns zero. This should
both address the original bug and retain compatibility with the old behaviour.

server attempts to renegotiate with an unpatched client.

algorithms not found when an application uses PKCS#12 and only calls
SSL_library_init() instead of OpenSSL_add_all_algorithms(). Simple
work around is to add the missing algorithm (40 bit RC2) in
SSL_library_init().

Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Better fix for PR#2144

Submitted by: steve@openssl.org

Fix DTLS connection so new_session is reset if we read second client hello:
new_session is used to detect renegotiation.

Submitted by: steve@openssl.org

Add missing DTLS state strings.

Submitted by: "Alon Bar-Lev" <alon.barlev@gmail.com>

Fix gcc-aix compilation issue.

Although it will be many years before TLS v2.0 or later appears old versions
of servers have a habit of hanging around for a considerable time so best
if we handle this properly now.

1. Send SCSV is not renegotiating, never empty RI.
2. Send RI if renegotiating.

1. Add provisional SCSV value.
2. Don't send SCSV and RI at same time.
3. Fatal error is SCSV received when renegotiating.

algorithm matches current and give error if compression is disabled and
server requests it (shouldn't happen unless server is broken).

used compression algorithms in client hello (a legacy from when
the compression algorithm wasn't serialized with SSL_SESSION).

MCSV is now called SCSV.

Don't send SCSV if renegotiating.

Also note if RI is empty in debug messages.

RI.

Reorganise RI checking code and handle some missing cases.

Change RI ctrl so it doesn't clash.

work in SSLv3: initial handshake has no extensions but includes MCSV, if
server indicates RI support then renegotiation handshakes include RI.

NB: current MCSV value is bogus for testing only, will be updated when we
have an official value.

Change mismatch alerts to handshake_failure as required by spec.

Also have some debugging fprintfs so we can clearly see what is going on
if OPENSSL_RI_DEBUG is set.

Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Add extension support to DTLS code mainly using existing implementation for
TLS.

Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

Add Renegotiation extension to DTLS, fix DTLS ClientHello processing bug.