s_server.

enabled instead of requiring an application to hard code a (possibly
inappropriate) parameter set and delve into EC internals we just
automatically use the preferred curve.

Tidy some code up.

Don't allocate a structure to handle ECC extensions when it is used for
default values.

Make supported curves configurable.

Add ctrls to retrieve shared curves: not fully integrated with rest of
ECC code yet.

the old code came from SSLeay days before TLS was even supported.

Add more extension names in s_cb.c extension printing code.

extensions to s_client and s_server to print out retrieved valued.

Extend CERT structure to cache supported signature algorithm data.

between NIDs and the more common NIST names such as "P-256". Enhance
ecparam utility and ECC method to recognise the NIST names for curves.

Submitted by: Tim Rice <tim@multitalents.net>

Make compilation work on OpenServer 5.0.7

Submitted by: Adam Langley <agl@google.com>

Fix handling of exporter return value and use OpenSSL indentation in
s_client, s_server.

Submitted by: Tomas Mraz <tmraz@redhat.com>

Check return codes for load_certs_crls.

Submitted by: Tomas Mraz <tmraz@redhat.com>

Make no-srp work.

some servers.

Thanks to Antonio Martin, Enterprise Secure Access Research and
Development, Cisco Systems, Inc. for discovering this bug and
preparing a fix. (CVE-2012-0050)

are passed zero-extended, not sign-extended.
PR: 2682

PR: 2681
Submitted by: Annie Yousar

Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Support for TLS/DTLS heartbeats.

Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
Reviewed by: steve

- remove some unncessary SSL_err and permit
an srp user callback to allow a worker to obtain
a user verifier.

- cleanup and comments in s_server and demonstration
for asynchronous srp user lookup

New function to retrieve compression method from SSL_SESSION structure.

Delete SSL_SESSION_get_id_len and SSL_SESSION_get0_id functions
as they duplicate functionality of SSL_SESSION_get_id. Note: these functions
have never appeared in any release version of OpenSSL.

PR: 2655

Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
Reviewed by: steve

Remove unnecessary code for srp and to add some comments to
s_client.

- the callback to provide a user during client connect is
no longer necessary since rfc 5054 a connection attempt
with an srp cipher and no user is terminated when the
cipher is acceptable

- comments to indicate in s_client the (non-)usefulness of
th primalaty tests for non known group parameters.

 be the server FQDN: change it.
[Reported by PSW Group]