RT#4471
Reviewed-by: NMatt Caswell <matt@openssl.org>

RT#4302
Reviewed-by: NViktor Dukhovni <viktor@openssl.org>

Fix -signer option in smime utility to output signer certificates
when verifying.

Add support for format SMIME for -inform and -outform with cms and
smime utilities.

PR#4215
Reviewed-by: NViktor Dukhovni <viktor@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

* Configure: Replaced -DTERMIO by -DTERMIOS in CFLAGS.

* crypto/bio/bss_dgram.c [WATT32]: Remove obsolete redefinition of
  function names: sock_write, sock_read and sock_puts.

* crypto/bio/bss_sock.c [WATT32]: For Watt-32 2.2.11 sock_write,
  sock_read and sock_puts are redefined to their private names so
  their names must be undefined first before they can be redefined
  again.

* crypto/bio/bss_file.c (file_fopen) [__DJGPP__]: Make a copy of the
  passed file name and replace the leading dots in the dirname part
  and the basname part of the file name, unless LFN is supported.

* e_os.h [__DJGPP__]: Undefine macro DEVRANDOM_EGD. Neither MS-DOS nor
  FreeDOS provide 'egd' sockets.
  New macro HAS_LFN_SUPPORT checks if underlying file system supports
  long file names or not.
  Include sys/un.h.
  Define WATT32_NO_OLDIES.

* INSTALL.DJGPP: Update URL of WATT-32 library.

Submitted by Juan Manuel Guerrero <juan.guerrero@gmx.de>

RT#4217
Reviewed-by: NAndy Polyakov <appro@openssl.org>

DJGPP is a 3rd party configuration, we rely entirely on the OpenSSL to
help us fine tune and test.  Therefore, it's moved to its own config.
Reviewed-by: NAndy Polyakov <appro@openssl.org>

Reviewed-by: NDr. Stephen Henson <steve@openssl.org>

The old proxy tests test the implementation of an application proxy
policy callback defined in the test itself, which is not particularly
useful.

It is, however, useful to test cert verify overrides in
general. Therefore, replace these tests with tests for cert verify
callback behaviour.

Also glob the ssl test inputs on the .in files to catch missing
generated files.
Reviewed-by: NRich Salz <rsalz@openssl.org>

ERR_LIB_USER has value 128, and shifting into the sign bit upsets the
shift sanitizer.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Multiple digest options to the ocsp utility are allowed: e.g. to use
different digests for different certificate IDs. A digest option without
a following certificate is however illegal.

RT#4215
Reviewed-by: NRich Salz <rsalz@openssl.org>

While it seemed like a good idea to have this file once upon a time,
this kind of file belongs with the package maintainer rather than in
our source.
Reviewed-by: NRich Salz <rsalz@openssl.org>

RT#4207
Reviewed-by: NTim Hudson <tjh@openssl.org>

RT#4438
Reviewed-by: NMatt Caswell <matt@openssl.org>
Reviewed-by: NStephen Henson <steve@openssl.org>

RT#4403
Reviewed-by: NViktor Dukhovni <viktor@openssl.org>

This makes it possible to just run ./config on a x86_64 machine with
no extra fuss.

RT#4356
Reviewed-by: NTim Hudson <tjh@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

RT#4442
Reviewed-by: NEmilia Käsper <emilia@openssl.org>

Update pkcs8 utility to use 256 bit AES using SHA256 by default.

Update documentation.
Reviewed-by: NViktor Dukhovni <viktor@openssl.org>

RT#4363
Reviewed-by: NMatt Caswell <matt@openssl.org>
Reviewed-by: NStephen Henson <steve@openssl.org>

The old cipherlist test in ssltest.c only tests the internal order of
the cipher table, which is pretty useless.

Replace this test with a test that catches inadvertent changes to the
default cipherlist.

Fix run_tests.pl to correctly filter tests that have "list" in their name.

(Also includes a small drive-by fix in .gitignore.)
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NStephen Henson <steve@openssl.org>

The V2ClientHello code creates an empty compression list, but the
compression list must explicitly contain the null compression (and later
code enforces this).

RT#4387
Reviewed-by: NStephen Henson <steve@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>

RT#4256
Reviewed-by: NMatt Caswell <matt@openssl.org>

When *pp is NULL, don't write garbage, return an unexpected pointer
or leak memory on error.
Reviewed-by: NDr. Stephen Henson <steve@openssl.org>

RT#4402
Reviewed-by: NRichard Levitte <levitte@openssl.org>

RT#4224
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

- some Perl versions are allergic to missing ';';
- don't stop if del fails;
- omit unused environment variable;
Reviewed-by: NStephen Henson <steve@openssl.org>

Reviewed-by: NStephen Henson <steve@openssl.org>

RT#4538
Reviewed-by: NMatt Caswell <matt@openssl.org>

Don't primarly recommend using OPENSSL_thread_stop(), as that's a last
resort.  Instead, recommend leaving it to automatic mechanisms.
Reviewed-by: NMatt Caswell <matt@openssl.org>

The ERR_remove_thread_state() API is restored to take a pointer
argument, but does nothing more.  ERR_remove_state() is also made into
a no-op.  Both functions are deprecated and users are recommended to
use OPENSSL_thread_stop() instead.

Documentation is changed to reflect this.
Reviewed-by: NMatt Caswell <matt@openssl.org>

Reviewed-by: NAndy Polyakov <appro@openssl.org>

They were using the wrong variables.
Reviewed-by: NAndy Polyakov <appro@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>