Add an NSS output format to sess_id to export to export the session id and the master key in NSS keylog format. PR#3352

subjectAltName field. The Name Contraint example in x509v3_config(5) even use IP
as an example:

	nameConstraints=permitted;IP:192.168.0.0/255.255.0.0

However, until now, the verify code for IP name contraints did not exist. Any
check with a IP Address Name Constraint results in a "unsupported name constraint
type" error.

This patch implements support for IP Address Name Constraint (v4 and v6). This code
validaded correcly certificates with multiple IPv4/IPv6 address checking against
a CA certificate with these constraints:

	permitted;IP.1=10.9.0.0/255.255.0.0
	permitted;IP.2=10.48.0.0/255.255.0.0
	permitted;IP.3=10.148.0.0/255.255.0.0
	permitted;IP.4=fdc8:123f:e31f::/ffff:ffff:ffff::
Signed-off-by: NLuiz Angelo Daros de Luca <luizluca@gmail.com>

Replaces the entire test with a trivial implementation when
OPENSSL_NO_HEARTBEATS is defined.

Fixes to host checking wild card support and add support for
setting host checking flags when verifying a certificate
chain.

Use triple DES for certificate encryption if no-rc2 is
specified.

PR#3357

PR#3357

The previous calls to memset() were added to tear_down() when I noticed the
test spuriously failing in opt mode, with different results each time. This
appeared to be because the allocator zeros out memory in debug mode, but not
in opt mode. Since the heartbeat functions silently drop the request on error
without modifying the contents of the write buffer, whatever random contents
were in memory before being reallocated to the write buffer used in the test
would cause nondeterministic test failures in the Heartbleed regression cases.
Adding these calls allowed the test to pass in both debug and opt modes.

Ben Laurie notified me offline that the test was aborting in
debug-ben-debug-64-clang mode, configured with GitConfigure and built with
GitMake. Looking into this, I realized the first memset() call was zeroing out
a reference count used by SSL_free() that was checked in
debug-ben-debug-64-clang mode but not in the normal debug mode.

Removing the memset() calls from tear_down() and adding a memset() for the
write buffer in set_up() addresses the issue and allows the test to
successfully execute in debug, opt, and debug-ben-debug-64-clang modes.

Checks the return values of ssl_init_wbio_buffer() and ssl3_setup_buffers().

Regression test against CVE-2014-0160 (Heartbleed).

More info: http://mike-bland.com/tags/heartbleed.html

"Teaser" means that it's initial proof-of-concept to build EVP module
upon.

Moved note about lack of support for AEAD modes out of BUGS section to SUPPORTED CIPHERS section (bug has been fixed, but still no support for AEAD)

(cherry picked from commit 09184dddead165901700b31eb39d540ba30f93c5)

various link settings. PR#3332

Replace manual ASN.1 decoder with ASN1_get object. This
will decode the tag and length properly and check against
it does not exceed the supplied buffer length.

PR#3335

"Teaser" means that it's not integrated yet and purpose of this
commit is primarily informational, to exhibit design choices,
such as how to handle alignment and endianness. In other words
it's proof-of-concept code that EVP module will build upon.