* Many XMPP servers are configured with multiple domains (virtual hosts)
 * In order to establish successfully the TLS connection you have to specify
   which virtual host you are trying to connect.
 * Test this, for example with ::
   * Fail:
       openssl s_client -connect talk.google.com:5222 -starttls xmpp
   * Works:
       openssl s_client -connect talk.google.com:5222 -starttls xmpp -xmpphost gmail.com

Document use of -keyopt to use RSA-PSS and RSA-OAEP modes.

serverinfo rejects non-empty extensions.

Omit extension if no relevant serverinfo data.

Improve error-handling in serverinfo callback.

Cosmetic cleanups.

s_client documentation.

s_server documentation.

SSL_CTX_serverinfo documentation.

Cleaup -1 and NULL callback handling for custom extensions, add tests.

Cleanup ssl_rsa.c serverinfo code.

Whitespace cleanup.

Improve comments in ssl.h for serverinfo.

Whitespace.

Cosmetic cleanup.

Reject non-zero-len serverinfo extensions.

Whitespace.

Make it build.

PR: 2683
Submitted by: Annie Yousar

X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT error codes were reversed in
the verify application documentation.

Submitted by: Willy Weisz <weisz@vcpc.univie.ac.at>

Add options to output hash using older algorithm compatible with OpenSSL
versions before 1.0.0

Typo.

PR: 1831
Submitted by: Damien Miller

Ignore self issued certificates when checking path length constraints.

Duplicate OIDs in policy tree in case they are allocated.

Use anyPolicy from certificate cache and not current tree level.

Submitted by: Daniel Black <daniel.subs@internode.on.net>

Add a -certsout option to output any certificates in a message.

Add test for example 4.11

Submitted by: Richard Hartmann <richih.mailinglist@gmail.com>