PR#3403

PR#3410

This ensures high performance is situations when assembler supports
AVX2, but not AD*X.

This is to compensate for higher aes* instruction latency on Cortex-A57.

Implemented as STACK_OF(OPENSSL_STRING).

Just store NUL-terminated strings.  This works better when we add
support for multiple hostnames.

In the ssl_cipher_get_evp() function, fix off-by-one errors in index validation before accessing arrays.

Bug discovered and fixed by Miod Vallat from the OpenBSD team.

PR#3375

This reverts commit abfb989f.

Incorrect attribution

cms, ocsp, s_client, s_server and smime tools also use args_verify()
for parsing options, that makes them most of the same options
verify tool does. Add those options to man pages and reference
their explanation in the verify man page.

just making sure the options are listed in the alphabetical order
both in SYNOPSIS and DESCRIPTION, no text changes

The options related to policy used for verification, verification
of subject names in certificate and certificate chain handling
were missing in the verify(1) man page. This fixes this issue.

-CAfile and -CApath is documented in OPTIONS but is missing
in SYNOPSIS, add them there

Add -trusted_first description to help messages and man pages
of tools that deal with certificate verification.

Allow CCS after finished has been sent by client: at this point
keys have been correctly set up so it is OK to accept CCS from
server. Without this renegotiation can sometimes fail.

PR#3400

PR: 3405

PR: 3405