in SSL_new.
If SSL_OP_SINGLE_DH_USE is set, don't waste time in SSL_[CTX_]set_tmp_dh
on computing a DH key that will be ignored anyway.

ssltest -dhe1024dsa (w/ 160-bit sub-prime) had an unfair performance
advantage over -dhe1024 (safe prime): SSL_OP_SINGLE_DH_USE was
effectively always enabled because SSL_new ignored the DH key set in
the SSL_CTX.  Now -dhe1024 takes the server only about twice as long
as -dhe1024dsa instead of three times as long (for 1024 bit RSA
with 1024 bit DH).

broken formats worked but the valid didn't :-(

the third argument: the second was being used
already.

Submitted by: Rolf Haberrecker <rolf@suse.de>

by Lutz Behnke and by Lutz Jaenicke.

Hopefully we'll have a unified way of handling shared libraries when
we move to autoconf...

about renamed header files.

because it added them manually and as part of SMIME_crlf_copy().
Removed the manual add.

Add info about where to get MASM.

Rebuild error files.

where the new functions are mentioned.

with a failure.

Fix typos in some error codes.

Allow ADH to be used but not present in the default cipher
list.

Allow CERTIFICATE to be used in PEM headers for PKCS#7 structures:
some CAs do this.

the old functionality.

Various warning fixes.

Initial EVP symmetric cipher docs.

ssl3_get_message, which is more logical (and avoids a bug,
in addition to the one that I introduced yesterday :-)
and makes Microsoft "fast SGC" less special.
MS SGC should still work now without an extra state of its own
(it goes directly to SSL3_ST_SR_CLNT_HELLO_C, which is the usual state
for reading the body of a Client Hello message), however this should
be tested to make sure, and I don't have a MS SGC client.

instead of 'unsigned' counters.
Seed PRNG in MacOS/GetHTTPS.src/GetHTTPS.cpp.

Partially submitted by Yoram Meroz <yoram@mail.idrive.com>.