error if the cipher list is empty
- fix last commit in ssl_create_cipher_list
- clean up ssl_create_cipher_list

("perl util/ck_errf.pl */*.c */*/*.c" still reports many more.)

move some functions from exported header <openssl/dtl1.h> into "ssl_locl.h";
fix silly indentation (a TAB is *not* always 4 spaces)

This tidies up verify parameters and adds support for integrated policy
checking.

Add support for policy related command line options. Currently only in smime
application.

WARNING: experimental code subject to change.

wrapping preprocessor directive.  This also removes a duplicate
declaration.

remove some unnecessary includes from the internal header ssl_locl.h. This
then requires adding includes for bn.h in four C files.

the symbol name).

functions and macros.

This change has associated tags: LEVITTE_before_const and
LEVITTE_after_const.  Those will be removed when this change has been
properly reviewed.

Therefore, change all instances of the symbol 'list' to something else.

PR: 758
Submitted by: Frédéric Giudicelli <groups@newpki.org>

compression identity is already present among the registered
compression methods, and if so, reject the addition request.

Declare SSL_COMP_get_compression_method() so it can be used properly.

Change ssltest.c so it checks what compression methods are available
and enumerates them.  As a side-effect, built-in compression methods
will be automagically loaded that way.  Additionally, change the
identities for ZLIB and RLE to be conformant to
draft-ietf-tls-compression-05.txt.

Finally, make update.

Next on my list: have the built-in compression methods added
"automatically" instead of requiring that the author call
SSL_COMP_add_compression_method() or
SSL_COMP_get_compression_methods().

elements directly, so this missing functionality is required.

PR: 276

ZLIB a known compression method, with the identity 1.

relates to SSL_CTX flags and the use of "external" session caching. The
existing flag, "SSL_SESS_CACHE_NO_INTERNAL_LOOKUP" remains but is
supplemented with a complimentary flag, "SSL_SESS_CACHE_NO_INTERNAL_STORE".
The bitwise OR of the two flags is also defined as
"SSL_SESS_CACHE_NO_INTERNAL" and is the flag that should be used by most
applications wanting to implement session caching *entirely* by its own
provided callbacks. As the documented behaviour contradicted actual
behaviour up until recently, and since that point behaviour has itself been
inconsistent anyway, this change should not introduce any compatibility
problems. I've adjusted the relevant documentation to elaborate about how
this works.

Kudos to "Nadav Har'El" <nyh@math.technion.ac.il> for diagnosing these
anomalies and testing this patch for correctness.

PR: 311

the same source file.

PR: 189

Submitted by: Douglas Stebila <douglas.stebila@sun.com>
(Authors: Vipul Gupta and Sumit Gupta, Sun Microsystems Laboratories)

Changes marked "(CHATS)" were sponsored by the Defense Advanced
Research Projects Agency (DARPA) and Air Force Research Laboratory,
Air Force Materiel Command, USAF, under agreement number
F30602-01-2-0537.

Submitted by:
Reviewed by:
PR: 127

vulnerability workaround (included in SSL_OP_ALL).

PR: #90

in the default ciphersuite list

Fix ASN1 additions for KRB5

Submitted by: D. K. Smetters <smetters@parc.xerox.com>
Reviewed by: Bodo Moeller

to indicate that a real handshake is taking place (the value will be
lost during multiple invocations). Set s->new_session to 2 instead.