handling out of #ifndef OPENSSL_NO_DTLS1 section.
Reviewed-by: NRich Salz <rsalz@openssl.org>

The documentation is wrong about what happens when the
session cache fills up.
Reviewed-by: NTim Hudson <tjh@openssl.org>

pod2man now complains when item tags are not sequential.
Also complains about missing =back and other tags.
Silence the warnings; most were already done.
Reviewed-by: NTim Hudson <tjh@openssl.org>

Reviewed-by: NEmilia Käsper <emilia@openssl.org>

The description of when the server creates a DH key is
confusing.  This cleans it up.
(rsalz: also removed trailing whitespace.)
Reviewed-by: NViktor Dukhovni <viktor@openssl.org>

The description of when the server creates a DH key is
confusing.  This cleans it up.
(rsalz: also removed trailing whitespace.)
Reviewed-by: NViktor Dukhovni <viktor@openssl.org>

In two OpenSSL manual pages, in the NAME section, the last word of the
name list is followed by a stray trailing comma. While this may seem
minor, it is worth fixing because it may confuse some makewhatis(8)
implementations.

While here, also add the missing word "size" to the one line
description in SSL_CTX_set_max_cert_list(3).

Reviewed by: Dr Stephen Henson <shenson@drh-consultancy.co.uk>

    298 424 656 882 939 1630 1807 2263 2294 2311 2424 2623
    2637 2686 2697 2921 2922 2940 3055 3112 3156 3177 3277

Update protocols supported and note that SSLv2 is effectively disabled
by default.

PR#3184

Document that the certificate passed to SSL_CTX_add_extra_chain_cert()
should not be freed by the application.

PR#3409

Add TLS padding extension to SSL_OP_ALL so it is used with other
"bugs" options and can be turned off.

This replaces SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG which is an ancient
option referring to SSLv2 and SSLREF.

PR#3336

RT: 3304

Signed-off-by: NChris Rorvick <chris@rorvick.com>

(cherry picked from commit 1f44dac24d1cb752b1a06be9091bb03a88a8598e)

Don't clear verification errors from the error queue unless
SSL_BUILD_CHAIN_FLAG_CLEAR_ERROR is set.

If errors occur during verification and SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR
is set return 2 so applications can issue warnings.
(cherry picked from commit 2dd6976f6d02f98b30c376951ac38f780a86b3b5)

New flags to build certificate chains. The can be used to rearrange
the chain so all an application needs to do is add all certificates
in arbitrary order and then build the chain to check and correct them.

Add verify error code when building chain.

Update docs.

New ctrl sets current certificate based on certain criteria. Currently
two options: set the first valid certificate as current and set the
next valid certificate as current. Using these an application can
iterate over all certificates in an SSL_CTX or SSL structure.

change documentation and comments to indicate that we prefer the
standard "DHE" naming scheme everywhere over the older "EDH"

Fix a limitation in SSL_CTX_use_certificate_chain_file(): use algorithm
specific chains instead of the shared chain.

Update docs.

New functions to retrieve current certificate or private key
from an SSL_CTX.

Constify SSL_get_private_key().

PR#3169

This patch, which currently applies successfully against master and
1_0_2, adds the following functions:

SSL_[CTX_]select_current_cert() - set the current certificate without
disturbing the existing structure.

SSL_[CTX_]get0_chain_certs() - get the current certificate's chain.

SSL_[CTX_]clear_chain_certs() - clear the current certificate's chain.

The patch also adds these functions to, and fixes some existing errors
in, SSL_CTX_add1_chain_cert.pod.

This fixes problems in POD list formatting: extra or missing =back
sequences.

doc/ssl/SSL_CTX_set1_curves.pod around line 90: =back without =over
doc/ssl/SSL_CTX_set1_verify_cert_store.pod around line 73: =back without =over
doc/ssl/SSL_CTX_add1_chain_cert.pod around line 82: =back without =over
doc/crypto/evp.pod around line 40: '=item' outside of any '=over'
crypto/des/des.pod around line 184: You forgot a '=back' before '=head1'

PR#3147

Newer pod2man considers =item [1-9] part of a numbered list, while =item
0 starts an unnumbered list. Add a zero effect formatting mark to override
this.

doc/apps/smime.pod around line 315: Expected text after =item, not a
number
...

PR#3146