knock-on work than expected - they've been extracted into a patch
series that can be completed elsewhere, or in a different branch,
before merging back to HEAD.
(draft-rescorla-tls-opaque-prf-input-00.txt), and do some cleanups and
bugfixes on the way. In particular, this fixes the buffer bounds
checks in ssl_add_clienthello_tlsext() and in ssl_add_serverhello_tlsext().
Note that the opaque PRF Input TLS extension is not compiled by default;
see CHANGES.
Add command line options -certform, -keyform and -pass to s_client and
s_server. This supports the use of alternative passphrase sources, key formats
and keys handled by an ENGINE.
Update docs.
converted to upper case or something like that), the application-
level bio_dump_cb() has a name clash with the new library function
BIO_dump_cb(). The easiest fix is to rename the function at the
application level.
New macros SSL[_CTX]_set_msg_callback_arg().
Message callback imlementation for SSL 3.0/TLS 1.0 (no SSL 2.0 yet).
New '-msg' option for 'openssl s_client' and 'openssl s_server'
that enable a message callback that displays all protocol messages.
In ssl3_get_client_hello (ssl/s3_srvr.c), generate a fatal alert if
client_version is smaller than the protocol version in use.
Also change ssl23_get_client_hello (ssl/s23_srvr.c) to select TLS 1.0
if the client demanded SSL 3.0 but only TLS 1.0 is enabled; then the
client will at least see that alert.
Fix SSL[_CTX]_ctrl prototype (void * instead of char * for generic
pointer).
Add/update some OpenSSL copyright notices.
