1. Add provisional SCSV value.
2. Don't send SCSV and RI at same time.
3. Fatal error is SCSV received when renegotiating.

used compression algorithms in client hello (a legacy from when
the compression algorithm wasn't serialized with SSL_SESSION).

Change RI ctrl so it doesn't clash.

work in SSLv3: initial handshake has no extensions but includes MCSV, if
server indicates RI support then renegotiation handshakes include RI.

NB: current MCSV value is bogus for testing only, will be updated when we
have an official value.

Change mismatch alerts to handshake_failure as required by spec.

Also have some debugging fprintfs so we can clearly see what is going on
if OPENSSL_RI_DEBUG is set.

branches.

This means that http://www.openssl.org/news/changelog.html will
finally describe 0.9.8l.

and is a pre-requisite to adding password based CMS support.

load_crls and tidy up load_certs. Remove useless purpose variable from
verify utility: now done with args_verify.

Submitted by: steve@openssl.org

Add support for custom headers in OCSP requests.

ignored.

The functions ENGINE_ctrl(), OPENSSL_isservice(), EVP_PKEY_sign(),
CMS_get1_RecipientRequest() and RAND_bytes() can return <=0 on error fix
so the return code is checked correctly.

in devteam warnings into other configurations.

obsolete functions and enhance to handle new conditions such as policy printing.

Make it possible to install OpenSSL in directories with name other
than "lib" for example "lib64". Based on patch from Jeremy Utley.