symbols for debugging are defined.

Call dh_tmp_cb with correct 'is_export' flag.

Avoid tabs in CHANGES.

with a failure.

Fix typos in some error codes.

ssl3_get_message, which is more logical (and avoids a bug,
in addition to the one that I introduced yesterday :-)
and makes Microsoft "fast SGC" less special.
MS SGC should still work now without an extra state of its own
(it goes directly to SSL3_ST_SR_CLNT_HELLO_C, which is the usual state
for reading the body of a Client Hello message), however this should
be tested to make sure, and I don't have a MS SGC client.

eliminate some of the -Wcast-qual warnings (debug-ben-strict target)

(including another problem in the s3_srvr.c state machine).

minor changes.

Docs haven't been added at this stage. They are probably
best included in the 'ciphers' program docs.

returns int (1 = ok, 0 = not seeded). New function RAND_add() is the
same as RAND_seed() but takes an estimate of the entropy as an additional
argument.

except when following the specs is bound to fail.

and verify rather than direct encrypt/decrypt.

While modifying the sources, I found some inconsistencies on the use of
s->cert vs. s->session->sess_cert; I don't know if those could
really have caused problems, but possibly this is a proper bug-fix
and not just a clean-up.

called sess_cert instead of just cert.  This is in preparation of further
changes: Probably often when s->session->sess_cert is used, we should
use s->cert instead; s->session->sess_cert should be a new structure
containing only the stuff that is for just one connection (e.g.
the peer's certificate, which the SSL client implementations currently
store in s->session->[sess_]cert, which is a very confusing thing to do).
Submitted by:
Reviewed by:
PR:

pointers.  The cert_st handling is changed by this in various ways.
Submitted by:
Reviewed by:
PR:

Submitted by:
Reviewed by:
PR:

Submitted by:
Reviewed by:
PR:

Submitted by:
Reviewed by:
PR: