Some #include statements were not properly protected. This will go unnoted
on most systems as openssl/comp.h tends to be installed as a system header
file by default but may become visible when cross compiling.

test for them!

with the appropriate parameters which calls OBJ_bsearch(). A compiler will
typically inline this.

This avoids the need for cmp_xxx variables and fixes unchecked const issues
with CHECKED_PTR_OF()

Duplicate const.
Use of ; outside function.

strength "FIPS" to represent all FIPS approved ciphersuites without NULL
encryption.

Also, get rid of compile-time switch OPENSSL_NO_RELEASE_BUFFERS
because it was rather pointless (the new behavior has to be explicitly
requested by setting SSL_MODE_RELEASE_BUFFERS anyway).

(draft-rescorla-tls-opaque-prf-input-00.txt), and do some cleanups and
bugfixes on the way.  In particular, this fixes the buffer bounds
checks in ssl_add_clienthello_tlsext() and in ssl_add_serverhello_tlsext().

Note that the opaque PRF Input TLS extension is not compiled by default;
see CHANGES.

Submitted by: Victor B. Wagner <vitus@cryptocom.ru>

for OpenSSL.

PR: 1503
Submitted by: KISA
Reviewed by: Bodo Moeller

Submitted by: ran@cryptocom.ru
Reviewed by: steve@openssl.org

This change resolves a number of problems and obviates multiple kludges.
A new feature is that you can now say "AES256" or "AES128" (not just
"AES", which enables both).

In some cases the ciphersuite list generated from a given string is
affected by this change.  I hope this is just in those cases where the
previous behaviour did not make sense.

Also, change the default ciphersuite to give some prefererence to
ciphersuites with forwared secrecy (rather than using a random order).

Submitted by: Masashi Fujita
Reviewed by: Bodo Moeller

Submitted by: Douglas Stebila

Submitted by: Douglas Stebila

PR: 1191
Submitted by: Mika Kousa and Pasi Eronen of Nokia Corporation
Reviewed by: Nils Larsch

Submitted by: Peter Sylvester

 - fix indentation
 - rename some functions and macros
 - fix up confusion between SSL_ERROR_... and SSL_AD_... values

Submitted by: Peter Sylvester

pointer and make the SSL_METHOD parameter in SSL_CTX_new,
SSL_CTX_set_ssl_version and SSL_set_ssl_method const.

for locking code. The CRYPTO_LOCK_SSL_METHOD lock is now no longer used.

    	./configure no-deprecated [no-dsa] [no-dh] [no-ec] [no-rsa]
    	make depend all test
work again

PR: 1159

with the SSL_OP_NO_SSLv2 option.

1. "unsigned long long" isn't portable changed: to BN_ULLONG.
2. The LL prefix isn't allowed in VC++ but it isn't needed where it is used.
2. Avoid lots of compiler warnings about signed/unsigned mismatches.
3. Include new library directory pqueue in mk1mf build system.
4. Update symbols.