Submitted by: Jouni Malinen <j@w1.fi>
Approved by: steve@openssl.org

Ticket override support for EAP-FAST.

and should avoid any OS date limitations such as the year 2038 bug.

enable disabled ciphersuites.

Also, fix CHANGES (consistency with stable branch).

Submitted by: Nagendra Modadugu

Also, "CHANGES" clean-ups.

a delta CRL in addition to a full CRL. Check and search delta in addition to
the base.

Tidy CRL scoring system.

Add new CRL path validation error.

and CRL signing keys.

Delete X509_POLICY_REF code.

Fix handling of invalid policy extensions to return the correct error.

Add command line option to inhibit policy mappings.

TODO: robustness checking on name forms.

deprecate the original (numeric-only) scheme, and replace with the
CRYPTO_THREADID object. This hides the platform-specifics and should reduce
the possibility for programming errors (where failing to explicitly check
both thread ID forms could create subtle, platform-specific bugs).

Thanks to Bodo, for invaluable review and feedback.

Allow inibit any policy flag to be set in apps.

version some time soon.

Submitted by: Huang Ying
Reviewed by: Douglas Stebila

Fix flaw if 'Server Key exchange message' is omitted from a TLS
handshake which could lead to a cilent crash as found using the
Codenomicon TLS test suite (CVE-2008-1672)

Reviewed by: openssl-security@openssl.org

Obtained from: mark@awe.com

Fix double-free in TLS server name extensions which could lead to a remote
crash found by Codenomicon TLS test suite (CVE-2008-0891)

Reviewed by: openssl-security@openssl.org

Obtained from: jorton@redhat.com

PR: 1417, 1513
Submitted by: Erik de Castro Lopo <mle+openssl@mega-nerd.com>

from the OpenSSL distribution.