46 files changed, 483 insertions, 109 deletions
diff --git a/src/lib/libssl/src/doc/HOWTO/certificates.txt b/src/lib/libssl/src/doc/HOWTO/certificates.txt
index d3a62545ad..a8a34c7abc 100644
--- a/src/lib/libssl/src/doc/HOWTO/certificates.txt
+++ b/src/lib/libssl/src/doc/HOWTO/certificates.txt
@@ -66,14 +66,13 @@ Section 5 will tell you more on how to handle the certificate you
 received.
-4. Creating a self-signed certificate
+4. Creating a self-signed test certificate
 If you don't want to deal with another certificate authority, or just
-want to create a test certificate for yourself, or are setting up a
+want to create a test certificate for yourself.  This is similar to
-certificate authority of your own, you may want to make the requested
+creating a certificate request, but creates a certificate instead of
-certificate a self-signed one.  This is similar to creating a
+a certificate request.  This is NOT the recommended way to create a
-certificate request, but creates a certificate instead of a
+CA certificate, see ca.txt.
-certificate request (1095 is 3 years):
  openssl req -new -x509 -key privkey.pem -out cacert.pem -days 1095
diff --git a/src/lib/libssl/src/doc/apps/asn1parse.pod b/src/lib/libssl/src/doc/apps/asn1parse.pod
index 69ee4dfee6..542d969066 100644
--- a/src/lib/libssl/src/doc/apps/asn1parse.pod
+++ b/src/lib/libssl/src/doc/apps/asn1parse.pod
@@ -16,6 +16,8 @@ B<openssl> B<asn1parse>
 [B<-i>]
 [B<-oid filename>]
 [B<-strparse offset>]
+[B<-genstr string>]
+[B<-genconf file>]
 =head1 DESCRIPTION
@@ -67,6 +69,14 @@ file is described in the NOTES section below.
 parse the contents octets of the ASN.1 object starting at B<offset>. This
 option can be used multiple times to "drill down" into a nested structure.
+=item B<-genstr string>, B<-genconf file>
+generate encoded data based on B<string>, B<file> or both using
+ASN1_generate_nconf() format. If B<file> only is present then the string
+is obtained from the default section using the name B<asn1>. The encoded
+data is passed through the ASN1 parser and printed out as though it came
+from a file, the contents can thus be examined and written to a file
+using the B<out> option. 
 =back
@@ -121,6 +131,38 @@ by white space. The final column is the rest of the line and is the
 C<1.2.3.4       shortName       A long name>
+=head1 EXAMPLES
+Parse a file:
+ openssl asn1parse -in file.pem
+Parse a DER file:
+ openssl asn1parse -inform DER -in file.der
+Generate a simple UTF8String:
+ openssl asn1parse -genstr 'UTF8:Hello World'
+Generate and write out a UTF8String, don't print parsed output:
+ openssl asn1parse -genstr 'UTF8:Hello World' -noout -out utf8.der
+Generate using a config file:
+ openssl asn1parse -genconf asn1.cnf -noout -out asn1.der
+Example config file:
+ asn1=SEQUENCE:seq_sect
+ [seq_sect]
+ field1=BOOL:TRUE
+ field2=EXP:0, UTF8:some random string
 =head1 BUGS
 There should be options to change the format of output lines. The output of some
diff --git a/src/lib/libssl/src/doc/apps/ca.pod b/src/lib/libssl/src/doc/apps/ca.pod
index f15df49d4f..5618c2dc9d 100644
--- a/src/lib/libssl/src/doc/apps/ca.pod
+++ b/src/lib/libssl/src/doc/apps/ca.pod
@@ -17,7 +17,6 @@ B<openssl> B<ca>
 [B<-crl_hold instruction>]
 [B<-crl_compromise time>]
 [B<-crl_CA_compromise time>]
-[B<-subj arg>]
 [B<-crldays days>]
 [B<-crlhours hours>]
 [B<-crlexts section>]
@@ -30,6 +29,7 @@ B<openssl> B<ca>
 [B<-key arg>]
 [B<-passin arg>]
 [B<-cert file>]
+[B<-selfsign>]
 [B<-in file>]
 [B<-out file>]
 [B<-notext>]
@@ -44,6 +44,9 @@ B<openssl> B<ca>
 [B<-extensions section>]
 [B<-extfile section>]
 [B<-engine id>]
+[B<-subj arg>]
+[B<-utf8>]
+[B<-multivalue-rdn>]
 =head1 DESCRIPTION
@@ -113,6 +116,20 @@ the password used to encrypt the private key. Since on some
 systems the command line arguments are visible (e.g. Unix with
 the 'ps' utility) this option should be used with caution.
+=item B<-selfsign>
+indicates the issued certificates are to be signed with the key
+the certificate requests were signed with (given with B<-keyfile>).
+Cerificate requests signed with a different key are ignored.  If
+B<-spkac>, B<-ss_cert> or B<-gencrl> are given, B<-selfsign> is
+ignored.
+A consequence of using B<-selfsign> is that the self-signed
+certificate appears among the entries in the certificate database
+(see the configuration option B<database>), and uses the same
+serial number counter as all other certificates sign with the
+self-signed certificate.
 =item B<-passin arg>
 the key password source. For more information about the format of B<arg>
@@ -203,6 +220,28 @@ to attempt to obtain a functional reference to the specified engine,
 thus initialising it if needed. The engine will then be set as the default
 for all available algorithms.
+=item B<-subj arg>
+supersedes subject name given in the request.
+The arg must be formatted as I</type0=value0/type1=value1/type2=...>,
+characters may be escaped by \ (backslash), no spaces are skipped.
+=item B<-utf8>
+this option causes field values to be interpreted as UTF8 strings, by 
+default they are interpreted as ASCII. This means that the field
+values, whether prompted from a terminal or obtained from a
+configuration file, must be valid UTF8 strings.
+=item B<-multivalue-rdn>
+this option causes the -subj argument to be interpretedt with full
+support for multivalued RDNs. Example:
+I</DC=org/DC=OpenSSL/DC=users/UID=123456+CN=John Doe>
+If -multi-rdn is not used then the UID value is I<123456+CN=John Doe>.
 =back
 =head1 CRL OPTIONS
@@ -253,12 +292,6 @@ B<time>. B<time> should be in GeneralizedTime format that is B<YYYYMMDDHHMMSSZ>.
 This is the same as B<crl_compromise> except the revocation reason is set to
 B<CACompromise>.
-=item B<-subj arg>
-supersedes subject name given in the request.
-The arg must be formatted as I</type0=value0/type1=value1/type2=...>,
-characters may be escaped by \ (backslash), no spaces are skipped.
 =item B<-crlexts section>
 the section of the configuration file containing CRL extensions to
@@ -359,11 +392,27 @@ the same as the B<-md> option. The message digest to use. Mandatory.
 the text database file to use. Mandatory. This file must be present
 though initially it will be empty.
+=item B<unique_subject>
+if the value B<yes> is given, the valid certificate entries in the
+database must have unique subjects.  if the value B<no> is given,
+several valid certificate entries may have the exact same subject.
+The default value is B<yes>, to be compatible with older (pre 0.9.8)
+versions of OpenSSL.  However, to make CA certificate roll-over easier,
+it's recommended to use the value B<no>, especially if combined with
+the B<-selfsign> command line option.
 =item B<serial>
 a text file containing the next serial number to use in hex. Mandatory.
 This file must be present and contain a valid serial number.
+=item B<crlnumber>
+a text file containing the next CRL number to use in hex. The crl number
+will be inserted in the CRLs only if this file exists. If this file is
+present, it must contain a valid CRL number.
 =item B<x509_extensions>
 the same as B<-extensions>.
@@ -554,8 +603,7 @@ if corrupted it can be difficult to fix. It is theoretically possible
 to rebuild the index file from all the issued certificates and a current
 CRL: however there is no option to do this.
-V2 CRL features like delta CRL support and CRL numbers are not currently
+V2 CRL features like delta CRLs are not currently supported.
-supported.
 Although several requests can be input and handled at once it is only
 possible to include one SPKAC or self signed certificate.
@@ -566,12 +614,6 @@ The use of an in memory text database can cause problems when large
 numbers of certificates are present because, as the name implies
 the database has to be kept in memory.
-It is not possible to certify two certificates with the same DN: this
-is a side effect of how the text database is indexed and it cannot easily
-be fixed without introducing other problems. Some S/MIME clients can use
-two certificates with the same DN for separate signing and encryption
-keys.
 The B<ca> command really needs rewriting or the required functionality
 exposed at either a command or interface level so a more friendly utility
 (perl script or GUI) can handle things properly. The scripts B<CA.sh> and
diff --git a/src/lib/libssl/src/doc/apps/ciphers.pod b/src/lib/libssl/src/doc/apps/ciphers.pod
index 81a2c43893..694e433ef3 100644
--- a/src/lib/libssl/src/doc/apps/ciphers.pod
+++ b/src/lib/libssl/src/doc/apps/ciphers.pod
@@ -105,7 +105,7 @@ The following is a list of all permitted cipher strings and their meanings.
 =item B<DEFAULT>
 the default cipher list. This is determined at compile time and is normally
-B<ALL:!ADH:RC4+RSA:+SSLv2:@STRENGTH>. This must be the first cipher string
+B<AES:ALL:!aNULL:!eNULL:+RC4:@STRENGTH>. This must be the first cipher string
 specified.
 =item B<COMPLEMENTOFDEFAULT>
@@ -125,11 +125,11 @@ the cipher suites not enabled by B<ALL>, currently being B<eNULL>.
 =item B<HIGH>
 "high" encryption cipher suites. This currently means those with key lengths larger
-than 128 bits.
+than 128 bits, and some cipher suites with 128-bit keys.
 =item B<MEDIUM>
-"medium" encryption cipher suites, currently those using 128 bit encryption.
+"medium" encryption cipher suites, currently some of those using 128 bit encryption.
 =item B<LOW>
@@ -146,7 +146,9 @@ export encryption algorithms. Including 40 and 56 bits algorithms.
 =item B<EXPORT56>
-56 bit export encryption algorithms.
+56 bit export encryption algorithms. In OpenSSL 0.9.8c and later the set of
+56 bit export ciphers is empty unless OpenSSL has been explicitly configured
+with support for experimental ciphers.
 =item B<eNULL>, B<NULL>
@@ -207,6 +209,10 @@ anonymous DH cipher suites.
 cipher suites using AES.
+=item B<CAMELLIA>
+cipher suites using Camellia.
 =item B<3DES>
 cipher suites using triple DES.
@@ -227,6 +233,10 @@ cipher suites using RC2.
 cipher suites using IDEA.
+=item B<SEED>
+cipher suites using SEED.
 =item B<MD5>
 cipher suites using MD5.
@@ -317,10 +327,10 @@ e.g. DES-CBC3-SHA. In these cases, RSA authentication is used.
 TLS_RSA_WITH_AES_128_CBC_SHA            AES128-SHA
 TLS_RSA_WITH_AES_256_CBC_SHA            AES256-SHA
- TLS_DH_DSS_WITH_AES_128_CBC_SHA         DH-DSS-AES128-SHA
+ TLS_DH_DSS_WITH_AES_128_CBC_SHA         Not implemented.
- TLS_DH_DSS_WITH_AES_256_CBC_SHA         DH-DSS-AES256-SHA
+ TLS_DH_DSS_WITH_AES_256_CBC_SHA         Not implemented.
- TLS_DH_RSA_WITH_AES_128_CBC_SHA         DH-RSA-AES128-SHA
+ TLS_DH_RSA_WITH_AES_128_CBC_SHA         Not implemented.
- TLS_DH_RSA_WITH_AES_256_CBC_SHA         DH-RSA-AES256-SHA
+ TLS_DH_RSA_WITH_AES_256_CBC_SHA         Not implemented.
 TLS_DHE_DSS_WITH_AES_128_CBC_SHA        DHE-DSS-AES128-SHA
 TLS_DHE_DSS_WITH_AES_256_CBC_SHA        DHE-DSS-AES256-SHA
@@ -330,6 +340,36 @@ e.g. DES-CBC3-SHA. In these cases, RSA authentication is used.
 TLS_DH_anon_WITH_AES_128_CBC_SHA        ADH-AES128-SHA
 TLS_DH_anon_WITH_AES_256_CBC_SHA        ADH-AES256-SHA
+=head2 Camellia ciphersuites from RFC4132, extending TLS v1.0
+ TLS_RSA_WITH_CAMELLIA_128_CBC_SHA      CAMELLIA128-SHA
+ TLS_RSA_WITH_CAMELLIA_256_CBC_SHA      CAMELLIA256-SHA
+ TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA   Not implemented.
+ TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA   Not implemented.
+ TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA   Not implemented.
+ TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA   Not implemented.
+ TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA  DHE-DSS-CAMELLIA128-SHA
+ TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA  DHE-DSS-CAMELLIA256-SHA
+ TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA  DHE-RSA-CAMELLIA128-SHA
+ TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA  DHE-RSA-CAMELLIA256-SHA
+ TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA  ADH-CAMELLIA128-SHA
+ TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA  ADH-CAMELLIA256-SHA
+=head2 SEED ciphersuites from RFC4162, extending TLS v1.0
+ TLS_RSA_WITH_SEED_CBC_SHA              SEED-SHA
+ TLS_DH_DSS_WITH_SEED_CBC_SHA           Not implemented.
+ TLS_DH_RSA_WITH_SEED_CBC_SHA           Not implemented.
+ TLS_DHE_DSS_WITH_SEED_CBC_SHA          DHE-DSS-SEED-SHA
+ TLS_DHE_RSA_WITH_SEED_CBC_SHA          DHE-RSA-SEED-SHA
+ TLS_DH_anon_WITH_SEED_CBC_SHA          ADH-SEED-SHA
 =head2 Additional Export 1024 and other cipher suites
 Note: these ciphers can also be used in SSL v3.
diff --git a/src/lib/libssl/src/doc/apps/config.pod b/src/lib/libssl/src/doc/apps/config.pod
index 8f823fa6d6..ace34b62bd 100644
--- a/src/lib/libssl/src/doc/apps/config.pod
+++ b/src/lib/libssl/src/doc/apps/config.pod
@@ -1,6 +1,8 @@
 =pod
+=for comment openssl_manual_section:5
 =head1 NAME
 config - OpenSSL CONF library configuration files
@@ -105,6 +107,11 @@ as any compliant applications. For example:
 some_new_oid = 1.2.3.4
 some_other_oid = 1.2.3.5
+In OpenSSL 0.9.8 it is also possible to set the value to the long name followed
+by a comma and the numerical OID form. For example:
+ shortName = some object long name, 1.2.3.4
 =head2 ENGINE CONFIGURATION MODULE
 This ENGINE configuration module has the name B<engines>. The value of this
diff --git a/src/lib/libssl/src/doc/apps/dgst.pod b/src/lib/libssl/src/doc/apps/dgst.pod
index b0d198724c..908cd2a6d6 100644
--- a/src/lib/libssl/src/doc/apps/dgst.pod
+++ b/src/lib/libssl/src/doc/apps/dgst.pod
@@ -18,6 +18,7 @@ B<openssl> B<dgst>
 [B<-verify filename>]
 [B<-prverify filename>]
 [B<-signature filename>]
+[B<-hmac key>]
 [B<file...>]
 [B<md5|md4|md2|sha1|sha|mdc2|ripemd160>]
@@ -78,6 +79,10 @@ verify the signature using the  the private key in "filename".
 the actual signature to verify.
+=item B<-hmac key>
+create a hashed MAC using "key".
 =item B<-rand file(s)>
 a file or files containing random data used to seed the random number
diff --git a/src/lib/libssl/src/doc/apps/enc.pod b/src/lib/libssl/src/doc/apps/enc.pod
index c43da5b3f1..4391c93360 100644
--- a/src/lib/libssl/src/doc/apps/enc.pod
+++ b/src/lib/libssl/src/doc/apps/enc.pod
@@ -227,6 +227,14 @@ Blowfish and RC5 algorithms use a 128 bit key.
 rc5-ecb            RC5 cipher in ECB mode
 rc5-ofb            RC5 cipher in OFB mode
+ aes-[128|192|256]-cbc  128/192/256 bit AES in CBC mode
+ aes-[128|192|256]      Alias for aes-[128|192|256]-cbc
+ aes-[128|192|256]-cfb  128/192/256 bit AES in 128 bit CFB mode
+ aes-[128|192|256]-cfb1 128/192/256 bit AES in 1 bit CFB mode
+ aes-[128|192|256]-cfb8 128/192/256 bit AES in 8 bit CFB mode
+ aes-[128|192|256]-ecb  128/192/256 bit AES in ECB mode
+ aes-[128|192|256]-ofb  128/192/256 bit AES in OFB mode
 =head1 EXAMPLES
 Just base64 encode a binary file:
diff --git a/src/lib/libssl/src/doc/apps/ocsp.pod b/src/lib/libssl/src/doc/apps/ocsp.pod
index 4f266058e5..b58ddc1788 100644
--- a/src/lib/libssl/src/doc/apps/ocsp.pod
+++ b/src/lib/libssl/src/doc/apps/ocsp.pod
@@ -73,7 +73,7 @@ specify output filename, default is standard output.
 This specifies the current issuer certificate. This option can be used
 multiple times. The certificate specified in B<filename> must be in
-PEM format.
+PEM format. This option B<MUST> come before any B<-cert> options.
 =item B<-cert filename>
@@ -146,7 +146,7 @@ certificate in such cases.
 =item B<-trust_other>
-the certificates specified by the B<-verify_certs> option should be explicitly
+the certificates specified by the B<-verify_other> option should be explicitly
 trusted and no additional checks will be performed on them. This is useful
 when the complete responder certificate chain is not available or trusting a
 root CA is not appropriate.
@@ -154,7 +154,7 @@ root CA is not appropriate.
 =item B<-VAfile file>
 file containing explicitly trusted responder certificates. Equivalent to the
-B<-verify_certs> and B<-trust_other> options.
+B<-verify_other> and B<-trust_other> options.
 =item B<-noverify>
@@ -166,7 +166,7 @@ of the responders certificate.
 ignore certificates contained in the OCSP response when searching for the
 signers certificate. With this option the signers certificate must be specified
-with either the B<-verify_certs> or B<-VAfile> options.
+with either the B<-verify_other> or B<-VAfile> options.
 =item B<-no_signature_verify>
diff --git a/src/lib/libssl/src/doc/apps/openssl.pod b/src/lib/libssl/src/doc/apps/openssl.pod
index dc0f49ddca..964cdf0f02 100644
--- a/src/lib/libssl/src/doc/apps/openssl.pod
+++ b/src/lib/libssl/src/doc/apps/openssl.pod
@@ -227,6 +227,22 @@ SHA Digest
 SHA-1 Digest
+=item B<sha224>
+SHA-224 Digest
+=item B<sha256>
+SHA-256 Digest
+=item B<sha384>
+SHA-384 Digest
+=item B<sha512>
+SHA-512 Digest
 =back
 =head2 ENCODING AND CIPHER COMMANDS
diff --git a/src/lib/libssl/src/doc/apps/req.pod b/src/lib/libssl/src/doc/apps/req.pod
index e2b5d0d8ec..82b565c9d4 100644
--- a/src/lib/libssl/src/doc/apps/req.pod
+++ b/src/lib/libssl/src/doc/apps/req.pod
@@ -30,6 +30,7 @@ B<openssl> B<req>
 [B<-[md5|sha1|md2|mdc2]>]
 [B<-config filename>]
 [B<-subj arg>]
+[B<-multivalue-rdn>]
 [B<-x509>]
 [B<-days n>]
 [B<-set_serial n>]
@@ -173,6 +174,15 @@ when processing a request.
 The arg must be formatted as I</type0=value0/type1=value1/type2=...>,
 characters may be escaped by \ (backslash), no spaces are skipped.
+=item B<-multivalue-rdn>
+this option causes the -subj argument to be interpreted with full
+support for multivalued RDNs. Example:
+I</DC=org/DC=OpenSSL/DC=users/UID=123456+CN=John Doe>
+If -multi-rdn is not used then the UID value is I<123456+CN=John Doe>.
 =item B<-x509>
 this option outputs a self signed certificate instead of a certificate
diff --git a/src/lib/libssl/src/doc/apps/rsautl.pod b/src/lib/libssl/src/doc/apps/rsautl.pod
index a7c1681d98..1a498c2f62 100644
--- a/src/lib/libssl/src/doc/apps/rsautl.pod
+++ b/src/lib/libssl/src/doc/apps/rsautl.pod
@@ -152,7 +152,7 @@ The final BIT STRING contains the actual signature. It can be extracted with:
 The certificate public key can be extracted with:
 
- openssl x509 -in test/testx509.pem -pubout -noout >pubkey.pem
+ openssl x509 -in test/testx509.pem -pubkey -noout >pubkey.pem
 The signature can be analysed with:
diff --git a/src/lib/libssl/src/doc/apps/s_client.pod b/src/lib/libssl/src/doc/apps/s_client.pod
index 8d19079973..c44d357cf7 100644
--- a/src/lib/libssl/src/doc/apps/s_client.pod
+++ b/src/lib/libssl/src/doc/apps/s_client.pod
@@ -11,7 +11,10 @@ B<openssl> B<s_client>
 [B<-connect host:port>]
 [B<-verify depth>]
 [B<-cert filename>]
+[B<-certform DER|PEM>]
 [B<-key filename>]
+[B<-keyform DER|PEM>]
+[B<-pass arg>]
 [B<-CApath directory>]
 [B<-CAfile filename>]
 [B<-reconnect>]
@@ -35,6 +38,10 @@ B<openssl> B<s_client>
 [B<-cipher cipherlist>]
 [B<-starttls protocol>]
 [B<-engine id>]
+[B<-tlsextdebug>]
+[B<-no_ticket>]
+[B<-sess_out filename>]
+[B<-sess_in filename>]
 [B<-rand file(s)>]
 =head1 DESCRIPTION
@@ -57,11 +64,24 @@ then an attempt is made to connect to the local host on port 4433.
 The certificate to use, if one is requested by the server. The default is
 not to use a certificate.
+=item B<-certform format>
+The certificate format to use: DER or PEM. PEM is the default.
 =item B<-key keyfile>
 The private key to use. If not specified then the certificate file will
 be used.
+=item B<-keyform format>
+The private format to use: DER or PEM. PEM is the default.
+=item B<-pass arg>
+the private key password source. For more information about the format of B<arg>
+see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
 =item B<-verify depth>
 The verify depth to use. This specifies the maximum length of the
@@ -168,7 +188,27 @@ command for more information.
 send the protocol-specific message(s) to switch to TLS for communication.
 B<protocol> is a keyword for the intended protocol.  Currently, the only
-supported keywords are "smtp" and "pop3".
+supported keywords are "smtp", "pop3", "imap", and "ftp".
+=item B<-tlsextdebug>
+print out a hex dump of any TLS extensions received from the server. Note: this
+option is only available if extension support is explicitly enabled at compile
+time
+=item B<-no_ticket>
+disable RFC4507bis session ticket support. Note: this option is only available
+if extension support is explicitly enabled at compile time
+=item B<-sess_out filename>
+output SSL session to B<filename>
+=item B<-sess_in sess.pem>
+load SSL session from B<filename>. The client will attempt to resume a
+connection from this session.
 =item B<-engine id>
@@ -230,6 +270,13 @@ on the command line is no guarantee that the certificate works.
 If there are problems verifying a server certificate then the
 B<-showcerts> option can be used to show the whole chain.
+Since the SSLv23 client hello cannot include compression methods or extensions
+these will only be supported if its use is disabled, for example by using the
+B<-no_sslv2> option.
+TLS extensions are only supported in OpenSSL 0.9.8 if they are explictly
+enabled at compile time using for example the B<enable-tlsext> switch.
 =head1 BUGS
 Because this program has a lot of options and also because some of
diff --git a/src/lib/libssl/src/doc/apps/s_server.pod b/src/lib/libssl/src/doc/apps/s_server.pod
index 1d21921e47..fdcc170e28 100644
--- a/src/lib/libssl/src/doc/apps/s_server.pod
+++ b/src/lib/libssl/src/doc/apps/s_server.pod
@@ -12,10 +12,18 @@ B<openssl> B<s_server>
 [B<-context id>]
 [B<-verify depth>]
 [B<-Verify depth>]
+[B<-crl_check>]
+[B<-crl_check_all>]
 [B<-cert filename>]
+[B<-certform DER|PEM>]
 [B<-key keyfile>]
+[B<-keyform DER|PEM>]
+[B<-pass arg>]
 [B<-dcert filename>]
+[B<-dcertform DER|PEM>]
 [B<-dkey keyfile>]
+[B<-dkeyform DER|PEM>]
+[B<-dpass arg>]
 [B<-dhparam filename>]
 [B<-nbio>]
 [B<-nbio_test>]
@@ -42,6 +50,8 @@ B<openssl> B<s_server>
 [B<-WWW>]
 [B<-HTTP>]
 [B<-engine id>]
+[B<-tlsextdebug>]
+[B<-no_ticket>]
 [B<-id_prefix arg>]
 [B<-rand file(s)>]
@@ -70,11 +80,24 @@ certificate and some require a certificate with a certain public key type:
 for example the DSS cipher suites require a certificate containing a DSS
 (DSA) key. If not specified then the filename "server.pem" will be used.
+=item B<-certform format>
+The certificate format to use: DER or PEM. PEM is the default.
 =item B<-key keyfile>
 The private key to use. If not specified then the certificate file will
 be used.
+=item B<-keyform format>
+The private format to use: DER or PEM. PEM is the default.
+=item B<-pass arg>
+the private key password source. For more information about the format of B<arg>
+see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
 =item B<-dcert filename>, B<-dkey keyname>
 specify an additional certificate and private key, these behave in the
@@ -86,6 +109,10 @@ and some a DSS (DSA) key. By using RSA and DSS certificates and keys
 a server can support clients which only support RSA or DSS cipher suites
 by using an appropriate certificate.
+=item B<-dcertform format>, B<-dkeyform format>, B<-dpass arg>
+addtional certificate and private key format and passphrase respectively.
 =item B<-nocert>
 if this option is set then no certificate is used. This restricts the
@@ -117,6 +144,12 @@ the client. With the B<-verify> option a certificate is requested but the
 client does not have to send one, with the B<-Verify> option the client
 must supply a certificate or an error occurs.
+=item B<-crl_check>, B<-crl_check_all>
+Check the peer certificate has not been revoked by its CA.
+The CRL(s) are appended to the certificate file. With the B<-crl_check_all>
+option all CRLs of all CAs in the chain are checked.
 =item B<-CApath directory>
 The directory to use for client certificate verification. This directory
@@ -182,6 +215,14 @@ also included in the server list is used. Because the client specifies
 the preference order, the order of the server cipherlist irrelevant. See
 the B<ciphers> command for more information.
+=item B<-tlsextdebug>
+print out a hex dump of any TLS extensions received from the server.
+=item B<-no_ticket>
+disable RFC4507bis session ticket support. 
 =item B<-www>
 sends a status message back to the client when it connects. This includes
@@ -284,6 +325,9 @@ mean any CA is acceptable. This is useful for debugging purposes.
 The session parameters can printed out using the B<sess_id> program.
+TLS extensions are only supported in OpenSSL 0.9.8 if they are explictly
+enabled at compile time using for example the B<enable-tlsext> switch.
 =head1 BUGS
 Because this program has a lot of options and also because some of
diff --git a/src/lib/libssl/src/doc/apps/smime.pod b/src/lib/libssl/src/doc/apps/smime.pod
index 84b673f791..caf2d2689e 100644
--- a/src/lib/libssl/src/doc/apps/smime.pod
+++ b/src/lib/libssl/src/doc/apps/smime.pod
@@ -20,6 +20,9 @@ B<openssl> B<smime>
 [B<-aes128>]
 [B<-aes192>]
 [B<-aes256>]
+[B<-camellia128>]
+[B<-camellia192>]
+[B<-camellia256>]
 [B<-in file>]
 [B<-certfile file>]
 [B<-signer file>]
@@ -129,10 +132,10 @@ B<-verify>. This directory must be a standard certificate directory: that
 is a hash of each subject name (using B<x509 -hash>) should be linked
 to each certificate.
-=item B<-des -des3 -rc2-40 -rc2-64 -rc2-128 -aes128 -aes192 -aes256>
+=item B<-des -des3 -rc2-40 -rc2-64 -rc2-128 -aes128 -aes192 -aes256 -camellia128 -camellia192 -camellia256>
 the encryption algorithm to use. DES (56 bits), triple DES (168 bits),
-40, 64 or 128 bit RC2 or 128, 192 or 256 bit AES respectively.  If not
+40, 64 or 128 bit RC2, 128, 192 or 256 bit AES, or 128, 192 or 256 bit Camellia respectively.  If not
 specified 40 bit RC2 is used. Only used with B<-encrypt>.
 =item B<-nointern>
@@ -354,6 +357,10 @@ alternatively you can base64 decode the signature and use
 openssl smime -verify -inform DER -in signature.der -content content.txt
+Create an encrypted message using 128 bit Camellia:
+ openssl smime -encrypt -in plain.txt -camellia128 -out mail.msg cert.pem
 =head1 BUGS
 The MIME parser isn't very clever: it seems to handle most messages that I've thrown
diff --git a/src/lib/libssl/src/doc/apps/verify.pod b/src/lib/libssl/src/doc/apps/verify.pod
index ea5c29c150..ff2629d2cf 100644
--- a/src/lib/libssl/src/doc/apps/verify.pod
+++ b/src/lib/libssl/src/doc/apps/verify.pod
@@ -169,7 +169,7 @@ the operation was successful.
 the issuer certificate could not be found: this occurs if the issuer certificate
 of an untrusted certificate cannot be found.
-=item B<3 X509_V_ERR_UNABLE_TO_GET_CRL unable to get certificate CRL>
+=item B<3 X509_V_ERR_UNABLE_TO_GET_CRL: unable to get certificate CRL>
 the CRL of a certificate could not be found. Unused.
diff --git a/src/lib/libssl/src/doc/apps/x509.pod b/src/lib/libssl/src/doc/apps/x509.pod
index 50343cd685..a925da41f1 100644
--- a/src/lib/libssl/src/doc/apps/x509.pod
+++ b/src/lib/libssl/src/doc/apps/x509.pod
@@ -17,6 +17,8 @@ B<openssl> B<x509>
 [B<-out filename>]
 [B<-serial>]
 [B<-hash>]
+[B<-subject_hash>]
+[B<-issuer_hash>]
 [B<-subject>]
 [B<-issuer>]
 [B<-nameopt option>]
@@ -96,8 +98,8 @@ default.
 the digest to use. This affects any signing or display option that uses a message
 digest, such as the B<-fingerprint>, B<-signkey> and B<-CA> options. If not
-specified then MD5 is used. If the key being used to sign with is a DSA key then
+specified then SHA1 is used. If the key being used to sign with is a DSA key
-this option has no effect: SHA1 is always used with DSA keys.
+then this option has no effect: SHA1 is always used with DSA keys.
 =item B<-engine id>
@@ -141,12 +143,20 @@ contained in the certificate.
 outputs the certificate serial number.
-=item B<-hash>
+=item B<-subject_hash>
 outputs the "hash" of the certificate subject name. This is used in OpenSSL to
 form an index to allow certificates in a directory to be looked up by subject
 name.
+=item B<-issuer_hash>
+outputs the "hash" of the certificate issuer name.
+=item B<-hash>
+synonym for "-hash" for backward compatibility reasons.
 =item B<-subject>
 outputs the subject name.
@@ -394,13 +404,13 @@ B<sep_comma_plus>, B<dn_rev> and B<sname>.
 a oneline format which is more readable than RFC2253. It is equivalent to
 specifying the  B<esc_2253>, B<esc_ctrl>, B<esc_msb>, B<utf8>, B<dump_nostr>,
-B<dump_der>, B<use_quote>, B<sep_comma_plus_spc>, B<spc_eq> and B<sname>
+B<dump_der>, B<use_quote>, B<sep_comma_plus_space>, B<space_eq> and B<sname>
 options.
 =item B<multiline>
 a multiline format. It is equivalent B<esc_ctrl>, B<esc_msb>, B<sep_multiline>,
-B<spc_eq>, B<lname> and B<align>.
+B<space_eq>, B<lname> and B<align>.
 =item B<esc_2253>
@@ -500,7 +510,7 @@ diagnostic purpose.
 align field values for a more readable output. Only usable with
 B<sep_multiline>.
-=item B<spc_eq>
+=item B<space_eq>
 places spaces round the B<=> character which follows the field
 name.
@@ -610,7 +620,7 @@ Display the certificate subject name in RFC2253 form:
 Display the certificate subject name in oneline form on a terminal
 supporting UTF8:
- openssl x509 -in cert.pem -noout -subject -nameopt oneline,-escmsb
+ openssl x509 -in cert.pem -noout -subject -nameopt oneline,-esc_msb
 Display the certificate MD5 fingerprint:
@@ -815,4 +825,8 @@ OpenSSL 0.9.5 and later.
 L<req(1)|req(1)>, L<ca(1)|ca(1)>, L<genrsa(1)|genrsa(1)>,
 L<gendsa(1)|gendsa(1)>, L<verify(1)|verify(1)>
+=head1 HISTORY
+Before OpenSSL 0.9.8, the default digest for RSA keys was MD5.
 =cut
diff --git a/src/lib/libssl/src/doc/c-indentation.el b/src/lib/libssl/src/doc/c-indentation.el
index cbf01cb172..90861d3979 100644
--- a/src/lib/libssl/src/doc/c-indentation.el
+++ b/src/lib/libssl/src/doc/c-indentation.el
@@ -20,6 +20,7 @@
 (c-add-style "eay"
             '((c-basic-offset . 8)
+               (indent-tabs-mode . t)
               (c-comment-only-line-offset . 0)
               (c-hanging-braces-alist)
               (c-offsets-alist . ((defun-open . +)
diff --git a/src/lib/libssl/src/doc/crypto/BIO_f_base64.pod b/src/lib/libssl/src/doc/crypto/BIO_f_base64.pod
index 929557d22f..438af3b6b6 100644
--- a/src/lib/libssl/src/doc/crypto/BIO_f_base64.pod
+++ b/src/lib/libssl/src/doc/crypto/BIO_f_base64.pod
@@ -63,7 +63,7 @@ data to standard output:
 bio = BIO_new_fp(stdin, BIO_NOCLOSE);
 bio_out = BIO_new_fp(stdout, BIO_NOCLOSE);
 bio = BIO_push(b64, bio);
- while((inlen = BIO_read(bio, inbuf, 512) > 0) 
+ while((inlen = BIO_read(bio, inbuf, 512)) > 0) 
        BIO_write(bio_out, inbuf, inlen);
 BIO_free_all(bio);
diff --git a/src/lib/libssl/src/doc/crypto/BIO_set_callback.pod b/src/lib/libssl/src/doc/crypto/BIO_set_callback.pod
index 9b6961ca8d..4759556245 100644
--- a/src/lib/libssl/src/doc/crypto/BIO_set_callback.pod
+++ b/src/lib/libssl/src/doc/crypto/BIO_set_callback.pod
@@ -17,7 +17,7 @@ BIO_debug_callback - BIO callback functions
 long BIO_debug_callback(BIO *bio,int cmd,const char *argp,int argi,
        long argl,long ret);
- typedef long callback(BIO *b, int oper, const char *argp,
+ typedef long (*callback)(BIO *b, int oper, const char *argp,
                        int argi, long argl, long retvalue);
 =head1 DESCRIPTION
diff --git a/src/lib/libssl/src/doc/crypto/BN_add_word.pod b/src/lib/libssl/src/doc/crypto/BN_add_word.pod
index 94244adea4..70667d2893 100644
--- a/src/lib/libssl/src/doc/crypto/BN_add_word.pod
+++ b/src/lib/libssl/src/doc/crypto/BN_add_word.pod
@@ -29,11 +29,11 @@ BN_add_word() adds B<w> to B<a> (C<a+=w>).
 BN_sub_word() subtracts B<w> from B<a> (C<a-=w>).
-BN_mul_word() multiplies B<a> and B<w> (C<a*=b>).
+BN_mul_word() multiplies B<a> and B<w> (C<a*=w>).
 BN_div_word() divides B<a> by B<w> (C<a/=w>) and returns the remainder.
-BN_mod_word() returns the remainder of B<a> divided by B<w> (C<a%m>).
+BN_mod_word() returns the remainder of B<a> divided by B<w> (C<a%w>).
 For BN_div_word() and BN_mod_word(), B<w> must not be 0.
@@ -42,7 +42,8 @@ For BN_div_word() and BN_mod_word(), B<w> must not be 0.
 BN_add_word(), BN_sub_word() and BN_mul_word() return 1 for success, 0
 on error. The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
-BN_mod_word() and BN_div_word() return B<a>%B<w>.
+BN_mod_word() and BN_div_word() return B<a>%B<w> on success and
+B<(BN_ULONG)-1> if an error occurred.
 =head1 SEE ALSO
@@ -54,4 +55,7 @@ BN_add_word() and BN_mod_word() are available in all versions of
 SSLeay and OpenSSL. BN_div_word() was added in SSLeay 0.8, and
 BN_sub_word() and BN_mul_word() in SSLeay 0.9.0.
+Before 0.9.8a the return value for BN_div_word() and BN_mod_word()
+in case of an error was 0.
 =cut
diff --git a/src/lib/libssl/src/doc/crypto/BN_new.pod b/src/lib/libssl/src/doc/crypto/BN_new.pod
index 3033789c51..ab7a105e3a 100644
--- a/src/lib/libssl/src/doc/crypto/BN_new.pod
+++ b/src/lib/libssl/src/doc/crypto/BN_new.pod
@@ -20,7 +20,7 @@ BN_new, BN_init, BN_clear, BN_free, BN_clear_free - allocate and free BIGNUMs
 =head1 DESCRIPTION
-BN_new() allocated and initializes a B<BIGNUM> structure. BN_init()
+BN_new() allocates and initializes a B<BIGNUM> structure. BN_init()
 initializes an existing uninitialized B<BIGNUM>.
 BN_clear() is used to destroy sensitive data such as keys when they
diff --git a/src/lib/libssl/src/doc/crypto/DH_set_method.pod b/src/lib/libssl/src/doc/crypto/DH_set_method.pod
index 73261fc467..d5cdc3be0c 100644
--- a/src/lib/libssl/src/doc/crypto/DH_set_method.pod
+++ b/src/lib/libssl/src/doc/crypto/DH_set_method.pod
@@ -36,7 +36,7 @@ structures created later. B<NB>: This is true only whilst no ENGINE has been set
 as a default for DH, so this function is no longer recommended.
 DH_get_default_method() returns a pointer to the current default DH_METHOD.
-However, the meaningfulness of this result is dependant on whether the ENGINE
+However, the meaningfulness of this result is dependent on whether the ENGINE
 API is being used, so this function is no longer recommended.
 DH_set_method() selects B<meth> to perform all operations using the key B<dh>.
diff --git a/src/lib/libssl/src/doc/crypto/DSA_set_method.pod b/src/lib/libssl/src/doc/crypto/DSA_set_method.pod
index bc3cfb1f0a..9c1434bd8d 100644
--- a/src/lib/libssl/src/doc/crypto/DSA_set_method.pod
+++ b/src/lib/libssl/src/doc/crypto/DSA_set_method.pod
@@ -36,7 +36,7 @@ structures created later. B<NB>: This is true only whilst no ENGINE has
 been set as a default for DSA, so this function is no longer recommended.
 DSA_get_default_method() returns a pointer to the current default
-DSA_METHOD. However, the meaningfulness of this result is dependant on
+DSA_METHOD. However, the meaningfulness of this result is dependent on
 whether the ENGINE API is being used, so this function is no longer 
 recommended.
diff --git a/src/lib/libssl/src/doc/crypto/EVP_BytesToKey.pod b/src/lib/libssl/src/doc/crypto/EVP_BytesToKey.pod
index 016381f3e9..d375c46e03 100644
--- a/src/lib/libssl/src/doc/crypto/EVP_BytesToKey.pod
+++ b/src/lib/libssl/src/doc/crypto/EVP_BytesToKey.pod
@@ -60,7 +60,7 @@ EVP_BytesToKey() returns the size of the derived key in bytes.
 =head1 SEE ALSO
 L<evp(3)|evp(3)>, L<rand(3)|rand(3)>,
-L<EVP_EncryptInit(3)|EVP_EncryptInit(3)>,
+L<EVP_EncryptInit(3)|EVP_EncryptInit(3)>
 =head1 HISTORY
diff --git a/src/lib/libssl/src/doc/crypto/EVP_DigestInit.pod b/src/lib/libssl/src/doc/crypto/EVP_DigestInit.pod
index faa992286b..236e2fa8d1 100644
--- a/src/lib/libssl/src/doc/crypto/EVP_DigestInit.pod
+++ b/src/lib/libssl/src/doc/crypto/EVP_DigestInit.pod
@@ -18,7 +18,7 @@ EVP digest routines
 EVP_MD_CTX *EVP_MD_CTX_create(void);
 int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl);
- int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt);
+ int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, size_t cnt);
 int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md,
        unsigned int *s);
diff --git a/src/lib/libssl/src/doc/crypto/EVP_SealInit.pod b/src/lib/libssl/src/doc/crypto/EVP_SealInit.pod
index 48a0e29954..7d793e19ef 100644
--- a/src/lib/libssl/src/doc/crypto/EVP_SealInit.pod
+++ b/src/lib/libssl/src/doc/crypto/EVP_SealInit.pod
@@ -8,9 +8,9 @@ EVP_SealInit, EVP_SealUpdate, EVP_SealFinal - EVP envelope encryption
 #include <openssl/evp.h>
- int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, 
+ int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
-                unsigned char **ek, int *ekl, unsigned char *iv,
+                  unsigned char **ek, int *ekl, unsigned char *iv,
-                EVP_PKEY **pubk, int npubk);
+                  EVP_PKEY **pubk, int npubk);
 int EVP_SealUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
         int *outl, unsigned char *in, int inl);
 int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
diff --git a/src/lib/libssl/src/doc/crypto/RAND_bytes.pod b/src/lib/libssl/src/doc/crypto/RAND_bytes.pod
index ce6329ce54..1a9b91e281 100644
--- a/src/lib/libssl/src/doc/crypto/RAND_bytes.pod
+++ b/src/lib/libssl/src/doc/crypto/RAND_bytes.pod
@@ -25,6 +25,9 @@ unpredictable. They can be used for non-cryptographic purposes and for
 certain purposes in cryptographic protocols, but usually not for key
 generation etc.
+The contents of B<buf> is mixed into the entropy pool before retrieving
+the new pseudo-random bytes unless disabled at compile time (see FAQ).
 =head1 RETURN VALUES
 RAND_bytes() returns 1 on success, 0 otherwise. The error code can be
diff --git a/src/lib/libssl/src/doc/crypto/RAND_egd.pod b/src/lib/libssl/src/doc/crypto/RAND_egd.pod
index 62adbe19b2..079838ea2e 100644
--- a/src/lib/libssl/src/doc/crypto/RAND_egd.pod
+++ b/src/lib/libssl/src/doc/crypto/RAND_egd.pod
@@ -50,7 +50,7 @@ non-blocking mode.
 Alternatively, the EGD-interface compatible daemon PRNGD can be used. It is
 available from
-http://www.aet.tu-cottbus.de/personen/jaenicke/postfix_tls/prngd.html .
+http://prngd.sourceforge.net/ .
 PRNGD does employ an internal PRNG itself and can therefore never run
 out of entropy.
diff --git a/src/lib/libssl/src/doc/crypto/RAND_set_rand_method.pod b/src/lib/libssl/src/doc/crypto/RAND_set_rand_method.pod
index c9bb6d9f27..e5b780fad0 100644
--- a/src/lib/libssl/src/doc/crypto/RAND_set_rand_method.pod
+++ b/src/lib/libssl/src/doc/crypto/RAND_set_rand_method.pod
@@ -30,7 +30,7 @@ true only whilst no ENGINE has been set as a default for RAND, so this function
 is no longer recommended.
 RAND_get_default_method() returns a pointer to the current RAND_METHOD.
-However, the meaningfulness of this result is dependant on whether the ENGINE
+However, the meaningfulness of this result is dependent on whether the ENGINE
 API is being used, so this function is no longer recommended.
 =head1 THE RAND_METHOD STRUCTURE
diff --git a/src/lib/libssl/src/doc/crypto/RSA_get_ex_new_index.pod b/src/lib/libssl/src/doc/crypto/RSA_get_ex_new_index.pod
index 46cc8f5359..7d0fd1f91d 100644
--- a/src/lib/libssl/src/doc/crypto/RSA_get_ex_new_index.pod
+++ b/src/lib/libssl/src/doc/crypto/RSA_get_ex_new_index.pod
@@ -17,12 +17,12 @@ RSA_get_ex_new_index, RSA_set_ex_data, RSA_get_ex_data - add application specifi
 void *RSA_get_ex_data(RSA *r, int idx);
- typedef int new_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
+ typedef int CRYPTO_EX_new(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
-                int idx, long argl, void *argp);
+                           int idx, long argl, void *argp);
- typedef void free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
+ typedef void CRYPTO_EX_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
-                int idx, long argl, void *argp);
+                             int idx, long argl, void *argp);
- typedef int dup_func(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d, 
+ typedef int CRYPTO_EX_dup(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d,
-                int idx, long argl, void *argp);
+                           int idx, long argl, void *argp);
 =head1 DESCRIPTION
diff --git a/src/lib/libssl/src/doc/crypto/RSA_set_method.pod b/src/lib/libssl/src/doc/crypto/RSA_set_method.pod
index 0a305f6b14..2c963d7e5b 100644
--- a/src/lib/libssl/src/doc/crypto/RSA_set_method.pod
+++ b/src/lib/libssl/src/doc/crypto/RSA_set_method.pod
@@ -42,7 +42,7 @@ structures created later. B<NB>: This is true only whilst no ENGINE has
 been set as a default for RSA, so this function is no longer recommended.
 RSA_get_default_method() returns a pointer to the current default
-RSA_METHOD. However, the meaningfulness of this result is dependant on
+RSA_METHOD. However, the meaningfulness of this result is dependent on
 whether the ENGINE API is being used, so this function is no longer 
 recommended.
diff --git a/src/lib/libssl/src/doc/crypto/RSA_sign.pod b/src/lib/libssl/src/doc/crypto/RSA_sign.pod
index 71688a665e..8553be8e99 100644
--- a/src/lib/libssl/src/doc/crypto/RSA_sign.pod
+++ b/src/lib/libssl/src/doc/crypto/RSA_sign.pod
@@ -8,10 +8,10 @@ RSA_sign, RSA_verify - RSA signatures
 #include <openssl/rsa.h>
- int RSA_sign(int type, unsigned char *m, unsigned int m_len,
+ int RSA_sign(int type, const unsigned char *m, unsigned int m_len,
    unsigned char *sigret, unsigned int *siglen, RSA *rsa);
- int RSA_verify(int type, unsigned char *m, unsigned int m_len,
+ int RSA_verify(int type, const unsigned char *m, unsigned int m_len,
    unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
 =head1 DESCRIPTION
diff --git a/src/lib/libssl/src/doc/crypto/bn.pod b/src/lib/libssl/src/doc/crypto/bn.pod
index 210dfeac08..cd2f8e50c6 100644
--- a/src/lib/libssl/src/doc/crypto/bn.pod
+++ b/src/lib/libssl/src/doc/crypto/bn.pod
@@ -27,6 +27,9 @@ bn - multiprecision integer arithmetics
 int BN_num_bits(const BIGNUM *a);
 int BN_num_bits_word(BN_ULONG w);
+ void BN_set_negative(BIGNUM *a, int n);
+ int  BN_is_negative(const BIGNUM *a);
 int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
 int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
 int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
@@ -118,6 +121,25 @@ bn - multiprecision integer arithmetics
 int BN_to_montgomery(BIGNUM *r, BIGNUM *a, BN_MONT_CTX *mont,
         BN_CTX *ctx);
+ BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai,
+        BIGNUM *mod);
+ void BN_BLINDING_free(BN_BLINDING *b);
+ int BN_BLINDING_update(BN_BLINDING *b,BN_CTX *ctx);
+ int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
+ int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
+ int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b,
+        BN_CTX *ctx);
+ int BN_BLINDING_invert_ex(BIGNUM *n,const BIGNUM *r,BN_BLINDING *b,
+        BN_CTX *ctx);
+ unsigned long BN_BLINDING_get_thread_id(const BN_BLINDING *);
+ void BN_BLINDING_set_thread_id(BN_BLINDING *, unsigned long);
+ unsigned long BN_BLINDING_get_flags(const BN_BLINDING *);
+ void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long);
+ BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b,
+        const BIGNUM *e, BIGNUM *m, BN_CTX *ctx,
+        int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                          const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx),
+        BN_MONT_CTX *m_ctx);
 =head1 DESCRIPTION
@@ -153,6 +175,7 @@ L<BN_cmp(3)|BN_cmp(3)>, L<BN_zero(3)|BN_zero(3)>, L<BN_rand(3)|BN_rand(3)>,
 L<BN_generate_prime(3)|BN_generate_prime(3)>, L<BN_set_bit(3)|BN_set_bit(3)>,
 L<BN_bn2bin(3)|BN_bn2bin(3)>, L<BN_mod_inverse(3)|BN_mod_inverse(3)>,
 L<BN_mod_mul_reciprocal(3)|BN_mod_mul_reciprocal(3)>,
-L<BN_mod_mul_montgomery(3)|BN_mod_mul_montgomery(3)> 
+L<BN_mod_mul_montgomery(3)|BN_mod_mul_montgomery(3)>,
+L<BN_BLINDING_new(3)|BN_BLINDING_new(3)>
 =cut
diff --git a/src/lib/libssl/src/doc/crypto/bn_internal.pod b/src/lib/libssl/src/doc/crypto/bn_internal.pod
index 9805a7c9f2..891914678c 100644
--- a/src/lib/libssl/src/doc/crypto/bn_internal.pod
+++ b/src/lib/libssl/src/doc/crypto/bn_internal.pod
@@ -72,19 +72,19 @@ applications.
 typedef struct bignum_st
        {
-        int top;      /* index of last used d (most significant word) */
+        int top;      /* number of words used in d */
-        BN_ULONG *d;  /* pointer to an array of 'BITS2' bit chunks */
+        BN_ULONG *d;  /* pointer to an array containing the integer value */
        int max;      /* size of the d array */
        int neg;      /* sign */
        } BIGNUM;
-The big number is stored in B<d>, a malloc()ed array of B<BN_ULONG>s,
+The integer value is stored in B<d>, a malloc()ed array of words (B<BN_ULONG>),
-least significant first. A B<BN_ULONG> can be either 16, 32 or 64 bits
+least significant word first. A B<BN_ULONG> can be either 16, 32 or 64 bits
-in size (B<BITS2>), depending on the 'number of bits' specified in
+in size, depending on the 'number of bits' (B<BITS2>) specified in
 C<openssl/bn.h>.
 B<max> is the size of the B<d> array that has been allocated.  B<top>
-is the 'last' entry being used, so for a value of 4, bn.d[0]=4 and
+is the number of words being used, so for a value of 4, bn.d[0]=4 and
 bn.top=1.  B<neg> is 1 if the number is negative.  When a B<BIGNUM> is
 B<0>, the B<d> field can be B<NULL> and B<top> == B<0>.
@@ -202,7 +202,7 @@ call bn_expand2(), which allocates a new B<d> array and copies the
 data.  They return B<NULL> on error, B<b> otherwise.
 The bn_fix_top() macro reduces B<a-E<gt>top> to point to the most
-significant non-zero word when B<a> has shrunk.
+significant non-zero word plus one when B<a> has shrunk.
 =head2 Debugging
diff --git a/src/lib/libssl/src/doc/crypto/des_modes.pod b/src/lib/libssl/src/doc/crypto/des_modes.pod
index 0cc22150e7..0ad01eafe2 100644
--- a/src/lib/libssl/src/doc/crypto/des_modes.pod
+++ b/src/lib/libssl/src/doc/crypto/des_modes.pod
@@ -1,5 +1,7 @@
 =pod
+=for comment openssl_manual_section:7
 =head1 NAME
 des_modes - the variants of DES and other crypto algorithms of OpenSSL
diff --git a/src/lib/libssl/src/doc/crypto/md5.pod b/src/lib/libssl/src/doc/crypto/md5.pod
index 6e6322dcdc..d11d5c32cb 100644
--- a/src/lib/libssl/src/doc/crypto/md5.pod
+++ b/src/lib/libssl/src/doc/crypto/md5.pod
@@ -12,10 +12,10 @@ MD4_Final, MD5_Init, MD5_Update, MD5_Final - MD2, MD4, and MD5 hash functions
 unsigned char *MD2(const unsigned char *d, unsigned long n,
                  unsigned char *md);
- void MD2_Init(MD2_CTX *c);
+ int MD2_Init(MD2_CTX *c);
- void MD2_Update(MD2_CTX *c, const unsigned char *data,
+ int MD2_Update(MD2_CTX *c, const unsigned char *data,
                  unsigned long len);
- void MD2_Final(unsigned char *md, MD2_CTX *c);
+ int MD2_Final(unsigned char *md, MD2_CTX *c);
 #include <openssl/md4.h>
@@ -23,10 +23,10 @@ MD4_Final, MD5_Init, MD5_Update, MD5_Final - MD2, MD4, and MD5 hash functions
 unsigned char *MD4(const unsigned char *d, unsigned long n,
                  unsigned char *md);
- void MD4_Init(MD4_CTX *c);
+ int MD4_Init(MD4_CTX *c);
- void MD4_Update(MD4_CTX *c, const void *data,
+ int MD4_Update(MD4_CTX *c, const void *data,
                  unsigned long len);
- void MD4_Final(unsigned char *md, MD4_CTX *c);
+ int MD4_Final(unsigned char *md, MD4_CTX *c);
 #include <openssl/md5.h>
@@ -34,10 +34,10 @@ MD4_Final, MD5_Init, MD5_Update, MD5_Final - MD2, MD4, and MD5 hash functions
 unsigned char *MD5(const unsigned char *d, unsigned long n,
                  unsigned char *md);
- void MD5_Init(MD5_CTX *c);
+ int MD5_Init(MD5_CTX *c);
- void MD5_Update(MD5_CTX *c, const void *data,
+ int MD5_Update(MD5_CTX *c, const void *data,
                  unsigned long len);
- void MD5_Final(unsigned char *md, MD5_CTX *c);
+ int MD5_Final(unsigned char *md, MD5_CTX *c);
 =head1 DESCRIPTION
@@ -78,8 +78,8 @@ preferred.
 MD2(), MD4(), and MD5() return pointers to the hash value. 
 MD2_Init(), MD2_Update(), MD2_Final(), MD4_Init(), MD4_Update(),
-MD4_Final(), MD5_Init(), MD5_Update(), and MD5_Final() do not return
+MD4_Final(), MD5_Init(), MD5_Update(), and MD5_Final() return 1 for
-values.
+success, 0 otherwise.
 =head1 CONFORMING TO
diff --git a/src/lib/libssl/src/doc/crypto/mdc2.pod b/src/lib/libssl/src/doc/crypto/mdc2.pod
index 538f474e30..2fab9a9871 100644
--- a/src/lib/libssl/src/doc/crypto/mdc2.pod
+++ b/src/lib/libssl/src/doc/crypto/mdc2.pod
@@ -11,10 +11,10 @@ MDC2, MDC2_Init, MDC2_Update, MDC2_Final - MDC2 hash function
 unsigned char *MDC2(const unsigned char *d, unsigned long n,
                  unsigned char *md);
- void MDC2_Init(MDC2_CTX *c);
+ int MDC2_Init(MDC2_CTX *c);
- void MDC2_Update(MDC2_CTX *c, const unsigned char *data,
+ int MDC2_Update(MDC2_CTX *c, const unsigned char *data,
                  unsigned long len);
- void MDC2_Final(unsigned char *md, MDC2_CTX *c);
+ int MDC2_Final(unsigned char *md, MDC2_CTX *c);
 =head1 DESCRIPTION
@@ -46,7 +46,7 @@ hash functions directly.
 MDC2() returns a pointer to the hash value. 
-MDC2_Init(), MDC2_Update() and MDC2_Final() do not return values.
+MDC2_Init(), MDC2_Update() and MDC2_Final() return 1 for success, 0 otherwise.
 =head1 CONFORMING TO
diff --git a/src/lib/libssl/src/doc/crypto/ripemd.pod b/src/lib/libssl/src/doc/crypto/ripemd.pod
index 9a634ca866..348ef7c961 100644
--- a/src/lib/libssl/src/doc/crypto/ripemd.pod
+++ b/src/lib/libssl/src/doc/crypto/ripemd.pod
@@ -12,10 +12,10 @@ RIPEMD-160 hash function
 unsigned char *RIPEMD160(const unsigned char *d, unsigned long n,
                  unsigned char *md);
- void RIPEMD160_Init(RIPEMD160_CTX *c);
+ int RIPEMD160_Init(RIPEMD160_CTX *c);
- void RIPEMD160_Update(RIPEMD_CTX *c, const void *data,
+ int RIPEMD160_Update(RIPEMD_CTX *c, const void *data,
                  unsigned long len);
- void RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c);
+ int RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c);
 =head1 DESCRIPTION
@@ -47,8 +47,8 @@ hash functions directly.
 RIPEMD160() returns a pointer to the hash value. 
-RIPEMD160_Init(), RIPEMD160_Update() and RIPEMD160_Final() do not
+RIPEMD160_Init(), RIPEMD160_Update() and RIPEMD160_Final() return 1 for
-return values.
+success, 0 otherwise.
 =head1 CONFORMING TO
diff --git a/src/lib/libssl/src/doc/crypto/sha.pod b/src/lib/libssl/src/doc/crypto/sha.pod
index 158457270f..d7a56accd3 100644
--- a/src/lib/libssl/src/doc/crypto/sha.pod
+++ b/src/lib/libssl/src/doc/crypto/sha.pod
@@ -11,10 +11,10 @@ SHA1, SHA1_Init, SHA1_Update, SHA1_Final - Secure Hash Algorithm
 unsigned char *SHA1(const unsigned char *d, unsigned long n,
                  unsigned char *md);
- void SHA1_Init(SHA_CTX *c);
+ int SHA1_Init(SHA_CTX *c);
- void SHA1_Update(SHA_CTX *c, const void *data,
+ int SHA1_Update(SHA_CTX *c, const void *data,
                  unsigned long len);
- void SHA1_Final(unsigned char *md, SHA_CTX *c);
+ int SHA1_Final(unsigned char *md, SHA_CTX *c);
 =head1 DESCRIPTION
@@ -48,7 +48,7 @@ used only when backward compatibility is required.
 SHA1() returns a pointer to the hash value. 
-SHA1_Init(), SHA1_Update() and SHA1_Final() do not return values.
+SHA1_Init(), SHA1_Update() and SHA1_Final() return 1 for success, 0 otherwise.
 =head1 CONFORMING TO
diff --git a/src/lib/libssl/src/doc/openssl.txt b/src/lib/libssl/src/doc/openssl.txt
index 432a17b66c..f8817b0a71 100644
--- a/src/lib/libssl/src/doc/openssl.txt
+++ b/src/lib/libssl/src/doc/openssl.txt
@@ -154,8 +154,22 @@ for example contain data in multiple sections. The correct syntax to
 use is defined by the extension code itself: check out the certificate
 policies extension for an example.
-In addition it is also possible to use the word DER to include arbitrary
+There are two ways to encode arbitrary extensions.
-data in any extension.
+The first way is to use the word ASN1 followed by the extension content
+using the same syntax as ASN1_generate_nconf(). For example:
+1.2.3.4=critical,ASN1:UTF8String:Some random data
+1.2.3.4=ASN1:SEQUENCE:seq_sect
+[seq_sect]
+field1 = UTF8:field1
+field2 = UTF8:field2
+It is also possible to use the word DER to include arbitrary data in any
+extension.
 1.2.3.4=critical,DER:01:02:03:04
 1.2.3.4=DER:01020304
@@ -336,16 +350,21 @@ Subject Alternative Name.
 The subject alternative name extension allows various literal values to be
 included in the configuration file. These include "email" (an email address)
 "URI" a uniform resource indicator, "DNS" (a DNS domain name), RID (a
-registered ID: OBJECT IDENTIFIER) and IP (and IP address).
+registered ID: OBJECT IDENTIFIER), IP (and IP address) and otherName.
 Also the email option include a special 'copy' value. This will automatically
 include and email addresses contained in the certificate subject name in
 the extension.
+otherName can include arbitrary data associated with an OID: the value
+should be the OID followed by a semicolon and the content in standard
+ASN1_generate_nconf() format.
 Examples:
 subjectAltName=email:copy,email:my@other.address,URI:http://my.url.here/
 subjectAltName=email:my@other.address,RID:1.2.3.4
+subjectAltName=otherName:1.2.3.4;UTF8:some other identifier
 Issuer Alternative Name.
@@ -759,7 +778,7 @@ called.
 The X509V3_EXT_METHOD structure is described below.
-strut {
+struct {
 int ext_nid;
 int ext_flags;
 X509V3_EXT_NEW ext_new;
diff --git a/src/lib/libssl/src/doc/ssl/SSL_CTX_set_options.pod b/src/lib/libssl/src/doc/ssl/SSL_CTX_set_options.pod
index fa63263601..eaed190809 100644
--- a/src/lib/libssl/src/doc/ssl/SSL_CTX_set_options.pod
+++ b/src/lib/libssl/src/doc/ssl/SSL_CTX_set_options.pod
@@ -201,6 +201,15 @@ When performing renegotiation as a server, always start a new session
 (i.e., session resumption requests are only accepted in the initial
 handshake).  This option is not needed for clients.
+=item SSL_OP_NO_TICKET
+Normally clients and servers will, where possible, transparently make use
+of RFC4507bis tickets for stateless session resumption if extension support
+is explicitly set when OpenSSL is compiled.
+If this option is set this functionality is disabled and tickets will
+not be used by clients or servers.
 =back
 =head1 RETURN VALUES
diff --git a/src/lib/libssl/src/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod b/src/lib/libssl/src/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod
index f85775927d..534643cd9d 100644
--- a/src/lib/libssl/src/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod
+++ b/src/lib/libssl/src/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod
@@ -18,7 +18,7 @@ SSL_CTX_set_tmp_rsa_callback, SSL_CTX_set_tmp_rsa, SSL_CTX_need_tmp_rsa, SSL_set
 long SSL_set_tmp_rsa(SSL *ssl, RSA *rsa)
 long SSL_need_tmp_rsa(SSL *ssl)
- RSA *(*tmp_rsa_callback)(SSL *ssl, int is_export, int keylength));
+ RSA *(*tmp_rsa_callback)(SSL *ssl, int is_export, int keylength);
 =head1 DESCRIPTION
diff --git a/src/lib/libssl/src/doc/ssl/SSL_CTX_use_certificate.pod b/src/lib/libssl/src/doc/ssl/SSL_CTX_use_certificate.pod
index 48c888c337..10be95fdb1 100644
--- a/src/lib/libssl/src/doc/ssl/SSL_CTX_use_certificate.pod
+++ b/src/lib/libssl/src/doc/ssl/SSL_CTX_use_certificate.pod
@@ -77,6 +77,12 @@ SSL_CTX_use_PrivateKey() adds B<pkey> as private key to B<ctx>.
 SSL_CTX_use_RSAPrivateKey() adds the private key B<rsa> of type RSA
 to B<ctx>. SSL_use_PrivateKey() adds B<pkey> as private key to B<ssl>;
 SSL_use_RSAPrivateKey() adds B<rsa> as private key of type RSA to B<ssl>.
+If a certificate has already been set and the private does not belong
+to the certificate an error is returned. To change a certificate, private
+key pair the new certificate needs to be set with SSL_use_certificate()
+or SSL_CTX_use_certificate() before setting the private key with
+SSL_CTX_use_PrivateKey() or SSL_use_PrivateKey(). 
 SSL_CTX_use_PrivateKey_ASN1() adds the private key of type B<pk>
 stored at memory location B<d> (length B<len>) to B<ctx>.
@@ -154,4 +160,10 @@ L<SSL_CTX_set_cipher_list(3)|SSL_CTX_set_cipher_list(3)>,
 L<SSL_CTX_set_client_cert_cb(3)|SSL_CTX_set_client_cert_cb(3)>,
 L<SSL_CTX_add_extra_chain_cert(3)|SSL_CTX_add_extra_chain_cert(3)>
+=head1 HISTORY
+Support for DER encoded private keys (SSL_FILETYPE_ASN1) in
+SSL_CTX_use_PrivateKey_file() and SSL_use_PrivateKey_file() was added
+in 0.9.8 .
 =cut
diff --git a/src/lib/libssl/src/doc/ssl/SSL_SESSION_get_time.pod b/src/lib/libssl/src/doc/ssl/SSL_SESSION_get_time.pod
index 00883ed2a0..490337a32f 100644
--- a/src/lib/libssl/src/doc/ssl/SSL_SESSION_get_time.pod
+++ b/src/lib/libssl/src/doc/ssl/SSL_SESSION_get_time.pod
@@ -2,7 +2,7 @@
 =head1 NAME
-SSL_SESSION_get_time, SSL_SESSION_set_time, SSL_SESSION_get_timeout, SSL_SESSION_get_timeout - retrieve and manipulate session time and timeout settings
+SSL_SESSION_get_time, SSL_SESSION_set_time, SSL_SESSION_get_timeout, SSL_SESSION_set_timeout - retrieve and manipulate session time and timeout settings
 =head1 SYNOPSIS
diff --git a/src/lib/libssl/src/doc/ssleay.txt b/src/lib/libssl/src/doc/ssleay.txt
index 666de94e50..a8b04d7059 100644
--- a/src/lib/libssl/src/doc/ssleay.txt
+++ b/src/lib/libssl/src/doc/ssleay.txt
@@ -4295,7 +4295,7 @@ X-Status:
 Loading client certs into MSIE 3.01
 ===================================
-This document conatains all the information necessary to succesfully set up 
+This document contains all the information necessary to successfully set up 
 some scripts to issue client certs to Microsoft Internet Explorer. It 
 includes the required knowledge about the model MSIE uses for client 
 certification and includes complete sample scripts ready to play with. The 
diff --git a/src/lib/libssl/src/doc/standards.txt b/src/lib/libssl/src/doc/standards.txt
index f6675b574b..a5ce778f8e 100644
--- a/src/lib/libssl/src/doc/standards.txt
+++ b/src/lib/libssl/src/doc/standards.txt
@@ -88,10 +88,26 @@ PKCS#12: Personal Information Exchange Syntax Standard, version 1.0.
     (Format: TXT=143173 bytes) (Obsoletes RFC2437) (Status:           
     INFORMATIONAL)                                         
+3713 A Description of the Camellia Encryption Algorithm. M. Matsui,
+     J. Nakajima, S. Moriai. April 2004. (Format: TXT=25031 bytes)
+     (Status: INFORMATIONAL)
 3820 Internet X.509 Public Key Infrastructure (PKI) Proxy Certificate
     Profile. S. Tuecke, V. Welch, D. Engert, L. Pearlman, M. Thompson.
     June 2004. (Format: TXT=86374 bytes) (Status: PROPOSED STANDARD)
+4132 Addition of Camellia Cipher Suites to Transport Layer Security
+     (TLS). S. Moriai, A. Kato, M. Kanda. July 2005. (Format: TXT=13590
+     bytes) (Status: PROPOSED STANDARD)
+4162 Addition of SEED Cipher Suites to Transport Layer Security (TLS).
+     H.J. Lee, J.H. Yoon, J.I. Lee. August 2005. (Format: TXT=10578 bytes)
+     (Status: PROPOSED STANDARD)
+4269 The SEED Encryption Algorithm. H.J. Lee, S.J. Lee, J.H. Yoon,
+     D.H. Cheon, J.I. Lee. December 2005. (Format: TXT=34390 bytes)
+     (Obsoletes RFC4009) (Status: INFORMATIONAL)
 Related:
 --------
@@ -250,7 +266,11 @@ STARTTLS documents.
     Protocol. A. Jungmaier, E. Rescorla, M. Tuexen. December 2002.
     (Format: TXT=16333 bytes) (Status: PROPOSED STANDARD)
-  "Securing FTP with TLS", 01/27/2000, <draft-murray-auth-ftp-ssl-05.txt>  
+3657 Use of the Camellia Encryption Algorithm in Cryptographic 
+     Message Syntax (CMS). S. Moriai, A. Kato. January 2004.
+     (Format: TXT=26282 bytes) (Status: PROPOSED STANDARD)
+"Securing FTP with TLS", 01/27/2000, <draft-murray-auth-ftp-ssl-05.txt>  
 
 To be implemented: