* Improvements to libtls: - a new API for loading CA chains directly from memory instead of a file, allowing verification with privilege separation in a chroot without direct access to CA certificate files. - Ciphers default to TLSv1.2 with AEAD and PFS. - Improved error handling and message generation - New APIs and improved documentation * Added X509_STORE_load_mem API for loading certificates from memory. This facilitates accessing certificates from a chrooted environment. * New AEAD "MAC alias" allows configuring TLSv1.2 AEAD ciphers by using 'TLSv1.2+AEAD' as the cipher selection string. * New openssl(1) command 'certhash' replaces the c_rehash script. * Server-side support for TLS_FALLBACK_SCSV for compatibility with various auditor and vulnerability scanners. Code improvements: * Dead and disabled code removal including MD5, Netscape workarounds, non-POSIX IO, SCTP, RFC 3779 support, "#if 0" sections, and more. * The ASN1 macros are expanded to aid readability and maintainability. * Various NULL pointer asserts removed in favor of letting the OS/signal handler catch them. * Refactored argument handling in openssl(1) for consistency and maintainability. * Support for building with OPENSSL_NO_DEPRECATED * Dozens of issues found with the Coverity scanner fixed. Security updates: - Fix a minor information leak that was introduced in t1_lib.c r1.71, whereby an additional 28 bytes of .rodata (or .data) is provided to the network. In most cases this is a non-issue since the memory content is already public. Issue found and reported by Felix Groebert of the Google Security Team. - Fixes for the following low-severity issues were integrated into LibreSSL from OpenSSL 1.0.1k: CVE-2015-0205 - DH client certificates accepted without verification CVE-2014-3570 - Bignum squaring may produce incorrect results CVE-2014-8275 - Certificate fingerprints can be modified CVE-2014-3572 - ECDHE silently downgrades to ECDH [Client] Reported by Karthikeyan Bhargavan of the PROSECCO team at INRIA. The following CVEs were fixed in earlier LibreSSL releases: CVE-2015-0206 - Memory leak handling repeated DLTS records CVE-2014-3510 - Flaw handling DTLS anonymous EC(DH) ciphersuites. The following CVEs did not apply to LibreSSL: CVE-2014-3571 - DTLS segmentation fault in dtls1_get_record CVE-2014-3569 - no-ssl3 configuration sets method to NULL CVE-2015-0204 - RSA silently downgrades to EXPORT_RSA