Merge OpenSSL 1.0.1i.

84 files changed, 468 insertions, 108 deletions

diff --git a/secure/lib/libssl/Makefile.man b/secure/lib/libssl/Makefile.man
index 06f684e..6b092db 100644
--- a/secure/lib/libssl/Makefile.man
+++ b/secure/lib/libssl/Makefile.man
@@ -33,6 +33,7 @@ MAN+= SSL_CTX_set_session_cache_mode.3
 MAN+= SSL_CTX_set_session_id_context.3
 MAN+= SSL_CTX_set_ssl_version.3
 MAN+= SSL_CTX_set_timeout.3
+MAN+= SSL_CTX_set_tlsext_ticket_key_cb.3
 MAN+= SSL_CTX_set_tmp_dh_callback.3
 MAN+= SSL_CTX_set_tmp_rsa_callback.3
 MAN+= SSL_CTX_set_verify.3
diff --git a/secure/lib/libssl/man/SSL_CIPHER_get_name.3 b/secure/lib/libssl/man/SSL_CIPHER_get_name.3
index 7ee9797..5aefa50 100644
--- a/secure/lib/libssl/man/SSL_CIPHER_get_name.3
+++ b/secure/lib/libssl/man/SSL_CIPHER_get_name.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CIPHER_get_name 3"
-.TH SSL_CIPHER_get_name 3 "2014-06-05" "1.0.1h" "OpenSSL"
+.TH SSL_CIPHER_get_name 3 "2014-08-06" "1.0.1i" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -151,8 +151,12 @@ returned.
 \&\fBalg_bits\fR is not \s-1NULL\s0, it contains the number of bits processed by the
 chosen algorithm. If \fBcipher\fR is \s-1NULL\s0, 0 is returned.
 .PP
-\&\fISSL_CIPHER_get_version()\fR returns the protocol version for \fBcipher\fR, currently
-\&\*(L"SSLv2\*(R", \*(L"SSLv3\*(R", or \*(L"TLSv1\*(R". If \fBcipher\fR is \s-1NULL\s0, \*(L"(\s-1NONE\s0)\*(R" is returned.
+\&\fISSL_CIPHER_get_version()\fR returns string which indicates the \s-1SSL/TLS\s0 protocol
+version that first defined the cipher.
+This is currently \fBSSLv2\fR or \fBTLSv1/SSLv3\fR.
+In some cases it should possibly return \*(L"TLSv1.2\*(R" but does not;
+use \fISSL_CIPHER_description()\fR instead.
+If \fBcipher\fR is \s-1NULL\s0, \*(L"(\s-1NONE\s0)\*(R" is returned.
 .PP
 \&\fISSL_CIPHER_description()\fR returns a textual description of the cipher used
 into the buffer \fBbuf\fR of length \fBlen\fR provided. \fBlen\fR must be at least
@@ -175,7 +179,8 @@ sequence:
 Textual representation of the cipher name.
 .IP "<protocol version>" 4
 .IX Item "<protocol version>"
-Protocol version: \fBSSLv2\fR, \fBSSLv3\fR. The TLSv1 ciphers are flagged with SSLv3.
+Protocol version: \fBSSLv2\fR, \fBSSLv3\fR, \fBTLSv1.2\fR. The TLSv1.0 ciphers are
+flagged with SSLv3. No new ciphers were added by TLSv1.1.
 .IP "Kx=<key exchange>" 4
 .IX Item "Kx=<key exchange>"
 Key exchange method: \fB\s-1RSA\s0\fR (for export ciphers as \fB\s-1RSA\s0(512)\fR or
@@ -207,6 +212,12 @@ Some examples for the output of \fISSL_CIPHER_description()\fR:
 \& RC4\-MD5                 SSLv3 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=MD5
 \& EXP\-RC4\-MD5             SSLv3 Kx=RSA(512) Au=RSA  Enc=RC4(40)   Mac=MD5  export
 .Ve
+.PP
+A comp[lete list can be retrieved by invoking the following command:
+.PP
+.Vb 1
+\& openssl ciphers \-v ALL
+.Ve
 .SH "BUGS"
 .IX Header "BUGS"
 If \fISSL_CIPHER_description()\fR is called with \fBcipher\fR being \s-1NULL\s0, the
diff --git a/secure/lib/libssl/man/SSL_COMP_add_compression_method.3 b/secure/lib/libssl/man/SSL_COMP_add_compression_method.3
index 835116c..19dc636 100644
--- a/secure/lib/libssl/man/SSL_COMP_add_compression_method.3
+++ b/secure/lib/libssl/man/SSL_COMP_add_compression_method.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_COMP_add_compression_method 3"
-.TH SSL_COMP_add_compression_method 3 "2014-06-05" "1.0.1h" "OpenSSL"
+.TH SSL_COMP_add_compression_method 3 "2014-08-06" "1.0.1i" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3 b/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3
index 2d62aaa..5de9d3a 100644
--- a/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3
+++ b/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CTX_add_extra_chain_cert 3"
-.TH SSL_CTX_add_extra_chain_cert 3 "2014-06-05" "1.0.1h" "OpenSSL"
+.TH SSL_CTX_add_extra_chain_cert 3 "2014-08-06" "1.0.1i" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -150,6 +150,15 @@ these certificates explicitly specified. If no chain is specified,
 the library will try to complete the chain from the available \s-1CA\s0
 certificates in the trusted \s-1CA\s0 storage, see
 \&\fISSL_CTX_load_verify_locations\fR\|(3).
+.PP
+The \fBx509\fR certificate provided to \fISSL_CTX_add_extra_chain_cert()\fR will be freed by the library when the \fB\s-1SSL_CTX\s0\fR is destroyed. An application \fBshould not\fR free the \fBx509\fR object.
+.SH "RESTRICTIONS"
+.IX Header "RESTRICTIONS"
+Only one set of extra chain certificates can be specified per \s-1SSL_CTX\s0
+structure. Different chains for different certificates (for example if both
+\&\s-1RSA\s0 and \s-1DSA\s0 certificates are specified by the same server) or different \s-1SSL\s0
+structures with the same parent \s-1SSL_CTX\s0 cannot be specified using this
+function.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
 \&\fISSL_CTX_add_extra_chain_cert()\fR returns 1 on success. Check out the
diff --git a/secure/lib/libssl/man/SSL_CTX_add_session.3 b/secure/lib/libssl/man/SSL_CTX_add_session.3
index 752ef36..3ce2f7a 100644
--- a/secure/lib/libssl/man/SSL_CTX_add_session.3
+++ b/secure/lib/libssl/man/SSL_CTX_add_session.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CTX_add_session 3"
-.TH SSL_CTX_add_session 3 "2014-06-05" "1.0.1h" "OpenSSL"
+.TH SSL_CTX_add_session 3 "2014-08-06" "1.0.1i" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -168,7 +168,7 @@ If a server \s-1SSL_CTX\s0 is configured with the \s-1SSL_SESS_CACHE_NO_INTERNAL
 flag then the internal cache will not be populated automatically by new
 sessions negotiated by the \s-1SSL/TLS\s0 implementation, even though the internal
 cache will be searched automatically for session-resume requests (the
-latter can be surpressed by \s-1SSL_SESS_CACHE_NO_INTERNAL_LOOKUP\s0). So the
+latter can be suppressed by \s-1SSL_SESS_CACHE_NO_INTERNAL_LOOKUP\s0). So the
 application can use \fISSL_CTX_add_session()\fR directly to have full control
 over the sessions that can be resumed if desired.
 .SH "RETURN VALUES"
diff --git a/secure/lib/libssl/man/SSL_CTX_ctrl.3 b/secure/lib/libssl/man/SSL_CTX_ctrl.3
index 24c943c..a9d7e48 100644
--- a/secure/lib/libssl/man/SSL_CTX_ctrl.3
+++ b/secure/lib/libssl/man/SSL_CTX_ctrl.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CTX_ctrl 3"
-.TH SSL_CTX_ctrl 3 "2014-06-05" "1.0.1h" "OpenSSL"
+.TH SSL_CTX_ctrl 3 "2014-08-06" "1.0.1i" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_flush_sessions.3 b/secure/lib/libssl/man/SSL_CTX_flush_sessions.3
index 5929025..6ed2246 100644
--- a/secure/lib/libssl/man/SSL_CTX_flush_sessions.3
+++ b/secure/lib/libssl/man/SSL_CTX_flush_sessions.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CTX_flush_sessions 3"
-.TH SSL_CTX_flush_sessions 3 "2014-06-05" "1.0.1h" "OpenSSL"
+.TH SSL_CTX_flush_sessions 3 "2014-08-06" "1.0.1i" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_free.3 b/secure/lib/libssl/man/SSL_CTX_free.3
index 5efdabb..83d368d 100644
--- a/secure/lib/libssl/man/SSL_CTX_free.3
+++ b/secure/lib/libssl/man/SSL_CTX_free.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CTX_free 3"
-.TH SSL_CTX_free 3 "2014-06-05" "1.0.1h" "OpenSSL"
+.TH SSL_CTX_free 3 "2014-08-06" "1.0.1i" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3 b/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3
index 14f68d6..4a167a5 100644
--- a/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3
+++ b/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CTX_get_ex_new_index 3"
-.TH SSL_CTX_get_ex_new_index 3 "2014-06-05" "1.0.1h" "OpenSSL"
+.TH SSL_CTX_get_ex_new_index 3 "2014-08-06" "1.0.1i" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3 b/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3
index 1c31370e..4500cdd 100644
--- a/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3
+++ b/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CTX_get_verify_mode 3"
-.TH SSL_CTX_get_verify_mode 3 "2014-06-05" "1.0.1h" "OpenSSL"
+.TH SSL_CTX_get_verify_mode 3 "2014-08-06" "1.0.1i" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3 b/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3
index 8ec3c95..50fc72f 100644
--- a/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3
+++ b/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CTX_load_verify_locations 3"
-.TH SSL_CTX_load_verify_locations 3 "2014-06-05" "1.0.1h" "OpenSSL"
+.TH SSL_CTX_load_verify_locations 3 "2014-08-06" "1.0.1i" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_new.3 b/secure/lib/libssl/man/SSL_CTX_new.3
index d7157cf..02e2956 100644
--- a/secure/lib/libssl/man/SSL_CTX_new.3
+++ b/secure/lib/libssl/man/SSL_CTX_new.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CTX_new 3"
-.TH SSL_CTX_new 3 "2014-06-05" "1.0.1h" "OpenSSL"
+.TH SSL_CTX_new 3 "2014-08-06" "1.0.1i" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -172,20 +172,34 @@ compatibility reasons, see SSLv23_*\fI_method()\fR. It will also not understand
 SSLv3 client hello messages.
 .IP "SSLv23_method(void), SSLv23_server_method(void), SSLv23_client_method(void)" 4
 .IX Item "SSLv23_method(void), SSLv23_server_method(void), SSLv23_client_method(void)"
-A \s-1TLS/SSL\s0 connection established with these methods will understand the SSLv2,
-SSLv3, and TLSv1 protocol. A client will send out SSLv2 client hello messages
-and will indicate that it also understands SSLv3 and TLSv1. A server will
-understand SSLv2, SSLv3, and TLSv1 client hello messages. This is the best
-choice when compatibility is a concern.
+A \s-1TLS/SSL\s0 connection established with these methods may understand the SSLv2,
+SSLv3, TLSv1, TLSv1.1 and TLSv1.2 protocols.
+.Sp
+If the cipher list does not contain any SSLv2 ciphersuites (the default
+cipher list does not) or extensions are required (for example server name)
+a client will send out TLSv1 client hello messages including extensions and
+will indicate that it also understands TLSv1.1, TLSv1.2 and permits a
+fallback to SSLv3. A server will support SSLv3, TLSv1, TLSv1.1 and TLSv1.2
+protocols. This is the best choice when compatibility is a concern.
+.Sp
+If any SSLv2 ciphersuites are included in the cipher list and no extensions
+are required then SSLv2 compatible client hellos will be used by clients and
+SSLv2 will be accepted by servers. This is \fBnot\fR recommended due to the
+insecurity of SSLv2 and the limited nature of the SSLv2 client hello
+prohibiting the use of extensions.
 .PP
 The list of protocols available can later be limited using the SSL_OP_NO_SSLv2,
-SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1 options of the \fB\f(BISSL_CTX_set_options()\fB\fR or
-\&\fB\f(BISSL_set_options()\fB\fR functions. Using these options it is possible to choose
-e.g. \fISSLv23_server_method()\fR and be able to negotiate with all possible
-clients, but to only allow newer protocols like SSLv3 or TLSv1.
+SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1, SSL_OP_NO_TLSv1_1 and SSL_OP_NO_TLSv1_2
+options of the \fISSL_CTX_set_options()\fR or \fISSL_set_options()\fR functions.
+Using these options it is possible to choose e.g. \fISSLv23_server_method()\fR and
+be able to negotiate with all possible clients, but to only allow newer
+protocols like TLSv1, TLSv1.1 or \s-1TLS\s0 v1.2.
+.PP
+Applications which never want to support SSLv2 (even is the cipher string
+is configured to use SSLv2 ciphersuites) can set SSL_OP_NO_SSLv2.
 .PP
 \&\fISSL_CTX_new()\fR initializes the list of ciphers, the session cache setting,
-the callbacks, the keys and certificates, and the options to its default
+the callbacks, the keys and certificates and the options to its default
 values.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
diff --git a/secure/lib/libssl/man/SSL_CTX_sess_number.3 b/secure/lib/libssl/man/SSL_CTX_sess_number.3
index f0b66a3..2e0b9d6 100644
--- a/secure/lib/libssl/man/SSL_CTX_sess_number.3
+++ b/secure/lib/libssl/man/SSL_CTX_sess_number.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CTX_sess_number 3"
-.TH SSL_CTX_sess_number 3 "2014-06-05" "1.0.1h" "OpenSSL"
+.TH SSL_CTX_sess_number 3 "2014-08-06" "1.0.1i" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3 b/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3
index d931729..b6748a7 100644
--- a/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3
+++ b/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CTX_sess_set_cache_size 3"
-.TH SSL_CTX_sess_set_cache_size 3 "2014-06-05" "1.0.1h" "OpenSSL"
+.TH SSL_CTX_sess_set_cache_size 3 "2014-08-06" "1.0.1i" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3 b/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3
index b35640c..1cf7f31 100644
--- a/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3
+++ b/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CTX_sess_set_get_cb 3"
-.TH SSL_CTX_sess_set_get_cb 3 "2014-06-05" "1.0.1h" "OpenSSL"
+.TH SSL_CTX_sess_set_get_cb 3 "2014-08-06" "1.0.1i" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_sessions.3 b/secure/lib/libssl/man/SSL_CTX_sessions.3
index 9fa3ce2..6e43552 100644
--- a/secure/lib/libssl/man/SSL_CTX_sessions.3
+++ b/secure/lib/libssl/man/SSL_CTX_sessions.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CTX_sessions 3"
-.TH SSL_CTX_sessions 3 "2014-06-05" "1.0.1h" "OpenSSL"
+.TH SSL_CTX_sessions 3 "2014-08-06" "1.0.1i" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_set_cert_store.3 b/secure/lib/libssl/man/SSL_CTX_set_cert_store.3
index be092fc..97293ff 100644
--- a/secure/lib/libssl/man/SSL_CTX_set_cert_store.3
+++ b/secure/lib/libssl/man/SSL_CTX_set_cert_store.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CTX_set_cert_store 3"
-.TH SSL_CTX_set_cert_store 3 "2014-06-05" "1.0.1h" "OpenSSL"
+.TH SSL_CTX_set_cert_store 3 "2014-08-06" "1.0.1i" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3 b/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3
index 3cf5643..709fc39 100644
--- a/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3
+++ b/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CTX_set_cert_verify_callback 3"
-.TH SSL_CTX_set_cert_verify_callback 3 "2014-06-05" "1.0.1h" "OpenSSL"
+.TH SSL_CTX_set_cert_verify_callback 3 "2014-08-06" "1.0.1i" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3 b/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3
index 4582ed2..7f6d90d 100644
--- a/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3
+++ b/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CTX_set_cipher_list 3"
-.TH SSL_CTX_set_cipher_list 3 "2014-06-05" "1.0.1h" "OpenSSL"
+.TH SSL_CTX_set_cipher_list 3 "2014-08-06" "1.0.1i" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -180,6 +180,10 @@ client only supports export \s-1RSA\s0 ciphers with a asymmetric key length
 of 512 bits and the server is not configured to use temporary \s-1RSA\s0
 keys), the \*(L"no shared cipher\*(R" (\s-1SSL_R_NO_SHARED_CIPHER\s0) error is generated
 and the handshake will fail.
+.PP
+If the cipher list does not contain any SSLv2 cipher suites (this is the
+default) then SSLv2 is effectively disabled and neither clients nor servers
+will attempt to use SSLv2.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
 \&\fISSL_CTX_set_cipher_list()\fR and \fISSL_set_cipher_list()\fR return 1 if any cipher
diff --git a/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3 b/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3
index dd5ffee..6b30038 100644
--- a/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3
+++ b/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CTX_set_client_CA_list 3"
-.TH SSL_CTX_set_client_CA_list 3 "2014-06-05" "1.0.1h" "OpenSSL"
+.TH SSL_CTX_set_client_CA_list 3 "2014-08-06" "1.0.1i" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -162,7 +162,7 @@ the chosen \fBssl\fR, overriding the setting valid for \fBssl\fR's \s-1SSL_CTX\s
 .SH "NOTES"
 .IX Header "NOTES"
 When a \s-1TLS/SSL\s0 server requests a client certificate (see
-\&\fB\f(BISSL_CTX_set_verify_options()\fB\fR), it sends a list of CAs, for which
+\&\fB\f(BISSL_CTX_set_verify\fB\|(3)\fR), it sends a list of CAs, for which
 it will accept certificates, to the client.
 .PP
 This list must explicitly be set using \fISSL_CTX_set_client_CA_list()\fR for
diff --git a/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3 b/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3
index f1ffac8..cd4db2e 100644
--- a/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3
+++ b/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CTX_set_client_cert_cb 3"
-.TH SSL_CTX_set_client_cert_cb 3 "2014-06-05" "1.0.1h" "OpenSSL"
+.TH SSL_CTX_set_client_cert_cb 3 "2014-08-06" "1.0.1i" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -157,7 +157,7 @@ using the \fBx509\fR and \fBpkey\fR arguments and \*(L"1\*(R" must be returned.
 certificate will be installed into \fBssl\fR, see the \s-1NOTES\s0 and \s-1BUGS\s0 sections.
 If no certificate should be set, \*(L"0\*(R" has to be returned and no certificate
 will be sent. A negative return value will suspend the handshake and the
-handshake function will return immediatly. \fISSL_get_error\fR\|(3)
+handshake function will return immediately. \fISSL_get_error\fR\|(3)
 will return \s-1SSL_ERROR_WANT_X509_LOOKUP\s0 to indicate, that the handshake was
 suspended. The next call to the handshake function will again lead to the call
 of \fIclient_cert_cb()\fR. It is the job of the \fIclient_cert_cb()\fR to store information
diff --git a/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3 b/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3
index faff127..f10adaf 100644
--- a/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3
+++ b/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CTX_set_default_passwd_cb 3"
-.TH SSL_CTX_set_default_passwd_cb 3 "2014-06-05" "1.0.1h" "OpenSSL"
+.TH SSL_CTX_set_default_passwd_cb 3 "2014-08-06" "1.0.1i" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3 b/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3
index b75db37..9796a36 100644
--- a/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3
+++ b/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CTX_set_generate_session_id 3"
-.TH SSL_CTX_set_generate_session_id 3 "2014-06-05" "1.0.1h" "OpenSSL"
+.TH SSL_CTX_set_generate_session_id 3 "2014-08-06" "1.0.1i" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_set_info_callback.3 b/secure/lib/libssl/man/SSL_CTX_set_info_callback.3
index 6866ec3..ce25dc9 100644
--- a/secure/lib/libssl/man/SSL_CTX_set_info_callback.3
+++ b/secure/lib/libssl/man/SSL_CTX_set_info_callback.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CTX_set_info_callback 3"
-.TH SSL_CTX_set_info_callback 3 "2014-06-05" "1.0.1h" "OpenSSL"
+.TH SSL_CTX_set_info_callback 3 "2014-08-06" "1.0.1i" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3 b/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3
index a9f4f91..0757e0e 100644
--- a/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3
+++ b/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CTX_set_max_cert_list 3"
-.TH SSL_CTX_set_max_cert_list 3 "2014-06-05" "1.0.1h" "OpenSSL"
+.TH SSL_CTX_set_max_cert_list 3 "2014-08-06" "1.0.1i" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_set_mode.3 b/secure/lib/libssl/man/SSL_CTX_set_mode.3
index a355039..81cb0e9 100644
--- a/secure/lib/libssl/man/SSL_CTX_set_mode.3
+++ b/secure/lib/libssl/man/SSL_CTX_set_mode.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CTX_set_mode 3"
-.TH SSL_CTX_set_mode 3 "2014-06-05" "1.0.1h" "OpenSSL"
+.TH SSL_CTX_set_mode 3 "2014-08-06" "1.0.1i" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3 b/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3
index 5854028..409782b 100644
--- a/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3
+++ b/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CTX_set_msg_callback 3"
-.TH SSL_CTX_set_msg_callback 3 "2014-06-05" "1.0.1h" "OpenSSL"
+.TH SSL_CTX_set_msg_callback 3 "2014-08-06" "1.0.1i" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_set_options.3 b/secure/lib/libssl/man/SSL_CTX_set_options.3
index 50bcaa7..b4943de 100644
--- a/secure/lib/libssl/man/SSL_CTX_set_options.3
+++ b/secure/lib/libssl/man/SSL_CTX_set_options.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CTX_set_options 3"
-.TH SSL_CTX_set_options 3 "2014-06-05" "1.0.1h" "OpenSSL"
+.TH SSL_CTX_set_options 3 "2014-08-06" "1.0.1i" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -345,7 +345,7 @@ renegotiation implementation.
 Connections and renegotiation are always permitted by OpenSSL implementations.
 .SS "Unpatched client and patched OpenSSL server"
 .IX Subsection "Unpatched client and patched OpenSSL server"
-The initial connection suceeds but client renegotiation is denied by the
+The initial connection succeeds but client renegotiation is denied by the
 server with a \fBno_renegotiation\fR warning alert if \s-1TLS\s0 v1.0 is used or a fatal
 \&\fBhandshake_failure\fR alert in \s-1SSL\s0 v3.0.
 .PP
diff --git a/secure/lib/libssl/man/SSL_CTX_set_psk_client_callback.3 b/secure/lib/libssl/man/SSL_CTX_set_psk_client_callback.3
index 7535bf4..7727a56 100644
--- a/secure/lib/libssl/man/SSL_CTX_set_psk_client_callback.3
+++ b/secure/lib/libssl/man/SSL_CTX_set_psk_client_callback.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CTX_set_psk_client_callback 3"
-.TH SSL_CTX_set_psk_client_callback 3 "2014-06-05" "1.0.1h" "OpenSSL"
+.TH SSL_CTX_set_psk_client_callback 3 "2014-08-06" "1.0.1i" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3 b/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3
index 20f519c..5e51332 100644
--- a/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3
+++ b/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CTX_set_quiet_shutdown 3"
-.TH SSL_CTX_set_quiet_shutdown 3 "2014-06-05" "1.0.1h" "OpenSSL"
+.TH SSL_CTX_set_quiet_shutdown 3 "2014-08-06" "1.0.1i" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3 b/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3
index 554e1f5..40811d9 100644
--- a/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3
+++ b/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CTX_set_session_cache_mode 3"
-.TH SSL_CTX_set_session_cache_mode 3 "2014-06-05" "1.0.1h" "OpenSSL"
+.TH SSL_CTX_set_session_cache_mode 3 "2014-08-06" "1.0.1i" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3 b/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3
index f1eb254..b197662 100644
--- a/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3
+++ b/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CTX_set_session_id_context 3"
-.TH SSL_CTX_set_session_id_context 3 "2014-06-05" "1.0.1h" "OpenSSL"
+.TH SSL_CTX_set_session_id_context 3 "2014-08-06" "1.0.1i" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3 b/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3
index 546b3d3..b03716a 100644
--- a/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3
+++ b/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CTX_set_ssl_version 3"
-.TH SSL_CTX_set_ssl_version 3 "2014-06-05" "1.0.1h" "OpenSSL"
+.TH SSL_CTX_set_ssl_version 3 "2014-08-06" "1.0.1i" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_set_timeout.3 b/secure/lib/libssl/man/SSL_CTX_set_timeout.3
index 24c2253..97cb2a4f 100644
--- a/secure/lib/libssl/man/SSL_CTX_set_timeout.3
+++ b/secure/lib/libssl/man/SSL_CTX_set_timeout.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CTX_set_timeout 3"
-.TH SSL_CTX_set_timeout 3 "2014-06-05" "1.0.1h" "OpenSSL"
+.TH SSL_CTX_set_timeout 3 "2014-08-06" "1.0.1i" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3 b/secure/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3
new file mode 100644
index 0000000..b0d969b3
--- /dev/null
+++ b/secure/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3
@@ -0,0 +1,307 @@
+.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings.  \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
+.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+.    ds -- \(*W-
+.    ds PI pi
+.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
+.    ds L" ""
+.    ds R" ""
+.    ds C` ""
+.    ds C' ""
+'br\}
+.el\{\
+.    ds -- \|\(em\|
+.    ds PI \(*p
+.    ds L" ``
+.    ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el       .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD.  Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+.    de IX
+.    tm Index:\\$1\t\\n%\t"\\$2"
+..
+.    nr % 0
+.    rr F
+.\}
+.el \{\
+.    de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear.  Run.  Save yourself.  No user-serviceable parts.
+.    \" fudge factors for nroff and troff
+.if n \{\
+.    ds #H 0
+.    ds #V .8m
+.    ds #F .3m
+.    ds #[ \f1
+.    ds #] \fP
+.\}
+.if t \{\
+.    ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+.    ds #V .6m
+.    ds #F 0
+.    ds #[ \&
+.    ds #] \&
+.\}
+.    \" simple accents for nroff and troff
+.if n \{\
+.    ds ' \&
+.    ds ` \&
+.    ds ^ \&
+.    ds , \&
+.    ds ~ ~
+.    ds /
+.\}
+.if t \{\
+.    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+.    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+.    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+.    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+.    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+.    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+.    \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+.    \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+.    \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+.    ds : e
+.    ds 8 ss
+.    ds o a
+.    ds d- d\h'-1'\(ga
+.    ds D- D\h'-1'\(hy
+.    ds th \o'bp'
+.    ds Th \o'LP'
+.    ds ae ae
+.    ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "SSL_CTX_set_tlsext_ticket_key_cb 3"
+.TH SSL_CTX_set_tlsext_ticket_key_cb 3 "2014-08-06" "1.0.1i" "OpenSSL"
+.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+SSL_CTX_set_tlsext_ticket_key_cb \- set a callback for session ticket processing
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/tls1.h>
+\&
+\& long SSL_CTX_set_tlsext_ticket_key_cb(SSL_CTX sslctx,
+\&        int (*cb)(SSL *s, unsigned char key_name[16],
+\&                  unsigned char iv[EVP_MAX_IV_LENGTH],
+\&                  EVP_CIPHER_CTX *ctx, HMAC_CTX *hctx, int enc));
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fISSL_CTX_set_tlsext_ticket_key_cb()\fR sets a callback fuction \fIcb\fR for handling 
+session tickets for the ssl context \fIsslctx\fR. Session tickets, defined in 
+\&\s-1RFC5077\s0 provide an enhanced session resumption capability where the server
+implementation is not required to maintain per session state. It only applies
+to \s-1TLS\s0 and there is no SSLv3 implementation.
+.PP
+The callback is available when the OpenSSL library was built without 
+\&\fI\s-1OPENSSL_NO_TLSEXT\s0\fR being defined.
+.PP
+The callback function \fIcb\fR will be called for every client instigated \s-1TLS\s0
+session when session ticket extension is presented in the \s-1TLS\s0 hello
+message. It is the responsibility of this function to create or retrieve the
+cryptographic parameters and to maintain their state.
+.PP
+The OpenSSL library uses your callback function to help implement a common \s-1TLS\s0 
+ticket construction state according to \s-1RFC5077\s0 Section 4 such that per session
+state is unnecessary and a small set of cryptographic variables needs to be 
+maintained by the callback function implementation.
+.PP
+In order to reuse a session, a \s-1TLS\s0 client must send the a session ticket
+extension to the server. The client can only send exactly one session ticket.
+The server, through the callback function, either agrees to reuse the session
+ticket information or it starts a full \s-1TLS\s0 handshake to create a new session
+ticket.
+.PP
+Before the callback function is started \fIctx\fR and \fIhctx\fR have been 
+initialised with EVP_CIPHER_CTX_init and HMAC_CTX_init respectively.
+.PP
+For new sessions tickets, when the client doesn't present a session ticket, or
+an attempted retreival of the ticket failed, or a renew option was indicated,
+the callback function will be called with \fIenc\fR equal to 1. The OpenSSL
+library expects that the function will set an arbitary \fIname\fR, initialize
+\&\fIiv\fR, and set the cipher context \fIctx\fR and the hash context \fIhctx\fR.
+.PP
+The \fIname\fR is 16 characters long and is used as a key identifier.
+.PP
+The \fIiv\fR length is the length of the \s-1IV\s0 of the corresponding cipher. The
+maximum \s-1IV\s0 length is \s-1EVP_MAX_IV_LENGTH\s0 bytes defined in \fBevp.h\fR.
+.PP
+The initialization vector \fIiv\fR should be a random value. The cipher context 
+\&\fIctx\fR should use the initialisation vector \fIiv\fR. The cipher context can be 
+set using EVP_EncryptInit_ex. The hmac context can be set using HMAC_Init_ex.
+.PP
+When the client presents a session ticket, the callback function with be called 
+with \fIenc\fR set to 0 indicating that the \fIcb\fR function should retreive a set
+of parameters. In this case \fIname\fR and \fIiv\fR have already been parsed out of
+the session ticket. The OpenSSL library expects that the \fIname\fR will be used
+to retrieve a cryptographic parameters and that the cryptographic context
+\&\fIctx\fR will be set with the retreived parameters and the initialization vector
+\&\fIiv\fR. using a function like EVP_DecryptInit_ex. The \fIhctx\fR needs to be set
+using HMAC_Init_ex.
+.PP
+If the \fIname\fR is still valid but a renewal of the ticket is required the
+callback function should return 2. The library will call the callback again
+with an arguement of enc equal to 1 to set the new ticket.
+.PP
+The return value of the \fIcb\fR function is used by OpenSSL to determine what
+further processing will occur. The following return values have meaning:
+.IP "2" 4
+.IX Item "2"
+This indicates that the \fIctx\fR and \fIhctx\fR have been set and the session can 
+continue on those parameters. Additionally it indicates that the session
+ticket is in a renewal period and should be replaced. The OpenSSL library will
+call \fIcb\fR again with an enc argument of 1 to set the new ticket (see \s-1RFC5077\s0
+3.3 paragraph 2).
+.IP "1" 4
+.IX Item "1"
+This indicates that the \fIctx\fR and \fIhctx\fR have been set and the session can 
+continue on those parameters.
+.IP "0" 4
+This indicates that it was not possible to set/retrieve a session ticket and 
+the \s-1SSL/TLS\s0 session will continue by by negiotationing a set of cryptographic
+parameters or using the alternate \s-1SSL/TLS\s0 resumption mechanism, session ids.
+.Sp
+If called with enc equal to 0 the library will call the \fIcb\fR again to get
+a new set of parameters.
+.IP "less than 0" 4
+.IX Item "less than 0"
+This indicates an error.
+.SH "NOTES"
+.IX Header "NOTES"
+Session resumption shortcuts the \s-1TLS\s0 so that the client certificate
+negiotation don't occur. It makes up for this by storing client certificate
+an all other negotiated state information encrypted within the ticket. In a
+resumed session the applications will have all this state information available
+exactly as if a full negiotation had occured.
+.PP
+If an attacker can obtain the key used to encrypt a session ticket, they can
+obtain the master secret for any ticket using that key and decrypt any traffic
+using that session: even if the ciphersuite supports forward secrecy. As
+a result applications may wish to use multiple keys and avoid using long term
+keys stored in files.
+.PP
+Applications can use longer keys to maintain a consistent level of security.
+For example if a ciphersuite uses 256 bit ciphers but only a 128 bit ticket key
+the overall security is only 128 bits because breaking the ticket key will
+enable an attacker to obtain the session keys.
+.SH "EXAMPLES"
+.IX Header "EXAMPLES"
+Reference Implemention:
+  SSL_CTX_set_tlsext_ticket_key_cb(\s-1SSL\s0,ssl_tlsext_ticket_key_cb);
+  ....
+.PP
+.Vb 6
+\&  static int ssl_tlsext_ticket_key_cb(SSL *s, unsigned char key_name[16], unsigned char *iv, EVP_CIPHER_CTX *ctx, HMAC_CTX *hctx, int enc)
+\&  {
+\&      if (enc) { /* create new session */
+\&          if (RAND_bytes(iv, EVP_MAX_IV_LENGTH) ) {
+\&              return \-1; /* insufficient random */
+\&          }
+\&  
+\&          key = currentkey(); /* something that you need to implement */
+\&          if ( !key ) {
+\&              /* current key doesn\*(Aqt exist or isn\*(Aqt valid */
+\&              key = createkey(); /* something that you need to implement.
+\&                                   * createkey needs to initialise, a name,
+\&                                   * an aes_key, a hmac_key and optionally
+\&                                   * an expire time. */
+\&              if ( !key ) { /* key couldn\*(Aqt be created */
+\&                  return 0;
+\&              }
+\&          }
+\&          memcpy(key_name, key\->name, 16);
+\&  
+\&          EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key\->aes_key, iv);
+\&          HMAC_Init_ex(&hctx, key\->hmac_key, 16, EVP_sha256(), NULL);
+\&  
+\&          return 1;
+\&  
+\&      } else { /* retrieve session */
+\&          key = findkey(name);
+\&  
+\&          if  (!key || key\->expire < now() ) {
+\&              return 0;
+\&          }
+\&  
+\&          HMAC_Init_ex(&hctx, key\->hmac_key, 16, EVP_sha256(), NULL);
+\&          EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key\->aes_key, iv );
+\&
+\&          if (key\->expire < ( now() \- RENEW_TIME ) ) {
+\&              /* return 2 \- this session will get a new ticket even though the current is still valid */
+\&              return 2;
+\&          }
+\&          return 1;
+\&  
+\&      }
+\&  }
+.Ve
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+returns 0 to indicate the callback function was set.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIssl\fR\|(3), \fISSL_set_session\fR\|(3),
+\&\fISSL_session_reused\fR\|(3),
+\&\fISSL_CTX_add_session\fR\|(3),
+\&\fISSL_CTX_sess_number\fR\|(3),
+\&\fISSL_CTX_sess_set_get_cb\fR\|(3),
+\&\fISSL_CTX_set_session_id_context\fR\|(3),
+.SH "HISTORY"
+.IX Header "HISTORY"
+This function was introduced in OpenSSL 0.9.8h
diff --git a/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 b/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3
index 0886646..4664653 100644
--- a/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3
+++ b/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CTX_set_tmp_dh_callback 3"
-.TH SSL_CTX_set_tmp_dh_callback 3 "2014-06-05" "1.0.1h" "OpenSSL"
+.TH SSL_CTX_set_tmp_dh_callback 3 "2014-08-06" "1.0.1i" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -140,11 +140,9 @@ SSL_CTX_set_tmp_dh_callback, SSL_CTX_set_tmp_dh, SSL_set_tmp_dh_callback, SSL_se
 \&            DH *(*tmp_dh_callback)(SSL *ssl, int is_export, int keylength));
 \& long SSL_CTX_set_tmp_dh(SSL_CTX *ctx, DH *dh);
 \&
-\& void SSL_set_tmp_dh_callback(SSL_CTX *ctx,
+\& void SSL_set_tmp_dh_callback(SSL *ctx,
 \&            DH *(*tmp_dh_callback)(SSL *ssl, int is_export, int keylength));
 \& long SSL_set_tmp_dh(SSL *ssl, DH *dh)
-\&
-\& DH *(*tmp_dh_callback)(SSL *ssl, int is_export, int keylength));
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
@@ -208,7 +206,7 @@ instead (see \fIdhparam\fR\|(1)), but in this case \s-1SSL_OP_SINGLE_DH_USE\s0
 is mandatory.
 .PP
 Application authors may compile in \s-1DH\s0 parameters. Files dh512.pem,
-dh1024.pem, dh2048.pem, and dh4096 in the 'apps' directory of current
+dh1024.pem, dh2048.pem, and dh4096.pem in the 'apps' directory of current
 version of the OpenSSL distribution contain the '\s-1SKIP\s0' \s-1DH\s0 parameters,
 which use safe primes and were generated verifiably pseudo-randomly.
 These files can be converted into C code using the \fB\-C\fR option of the
diff --git a/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3 b/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3
index 52167a9..42189f8 100644
--- a/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3
+++ b/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CTX_set_tmp_rsa_callback 3"
-.TH SSL_CTX_set_tmp_rsa_callback 3 "2014-06-05" "1.0.1h" "OpenSSL"
+.TH SSL_CTX_set_tmp_rsa_callback 3 "2014-08-06" "1.0.1i" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_set_verify.3 b/secure/lib/libssl/man/SSL_CTX_set_verify.3
index 09bc4be..15777e1 100644
--- a/secure/lib/libssl/man/SSL_CTX_set_verify.3
+++ b/secure/lib/libssl/man/SSL_CTX_set_verify.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CTX_set_verify 3"
-.TH SSL_CTX_set_verify 3 "2014-06-05" "1.0.1h" "OpenSSL"
+.TH SSL_CTX_set_verify 3 "2014-08-06" "1.0.1i" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -228,8 +228,8 @@ certificates would not be present, most likely a
 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY will be issued.
 The depth count is \*(L"level 0:peer certificate\*(R", \*(L"level 1: \s-1CA\s0 certificate\*(R",
 \&\*(L"level 2: higher level \s-1CA\s0 certificate\*(R", and so on. Setting the maximum
-depth to 2 allows the levels 0, 1, and 2. The default depth limit is 9,
-allowing for the peer certificate and additional 9 \s-1CA\s0 certificates.
+depth to 2 allows the levels 0, 1, and 2. The default depth limit is 100,
+allowing for the peer certificate and additional 100 \s-1CA\s0 certificates.
 .PP
 The \fBverify_callback\fR function is used to control the behaviour when the
 \&\s-1SSL_VERIFY_PEER\s0 flag is set. It must be supplied by the application and
diff --git a/secure/lib/libssl/man/SSL_CTX_use_certificate.3 b/secure/lib/libssl/man/SSL_CTX_use_certificate.3
index c2348fc..8c56743 100644
--- a/secure/lib/libssl/man/SSL_CTX_use_certificate.3
+++ b/secure/lib/libssl/man/SSL_CTX_use_certificate.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CTX_use_certificate 3"
-.TH SSL_CTX_use_certificate 3 "2014-06-05" "1.0.1h" "OpenSSL"
+.TH SSL_CTX_use_certificate 3 "2014-08-06" "1.0.1i" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_use_psk_identity_hint.3 b/secure/lib/libssl/man/SSL_CTX_use_psk_identity_hint.3
index a5ae5f9..82735f6 100644
--- a/secure/lib/libssl/man/SSL_CTX_use_psk_identity_hint.3
+++ b/secure/lib/libssl/man/SSL_CTX_use_psk_identity_hint.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CTX_use_psk_identity_hint 3"
-.TH SSL_CTX_use_psk_identity_hint 3 "2014-06-05" "1.0.1h" "OpenSSL"
+.TH SSL_CTX_use_psk_identity_hint 3 "2014-08-06" "1.0.1i" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libssl/man/SSL_SESSION_free.3 b/secure/lib/libssl/man/SSL_SESSION_free.3
index a4101e5..5379d25 100644
--- a/secure/lib/libssl/man/SSL_SESSION_free.3
+++ b/secure/lib/libssl/man/SSL_SESSION_free.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_SESSION_free 3"
-.TH SSL_SESSION_free 3 "2014-06-05" "1.0.1h" "OpenSSL"
+.TH SSL_SESSION_free 3 "2014-08-06" "1.0.1i" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3 b/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3
index 31f1749..5732f21 100644
--- a/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3
+++ b/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_SESSION_get_ex_new_index 3"
-.TH SSL_SESSION_get_ex_new_index 3 "2014-06-05" "1.0.1h" "OpenSSL"
+.TH SSL_SESSION_get_ex_new_index 3 "2014-08-06" "1.0.1i" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libssl/man/SSL_SESSION_get_time.3 b/secure/lib/libssl/man/SSL_SESSION_get_time.3
index d42d221..beda3cb 100644
--- a/secure/lib/libssl/man/SSL_SESSION_get_time.3
+++ b/secure/lib/libssl/man/SSL_SESSION_get_time.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_SESSION_get_time 3"
-.TH SSL_SESSION_get_time 3 "2014-06-05" "1.0.1h" "OpenSSL"
+.TH SSL_SESSION_get_time 3 "2014-08-06" "1.0.1i" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libssl/man/SSL_accept.3 b/secure/lib/libssl/man/SSL_accept.3
index 79e5193..c9030e0 100644
--- a/secure/lib/libssl/man/SSL_accept.3
+++ b/secure/lib/libssl/man/SSL_accept.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_accept 3"
-.TH SSL_accept 3 "2014-06-05" "1.0.1h" "OpenSSL"
+.TH SSL_accept 3 "2014-08-06" "1.0.1i" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libssl/man/SSL_alert_type_string.3 b/secure/lib/libssl/man/SSL_alert_type_string.3
index 6383b60..91928a0 100644
--- a/secure/lib/libssl/man/SSL_alert_type_string.3
+++ b/secure/lib/libssl/man/SSL_alert_type_string.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_alert_type_string 3"
-.TH SSL_alert_type_string 3 "2014-06-05" "1.0.1h" "OpenSSL"
+.TH SSL_alert_type_string 3 "2014-08-06" "1.0.1i" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libssl/man/SSL_clear.3 b/secure/lib/libssl/man/SSL_clear.3
index eafd97c..199d248 100644
--- a/secure/lib/libssl/man/SSL_clear.3
+++ b/secure/lib/libssl/man/SSL_clear.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_clear 3"
-.TH SSL_clear 3 "2014-06-05" "1.0.1h" "OpenSSL"
+.TH SSL_clear 3 "2014-08-06" "1.0.1i" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libssl/man/SSL_connect.3 b/secure/lib/libssl/man/SSL_connect.3
index 9703367..72851af 100644
--- a/secure/lib/libssl/man/SSL_connect.3
+++ b/secure/lib/libssl/man/SSL_connect.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_connect 3"
-.TH SSL_connect 3 "2014-06-05" "1.0.1h" "OpenSSL"
+.TH SSL_connect 3 "2014-08-06" "1.0.1i" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libssl/man/SSL_do_handshake.3 b/secure/lib/libssl/man/SSL_do_handshake.3
index a26b6c9..8c53494 100644
--- a/secure/lib/libssl/man/SSL_do_handshake.3
+++ b/secure/lib/libssl/man/SSL_do_handshake.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_do_handshake 3"
-.TH SSL_do_handshake 3 "2014-06-05" "1.0.1h" "OpenSSL"
+.TH SSL_do_handshake 3 "2014-08-06" "1.0.1i" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libssl/man/SSL_free.3 b/secure/lib/libssl/man/SSL_free.3
index 471e7ab..552cf26 100644
--- a/secure/lib/libssl/man/SSL_free.3
+++ b/secure/lib/libssl/man/SSL_free.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_free 3"
-.TH SSL_free 3 "2014-06-05" "1.0.1h" "OpenSSL"
+.TH SSL_free 3 "2014-08-06" "1.0.1i" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libssl/man/SSL_get_SSL_CTX.3 b/secure/lib/libssl/man/SSL_get_SSL_CTX.3
index 4541f4d..d383f6a 100644
--- a/secure/lib/libssl/man/SSL_get_SSL_CTX.3
+++ b/secure/lib/libssl/man/SSL_get_SSL_CTX.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_get_SSL_CTX 3"
-.TH SSL_get_SSL_CTX 3 "2014-06-05" "1.0.1h" "OpenSSL"
+.TH SSL_get_SSL_CTX 3 "2014-08-06" "1.0.1i" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libssl/man/SSL_get_ciphers.3 b/secure/lib/libssl/man/SSL_get_ciphers.3
index 4c5ef08..6c785d4 100644
--- a/secure/lib/libssl/man/SSL_get_ciphers.3
+++ b/secure/lib/libssl/man/SSL_get_ciphers.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_get_ciphers 3"
-.TH SSL_get_ciphers 3 "2014-06-05" "1.0.1h" "OpenSSL"
+.TH SSL_get_ciphers 3 "2014-08-06" "1.0.1i" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libssl/man/SSL_get_client_CA_list.3 b/secure/lib/libssl/man/SSL_get_client_CA_list.3
index e5f9a99..6b83efc 100644
--- a/secure/lib/libssl/man/SSL_get_client_CA_list.3
+++ b/secure/lib/libssl/man/SSL_get_client_CA_list.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_get_client_CA_list 3"
-.TH SSL_get_client_CA_list 3 "2014-06-05" "1.0.1h" "OpenSSL"
+.TH SSL_get_client_CA_list 3 "2014-08-06" "1.0.1i" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libssl/man/SSL_get_current_cipher.3 b/secure/lib/libssl/man/SSL_get_current_cipher.3
index d04f136..3d837a5 100644
--- a/secure/lib/libssl/man/SSL_get_current_cipher.3
+++ b/secure/lib/libssl/man/SSL_get_current_cipher.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_get_current_cipher 3"
-.TH SSL_get_current_cipher 3 "2014-06-05" "1.0.1h" "OpenSSL"
+.TH SSL_get_current_cipher 3 "2014-08-06" "1.0.1i" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libssl/man/SSL_get_default_timeout.3 b/secure/lib/libssl/man/SSL_get_default_timeout.3
index 88ea757..515d81c 100644
--- a/secure/lib/libssl/man/SSL_get_default_timeout.3
+++ b/secure/lib/libssl/man/SSL_get_default_timeout.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_get_default_timeout 3"
-.TH SSL_get_default_timeout 3 "2014-06-05" "1.0.1h" "OpenSSL"
+.TH SSL_get_default_timeout 3 "2014-08-06" "1.0.1i" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libssl/man/SSL_get_error.3 b/secure/lib/libssl/man/SSL_get_error.3
index 760af98..a70f963 100644
--- a/secure/lib/libssl/man/SSL_get_error.3
+++ b/secure/lib/libssl/man/SSL_get_error.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_get_error 3"
-.TH SSL_get_error 3 "2014-06-05" "1.0.1h" "OpenSSL"
+.TH SSL_get_error 3 "2014-08-06" "1.0.1i" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 b/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3
index 71d554c..aa37340 100644
--- a/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3
+++ b/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_get_ex_data_X509_STORE_CTX_idx 3"
-.TH SSL_get_ex_data_X509_STORE_CTX_idx 3 "2014-06-05" "1.0.1h" "OpenSSL"
+.TH SSL_get_ex_data_X509_STORE_CTX_idx 3 "2014-08-06" "1.0.1i" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libssl/man/SSL_get_ex_new_index.3 b/secure/lib/libssl/man/SSL_get_ex_new_index.3
index 05d0625..03f00d5 100644
--- a/secure/lib/libssl/man/SSL_get_ex_new_index.3
+++ b/secure/lib/libssl/man/SSL_get_ex_new_index.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_get_ex_new_index 3"
-.TH SSL_get_ex_new_index 3 "2014-06-05" "1.0.1h" "OpenSSL"
+.TH SSL_get_ex_new_index 3 "2014-08-06" "1.0.1i" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libssl/man/SSL_get_fd.3 b/secure/lib/libssl/man/SSL_get_fd.3
index bcaaa8e..e8c2050 100644
--- a/secure/lib/libssl/man/SSL_get_fd.3
+++ b/secure/lib/libssl/man/SSL_get_fd.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_get_fd 3"
-.TH SSL_get_fd 3 "2014-06-05" "1.0.1h" "OpenSSL"
+.TH SSL_get_fd 3 "2014-08-06" "1.0.1i" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libssl/man/SSL_get_peer_cert_chain.3 b/secure/lib/libssl/man/SSL_get_peer_cert_chain.3
index 0303b84..368f567 100644
--- a/secure/lib/libssl/man/SSL_get_peer_cert_chain.3
+++ b/secure/lib/libssl/man/SSL_get_peer_cert_chain.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_get_peer_cert_chain 3"
-.TH SSL_get_peer_cert_chain 3 "2014-06-05" "1.0.1h" "OpenSSL"
+.TH SSL_get_peer_cert_chain 3 "2014-08-06" "1.0.1i" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libssl/man/SSL_get_peer_certificate.3 b/secure/lib/libssl/man/SSL_get_peer_certificate.3
index 5e9604f..086329e 100644
--- a/secure/lib/libssl/man/SSL_get_peer_certificate.3
+++ b/secure/lib/libssl/man/SSL_get_peer_certificate.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_get_peer_certificate 3"
-.TH SSL_get_peer_certificate 3 "2014-06-05" "1.0.1h" "OpenSSL"
+.TH SSL_get_peer_certificate 3 "2014-08-06" "1.0.1i" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libssl/man/SSL_get_psk_identity.3 b/secure/lib/libssl/man/SSL_get_psk_identity.3
index 11c7d98..fdddcb5 100644
--- a/secure/lib/libssl/man/SSL_get_psk_identity.3
+++ b/secure/lib/libssl/man/SSL_get_psk_identity.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_get_psk_identity 3"
-.TH SSL_get_psk_identity 3 "2014-06-05" "1.0.1h" "OpenSSL"
+.TH SSL_get_psk_identity 3 "2014-08-06" "1.0.1i" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libssl/man/SSL_get_rbio.3 b/secure/lib/libssl/man/SSL_get_rbio.3
index 34f5c88..073f5e4 100644
--- a/secure/lib/libssl/man/SSL_get_rbio.3
+++ b/secure/lib/libssl/man/SSL_get_rbio.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_get_rbio 3"
-.TH SSL_get_rbio 3 "2014-06-05" "1.0.1h" "OpenSSL"
+.TH SSL_get_rbio 3 "2014-08-06" "1.0.1i" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libssl/man/SSL_get_session.3 b/secure/lib/libssl/man/SSL_get_session.3
index b8b14ab..38332de 100644
--- a/secure/lib/libssl/man/SSL_get_session.3
+++ b/secure/lib/libssl/man/SSL_get_session.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_get_session 3"
-.TH SSL_get_session 3 "2014-06-05" "1.0.1h" "OpenSSL"
+.TH SSL_get_session 3 "2014-08-06" "1.0.1i" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libssl/man/SSL_get_verify_result.3 b/secure/lib/libssl/man/SSL_get_verify_result.3
index c31cbe7..51ac504 100644
--- a/secure/lib/libssl/man/SSL_get_verify_result.3
+++ b/secure/lib/libssl/man/SSL_get_verify_result.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_get_verify_result 3"
-.TH SSL_get_verify_result 3 "2014-06-05" "1.0.1h" "OpenSSL"
+.TH SSL_get_verify_result 3 "2014-08-06" "1.0.1i" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libssl/man/SSL_get_version.3 b/secure/lib/libssl/man/SSL_get_version.3
index b0789e4..b0ccef6 100644
--- a/secure/lib/libssl/man/SSL_get_version.3
+++ b/secure/lib/libssl/man/SSL_get_version.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_get_version 3"
-.TH SSL_get_version 3 "2014-06-05" "1.0.1h" "OpenSSL"
+.TH SSL_get_version 3 "2014-08-06" "1.0.1i" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -140,11 +140,11 @@ SSL_get_version \- get the protocol version of a connection.
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISSL_get_cipher_version()\fR returns the name of the protocol used for the
+\&\fISSL_get_version()\fR returns the name of the protocol used for the
 connection \fBssl\fR.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-The following strings can occur:
+The following strings can be returned:
 .IP "SSLv2" 4
 .IX Item "SSLv2"
 The connection uses the SSLv2 protocol.
@@ -153,7 +153,13 @@ The connection uses the SSLv2 protocol.
 The connection uses the SSLv3 protocol.
 .IP "TLSv1" 4
 .IX Item "TLSv1"
-The connection uses the TLSv1 protocol.
+The connection uses the TLSv1.0 protocol.
+.IP "TLSv1.1" 4
+.IX Item "TLSv1.1"
+The connection uses the TLSv1.1 protocol.
+.IP "TLSv1.2" 4
+.IX Item "TLSv1.2"
+The connection uses the TLSv1.2 protocol.
 .IP "unknown" 4
 .IX Item "unknown"
 This indicates that no version has been set (no connection established).
diff --git a/secure/lib/libssl/man/SSL_library_init.3 b/secure/lib/libssl/man/SSL_library_init.3
index 80b04c1..3fa07d1 100644
--- a/secure/lib/libssl/man/SSL_library_init.3
+++ b/secure/lib/libssl/man/SSL_library_init.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_library_init 3"
-.TH SSL_library_init 3 "2014-06-05" "1.0.1h" "OpenSSL"
+.TH SSL_library_init 3 "2014-08-06" "1.0.1i" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libssl/man/SSL_load_client_CA_file.3 b/secure/lib/libssl/man/SSL_load_client_CA_file.3
index 06baac98..aa70809 100644
--- a/secure/lib/libssl/man/SSL_load_client_CA_file.3
+++ b/secure/lib/libssl/man/SSL_load_client_CA_file.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_load_client_CA_file 3"
-.TH SSL_load_client_CA_file 3 "2014-06-05" "1.0.1h" "OpenSSL"
+.TH SSL_load_client_CA_file 3 "2014-08-06" "1.0.1i" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libssl/man/SSL_new.3 b/secure/lib/libssl/man/SSL_new.3
index f3daedd..38fd212 100644
--- a/secure/lib/libssl/man/SSL_new.3
+++ b/secure/lib/libssl/man/SSL_new.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_new 3"
-.TH SSL_new 3 "2014-06-05" "1.0.1h" "OpenSSL"
+.TH SSL_new 3 "2014-08-06" "1.0.1i" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libssl/man/SSL_pending.3 b/secure/lib/libssl/man/SSL_pending.3
index d4bc050..65ad186 100644
--- a/secure/lib/libssl/man/SSL_pending.3
+++ b/secure/lib/libssl/man/SSL_pending.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_pending 3"
-.TH SSL_pending 3 "2014-06-05" "1.0.1h" "OpenSSL"
+.TH SSL_pending 3 "2014-08-06" "1.0.1i" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libssl/man/SSL_read.3 b/secure/lib/libssl/man/SSL_read.3
index 6411d54..cdd8d20 100644
--- a/secure/lib/libssl/man/SSL_read.3
+++ b/secure/lib/libssl/man/SSL_read.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_read 3"
-.TH SSL_read 3 "2014-06-05" "1.0.1h" "OpenSSL"
+.TH SSL_read 3 "2014-08-06" "1.0.1i" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libssl/man/SSL_rstate_string.3 b/secure/lib/libssl/man/SSL_rstate_string.3
index 7235fd4..4c6523e 100644
--- a/secure/lib/libssl/man/SSL_rstate_string.3
+++ b/secure/lib/libssl/man/SSL_rstate_string.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_rstate_string 3"
-.TH SSL_rstate_string 3 "2014-06-05" "1.0.1h" "OpenSSL"
+.TH SSL_rstate_string 3 "2014-08-06" "1.0.1i" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libssl/man/SSL_session_reused.3 b/secure/lib/libssl/man/SSL_session_reused.3
index 8999288..384c4ac 100644
--- a/secure/lib/libssl/man/SSL_session_reused.3
+++ b/secure/lib/libssl/man/SSL_session_reused.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_session_reused 3"
-.TH SSL_session_reused 3 "2014-06-05" "1.0.1h" "OpenSSL"
+.TH SSL_session_reused 3 "2014-08-06" "1.0.1i" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libssl/man/SSL_set_bio.3 b/secure/lib/libssl/man/SSL_set_bio.3
index bc2090c..32b959f 100644
--- a/secure/lib/libssl/man/SSL_set_bio.3
+++ b/secure/lib/libssl/man/SSL_set_bio.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_set_bio 3"
-.TH SSL_set_bio 3 "2014-06-05" "1.0.1h" "OpenSSL"
+.TH SSL_set_bio 3 "2014-08-06" "1.0.1i" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libssl/man/SSL_set_connect_state.3 b/secure/lib/libssl/man/SSL_set_connect_state.3
index 8eb30ec..718ba26 100644
--- a/secure/lib/libssl/man/SSL_set_connect_state.3
+++ b/secure/lib/libssl/man/SSL_set_connect_state.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_set_connect_state 3"
-.TH SSL_set_connect_state 3 "2014-06-05" "1.0.1h" "OpenSSL"
+.TH SSL_set_connect_state 3 "2014-08-06" "1.0.1i" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libssl/man/SSL_set_fd.3 b/secure/lib/libssl/man/SSL_set_fd.3
index 6b2b138..d3e1756 100644
--- a/secure/lib/libssl/man/SSL_set_fd.3
+++ b/secure/lib/libssl/man/SSL_set_fd.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_set_fd 3"
-.TH SSL_set_fd 3 "2014-06-05" "1.0.1h" "OpenSSL"
+.TH SSL_set_fd 3 "2014-08-06" "1.0.1i" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libssl/man/SSL_set_session.3 b/secure/lib/libssl/man/SSL_set_session.3
index 1611fa5..8a8bd10 100644
--- a/secure/lib/libssl/man/SSL_set_session.3
+++ b/secure/lib/libssl/man/SSL_set_session.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_set_session 3"
-.TH SSL_set_session 3 "2014-06-05" "1.0.1h" "OpenSSL"
+.TH SSL_set_session 3 "2014-08-06" "1.0.1i" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libssl/man/SSL_set_shutdown.3 b/secure/lib/libssl/man/SSL_set_shutdown.3
index 9f23b54..fcad1df 100644
--- a/secure/lib/libssl/man/SSL_set_shutdown.3
+++ b/secure/lib/libssl/man/SSL_set_shutdown.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_set_shutdown 3"
-.TH SSL_set_shutdown 3 "2014-06-05" "1.0.1h" "OpenSSL"
+.TH SSL_set_shutdown 3 "2014-08-06" "1.0.1i" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libssl/man/SSL_set_verify_result.3 b/secure/lib/libssl/man/SSL_set_verify_result.3
index b558d4e..fd19c3f 100644
--- a/secure/lib/libssl/man/SSL_set_verify_result.3
+++ b/secure/lib/libssl/man/SSL_set_verify_result.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_set_verify_result 3"
-.TH SSL_set_verify_result 3 "2014-06-05" "1.0.1h" "OpenSSL"
+.TH SSL_set_verify_result 3 "2014-08-06" "1.0.1i" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libssl/man/SSL_shutdown.3 b/secure/lib/libssl/man/SSL_shutdown.3
index dbec86d..e7cb7bd 100644
--- a/secure/lib/libssl/man/SSL_shutdown.3
+++ b/secure/lib/libssl/man/SSL_shutdown.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_shutdown 3"
-.TH SSL_shutdown 3 "2014-06-05" "1.0.1h" "OpenSSL"
+.TH SSL_shutdown 3 "2014-08-06" "1.0.1i" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libssl/man/SSL_state_string.3 b/secure/lib/libssl/man/SSL_state_string.3
index 4bd05ad..2b16a8d 100644
--- a/secure/lib/libssl/man/SSL_state_string.3
+++ b/secure/lib/libssl/man/SSL_state_string.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_state_string 3"
-.TH SSL_state_string 3 "2014-06-05" "1.0.1h" "OpenSSL"
+.TH SSL_state_string 3 "2014-08-06" "1.0.1i" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libssl/man/SSL_want.3 b/secure/lib/libssl/man/SSL_want.3
index cd7dfd2..9350078 100644
--- a/secure/lib/libssl/man/SSL_want.3
+++ b/secure/lib/libssl/man/SSL_want.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_want 3"
-.TH SSL_want 3 "2014-06-05" "1.0.1h" "OpenSSL"
+.TH SSL_want 3 "2014-08-06" "1.0.1i" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libssl/man/SSL_write.3 b/secure/lib/libssl/man/SSL_write.3
index cfaf21a..35ac546 100644
--- a/secure/lib/libssl/man/SSL_write.3
+++ b/secure/lib/libssl/man/SSL_write.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_write 3"
-.TH SSL_write 3 "2014-06-05" "1.0.1h" "OpenSSL"
+.TH SSL_write 3 "2014-08-06" "1.0.1i" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libssl/man/d2i_SSL_SESSION.3 b/secure/lib/libssl/man/d2i_SSL_SESSION.3
index 68eaa3c..2a4b2f6 100644
--- a/secure/lib/libssl/man/d2i_SSL_SESSION.3
+++ b/secure/lib/libssl/man/d2i_SSL_SESSION.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "d2i_SSL_SESSION 3"
-.TH d2i_SSL_SESSION 3 "2014-06-05" "1.0.1h" "OpenSSL"
+.TH d2i_SSL_SESSION 3 "2014-08-06" "1.0.1i" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -175,6 +175,16 @@ known limit on the size of the created \s-1ASN1\s0 representation, so the necess
 amount of space should be obtained by first calling \fIi2d_SSL_SESSION()\fR with
 \&\fBpp=NULL\fR, and obtain the size needed, then allocate the memory and
 call \fIi2d_SSL_SESSION()\fR again.
+Note that this will advance the value contained in \fB*pp\fR so it is necessary
+to save a copy of the original allocation.
+For example:
+ int i,j;
+ char *p, *temp;
+ i = i2d_SSL_SESSION(sess, \s-1NULL\s0);
+ p = temp = malloc(i);
+ j = i2d_SSL_SESSION(sess, &temp);
+ assert(i == j);
+ assert(p+i == temp);
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
 \&\fId2i_SSL_SESSION()\fR returns a pointer to the newly allocated \s-1SSL_SESSION\s0
diff --git a/secure/lib/libssl/man/ssl.3 b/secure/lib/libssl/man/ssl.3
index 623022f..c5f83ae 100644
--- a/secure/lib/libssl/man/ssl.3
+++ b/secure/lib/libssl/man/ssl.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "ssl 3"
-.TH ssl 3 "2014-06-05" "1.0.1h" "OpenSSL"
+.TH ssl 3 "2014-08-06" "1.0.1i" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l