• LibreSSL 3.5.0 has removed access to internal data
  structures: Use X509_get0_tbs_sigalg() and
  OCSP_SINGLERESP_get0_id() like in OpenSSL 1.1. Also use
  RSA_get0... with RSA_get_key_parameters(). Thanks to
  Alexander Bluhm.
  
• Expose SSL_CTX_get_min_proto_version(),
  SSL_CTX_get_max_proto_version(), SSL_get_min_proto_version()
  and SSL_get_max_proto_version() with LibresSSL 3.4.0 and
  later. Thanks to Alexander Bluhm.
  
• Update tests 07_sslecho.t and 44_sess.t to work around
  failures seen on Windows with Perls earlier than 5.20. For
  the details, see GH-356 and look for CloseHandle() in Perl
  5.20.0 changelog. Thanks to GitHub user twata1 for the
  report and additional help.
  
• Alexander's recent work with RSA_get_key_parameters(),
  allows to make it available with all OpenSSL versions. It
  was already available with versions earlier than 1.1.0.
  
• Expose BN_dup(), BN_clear(), BN_clear_free() and BN_free().
  
• Use PTR2IV instead of direct cast to IV to fix compilation
  warning with SSLeay.xs internal function bn2sv().
  
• Expose X509_CRL_get0_lastUpdate(),
  X509_CRL_get0_nextUpdate(), X509_CRL_set1_lastUpdate() and
  X509_CRL_set1_nextUpdate() that became available with
  OpenSSL 1.1.0 and LibreSSL 2.7.0. These, and the respective
  deprecated get/set aliases, are available with all OpenSSL
  and LibreSSL versions. Fixes part of RT#124371.
  
• Note in documentation that the X509_CRL_get* functions
  return a pointer to time structure that should be considered
  read-only.
  
• Use ASN1_STRING_get0_data() instead of ASN1_STRING_data() to
  avoid compile time deprecation warnings. Partly fixes
  RT#124371.
  
• Add the following constants from Current OpenSSL master branch:
  
  • SSL_ASYNC_PAUSED
    
  • SSL_ASYNC_NO_JOBS
    
  • SSL_CLIENT_HELLO_CB
    
  • SSL_ERROR_WANT_ASYNC
    
  • SSL_ERROR_WANT_ASYNC_JOB
    
  • SSL_ERROR_WANT_CLIENT_HELLO_CB
    
  • SSL_ERROR_WANT_RETRY_VERIFY
    
  • SSL_MODE_ASYNC
    
  • SSL_MODE_NO_AUTO_CHAIN
    
  • SSL_OP_ALLOW_CLIENT_RENEGOTIATION
    
  • SSL_OP_CLEANSE_PLAINTEXT
    
  • SSL_OP_DISABLE_TLSEXT_CA_NAMES
    
  • SSL_OP_ENABLE_KTLS
    
  • SSL_OP_IGNORE_UNEXPECTED_EOF
    
  • SSL_OP_NO_EXTENDED_MASTER_SECRET
    
  • SSL_RETRY_VERIFY
    
  • SSL_SESS_CACHE_UPDATE_TIME
    
  • X509_TRUST_DEFAULT
    
  • X509_V_ERR_AUTHORITY_KEY_IDENTIFIER_CRITICAL
    
  • X509_V_ERR_CA_BCONS_NOT_CRITICAL
    
  • X509_V_ERR_CA_CERT_MISSING_KEY_USAGE
    
  • X509_V_ERR_EC_KEY_EXPLICIT_PARAMS
    
  • X509_V_ERR_EMPTY_SUBJECT_ALT_NAME
    
  • X509_V_ERR_EMPTY_SUBJECT_SAN_NOT_CRITICAL
    
  • X509_V_ERR_EXTENSIONS_REQUIRE_VERSION_3
    
  • X509_V_ERR_ISSUER_NAME_EMPTY
    
  • X509_V_ERR_KU_KEY_CERT_SIGN_INVALID_FOR_NON_CA
    
  • X509_V_ERR_MISSING_AUTHORITY_KEY_IDENTIFIER
    
  • X509_V_ERR_MISSING_SUBJECT_KEY_IDENTIFIER
    
  • X509_V_ERR_NO_ISSUER_PUBLIC_KEY
    
  • X509_V_ERR_PATHLEN_INVALID_FOR_NON_CA
    
  • X509_V_ERR_PATHLEN_WITHOUT_KU_KEY_CERT_SIGN
    
  • X509_V_ERR_SIGNATURE_ALGORITHM_INCONSISTENCY
    
  • X509_V_ERR_SIGNATURE_ALGORITHM_MISMATCH
    
  • X509_V_ERR_SUBJECT_KEY_IDENTIFIER_CRITICAL
    
  • X509_V_ERR_SUBJECT_NAME_EMPTY
    
  • X509_V_ERR_UNSUPPORTED_SIGNATURE_ALGORITHM
    
• Expose X509_get0_notBefore(), X509_getm_notBefore()
  X509_get0_nextAfter() and X509_getm_nextAfter() that became
  available with OpenSSL 1.1.0 and LibreSSL 2.7.0. These, and
  the deprecated _get functions, are available, as aliases
  when needed, with all OpenSSL and LibreSSL versions. Fixes
  GH-367.
  
• Only export the TLSv1*_method() functions when support for the respective TLS
  version is available in the underlying libssl library. This allows
  Net::SSLeay to be built against libssl libraries that were compiled without
  support for old TLS versions.