Log Message:
Update to 3.4.1. From the changelog:

The shared library major version of libtls has been bumped to 22.

tls_connect(3) and friends now strip a trailing dot from servername.

This patch imports the missing scripts/wrap-compiler-for-flag-check
file, which was incorrectly causing compiler flags to not be used.

From the upstream LibreSSL changelog:

* New Features
  - Added support for OpenSSL 1.1.1 TLSv1.3 APIs.
  - Enabled the new X.509 validator to allow verification of
    modern certificate chains.
* Portable Improvements
  - Added Universal Windows Platform (UWP) build support.
  - Fixed mingw-w64 builds on newer versions with missing SSP support.
* API and Documentation Enhancements
  - Added the following APIs from OpenSSL
    BN_bn2binpad BN_bn2lebinpad BN_lebin2bn EC_GROUP_get_curve
    EC_GROUP_order_bits EC_GROUP_set_curve
    EC_POINT_get_affine_coordinates
    EC_POINT_set_affine_coordinates
    EC_POINT_set_compressed_coordinates EVP_DigestSign
    EVP_DigestVerify SSL_CIPHER_find SSL_CTX_get0_privatekey
    SSL_CTX_get_max_early_data SSL_CTX_get_ssl_method
    SSL_CTX_set_ciphersuites SSL_CTX_set_max_early_data
    SSL_CTX_set_post_handshake_auth SSL_SESSION_get0_cipher
    SSL_SESSION_get_max_early_data SSL_SESSION_is_resumable
    SSL_SESSION_set_max_early_data SSL_get_early_data_status
    SSL_get_max_early_data SSL_read_early_data SSL_set0_rbio
    SSL_set_ciphersuites SSL_set_max_early_data
    SSL_set_post_handshake_auth
    SSL_set_psk_use_session_callback
    SSL_verify_client_post_handshake SSL_write_early_data
  - Added AES-GCM constants from RFC 7714 for SRTP.
* Compatibility Changes
  - Implement flushing for TLSv1.3 handshakes behavior, needed for Apache.
  - Call the info callback on connect/accept exit in TLSv1.3,
    needed for p5-Net-SSLeay.
  - Default to using named curve parameter encoding from
    pre-OpenSSL 1.1.0, adding OPENSSL_EC_EXPLICIT_CURVE.
  - Do not ignore SSL_TLSEXT_ERR_FATAL from the ALPN callback.
* Testing and Proactive Security
  - Added additional state machine test coverage.
  - Improved integration test support with ruby/openssl tests.
  - Error codes and callback support in new X.509 validator made
    compatible with p5-Net_SSLeay tests.
* Internal Improvements
  - Numerous fixes and improvements to the new X.509 validator to
    ensure compatible error codes and callback support compatible
    with the legacy OpenSSL validator.