diff --git a/ChangeLog b/ChangeLog
index ffdb5c410..57592b410 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -14,6 +14,20 @@ Security
      on untrusted input or write keys of untrusted origin. Found by Guido
      Vranken, Interlworks.
 
+Bugfix
+   * Fix bug causing some handshakes to fail due to some non-fatal alerts not
+     begin properly ignored. Found by mancha and Kasom Koht-arsa, #308
+   * Fix build error with configurations where ECDHE-PSK is the only key
+     exchange. Found and fix provided by Chris Hammond. #270
+   * Fix failures in MPI on Sparc(64) due to use of bad assembly code.
+     Found by Kurt Danielson. #292
+   * Fix typo in name of the extKeyUsage OID. Found by inestlerode, #314
+   * Fix bug in ASN.1 encoding of booleans that caused generated CA
+     certificates to be rejected by some applications, including OS X
+     Keychain. Found and fixed by Jonathan Leroy, Inikup.
+   * Fix "Destination buffer is too small" error in cert_write program.
+     Found and fixed by Jonathan Leroy, Inikup.
+
 = mbed TLS 1.3.14 released 2015-10-06
 
 Security
diff --git a/include/polarssl/bn_mul.h b/include/polarssl/bn_mul.h
index b2eb1e8c7..55b94a74d 100644
--- a/include/polarssl/bn_mul.h
+++ b/include/polarssl/bn_mul.h
@@ -409,10 +409,11 @@
 #endif /* PPC32 */
 
 /*
- * The Sparc64 assembly is reported to be broken.
+ * The Sparc(64) assembly is reported to be broken.
  * Disable it for now, until we're able to fix it.
  */
-#if 0 && defined(__sparc__) && defined(__sparc64__)
+#if 0 && defined(__sparc__)
+#if defined(__sparc64__)
 
 #define MULADDC_INIT                                    \
     asm(                                                \
@@ -443,9 +444,8 @@
         : "g1", "o0", "o1", "o2", "o3", "o4",   \
           "o5"                                  \
         );
-#endif /* SPARCv9 */
 
-#if defined(__sparc__) && !defined(__sparc64__)
+#else /* __sparc64__ */
 
 #define MULADDC_INIT                                    \
     asm(                                                \
@@ -477,7 +477,8 @@
           "o5"                                  \
         );
 
-#endif /* SPARCv8 */
+#endif /* __sparc64__ */
+#endif /* __sparc__ */
 
 #if defined(__microblaze__) || defined(microblaze)
 
diff --git a/include/polarssl/ssl_ciphersuites.h b/include/polarssl/ssl_ciphersuites.h
index 1fcf4c70d..f0519ca36 100644
--- a/include/polarssl/ssl_ciphersuites.h
+++ b/include/polarssl/ssl_ciphersuites.h
@@ -252,7 +252,6 @@ typedef enum {
     defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED)    || \
     defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)  || \
     defined(POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED)      || \
-    defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED)    || \
     defined(POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED)     || \
     defined(POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
 #define POLARSSL_KEY_EXCHANGE__WITH_CERT__ENABLED
diff --git a/library/asn1write.c b/library/asn1write.c
index 87e130e52..6a7c9d35e 100644
--- a/library/asn1write.c
+++ b/library/asn1write.c
@@ -192,7 +192,7 @@ int asn1_write_bool( unsigned char **p, unsigned char *start, int boolean )
     if( *p - start < 1 )
         return( POLARSSL_ERR_ASN1_BUF_TOO_SMALL );
 
-    *--(*p) = (boolean) ? 1 : 0;
+    *--(*p) = (boolean) ? 255 : 0;
     len++;
 
     ASN1_CHK_ADD( len, asn1_write_len( p, start, len ) );
diff --git a/library/oid.c b/library/oid.c
index b616d7ea9..682b84541 100644
--- a/library/oid.c
+++ b/library/oid.c
@@ -268,7 +268,7 @@ static const oid_x509_ext_t oid_x509_ext[] =
         EXT_KEY_USAGE,
     },
     {
-        { ADD_LEN( OID_EXTENDED_KEY_USAGE ),   "id-ce-keyUsage",           "Extended Key Usage" },
+        { ADD_LEN( OID_EXTENDED_KEY_USAGE ),   "id-ce-extKeyUsage",        "Extended Key Usage" },
         EXT_EXTENDED_KEY_USAGE,
     },
     {
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 82d038059..d9eb0a995 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -2220,6 +2220,7 @@ int ssl_read_record( ssl_context *ssl )
     /*
      * Read the record header and validate it
      */
+read_record_header:
     if( ( ret = ssl_fetch_input( ssl, 5 ) ) != 0 )
     {
         SSL_DEBUG_RET( 1, "ssl_fetch_input", ret );
@@ -2417,7 +2418,7 @@ int ssl_read_record( ssl_context *ssl )
                        ssl->in_msg[0], ssl->in_msg[1] ) );
 
         /*
-         * Ignore non-fatal alerts, except close_notify
+         * Ignore non-fatal alerts, except close_notify and no_renego
          */
         if( ssl->in_msg[0] == SSL_ALERT_LEVEL_FATAL )
         {
@@ -2432,6 +2433,29 @@ int ssl_read_record( ssl_context *ssl )
             SSL_DEBUG_MSG( 2, ( "is a close notify message" ) );
             return( POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY );
         }
+
+        if( ssl->in_msg[0] == SSL_ALERT_LEVEL_WARNING &&
+            ssl->in_msg[1] == SSL_ALERT_MSG_NO_RENEGOTIATION )
+        {
+            SSL_DEBUG_MSG( 2, ( "is a no_renegotiation" ) );
+            /* Will be handled when trying to parse ServerHello */
+            ssl->in_left = 0;
+            return( 0 );
+        }
+
+        if( ssl->minor_ver == SSL_MINOR_VERSION_0 &&
+            ssl->endpoint == SSL_IS_SERVER &&
+            ssl->in_msg[0] == SSL_ALERT_LEVEL_WARNING &&
+            ssl->in_msg[1] == SSL_ALERT_MSG_NO_CERT )
+        {
+            SSL_DEBUG_MSG( 2, ( "is a SSLv3 no_cert" ) );
+            /* Will be handled in ssl_parse_certificate() */
+            ssl->in_left = 0;
+            return( 0 );
+        }
+
+        /* Silently discard: fetch new message */
+        goto read_record_header;
     }
 
     ssl->in_left = 0;
diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c
index 5010193d2..57cb6c7c0 100644
--- a/programs/x509/cert_write.c
+++ b/programs/x509/cert_write.c
@@ -190,11 +190,11 @@ int main( int argc, char *argv[] )
     pk_context *issuer_key = &loaded_issuer_key,
                 *subject_key = &loaded_subject_key;
     char buf[1024];
-    char issuer_name[128];
+    char issuer_name[256];
     int i;
     char *p, *q, *r;
 #if defined(POLARSSL_X509_CSR_PARSE_C)
-    char subject_name[128];
+    char subject_name[256];
     x509_csr csr;
 #endif
     x509write_cert crt;
diff --git a/tests/data_files/server1.key_usage.crt b/tests/data_files/server1.key_usage.crt
index 8a4c480c8..8f4e59f2d 100644
--- a/tests/data_files/server1.key_usage.crt
+++ b/tests/data_files/server1.key_usage.crt
@@ -10,11 +10,11 @@ CrFTxjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1lLGTr
 lZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsupk9w
 bp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQAB
 o10wWzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQfdNY/KcF0dEU7BRIsPai9Q1kCpjAf
-BgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zAOBgNVHQ8BAQEEBAMCAeAw
-DQYJKoZIhvcNAQEFBQADggEBAFd3JxNC2rEz94ProSZcv8NNk3e3Dhfms84qjkCM
-YhLyZCZywZ2cj3bXThNGVND81UNgqyzk/MEGfKh5d0EHD8v97H7Zvs/EN814d0UC
-/BZWlXqX9XInjxlI3baJrRWvsJJdRxMqub9LGBdhgZAtF1BVF9fk2QrV0GW6VN7a
-dGYdRYO80yf+vf5g41A0DIi3dhdLF1H7UPDwfUwkF5QckXw0yqueszcmxvCAnxng
-AUKoFS971WWCjCo8lMzOXOjeAwmibihT9XBabVzN1w3gOfSBbpHFi770bWgbKPWu
-csFKtvrXGtLVQeKkfI1lIMWWeddvkMWWBIqFrkBBLLOI4+A=
+BgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zAOBgNVHQ8BAf8EBAMCAeAw
+DQYJKoZIhvcNAQEFBQADggEBABKC/1x0m57EY4H412ue3ghCWgg07VcRKamnUSTs
+tnqI5T0mSvuPrxhINdQB6360ibctBkXP3S9rxGHiUdeK/JqxYs2YamCs50TSWpon
+p4Hzcmjsw1YgXsQ6pmYwkzU03zqs361gt7JSOzL2dN0IjwIy47qfLQb/AXhX2Ims
+7gBuqVpYqJuSHR0qsN/c6WgIE3IrbK1MB6CJTkxBfcSc5E4oUIBHmww+RSVLOczM
+nGk3U13dmfG0ndhMtrMyyxBZZSUwoZLjRZ6J5mHSv+k8oo1PYQeiivNEP53mgVaY
+ha0gLUIk6zNBRpY1uUmxQ+RQSMIyYPBb1RedHn2s8El2mlo=
 -----END CERTIFICATE-----