Initial OCSP certificate verify. Not complete,
it just supports a "trusted OCSP global root CA".

This allows keeping extensions in a separate configuration file.

Submitted by: Massimiliano Pala <madwolf@comune.modena.it>

* Correct some prototypes and macros with respect to "const"ness.

* Add the extra macros and examples due to the lh_doall[_arg] modifications
  made recently. The existing example is also reworked for consistency.

* Rewrite, tweak, and supplement bits of the existing comments that seemed
  (IMHO) to be a little convoluted and misleading.

* Add a NOTE section that explains the use of macros and avoiding function
  casts (ie. generate a wrapper as with the macros, or prototype any
  callback functions exactly to not require casting). Also, explain the
  "const" approach taken in LHASH for the purposes of API comprehensibility
  and also application code auditing.

non null terminated passwords.

Preliminary ocsp utility documentation.

Fix ocsp usage message.

New OCSP utility. This can generate, parse and print
OCSP requests. It can also query reponders and parse or
print out responses.

Still needs some more work: OCSP response checks and
of course documentation.

Problem reported by "Wolfgang Marczy" <WMarczy@topcall.co.at>
in a message to openssl-dev (19 Dec 2000 13:40:51 +0100).

commands.

Submitted by: Massimiliano Pala <madwolf@comune.modena.it>

invalid format in OCSP request signatures.

Add spaces to OCSP HTTP header.

Change X509_NAME_set() there's no reason
why it should return an error if the
destination points to NULL... though it
should if the destination is NULL.

Move ex_data.c entry from "NEEDS PATCH" to "OPEN ISSUES".

Submitted by: Damien Miller <djm@mindrot.org>

OCSP basic response verify. Very incomplete
but will verify the signatures on a response
and locate the signers certifcate.

Still needs to implement a proper OCSP certificate
verify.

Fix warning in RAND_egd().

allocation callbacks so that it is no longer visible to applications
that these live at a different call level than conventional memory
allocation callbacks.

Makefile.  (The default is never actually used though because
the top Makefile passes its value of PERL down to sub-Makefiles.)

"make tests"

- 0.9.6a is under development
- a couple of illegal includes of <openssl/e_os.h> should be purged
- ex_data sucks

entries are still current or what they are about:

    o  non-blocking socket on AIX
    o  $(PERL) in */Makefile.ssl

So I'll remove them for now.

Add '-d' option for 'openssl version' (included in '-a').

that they match the function definitions (namely, remove file/line
parameters from free_func).

handling routines that need file name and line number information,
I've added a call level to our memory handling routines to allow that
kind of hooking.

unicode strings. Certain PKCS#12 files contain these
in BMPStrings and it used to crash on them.

didn't even give a warning for this yet HPUX cc considered it an error.
Reported by Lutz(@openssl.org).

only queried when the /dev/[u]random devices did not return enough
entropy. Only the amount of entropy missing to reach the required minimum
is queried, as EGD may be drained.
Queried locations are: /etc/entropy, /var/run/egd-pool

on details. :-)

correctly, but RAND_add(..,n) counts the increasing n several times.
Only RAND_add(..,n) once entropy collection is finished.

"doall" functions to using type-safe wrappers. As and where required, this
can be replaced by redeclaring the underlying callbacks to use the
underlying "void"-based prototypes (eg. if performance suffers from an
extra level of function invocation).