sign.

for a few BIO routines.
Submitted by Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>

Submitted by NAKAJI Hiroyuki <nakaji@tutrp.tut.ac.jp>

behaviour that SSL_read may result in SSL_ERROR_WANT_READ.

the OpenSSL commands x50 and req work better on a EBCDIC system.

Update PKCS12_parse().

Make the keyid in certificate aux info more usable.

Fix doc example, and fix BIO_find_type().

Fix PKCS7_verify(). It was using 'i' for both the
loop variable and the verify return value.

process when some symbols are missing.  Instead, all needed info is
saved in the .num files, including what conditions are needed for a
specific symbol to exist.

This was needed for the work I'm doing with shared libraries under
VMS.

Add support for settable verify time in X509_verify_cert().

Document rsautl utility.

The old code was painfully primitive and couldn't handle
distinct certificates using the same subject name.

The new code performs several tests on a candidate issuer
certificate based on certificate extensions.

It also adds several callbacks to X509_VERIFY_CTX so its
behaviour can be customised.

Unfortunately some hackery was needed to persuade X509_STORE
to tolerate this. This should go away when X509_STORE is
replaced, sometime...

This must have broken something though :-(

Add new option to PKCS7_sign to exclude S/MIME capabilities.

symbols for debugging are defined.

Add DER public key routines.

Add -passin argument to 'ca' utility.

Document sign and verify options to dgst.

Fix bug in read only memory BIOs so BIO_reset() works.

Add sign and verify options to dgst utility, need
to update docs.

Fixes to d2i_ASN1_OBJECT, ASN1_INTEGER_to_BN and a_strex.c

initialize ex_pathlen to -1 so it isn't checked if pathlen
is not present.

set ucert to NULL in apps/pkcs12.c otherwise it gets freed
twice.

remove extraneous '\r' in MIME encoder.

Allow a NULL to be passed to X509_gmtime_adj()


Make PKCS#7 code use definite length encoding rather then
the indefinite stuff it used previously.

found myself needing it a number of times, the latter for completeness.

MD4 implemented.  Assar Westerlund provided the digest code itself and the test utility, I added the bits to get a EVP interface, the command line utility and the speed test

building a complete chain.  Now added through the -CAfile and -CApath
arguments.

Add warning print out if duplicate names found:
should end up as a fatal error but a warning for
now until they problems are fixed...

Fix warnings with BIO_dump_indent().

test was never triggered due to an off-by-one error.

In s23_clnt.c, don't use special rollback-attack detection padding
(RSA_SSLV23_PADDING) if SSL 2.0 is the only protocol enabled in the
client; similarly, in s23_srvr.c, don't do the rollback check if
SSL 2.0 is the only protocol enabled in the server.

New ASN1_STRING_print_ex() and X509_NAME_print_ex()
functions. These are intended to be replacements
for the ancient ASN1_STRING_print() and X509_NAME_print()
functions.

The new functions support RFC2253 and various pretty
printing options. It is also possible to display
international characters if the terminal properly handles
UTF8 encoding (Linux seems to tolerate this if the
"unicode_start" script is run).

Still needs to be documented, integrated into other
utilities and extensively tested.

'openssl asn1parse'.  As a side effect, the functions ASN1_parse_dump
and BIO_dump_indent are added.

ASN1_TIME fixes.

New function c2i_ASN1_OBJECT().