Add support for settable verify time in X509_verify_cert().

Document rsautl utility.

The old code was painfully primitive and couldn't handle
distinct certificates using the same subject name.

The new code performs several tests on a candidate issuer
certificate based on certificate extensions.

It also adds several callbacks to X509_VERIFY_CTX so its
behaviour can be customised.

Unfortunately some hackery was needed to persuade X509_STORE
to tolerate this. This should go away when X509_STORE is
replaced, sometime...

This must have broken something though :-(

Add new option to PKCS7_sign to exclude S/MIME capabilities.

If some other thread deletes the BIO that one thread needs for
BIO_write, then there's a lot of trouble anyway; there's
nothing special about calling the callback.

symbols for debugging are defined.

Add DER public key routines.

Add -passin argument to 'ca' utility.

Document sign and verify options to dgst.

Returning -1 for an attempt to read from an empty buffer is empty is
not an error that should be signalled via the error queue, it's a
'retry read' condition and is signalled as such.

confusing to people whose diff doesn't implement it.

Fix bug in read only memory BIOs so BIO_reset() works.

Add sign and verify options to dgst utility, need
to update docs.

message).

indefinite length encoding.

This allows intermediate CAs to be created more easily.

PKCS12_create() now checks private key matches certificate.

Fix typo in x509 app.

Update docs.

New function ASN1_STRING_to_UTF8() converts any ASN1_STRING
type to UTF8.

Fix ASN1_INTEGER_to_BN properly this time...

Fixes to d2i_ASN1_OBJECT, ASN1_INTEGER_to_BN and a_strex.c

initialize ex_pathlen to -1 so it isn't checked if pathlen
is not present.

set ucert to NULL in apps/pkcs12.c otherwise it gets freed
twice.

remove extraneous '\r' in MIME encoder.

Allow a NULL to be passed to X509_gmtime_adj()


Make PKCS#7 code use definite length encoding rather then
the indefinite stuff it used previously.