Submitted by: Oliver Martin <oliver@volatilevoid.net>
Reviewed by: steve@openssl.org

Support GeneralizedTime in ca utility.

PR: 1831
Submitted by: Damien Miller

and avoid MD5 dependency.

ancient SSLeay format.

minimum requirement for committed code. Added to debug-steve* config targets
for now.

(specifically, "experimental-jpake").

Submitted by: Sander Temme

Submitted by: Jouni Malinen <j@w1.fi>
Approved by: steve@openssl.org

Ticket override support for EAP-FAST.

and should avoid any OS date limitations such as the year 2038 bug.

enable disabled ciphersuites.

Also, fix CHANGES (consistency with stable branch).

Submitted by: Nagendra Modadugu

Also, "CHANGES" clean-ups.

a delta CRL in addition to a full CRL. Check and search delta in addition to
the base.

Tidy CRL scoring system.

Add new CRL path validation error.

and CRL signing keys.

Delete X509_POLICY_REF code.

Fix handling of invalid policy extensions to return the correct error.

Add command line option to inhibit policy mappings.

TODO: robustness checking on name forms.

deprecate the original (numeric-only) scheme, and replace with the
CRYPTO_THREADID object. This hides the platform-specifics and should reduce
the possibility for programming errors (where failing to explicitly check
both thread ID forms could create subtle, platform-specific bugs).

Thanks to Bodo, for invaluable review and feedback.

Allow inibit any policy flag to be set in apps.