form '#if defined(...) || defined(...) || ...' and '#if !defined(...)
&& !defined(...) && ...'.  This also avoids the growing number of
special cases it was previously handling (some of them wrongly).

Mention BN_[pseudo_]rand with top=-1 in CHANGES.

sure they are available in opensslconf.h, by giving them names starting
with "OPENSSL_" to avoid conflicts with other packages and by making
sure e_os2.h will cover all platform-specific cases together with
opensslconf.h.

I've checked fairly well that nothing breaks with this (apart from
external software that will adapt if they have used something like
NO_KRB5), but I can't guarantee it completely, so a review of this
change would be a good thing.

Remove the old broken bio read of serial numbers in the 'ca' index
file. This would choke if a revoked certificate was specified with
a negative serial number.

Fix typo in uid.c

Add revelant new X509V3 extensions.

Add OIDs.

Fix ASN1 memory leak code to pop info if external allocation used.

Add -nopad option to enc command.

Update docs.

Doesn't handle SSL URLs yet.

Fix CRL printing to correctly show when there are no revoked certificates.

Make ca.c correctly initialize the revocation date.

Make ASN1_UTCTIME_set_string() and ASN1_GENERALIZEDTIME_set_string() set the
string type: so they can initialize ASN1_TIME structures properly.

the clients choice; in SSLv2 the client uses the server's preferences.

and ASN1 code.

OCSP responses.

Documentation to follow...

Urgh.. this conflicted with the -VAfile patch I hope I haven't
broken it.

client code certificates to use to only check response signatures.
I'm not entirely sure if the way I just implemented the verification
is the right way to do it, and would be happy if someone would like to
review this.

Bleichenbacher's DSA attack.  With this implementation, the expected
number of iterations never exceeds 2.

New semantics for BN_rand_range():
BN_rand_range(r, min, range) now generates r such that
     min <= r < min+range.
(Previously, BN_rand_range(r, min, max) generated r such that
     min <= r < max.
It is more convenient to have the range; also the previous
prototype was misleading because max was larger than
the actual maximum.)

Fix AES code.

Update Rijndael source to v3.0

Add AES OIDs.

Change most references of Rijndael to AES.

Add new draft AES ciphersuites.

request to response.

Various OCSP responder utility functions.

Delete obsolete OCSP functions.

Largely untested at present...

certificates.

One is a valid CA which has no basicConstraints
but does have certSign keyUsage.

Other is S/MIME signer with nonRepudiation but
no digitalSignature.

ciphersuites.

Fix PKCS7 and PKCS12 memory leaks.

Initialise encapsulated content type properly.