Previously, the returned SSL_SESSION didn't have its reference count
incremented so the SSL_SESSION could be freed at any time causing
seg-faults if the pointer was subsequently used. Code that uses
SSL_get_session must now make a corresponding SSL_SESSION_free() call when
it is done to avoid memory leaks (or blocked up session caches).

Submitted By: Geoff Thorpe <geoff@eu.c2.net>

Fix to stop null being added to attributes.
Modify X509_LOOKUP, X509_INFO to handle auxiliary info.

add documentation for 'enc'.

Merge some common functionality in the apps, delete
the encryption option in the pkcs7 utility (they never
did anything) and add a couple more options to pkcs7.

pages.

of the openssl utility commands...

plain not working :-(

Also fix some memory leaks in the new X509_NAME code.

Fix so new app_rand code doesn't crash 'x509' and move #include so it compiles
under Win32.

certificate: currently this includes trust settings
and a "friendly name".

problem was that one of the replacement routines had not been working since
SSLeay releases.  For now the offending routine has been replaced with
non-optimised assembler.  Even so, this now gives around 95% performance
improvement for 1024 bit RSA signs.

Add a bunch of functions to simplify the creation of X509_NAME structures.

Change the X509_NAME_entry_add stuff in req/ca so it no longer uses
X509_NAME_entry_count(): passing -1 has the same effect.

don't try to detect fork()s by looking at getpid().
The reason is that threads sharing the same memory can have different
PIDs; it's inefficient to run RAND_seed each time a different thread
calls RAND_bytes.

some utilities that should have used RANDFILE did not,
and -rand handling was broken except in genrsa.

this will be used to clear up the horrible DN mess.

tolerated in certificates.

ultimately lead to certificate chain verification. It is
VERY EXPERIMENTAL at present though.

Fix a bug in the X509_get_d2i() functions which didn't check if crit was NULL.

platforms. See crypto/rc4/rc4_enc.c for further details.

explicitly. Previously it couldn't be changed because it was hard coded as
"server.pem".

new DSA public key functions that were missing.

Also beginning of a cache for X509_EXTENSION structures: this will allow them
to be accessed more quickly for things like certificate chain verification...

Fix for d2i_ASN1_bytes and stop PKCS#7 routines crashing is signed message
contains no certificates.

Also fix typo in RANLIB changes.

an improvement on not working at all.

and verify rather than direct encrypt/decrypt.

OpenSSL is compiled with NO_RSA, no RSA operations can be used: including
key generation storage and display of RSA keys. Since these operations are
not covered by the RSA patent (my understanding is it only covers encrypt,
decrypt, sign and verify) they can be included: this is an often requested
feature, attempts to use the patented operations return an error code.

This is enabled by setting RSA_NULL. This means that if a particular application
has its own legal US RSA implementation then it can use that instead by setting
it as the default RSA method.

Still experimental and needs some fiddling of the other libraries so they have
some options that don't attempt to use RSA if it isn't allowed.

It's still totally untested ...