- Make note of the expected extension for the shared libraries and
    if there is a need for symbolic links from for example libcrypto.so.0
    to libcrypto.so.0.9.7.  There is extended info in Configure for
    that.

  - Make as few rebuilds of the shared libraries as possible.

  - Still avoid linking the OpenSSL programs with the shared libraries.

  - When installing, install the shared libraries separately from the
    static ones.

Add support for X509_NAME_print_ex() in req.

Initial code for cutomizable X509 print routines.

Only use the new informational verify codes if we
specifically ask for them.

Fix typo in docs.

record-oriented fashion.  That means that every write() will write a
separate record, which will be read separately by the programs trying
to read from it.  This can be very confusing.

The solution is to put a BIO filter in the way that will buffer text
until a linefeed is reached, and then write everything a line at a
time, so every record written will be an actual line, not chunks of
lines and not (usually doesn't happen, but I've seen it once) several
lines in one record.  Voila, BIO_f_linebuffer() is born.

Since we're so close to release time, I'm making this VMS-only for
now, just to make sure no code is needlessly broken by this.  After
the release, this BIO method will be enabled on all other platforms as
well.

BN_mod_mul_montgomery, which calls bn_sqr_recursive
without much preparation.

bn_sqr_recursive requires the length of its argument to be
a power of 2, which is not always the case here.
There's no reason for not using BN_sqr -- if a simpler
approach to squaring made sense, then why not change
BN_sqr?  (Using BN_sqr should also speed up DH where g is chosen
such that it becomes small [e.g., 2] when converted
to Montgomery representation.)

Case closed :-)

make disabled code slightly more correct (this does not solve
the problem though).

(it's similar to the shutdown(..., SHUT_WR) system call
for sockets).

sign.

for a few BIO routines.
Submitted by Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>

Submitted by NAKAJI Hiroyuki <nakaji@tutrp.tut.ac.jp>

behaviour that SSL_read may result in SSL_ERROR_WANT_READ.

the OpenSSL commands x50 and req work better on a EBCDIC system.

Update PKCS12_parse().

Make the keyid in certificate aux info more usable.

Fix doc example, and fix BIO_find_type().

Fix PKCS7_verify(). It was using 'i' for both the
loop variable and the verify return value.

process when some symbols are missing.  Instead, all needed info is
saved in the .num files, including what conditions are needed for a
specific symbol to exist.

This was needed for the work I'm doing with shared libraries under
VMS.

Add support for settable verify time in X509_verify_cert().

Document rsautl utility.

The old code was painfully primitive and couldn't handle
distinct certificates using the same subject name.

The new code performs several tests on a candidate issuer
certificate based on certificate extensions.

It also adds several callbacks to X509_VERIFY_CTX so its
behaviour can be customised.

Unfortunately some hackery was needed to persuade X509_STORE
to tolerate this. This should go away when X509_STORE is
replaced, sometime...

This must have broken something though :-(

Add new option to PKCS7_sign to exclude S/MIME capabilities.

symbols for debugging are defined.

Add DER public key routines.

Add -passin argument to 'ca' utility.

Document sign and verify options to dgst.