Add revelant new X509V3 extensions.

Add OIDs.

Fix ASN1 memory leak code to pop info if external allocation used.

Add -nopad option to enc command.

Update docs.

<t-matsuu@protein.osaka-u.ac.jp>

Doesn't handle SSL URLs yet.

gets rid of gcc warnings.

well (and is a good demonstration of how encapsulating the SSL in a
memory-based state machine can make it easier to apply to different
situations).

The change implements a new command-line switch "-flipped <0|1>" which, if
set to 1, reverses the usual interpretation of a client and server for SSL
tunneling. Normally, an ssl client (ie. "-server 0") accepts "cleartext"
connections and conducts SSL/TLS over a proxied connection acting as an SSL
client. Likewise, an ssl server (ie. "-server 1") accepts connections and
conducts SSL/TLS (as an SSL server) over them and passes "cleartext" over
the proxied connection. With "-flipped 1", an SSL client (specified with
"-server 0") in fact accepts SSL connections and proxies clear, whereas an
SSL server ("-server 1") accepts clear and proxies SSL. NB: most of this
diff is command-line handling, the actual meat of the change is simply the
line or two that plugs "clean" and "dirty" file descr...

options someone much longer working with OpenSSL/SSLeay is needed.

file http://www.nrca-ds.de/ftp/pkd.ttp, which contains a total of 288
certificates issued by the RegPT so far)

(similar to how arguments such as -inform/-outform specifications
are treated)

Fix CRL printing to correctly show when there are no revoked certificates.

Make ca.c correctly initialize the revocation date.

Make ASN1_UTCTIME_set_string() and ASN1_GENERALIZEDTIME_set_string() set the
string type: so they can initialize ASN1_TIME structures properly.

the clients choice; in SSLv2 the client uses the server's preferences.

Fix warning in apps/engine.c

Remove definitions of deleted functions.

Add missing definition of X509_VAL.

and ASN1 code.

Denis Beauchemin <Denis.Beauchemin@Courrier.USherb.ca>)

OCSP responses.

Documentation to follow...

Urgh.. this conflicted with the -VAfile patch I hope I haven't
broken it.

inversed.  Corrected.  Hopefully, this will make it work without
dumping core.

client code certificates to use to only check response signatures.
I'm not entirely sure if the way I just implemented the verification
is the right way to do it, and would be happy if someone would like to
review this.