* Correct some prototypes and macros with respect to "const"ness.

* Add the extra macros and examples due to the lh_doall[_arg] modifications
  made recently. The existing example is also reworked for consistency.

* Rewrite, tweak, and supplement bits of the existing comments that seemed
  (IMHO) to be a little convoluted and misleading.

* Add a NOTE section that explains the use of macros and avoiding function
  casts (ie. generate a wrapper as with the macros, or prototype any
  callback functions exactly to not require casting). Also, explain the
  "const" approach taken in LHASH for the purposes of API comprehensibility
  and also application code auditing.

non null terminated passwords.

Preliminary ocsp utility documentation.

Fix ocsp usage message.

New OCSP utility. This can generate, parse and print
OCSP requests. It can also query reponders and parse or
print out responses.

Still needs some more work: OCSP response checks and
of course documentation.

Problem reported by "Wolfgang Marczy" <WMarczy@topcall.co.at>
in a message to openssl-dev (19 Dec 2000 13:40:51 +0100).

commands.

Submitted by: Massimiliano Pala <madwolf@comune.modena.it>

invalid format in OCSP request signatures.

Add spaces to OCSP HTTP header.

Change X509_NAME_set() there's no reason
why it should return an error if the
destination points to NULL... though it
should if the destination is NULL.

Move ex_data.c entry from "NEEDS PATCH" to "OPEN ISSUES".

Submitted by: Damien Miller <djm@mindrot.org>

OCSP basic response verify. Very incomplete
but will verify the signatures on a response
and locate the signers certifcate.

Still needs to implement a proper OCSP certificate
verify.

Fix warning in RAND_egd().

allocation callbacks so that it is no longer visible to applications
that these live at a different call level than conventional memory
allocation callbacks.

Makefile.  (The default is never actually used though because
the top Makefile passes its value of PERL down to sub-Makefiles.)

"make tests"

- 0.9.6a is under development
- a couple of illegal includes of <openssl/e_os.h> should be purged
- ex_data sucks

entries are still current or what they are about:

    o  non-blocking socket on AIX
    o  $(PERL) in */Makefile.ssl

So I'll remove them for now.

Add '-d' option for 'openssl version' (included in '-a').

that they match the function definitions (namely, remove file/line
parameters from free_func).

handling routines that need file name and line number information,
I've added a call level to our memory handling routines to allow that
kind of hooking.

unicode strings. Certain PKCS#12 files contain these
in BMPStrings and it used to crash on them.

didn't even give a warning for this yet HPUX cc considered it an error.
Reported by Lutz(@openssl.org).

only queried when the /dev/[u]random devices did not return enough
entropy. Only the amount of entropy missing to reach the required minimum
is queried, as EGD may be drained.
Queried locations are: /etc/entropy, /var/run/egd-pool

on details. :-)

correctly, but RAND_add(..,n) counts the increasing n several times.
Only RAND_add(..,n) once entropy collection is finished.

"doall" functions to using type-safe wrappers. As and where required, this
can be replaced by redeclaring the underlying callbacks to use the
underlying "void"-based prototypes (eg. if performance suffers from an
extra level of function invocation).

to LHASH usage. NB: The callback type used as been suctioned off into
crypto.h as CRYPTO_MEM_LEAK_CB to improve clarity.

around the callbacks required in the LHASH code for the "doall" functions.

Also - fix the evil function pointer casting in the two lh_doall functions
by deferring to a static utility function. Previously lh_doall() was
invoking lh_doall_arg() by casting the callback to the 2-parameter
prototype and passing in a NULL argument. This appears to have been working
thus far but it's not a hot idea. If the extra level of indirection becomes
a performance hit, we can just provide two virtually identical
implementations for each variant later on.

LHASH code, this evil was uncovered. The cast was obscuring the fact that
the function was prototyped to take 2 parameters when in fact it is being
used as a callback that should take only one. Anyway, the function itself
ignores the second parameter (thankfully). A proper cure is on the way but
for now this corrects the inconsistency.

build system...