Never use des_set_key (it depends on the global variable des_check_key),
but usually des_set_key_unchecked.
Only destest.c bothered to look at the return values of des_set_key,
but it did not set des_check_key -- if it had done so,
most checks would have failed because of wrong parity and
because of weak keys.

either and has a static and dynamic mix.

SSL_CTX and SSL, functions to set them and defaults if no values set.

trust settings of the root CA.

After a few fixes it seems to work OK.

Still need to add support to SSL and S/MIME code though.

in a table. Doesn't do too much yet.

Make the -<digestname> options in 'x509' affect all relevant
options.

Change the name of the 'notrust' options to 'reject' as this
causes less confusion and is a better description of the
effect.

A few constification changes.

Extend the X509_PURPOSE structure to include shortnames for purposed and default
trust ids.

Still need some extendable trust checking code and integration with the SSL and
S/MIME code.

at present. However nothing enables it yet so this doesn't
matter :-)

Fix so EVP_PKEY_rset_*() check return codes.

New universal public key format.

Fix CRL+cert load problem in by_file.c

Make verify report errors when loading files or dirs

Remove rc4-64 from ciphers since it doesn't exist...

Previously, the returned SSL_SESSION didn't have its reference count
incremented so the SSL_SESSION could be freed at any time causing
seg-faults if the pointer was subsequently used. Code that uses
SSL_get_session must now make a corresponding SSL_SESSION_free() call when
it is done to avoid memory leaks (or blocked up session caches).

Submitted By: Geoff Thorpe <geoff@eu.c2.net>

Fix to stop null being added to attributes.
Modify X509_LOOKUP, X509_INFO to handle auxiliary info.

add documentation for 'enc'.

Merge some common functionality in the apps, delete
the encryption option in the pkcs7 utility (they never
did anything) and add a couple more options to pkcs7.

pages.

of the openssl utility commands...

plain not working :-(

Also fix some memory leaks in the new X509_NAME code.

Fix so new app_rand code doesn't crash 'x509' and move #include so it compiles
under Win32.

certificate: currently this includes trust settings
and a "friendly name".

problem was that one of the replacement routines had not been working since
SSLeay releases.  For now the offending routine has been replaced with
non-optimised assembler.  Even so, this now gives around 95% performance
improvement for 1024 bit RSA signs.

Add a bunch of functions to simplify the creation of X509_NAME structures.

Change the X509_NAME_entry_add stuff in req/ca so it no longer uses
X509_NAME_entry_count(): passing -1 has the same effect.

don't try to detect fork()s by looking at getpid().
The reason is that threads sharing the same memory can have different
PIDs; it's inefficient to run RAND_seed each time a different thread
calls RAND_bytes.

some utilities that should have used RANDFILE did not,
and -rand handling was broken except in genrsa.

this will be used to clear up the horrible DN mess.

tolerated in certificates.

ultimately lead to certificate chain verification. It is
VERY EXPERIMENTAL at present though.

Fix a bug in the X509_get_d2i() functions which didn't check if crit was NULL.