in a table. Doesn't do too much yet.

Make the -<digestname> options in 'x509' affect all relevant
options.

Change the name of the 'notrust' options to 'reject' as this
causes less confusion and is a better description of the
effect.

A few constification changes.

Extend the X509_PURPOSE structure to include shortnames for purposed and default
trust ids.

Still need some extendable trust checking code and integration with the SSL and
S/MIME code.

at present. However nothing enables it yet so this doesn't
matter :-)

Fix so EVP_PKEY_rset_*() check return codes.

New universal public key format.

Fix CRL+cert load problem in by_file.c

Make verify report errors when loading files or dirs

Remove rc4-64 from ciphers since it doesn't exist...

Fix to stop null being added to attributes.
Modify X509_LOOKUP, X509_INFO to handle auxiliary info.

The info removal code was overcomplicated, and error-prone (references being wrongly decreased).  Fixed.

  1. Added code to the memory leak detecting code to give the user the
     possibility to add information, thereby forming a traceback.

  2. Make the memory leak detecting code multithread-safe.

The idea is that we're actually dealing with two separate critical
sections, one containing the hash tables with the information, the
other containing the current memory checking mode.  Those should not
be handled with the same lock, especially since their handling overlap.
Hence, the added second lock.

Some crypto applications are now being built on Unix, so they should on VMS as well.  Not by default, however.

works on Unix and MS-DOS/Windows.  It does not under VMS, so open it
as text.

Update docs, change 'ca' to use the new callback parameter. Now moved key_callback
into app.c because some other utilities will use it soon.

plain not working :-(

Also fix some memory leaks in the new X509_NAME code.

Fix so new app_rand code doesn't crash 'x509' and move #include so it compiles
under Win32.

certificate: currently this includes trust settings
and a "friendly name".

problem was that one of the replacement routines had not been working since
SSLeay releases.  For now the offending routine has been replaced with
non-optimised assembler.  Even so, this now gives around 95% performance
improvement for 1024 bit RSA signs.

Add a bunch of functions to simplify the creation of X509_NAME structures.

Change the X509_NAME_entry_add stuff in req/ca so it no longer uses
X509_NAME_entry_count(): passing -1 has the same effect.

don't try to detect fork()s by looking at getpid().
The reason is that threads sharing the same memory can have different
PIDs; it's inefficient to run RAND_seed each time a different thread
calls RAND_bytes.

some utilities that should have used RANDFILE did not,
and -rand handling was broken except in genrsa.

when X509_LOOKUP_load_file or X509_LOOKUP_add_dir failed.

Submitted by: Lennart Bång, Bodo Möller

(needed for RSAREF builds)

Functions to get keys from EVP_PKEY structures.