be shared by several applications.

to support multiple calls.

New function to retrieve email address from certificates and
requests.

like Malloc, Realloc and especially Free conflict with already existing names
on some operating systems or other packages.  That is reason enough to change
the names of the OpenSSL memory allocation macros to something that has a
better chance of being unique, like prepending them with OPENSSL_.

This change includes all the name changes needed throughout all C files.

when PEM_read_bio_X509_REQ fails.

0.9.5a should not break anything that works in 0.9.5.

where the new functions are mentioned.

-Wmissing-prototypes -Wmissing-declarations -Wnested-externs -Winline''.

serial numbers.

represent everything by OIDs.

more utilities.

either and has a static and dynamic mix.

yet.

Add a function X509_STORE_CTX_purpose_inherit() which implements the logic
of "inheriting" purpose and trust from a parent structure and using a default:
this will be used in the SSL code and possibly future S/MIME.

Partial documentation of the 'verify' utility. Still need to document how all
the extension checking works and the various error messages.

in a table. Doesn't do too much yet.

Make the -<digestname> options in 'x509' affect all relevant
options.

Change the name of the 'notrust' options to 'reject' as this
causes less confusion and is a better description of the
effect.

A few constification changes.

Extend the X509_PURPOSE structure to include shortnames for purposed and default
trust ids.

Still need some extendable trust checking code and integration with the SSL and
S/MIME code.

New universal public key format.

Fix CRL+cert load problem in by_file.c

Make verify report errors when loading files or dirs

plain not working :-(

Also fix some memory leaks in the new X509_NAME code.

Fix so new app_rand code doesn't crash 'x509' and move #include so it compiles
under Win32.

certificate: currently this includes trust settings
and a "friendly name".

some utilities that should have used RANDFILE did not,
and -rand handling was broken except in genrsa.

Submitted by: Lennart Bång, Bodo Möller

ultimately lead to certificate chain verification. It is
VERY EXPERIMENTAL at present though.

on the command line for various utilities.

and to lots of PEM_... functions.
Submitted by: Damien Miller <dmiller@ilogic.com.au>

signers parameters. Changed it to never omit parameters.

doesn't have a default value like the "-config" options of other
openssl subprograms.

Submitted by:
Reviewed by:
PR:

addition to RSA certificates) to match the behaviour of `openssl dsa -noout
-modulus' as it's already the case for `openssl rsa -noout -modulus'.  For RSA
the -modulus is the real "modulus" while for DSA currently the public key is
printed (a decision which was already done by `openssl dsa -modulus' in the
past) which serves a similar purpose.  Additionally the NO_RSA no longer
completely removes the whole -modulus option; it now only avoids using the RSA
stuff. Same applies to NO_DSA now, too.

openssl.cnf for the new syntax.

the main library, but only with printing at present. To see this try:
openssl x509 -in cert.pem -text
on a certificate with some extensions in it.