and should avoid any OS date limitations such as the year 2038 bug.

keygen API: make sure that 'pkey_type' is actually visible to MAIN().

been processed. This allows any ENGINE changing operations to be processed
first (for example a config file).

Use cross reference table in ASN1_item_sign(), ASN1_item_verify() to eliminate
the need for algorithm specific code.

    	./configure no-deprecated [no-dsa] [no-dh] [no-ec] [no-rsa]
    	make depend all test
work again

PR: 1159

- hide the EC_KEY structure definition in ec_lcl.c + add
  some functions to use/access the EC_KEY fields
- change the way how method specific data (ecdsa/ecdh) is
  attached to a EC_KEY
- add ECDSA_sign_ex and ECDSA_do_sign_ex functions with
  additional parameters for pre-computed values
- rebuild libeay.num from 0.9.7

be loaded instead of giving the misleading:

"unable to find 'distinguised_name' in config"

error message.

proposed the change and submitted the patch, I jiggled it slightly and
adjusted the other parts of openssl that were affected.

PR: 867
Submitted by: Jelte Jansen
Reviewed by: Geoff Thorpe

initial serial numbers.

PR: 842

Use BUF_strlcat() instead of strcat().
Use BIO_snprintf() instead of sprintf().
In some cases, keep better track of buffer lengths.
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>

rationale behind the move is that it's use by several applications.
The rationale behind the name change is that it describes what the
function does a bit better.

to 'openssl req' and 'openssl ca'.

PR: 779
Submitted by: Michael Bell <michael.bell@cms.hu-berlin.de>
Reviewed by: Richard Levitte

(there will be some follow-up changes)

Max req -x509 use V1 if extensions section absent.

callback structure just before it is needed.

and links with OPENSSL_NO_DEPRECATED defined.

PR: 287

where it fails in ASN1_TIME_set().

Edit asn1.h so the new error code is the same in 0.9.7
and 0.9.8, rebuild new error codes.

Clear error queue in req.c if *_min or *_max is absent.

PR: 420

being built with it defined - it is not a symbol to affect how openssl
itself builds, but to alter the way openssl headers can be used from an API
point of view. The "deprecated" function wrappers will always remain inside
OpenSSL at least as long as they're still being used internally. :-)

The exception is dsaparam which has been updated to the BN_GENCB-based
functions to test the new functionality. If GENCB_TEST is defined, dsaparam
will support a "-timebomb <n>" switch to cancel parameter-generation if it
gets as far as 'n' seconds without completion.

exit() in whatever way works for the intended platform, and define
OPENSSL_EXIT() to have the old meaning (the name is of course because
it's only used in the openssl program)

initial value.  For errline/errorline, we did depend on that, erroneously

recognized instead of using RSA as a default.