tests.  This was required to not get mysterious errors when they
wouldn't quite want to work.

the OpenSSL commands x50 and req work better on a EBCDIC system.

New option to verify program to print out diagnostics.

return type (on platforms where time_t is a 32 bit value).

New function ASN1_UTCTIME_cmp_time_t as a replacement
for use in apps/x509.c.

Add support for settable verify time in X509_verify_cert().

Document rsautl utility.

The old code was painfully primitive and couldn't handle
distinct certificates using the same subject name.

The new code performs several tests on a candidate issuer
certificate based on certificate extensions.

It also adds several callbacks to X509_VERIFY_CTX so its
behaviour can be customised.

Unfortunately some hackery was needed to persuade X509_STORE
to tolerate this. This should go away when X509_STORE is
replaced, sometime...

This must have broken something though :-(

Add new option to PKCS7_sign to exclude S/MIME capabilities.

symbols for debugging are defined.

Add DER public key routines.

Add -passin argument to 'ca' utility.

Document sign and verify options to dgst.

Fix bug in read only memory BIOs so BIO_reset() works.

Add sign and verify options to dgst utility, need
to update docs.

This allows intermediate CAs to be created more easily.

PKCS12_create() now checks private key matches certificate.

Fix typo in x509 app.

Update docs.

New function ASN1_STRING_to_UTF8() converts any ASN1_STRING
type to UTF8.

initialize ex_pathlen to -1 so it isn't checked if pathlen
is not present.

set ucert to NULL in apps/pkcs12.c otherwise it gets freed
twice.

remove extraneous '\r' in MIME encoder.

Allow a NULL to be passed to X509_gmtime_adj()


Make PKCS#7 code use definite length encoding rather then
the indefinite stuff it used previously.

MD4 implemented.  Assar Westerlund provided the digest code itself and the test utility, I added the bits to get a EVP interface, the command line utility and the speed test

building complete chains, are gone.

building a complete chain.  Now added through the -CAfile and -CApath
arguments.

These have been created by a SHA.1 based procedure, see
http://www.skip-vpn.org/spec/numbers.html.
(These values are taken from that document, I have not
implemented the prime generator.)

environment variable OPENSSL_DEBUG_MEMORY (existence is sufficient).  At the
same time, it makes sure that CRYPTO_malloc_debug_init() gets expanded some-
where and thereby tested for compilation.

Document the new DN printing options.

Change a few names to be more meaningful.

Fix typos in CA.pl docs.

New ASN1_STRING_print_ex() and X509_NAME_print_ex()
functions. These are intended to be replacements
for the ancient ASN1_STRING_print() and X509_NAME_print()
functions.

The new functions support RFC2253 and various pretty
printing options. It is also possible to display
international characters if the terminal properly handles
UTF8 encoding (Linux seems to tolerate this if the
"unicode_start" script is run).

Still needs to be documented, integrated into other
utilities and extensively tested.

'openssl asn1parse'.  As a side effect, the functions ASN1_parse_dump
and BIO_dump_indent are added.

Make req seed the PRNG if signing with
an already existing DSA key.

Document the new smime options.

call the i2c/c2i (they were not using the
content length for the headers).

Fix ASN1 long form tag encoding. This never
worked but it was never tested since it is
only used for tags > 30.

New options to smime program to allow the
PKCS#7 format to be specified and the content
supplied externally.

could be done automagically, much like the numbering in libeay.num and
ssleay.num.  The solution works as follows:

  - New object identifiers are inserted in objects.txt, following the
    syntax given in objects.README.
  - objects.pl is used to process obj_mac.num and create a new
    obj_mac.h.
  - obj_dat.pl is used to create a new obj_dat.h, using the data in
    obj_mac.h.

This is currently kind of a hack, and the perl code in objects.pl
isn't very elegant, but it works as I intended.  The simplest way to
check that it worked correctly is to look in obj_dat.h and check the
array nid_objs and make sure the objects haven't moved around (this is
important!).  Additions are OK, as well as consistent name changes.

The message to everyone is "Do not hack OpenSSL when stressed"...

EGD should be used as seeding input, and where the named socket is.

(Still needs to be tested against the original using sample passwords
of different length.)