PR: 287

I've covered all the memset()s I felt safe modifying, but may have missed some.

apps.h.  For those, it's better to include apps.h after the system
headers where those symbols may be defined, since there's otherwise a
chance that the C compiler will barf when it sees something that looks
like this after expansion:

int VMS_strcasecmp((str1),(str2))(const char *, const char *);

PR: 184

Make -nameopt work in req and add support for -reqopt

functionality in the programs that had that before.
Part fo PR 164

PR: 147

differently.
Unixware 2 needs to link with libresolv.
PR: 148

Submitted by: Goetz Babin-Ebell <babinebell@trustcenter.de>
PR: 89

this wasn't checked and could possibly be exploitable (slim chance, but still)

Fix dsaparam usage output.

Submitted by: Nils Larsch

Fix the Win32_rename() function so it correctly
returns an error code. Use the same code in Win9X
and NT.

Fix some ca.c options so they work under Win32:
unlink/rename wont work under Win32 unless the file
is closed.

CONF_modules_unload() now calls CONF_modules_finish()
automatically.

Default use of section openssl_conf moved to
CONF_modules_load()

Load config file in several openssl utilities.

Most utilities now load modules from the config file,
though in a few (such as version) this isn't done
because it couldn't be used for anything.

In the case of ca and req the config file used is
the same as the utility itself: that is the -config
command line option can be used to specify an
alternative file.

* make openssl rsa work with -engine chil
* misc changes, including debug-linux-ppro Configure target
  and FORMAT_NETSCAPE-aware load_{,pub}key()

This completes the application of his changes.

released.

instead.  This also makes it possible for users to simply give said
shareable library as argument for the -engine option.

New macros SSL[_CTX]_set_msg_callback_arg().

Message callback imlementation for SSL 3.0/TLS 1.0 (no SSL 2.0 yet).

New '-msg' option for 'openssl s_client' and 'openssl s_server'
that enable a message callback that displays all protocol messages.


In ssl3_get_client_hello (ssl/s3_srvr.c), generate a fatal alert if
client_version is smaller than the protocol version in use.
Also change ssl23_get_client_hello (ssl/s23_srvr.c) to select TLS 1.0
if the client demanded SSL 3.0 but only TLS 1.0 is enabled; then the
client will at least see that alert.

Fix SSL[_CTX]_ctrl prototype (void * instead of char * for generic
pointer).

Add/update some OpenSSL copyright notices.

algorithms present in all loaded ENGINEs. The result is that if any of
those ENGINEs successfully initialises, and the ENGINE_TABLE_FLAG_NOINIT
flag isn't set, then they will always be used (and cached as defaults) in
preference to software implementations. Ie. accidental auto-detection of
acceleration hardware :-)

This change stops all implementations being automatically registered in
"openssl" sub-commands, so that the "setup_engine()" handler in apps.c
controls which ENGINEs are registered for use. A special case has been
added that will revert to this "auto-detect" logic, ie. if the "-engine"
switch is used as;
   -engine auto

crypto/engine/README for details.

Make -passin -passout etc work again.

Fix leak in ca.c when using -passin.

Modify apps to use NCONF code instead of old CONF code.

Add new extension functions which work with NCONF.

Tidy up extension config routines and remove redundant code.

Fix NCONF_get_number().

Todo: more testing of apps to see they still work...

password callbak doesn't need to check for sizes any more.

prompting, even when done through the callback.

everywhere.

string (some engines may have certificates protected by a PIN!) and
a description to put into error messages.

Also, have our own password callback that we can send both a password
and some prompt info to.  The default password callback in EVP assumes
that the passed parameter is a password, which isn't always the right
thing, and the ENGINE code (at least the nCipher one) makes other
assumptions...

Also, in spite of having the functions to load keys, some utilities
did the loading all by themselves...  That's changed too.

Add default values for display by the 'ca' utility
to openssl.cnf

Update docs.

Overhaul the display of certificate details in
the 'ca' utility. This can now be extensively
customised in the configuration file and handles
multibyte strings and extensions properly.

This is required when extensions copying from
certificate requests is supported: the user
must be able to view the extensions before
allowing a certificate to be issued.

Document the -certopt option to the x509 utility.

Add no_issuer option.

Fix X509_print_ex() so it prints out newlines when
certain fields are omitted.

make strcasecmp a macro to _stricmp.

strings.h according to X/Open.

missed any.

This compiles and runs on Linux, and external applications have no
problems with it.  The definite test will be to build this on VMS.