Add an ASN1 FAQ because I'm sick of answering it :-)

necessarely ours.

New option to verify program to print out diagnostics.

Update PKCS12_parse().

Make the keyid in certificate aux info more usable.

Fix doc example, and fix BIO_find_type().

Fix PKCS7_verify(). It was using 'i' for both the
loop variable and the verify return value.

Add docs for BIO_find_type() and friends.

Added function BIO_next() otherwise you can't
traverse a chain without accessing BIO internals.

process when some symbols are missing.  Instead, all needed info is
saved in the .num files, including what conditions are needed for a
specific symbol to exist.

This was needed for the work I'm doing with shared libraries under
VMS.

centralise those hacks in crypto/symhacks.h and use it everywhere it's
needed.

handle an externally provided "static" buffer as well a a dynamic
buffer.  The "static" buffer is filled first, but if overflowed, the
dynamic buffer is used instead, being allocated somewhere i the heap.

This combines the benefits of putting the output in a preallocated
buffer (on the stack, for example) and in a buffer that grows
somewhere in the heap.

Hmmm I didn't realise BIO_pop() did that:
isn't source wonderful?

(the middle string describes the architecture).

return type (on platforms where time_t is a 32 bit value).

New function ASN1_UTCTIME_cmp_time_t as a replacement
for use in apps/x509.c.

http://www.rsasecurity.com/news/pr/000906-1.html (September 6, 2000):
"RSA Security Releases RSA Encryption Algorithm into Public Domain"

add some whitespace for 'if ()', 'for ()', 'while ()' to distinguish
keywords from function names, and finally remove parens around return
values (why be stingy with whitespace but fill the source code
with an abundance of parentheses that are not needed to structure
expressions for readability?).

usually get a space between keyword and opening paranthesis
so that they don't look like function calls, where no space is
used.

configuration only worked with no-asm.

Add support for settable verify time in X509_verify_cert().

Document rsautl utility.

The old code was painfully primitive and couldn't handle
distinct certificates using the same subject name.

The new code performs several tests on a candidate issuer
certificate based on certificate extensions.

It also adds several callbacks to X509_VERIFY_CTX so its
behaviour can be customised.

Unfortunately some hackery was needed to persuade X509_STORE
to tolerate this. This should go away when X509_STORE is
replaced, sometime...

This must have broken something though :-(

Add new option to PKCS7_sign to exclude S/MIME capabilities.