add various X509V3_CTX helper functions and support for LHASH as the config
database.

when they cause the destination to expand.

To see how evil this is try this:

#include <pem.h>
main()
{
	BIGNUM *bn = NULL;
        int i;
	bn = BN_new();
	BN_hex2bn(&bn, "FFFFFFFF");
	BN_add_word(bn, 1);
	printf("Value %s\n", BN_bn2hex(bn));
}

This would typically fail before the patch.

It also screws up if you comment out the BN_hex2bn line above or in any
situation where BN_add_word() causes the number of BN_ULONGs in the result
to change (try doubling the number of FFs).

generator to typesafe stacks.

files associated with them. This stuff is all obsoleted by the new X509V3 code.

Submitted by:
Reviewed by:
PR:

specified in <certfile> by updating the entry in the index.txt file.
This way one no longer has to edit the index.txt file manually for
revoking a certificate. The -revoke option does the gory details now.

Submitted by: Massimiliano Pala <madwolf@openca.org>
Cleaned up and integrated by: Ralf S. Engelschall

option at all and this way the `-noout -text' combination was inconsistent in
`openssl crl' with the friends in `openssl x509|rsa|dsa'.

X509_V_ERR_CERT_REVOKED/23 error number which can occur when a
verify callback function determined that a certificate was revoked.

Submitted by:
Reviewed by:
PR:

have checked SSL_pending() first.
Submitted by:
Reviewed by:
PR:

Slight cleanup in ssl/

integration.

them to the build environment.

objects to objects.h

NOTE: during this integration it will not be possible to compile my PKCS#12
program against OpenSSL because there will be conflicts between the external
functionality and that being added to the core code.

include an 'indent' option to V3 stuff.

OAEP isn't supported when OpenSSL is built with RSAref.

Submitted by: Ulf Moeller <ulf@fitug.de>
Reviewed by: Ralf S. Engelschall

so they no longer are missing under -DNOPROTO.

Submitted by: Soren S. Jorvang <soren@t.dk>
Reviewed by: Ralf S. Engelschall

test/test.txt and crypto/sha/asm/f.s; changed permission on "config" script to
be executable) and a fix for the INSTALL document.

Submitted by: Ulf Moeller <ulf@fitug.de>
Reviewed by: Ralf S. Engelschall

NULL ciphers specifically have to be enabled with e.g. "DEFAULT:eNULL". This
prevents cipher lists from inadvertantly having NULL ciphers at the top
of their list (e.g. the default ones) because they didn't have to be taken
into account before.

in addition to `perl util/perlpath.pl /path/to/bin', because this way one can
also use an interpreter named `perl5' (which is usually the name of Perl 5.xxx
on platforms where an Perl 4.x is still installed as `perl').

Submitted by: Matthias Loepfe <Matthias.Loepfe@adnovum.ch>
Reviewed by: Ralf S. Engelschall

Submitted by: Matthias Loepfe <Matthias.Loepfe@adnovum.ch>
Reviewed by: Ralf S. Engelschall