Submitted by: jean-etienne.schwartz@bull.net

In OCSP_basic_varify return an error if X509_STORE_CTX_init fails.

test for them!

Use default algorithms for OCSP request and response signing. New command
line option to support other digest use for OCSP certificate IDs.

fix: certs field is OPTIONAL.

Reported by: Jose Castejon-Amenedo <Jose.Castejon-Amenedo@hp.com>

See the commit log message for that for more information.

NB: X509_STORE_CTX's use of "ex_data" support was actually misimplemented
(initialisation by "memset" won't/can't/doesn't work). This fixes that but
requires that X509_STORE_CTX_init() be able to handle errors - so its
prototype has been changed to return 'int' rather than 'void'. All uses of
that function throughout the source code have been tracked down and
adjusted.

certificate so need to match its subject with the certificate IDs in the
response.

Enhance OCSP_request_verify() so it finds the signers certificate
properly and supports several flags.

of status info. Check nonce values. Option to disable
verify. Update usage message.

Rename status to string functions and make them global.

accordance with RFC2560.

Initial OCSP certificate verify. Not complete,
it just supports a "trusted OCSP global root CA".

OCSP basic response verify. Very incomplete
but will verify the signatures on a response
and locate the signers certifcate.

Still needs to implement a proper OCSP certificate
verify.

Fix warning in RAND_egd().

Merge from the ASN1 branch of new ASN1 code
to main trunk.

Lets see if the makes it to openssl-cvs :-)

Fixes for Win32 build.

This is mostly a work around for the old VC++ problem
that it treats func() as func(void).

Various prototypes had been added to 'compare' function
pointers that triggered this. This could be fixed by removing
the prototype, adding function pointer casts to every call or
changing the passed function to use the expected arguments.
I mostly did the latter.

The mkdef.pl script was modified to remove the typesafe
functions which no longer exist.

Oh and some functions called OPENSSL_freeLibrary() were
changed back to FreeLibrary(), wonder how that happened :-)

like Malloc, Realloc and especially Free conflict with already existing names
on some operating systems or other packages.  That is reason enough to change
the names of the OpenSSL memory allocation macros to something that has a
better chance of being unique, like prepending them with OPENSSL_.

This change includes all the name changes needed throughout all C files.

Add a couple of FAQs.

EVP_CipherInit() this because the IV wont be easily available when doing
PKCS#5 v2.0

list for Win32.

Submitted by:
Reviewed by:
PR:

integration.

include an 'indent' option to V3 stuff.

by BUF_MEM_strdup(). Added text documentation to the BUF_MEM stuff.

without -debug option to mk1mf.pl. Change _export to is_export (_export is
a reserved word under VC++). Add yucky function prototype function pointer
casts. Sanitise the included files in crypto/x509v3.

Also changed ssleay.exe target to openssl.exe

to support CRL extensions.

name, issuer and authority key id. Change the i2v function parameters
and add an extra 'crl' parameter in the X509V3_CTX structure: guess
what that's for :-) Fix to ASN1 macro which messed up
IMPLICIT tag and add f_enum.c which adds a2i, i2a for ENUMERATED.

support for subject and issuer alt name. Add a new ASN1 macro and fix a
nasty bug that left an ASN1 buffer modified on an error condition with
IMPLICIT tagging.