Use default algorithms for OCSP request and response signing. New command
line option to support other digest use for OCSP certificate IDs.

Revert change in 1516 because it breaks Windows build. Use a modified version
of the headers from s_client.c which has used similar functionality without
any problems.

Submitted by Corinna Vinschen <vinschen@redhat.com>

the declarations of fd_set, select() and so on.

OpenVMS, and possibly more.

Ref: http://h71000.www7.hp.com/doc/82final/6529/6529pro_019.html#r_select

and include bn.h in those C files that need bignum functionality.

exiting on the first error in a request.

subject.

PR: 500

PR: 358

exit() in whatever way works for the intended platform, and define
OPENSSL_EXIT() to have the old meaning (the name is of course because
it's only used in the openssl program)

requirement that the serial number always be an even amount of characters.
PR: 248

functionality in the programs that had that before.
Part fo PR 164

PR: 190

des_old.h redefines crypt:
#define crypt(b,s)\
        DES_crypt((b),(s))

This scheme leads to failure, if header files with the OS's true definition
of crypt() are processed _after_ des_old.h was processed. This is e.g. the
case on HP-UX with unistd.h.
As evp.h now again includes des.h (which includes des_old.h), this problem
only came up after this modification.
Solution: move header files (indirectly) including e_os.h before the header
files (indirectly) including evp.h.
Submitted by:
Reviewed by:
PR:

Fix ext_dat.h extension ordering.

Reinstate -reqout code.

Avoid coredump in ocsp if setup_verify
fails.

Fix typo in ocsp usage message.

CONF_modules_unload() now calls CONF_modules_finish()
automatically.

Default use of section openssl_conf moved to
CONF_modules_load()

Load config file in several openssl utilities.

Most utilities now load modules from the config file,
though in a few (such as version) this isn't done
because it couldn't be used for anything.

In the case of ca and req the config file used is
the same as the utility itself: that is the -config
command line option can be used to specify an
alternative file.

connection so it can prompt for pass phrase on startup
instead of after the first connection.

Add -port switch to usage message.

Allow OCSP server to handle multiple requests.

Document new OCSP options.

Initial OCSP server support, using index.txt format.

This can process internal requests or behave like a
mini responder.

Todo: documentation, update usage info.

string (some engines may have certificates protected by a PIN!) and
a description to put into error messages.

Also, have our own password callback that we can send both a password
and some prompt info to.  The default password callback in EVP assumes
that the passed parameter is a password, which isn't always the right
thing, and the ENGINE code (at least the nCipher one) makes other
assumptions...

Also, in spite of having the functions to load keys, some utilities
did the loading all by themselves...  That's changed too.

Doesn't handle SSL URLs yet.

OCSP responses.

Documentation to follow...

Urgh.. this conflicted with the -VAfile patch I hope I haven't
broken it.

client code certificates to use to only check response signatures.
I'm not entirely sure if the way I just implemented the verification
is the right way to do it, and would be happy if someone would like to
review this.