Reviewed-by: NRich Salz <rsalz@openssl.org>

Remove old M_ASN1_ macros and replace any occurences with the corresponding
function.

Remove d2i_ASN1_bytes, d2i_ASN1_SET, i2d_ASN1_SET: no longer used internally.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Remove DECLARE_ASN1_SET_OF and DECLARE_PKCS12_STACK_OF these haven't been
used internally in OpenSSL for some time.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Fixed assorted missing return value checks in c3_cpols.c
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NMatt Caswell <matt@openssl.org>

Specifically, an ASN.1 NumericString in the certificate CN will fail UTF-8 conversion
and result in a negative return value, which the "x509 -checkhost" command-line option
incorrectly interpreted as success.

Also update X509_check_host docs to reflect reality.

Thanks to Sean Burford (Google) for reporting this issue.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NAndy Polyakov <appro@openssl.org>

Unused type; a pair X509 certificates. Intended for LDAP support.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

The mkstack.pl script now generates the entire safestack.h file.
It generates output that follows the coding style.
Also, removed all instances of the obsolete IMPLEMENT_STACK_OF
macro.
Reviewed-by: NAndy Polyakov <appro@openssl.org>

Some of the #if 0 code in demo's was kept, but given helpful #ifdef
names, to show more sample code.
Reviewed-by: NAndy Polyakov <appro@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NMatt Caswell <matt@openssl.org>

Remove support for SHA0 and DSS0 (they were broken), and remove
the ability to attempt to build without SHA (it didn't work).
For simplicity, remove the option of not building various SHA algorithms;
you could argue that SHA_224/256/384/512 should be kept, since they're
like crypto algorithms, but I decided to go the other way.
So these options are gone:
	GENUINE_DSA         OPENSSL_NO_SHA0
	OPENSSL_NO_SHA      OPENSSL_NO_SHA1
	OPENSSL_NO_SHA224   OPENSSL_NO_SHA256
	OPENSSL_NO_SHA384   OPENSSL_NO_SHA512
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Remove OPENSSL_NO_RFCF3779.

Also, makevms.com was ignored by some of the other cleanups, so
I caught it up.  Sorry I ignored you, poor little VMS...
Reviewed-by: NRichard Levitte <levitte@openssl.org>

This removes all code surrounded by '#ifdef undef'
One case is left: memmove() replaced by open-coded for loop,
in crypto/stack/stack.c  That needs further review.

Also removed a couple of instances of /* dead code */ if I saw them
while doing the main removal.
Reviewed-by: NMatt Caswell <matt@openssl.org>

Reviewed-by: NTim Hudson <tjh@openssl.org>

This should be a one off operation (subsequent invokation of the
script should not move them)
Reviewed-by: NTim Hudson <tjh@openssl.org>

Reviewed-by: NTim Hudson <tjh@openssl.org>

Reviewed-by: NTim Hudson <tjh@openssl.org>

Reviewed-by: NTim Hudson <tjh@openssl.org>

OPENSSL_NO_RIPEMD160, OPENSSL_NO_RIPEMD merged into OPENSSL_NO_RMD160
OPENSSL_NO_FP_API merged into OPENSSL_NO_STDIO
Two typo's on #endif comments fixed:
	OPENSSL_NO_ECB fixed to OPENSSL_NO_OCB
	OPENSSL_NO_HW_SureWare fixed to OPENSSL_NO_HW_SUREWARE
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Update the X509v3 name parsing to allow multiple xn-- international
domain name indicators in a name.  Previously, only allowed one at
the beginning of a name, which was wrong.
Reviewed-by: NViktor Dukhovni <viktor@openssl.org>

Change by SteveH from original by John Denker (in the RT)
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NTim Hudson <tjh@openssl.org>

indent will not alter them when reformatting comments
Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>

Signed-off-by: NKurt Roeckx <kurt@roeckx.be>
Reviewed-by: NMatt Caswell <matt@openssl.org>

Reviewed-by: NTim Hudson <tjh@openssl.org>

Reviewed-by: NTim Hudson <tjh@openssl.org>

The EXT_BITSTRING and EXT_IA5STRING are defined in x509v3.h, but
the low-level functions are not public. They are useful, no need
to make them static. Note that BITSTRING already was exposed since
this RT was created, so now we just export IA5STRING functions.
Reviewed-by: NTim Hudson <tjh@openssl.org>

Copy the ifdef/undef stanza from x509.h to x509v3.h
Reviewed-by: NDr. Stephen Henson <steve@openssl.org>

Signed-off-by: NKurt Roeckx <kurt@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>

Signed-off-by: NKurt Roeckx <kurt@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>

Signed-off-by: NKurt Roeckx <kurt@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NStephen Henson <steve@openssl.org>
Reviewed-by: NEmilia Käsper <emilia@openssl.org>

"Another machine, another version of gcc, another batch
of compiler warnings."  Add "=NULL" to some local variable
declarations that are set by passing thier address into a
utility function; confuses GCC it might not be set.
Reviewed-by: NEmilia Käsper <emilia@silkandcyanide.net>

Reduces number of silly casts in OpenSSL code and likely most
applications.  Consistent with (char *) for "peername" value from
X509_check_host() and X509_VERIFY_PARAM_get0_peername().

Pass address of X509_VERIFY_PARAM_ID peername to X509_check_host().
Document modified interface.

Just store NUL-terminated strings.  This works better when we add
support for multiple hostnames.