I have tried to convert 'len' type variable declarations to unsigned as a
means to address these warnings when appropriate, but when in doubt I have
used casts in the comparisons instead. The better solution (that would get
us all lynched by API users) would be to go through and convert all the
function prototypes and structure definitions to use unsigned variables
except when signed is necessary. The proliferation of (signed) "int" for
strictly non-negative uses is unfortunate.

platforms that don't (necessarely) have it.  In the case of VMS, this
means moving a couple of functions from apps/ to crypto/ and make them
general (although only used privately).

Contributed in whole by Laurent Genier <Laurent.Genier@intrinsec.com>
PR: 644

rotate_serial() that works like rotate_index().

the CA certificate part of the CA database, and combined with
'unique_subject=no', it should make operations like CA certificate
roll-over easier.

hasn't been tested in a long while...

subject.

PR: 287

PR: 481

Make sure key is not NULL before freeing it.

This patch was taken from the OpenBSD copy of OpenSSL 0.9.7 beta3 with patches

exit() in whatever way works for the intended platform, and define
OPENSSL_EXIT() to have the old meaning (the name is of course because
it's only used in the openssl program)

I've covered all the memset()s I felt safe modifying, but may have missed some.

apps.h.  For those, it's better to include apps.h after the system
headers where those symbols may be defined, since there's otherwise a
chance that the C compiler will barf when it sees something that looks
like this after expansion:

int VMS_strcasecmp((str1),(str2))(const char *, const char *);

requirement that the serial number always be an even amount of characters.
PR: 248

Submitted by: Nils Larsch

functionality in the programs that had that before.
Part fo PR 164

the subject in the certificate would differ from the subject in the index file,
which has quite bad concequences.
PR: 180

use the new X509_CRL_set_issuer_name() function:
The CRL issuer should be X509_get_subject_name(x509), not
X509_get_issuer_name(x509).

Submitted by: Juergen Lesny <lesnyj@informatik.tu-muenchen.de>

typo

differently.
Unixware 2 needs to link with libresolv.
PR: 148

Reorganise -subj option code, fix buffer overrun.

'hidden' -nameopt support. (Robert Joop <joop@fokus.gmd.de>)

Fix the Win32_rename() function so it correctly
returns an error code. Use the same code in Win9X
and NT.

Fix some ca.c options so they work under Win32:
unlink/rename wont work under Win32 unless the file
is closed.

Increase internal security when using strncpy, by making sure the resulting string is NUL-terminated

CONF_modules_unload() now calls CONF_modules_finish()
automatically.

Default use of section openssl_conf moved to
CONF_modules_load()

Load config file in several openssl utilities.

Most utilities now load modules from the config file,
though in a few (such as version) this isn't done
because it couldn't be used for anything.

In the case of ca and req the config file used is
the same as the utility itself: that is the -config
command line option can be used to specify an
alternative file.

Submitted by: Nils Larsch <nla@trustcenter.de>

correct name (instead of NULL) if nomailDN is
not set, fix memory leaks and retain DN structure
when deleting emailAddress.