Document the -certopt option to the x509 utility.

Add no_issuer option.

Fix X509_print_ex() so it prints out newlines when
certain fields are omitted.

errors can be tolerated, hide the error from 'make'.
This gives shorter output both if ranlib fails and if
it works.

(It cannot possibly help to avoid duplicate 'name of file' strings
in object files because the preprocessor does not work at object file
level.)

sets the subject name for a new request or supersedes the
subject name in a given request.

Add options '-batch' and '-verbose' to 'openssl req'.

Submitted by: Massimiliano Pala <madwolf@hackmasters.net>
Reviewed by: Bodo Moeller

functions on platform were that's the best way to handle exporting
global variables in shared libraries.  To enable this functionality,
one must configure with "EXPORT_VAR_AS_FN" or defined the C macro
"OPENSSL_EXPORT_VAR_AS_FUNCTION" in crypto/opensslconf.h (the latter
is normally done by Configure or something similar).

To implement a global variable, use the macro OPENSSL_IMPLEMENT_GLOBAL
in the source file (foo.c) like this:

	OPENSSL_IMPLEMENT_GLOBAL(int,foo)=1;
	OPENSSL_IMPLEMENT_GLOBAL(double,bar);

To declare a global variable, use the macros OPENSSL_DECLARE_GLOBAL
and OPENSSL_GLOBAL_REF in the header file (foo.h) like this:

	OPENSSL_DECLARE_GLOBAL(int,foo);
	#define foo OPENSSL_GLOBAL_REF(foo)
	OPENSSL_DECLARE_GLOBAL(double,bar);
	#define bar OPENSSL_GLOBAL_REF(bar)

The #defines are very important, and therefore so is including the
header file everywere where the defined globals are used.

The macro OPENSSL_EXPORT_VAR_AS_FUNCTION also affects the definition
of ASN.1 items, but that structure is a bt different.

The largest change is in util/mkdef.pl which has been enhanced with
better and easier to understand logic to choose which symbols should
go into the Windows .def files as well as a number of fixes and code
cleanup (among others, algorithm keywords are now sorted
lexicographically to avoid constant rewrites).

Note that all *_it variables are suddenly non-existant according to
libeay.num.  This is a bug that will be corrected.  Please be patient.

the errant field for more ASN1 error conditions.

Print out OID of unknown signature or public key
algorithms.

prototype hack. This unfortunately means that
every ASN1_*_END construct cannot have a
trailing ;

change the way ASN1 modules are exported.

Still needs a bit of work for example the hack which a
dummy function prototype to avoid compilers warning about
multiple ;s.

and make all files the depend on it include it without prefixing it
with openssl/.

This means that all Makefiles will have $(TOP) as one of the include
directories.

Rebuild ASN1 error codes to remove unused function and reason codes.

get a chance to be defined.

missed any.

This compiles and runs on Linux, and external applications have no
problems with it.  The definite test will be to build this on VMS.

sure they are available in opensslconf.h, by giving them names starting
with "OPENSSL_" to avoid conflicts with other packages and by making
sure e_os2.h will cover all platform-specific cases together with
opensslconf.h.

I've checked fairly well that nothing breaks with this (apart from
external software that will adapt if they have used something like
NO_KRB5), but I can't guarantee it completely, so a review of this
change would be a good thing.

Add revelant new X509V3 extensions.

Add OIDs.

Fix ASN1 memory leak code to pop info if external allocation used.

Fix CRL printing to correctly show when there are no revoked certificates.

Make ca.c correctly initialize the revocation date.

Make ASN1_UTCTIME_set_string() and ASN1_GENERALIZEDTIME_set_string() set the
string type: so they can initialize ASN1_TIME structures properly.

Fix warning in apps/engine.c

Remove definitions of deleted functions.

Add missing definition of X509_VAL.

memory.h (which is not).

Fix ASN1_TIME_to_generlizedtime().

Add protoype for OCSP_response_create().

Add OCSP_request_sign() and OCSP_basic_sign()
private key and certificate checks and make
OCSP_NOCERTS consistent with PKCS7_NOCERTS

Various OCSP responder utility functions.

Delete obsolete OCSP functions.

Largely untested at present...

Fix PKCS7 and PKCS12 memory leaks.

Initialise encapsulated content type properly.

Enhance s2i_ASN1_INTEGER().

invalid format in OCSP request signatures.

Add spaces to OCSP HTTP header.

Change X509_NAME_set() there's no reason
why it should return an error if the
destination points to NULL... though it
should if the destination is NULL.

Set correct type in ASN1_STRING for
INTEGER and ENUMERATED types.

Make ASN1_INTEGER_get() and ASN1_ENUMERATED_get()
return -1 for invalid type rather than 0 (which is
often valid). -1 may also be valid but this is less
likely.

Load OCSP error strings in ERR_load_crypto_strings().

Remove extensions argument from various functions
because it is not needed with the new extension
code.

New function OCSP_cert_to_id() to convert a pair
of certificates into an OCSP_CERTID.

New simple OCSP HTTP function. This is rather primitive
but just about adequate to send OCSP requests and
parse the response.

Fix typo in CRL distribution points extension.

Fix ASN1 code so it adds a final null to constructed
strings.

is to have asn1.h include e_os.h and e_os2.h.  Of course, this makes
the unofficial "non-export" status of e_os.h a bit delicate...

Rewrite PKCS#12 code and remove some of the old
horrible macros.

Fix two evil ASN1 bugs. Attempt to use 'ctx' when
NULL if input is indefinite length constructed
in asn1_check_tlen() and invalid pointer to ASN1_TYPE
when reusing existing structure (this took *ages* to
find because the new PKCS#12 code triggered it).

objects) or OPENSSL_BUILD_SHLIBSSL (for files that end up as libssl
objects) is defined, redefine OPENSSL_EXTERN to be OPENSSL_EXPORT.
This is actually only important on Win32, and can safely be ignored in
all other cases, at least for now.

most of the old wrappers. A few of the old versions remain
because they are non standard and the corresponding ASN1
code has not been reimplemented yet.

something more efficient later...