everywhere.

string (some engines may have certificates protected by a PIN!) and
a description to put into error messages.

Also, have our own password callback that we can send both a password
and some prompt info to.  The default password callback in EVP assumes
that the passed parameter is a password, which isn't always the right
thing, and the ENGINE code (at least the nCipher one) makes other
assumptions...

Also, in spite of having the functions to load keys, some utilities
did the loading all by themselves...  That's changed too.

inherited from X509_STORE.

Add CRL checking options to other applications.

Initial CRL based revocation checking.

define LLONG properly for VC++.

stop compiler complaining about signed/unsigned mismatch in apps/engine.c

ENGINE.

 * Extra verbosity can be added with more "v"'s, eg. '-vvv' gives
   information about input flags and descriptions for each control command
   in each ENGINE. Check the output of "openssl engine -vvv" for example.

 * '-pre <cmd>' and '-post <cmd>' can be used to invoke control commands on
   the specified ENGINE (or on all of them if no engine id is specified,
   although that usually gets pretty ugly). '-post' commands are only
   attempted if '-t' is specified and the engine successfully initialises.
   '-pre' commands are always attempted whether or not '-t' causes an
   initialisation to be tried afterwards. Multiple '-pre' and/or '-post'
   commands can be specified and they will be called in the order they
   occur on the command line.

Parameterised commands (the normal case, there are currently no
unparameterised ones) are split into command and argument via a separating
colon. Eg. "openssl engine -pre SO_PATH:/lib/libdriver.so <id>" results in
the call;
    ENGINE_ctrl_cmd_string(e, "SO_PATH", "/lib/libdriver.so", 0);

Application code should similarly allow arbitrary name-value string pairs
to be passed into ENGINEs in a manner matching that in apps/engine.c,
either using the same colon-separated format, or entered as two distinct
strings. Eg. as stored in a registry. The last parameter of
ENGINE_ctrl_cmd_string can be changed from 0 to 1 if the command should
only be attempted if it's supported by the specified ENGINE (eg. for
commands like "FORK_CHECK:1" that may or may not apply to the run-time
ENGINE).

to subjectAltName when signing a certificate.

index -1).

Noted by Martin Kraemer <Martin.Kraemer@Fujitsu-Siemens.com>

Add default values for display by the 'ca' utility
to openssl.cnf

Update docs.

Overhaul the display of certificate details in
the 'ca' utility. This can now be extensively
customised in the configuration file and handles
multibyte strings and extensions properly.

This is required when extensions copying from
certificate requests is supported: the user
must be able to view the extensions before
allowing a certificate to be issued.

Document the -certopt option to the x509 utility.

Add no_issuer option.

Fix X509_print_ex() so it prints out newlines when
certain fields are omitted.

HTTP responses.

Change the EVP_somecipher() and EVP_somedigest()
functions to return constant EVP_MD and EVP_CIPHER
pointers.

Update docs.

because an incompletely initialized ASN1_INTEGER was used.

"make depend"

Submitted by Brad Dominy <jdominy@darwinuser.org>

Add EC vaporware: change relevant Makefiles and add some empty source
files.

"make update".

sets the subject name for a new request or supersedes the
subject name in a given request.

Add options '-batch' and '-verbose' to 'openssl req'.

Submitted by: Massimiliano Pala <madwolf@hackmasters.net>
Reviewed by: Bodo Moeller

Spotted by Pieter Bowman <bowman@math.utah.edu>

and make all files the depend on it include it without prefixing it
with openssl/.

This means that all Makefiles will have $(TOP) as one of the include
directories.