by placing them socket/fd code in separate
files rather than trying to have them both
share the same one.

certificates.

One is a valid CA which has no basicConstraints
but does have certSign keyUsage.

Other is S/MIME signer with nonRepudiation but
no digitalSignature.

like spaces before the semicolon, and besides, other parts of this
file makes the values without those spaces), and move spacing of
continuation lines to support BIO's that break lines after each
write.

Fix PKCS7 and PKCS12 memory leaks.

Initialise encapsulated content type properly.

Enhance s2i_ASN1_INTEGER().

of status info. Check nonce values. Option to disable
verify. Update usage message.

Rename status to string functions and make them global.

accordance with RFC2560.

Initial OCSP certificate verify. Not complete,
it just supports a "trusted OCSP global root CA".

non null terminated passwords.

New OCSP utility. This can generate, parse and print
OCSP requests. It can also query reponders and parse or
print out responses.

Still needs some more work: OCSP response checks and
of course documentation.

Problem reported by "Wolfgang Marczy" <WMarczy@topcall.co.at>
in a message to openssl-dev (19 Dec 2000 13:40:51 +0100).

invalid format in OCSP request signatures.

Add spaces to OCSP HTTP header.

Change X509_NAME_set() there's no reason
why it should return an error if the
destination points to NULL... though it
should if the destination is NULL.

OCSP basic response verify. Very incomplete
but will verify the signatures on a response
and locate the signers certifcate.

Still needs to implement a proper OCSP certificate
verify.

Fix warning in RAND_egd().

allocation callbacks so that it is no longer visible to applications
that these live at a different call level than conventional memory
allocation callbacks.

Add '-d' option for 'openssl version' (included in '-a').

that they match the function definitions (namely, remove file/line
parameters from free_func).

handling routines that need file name and line number information,
I've added a call level to our memory handling routines to allow that
kind of hooking.

unicode strings. Certain PKCS#12 files contain these
in BMPStrings and it used to crash on them.

didn't even give a warning for this yet HPUX cc considered it an error.
Reported by Lutz(@openssl.org).

only queried when the /dev/[u]random devices did not return enough
entropy. Only the amount of entropy missing to reach the required minimum
is queried, as EGD may be drained.
Queried locations are: /etc/entropy, /var/run/egd-pool

correctly, but RAND_add(..,n) counts the increasing n several times.
Only RAND_add(..,n) once entropy collection is finished.

"doall" functions to using type-safe wrappers. As and where required, this
can be replaced by redeclaring the underlying callbacks to use the
underlying "void"-based prototypes (eg. if performance suffers from an
extra level of function invocation).

to LHASH usage. NB: The callback type used as been suctioned off into
crypto.h as CRYPTO_MEM_LEAK_CB to improve clarity.

around the callbacks required in the LHASH code for the "doall" functions.

Also - fix the evil function pointer casting in the two lh_doall functions
by deferring to a static utility function. Previously lh_doall() was
invoking lh_doall_arg() by casting the callback to the 2-parameter
prototype and passing in a NULL argument. This appears to have been working
thus far but it's not a hot idea. If the extra level of indirection becomes
a performance hit, we can just provide two virtually identical
implementations for each variant later on.

LHASH code, this evil was uncovered. The cast was obscuring the fact that
the function was prototyped to take 2 parameters when in fact it is being
used as a callback that should take only one. Anyway, the function itself
ignores the second parameter (thankfully). A proper cure is on the way but
for now this corrects the inconsistency.

build system...

Fix bug in OCSP_find_status().

them for a short period of time (actually, poll them with select(),
then read() whatever is there), which is about 10ms (hard-coded value)
each.

Separate Windows and Unixly code, and start on a VMS variant that
currently just returns 0.

Add set of OCSP client functions. All experimental
and subject to addition, modifcation or deletion.

Add two OCSP nonce utility functions.

Fix typo in status code name.