Copy the ifdef/undef stanza from x509.h to x509v3.h
Reviewed-by: NDr. Stephen Henson <steve@openssl.org>

Reduces number of silly casts in OpenSSL code and likely most
applications.  Consistent with (char *) for "peername" value from
X509_check_host() and X509_VERIFY_PARAM_get0_peername().

Pass address of X509_VERIFY_PARAM_ID peername to X509_check_host().
Document modified interface.

A client reference identity of ".example.com" matches a server
certificate presented identity that is any sub-domain of "example.com"
(e.g. "www.sub.example.com).

With the X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS flag, it matches
only direct child sub-domains (e.g. "www.sub.example.com").

Fixes to host checking wild card support and add support for
setting host checking flags when verifying a certificate
chain.

Contributed by: Florian Weimer <fweimer@redhat.com>

Fixes to X509 hostname and email address checking. Wildcard matching support.
New test program and manual page.

certificate. Add options to s_client, s_server and x509 utilities
to print results of checks.

as issuer and subject names. Although this is an incompatible change
it should have little impact in pratice because self-issued certificates
that are not self-signed are rarely encountered.

a delta CRL in addition to a full CRL. Check and search delta in addition to
the base.

Tidy CRL scoring system.

Add new CRL path validation error.

TODO: robustness checking on name forms.

fields.

Ignore self issued certificates when checking path length constraints.

Duplicate OIDs in policy tree in case they are allocated.

Use anyPolicy from certificate cache and not current tree level.

handling to support this.

based on subject name.

New thread safe functions to retrieve matching STACK from X509_STORE.

Cache some IDP components.

and response verification.

Submitted by: Zoltan Glozik <zglozik@opentsa.org>
Reviewed by: Ulf Moeller

"make errors".

(Also improve util/ck_errf.pl script, and occasionally
fix source code formatting.)

 - Enforce that there should be no policy settings when the language
   is one of id-ppl-independent or id-ppl-inheritAll.
 - Add functionality to ssltest.c so that it can process proxy rights
   and check that they are set correctly.  Rights consist of ASCII
   letters, and the condition is a boolean expression that includes
   letters, parenthesis, &, | and ^.
 - Change the proxy certificate configurations so they get proxy
   rights that are understood by ssltest.c.
 - Add a script that tests proxy certificates with SSL operations.

Other changes:

 - Change the copyright end year in mkerr.pl.
 - make update.