if $(EXHEADER) is empty.

Notified by many, solution suggested by Carson Gaspar <carson@taltos.org>

This tidies up verify parameters and adds support for integrated policy
checking.

Add support for policy related command line options. Currently only in smime
application.

WARNING: experimental code subject to change.

the Makefiles. NB: this commit is probably going to generate a huge posting
and it is highly uninteresting to read.

some similar code elsewhere.

Thanks to Francesco Petruzzi for bringing this to my attention.

This is currently *very* experimental and needs to be more fully integrated
with the main verification code.

This is part of a large change submitted by Markus Friedl <markus@openbsd.org>

not to mention the OBJ_BSEARCH_* macros.

even if an exact match wasn't found.

give it.
For 0.9.7 and up, that means util/domd needs to remove those double
dashes from the argument list when gcc is used to find the
dependencies.

handled properly.
Part of PR 75

Fix various warnings when compiling with KRB5 code.

Experimental configuration code.

Incomplete, largely untested and subject to change/deletion.

needed.

a bit of weird code in sk_new.

like des_read_password and friends (backward compatibility functions
using this new API are provided).  The purpose is to remove prompting
functions from the DES code section as well as provide for prompting
through dialog boxes in a window system and the like.

errors can be tolerated, hide the error from 'make'.
This gives shorter output both if ranlib fails and if
it works.

and make all files the depend on it include it without prefixing it
with openssl/.

This means that all Makefiles will have $(TOP) as one of the include
directories.

sure they are available in opensslconf.h, by giving them names starting
with "OPENSSL_" to avoid conflicts with other packages and by making
sure e_os2.h will cover all platform-specific cases together with
opensslconf.h.

I've checked fairly well that nothing breaks with this (apart from
external software that will adapt if they have used something like
NO_KRB5), but I can't guarantee it completely, so a review of this
change would be a good thing.

of status info. Check nonce values. Option to disable
verify. Update usage message.

Rename status to string functions and make them global.

Merge from the ASN1 branch of new ASN1 code
to main trunk.

Lets see if the makes it to openssl-cvs :-)

acceptable, since all that happens if it fails is a library with
an index, which makes linking slower, but still working correctly.

can't be used as a function pointer according the the standards.  Use
a 0 instead and there will be no trouble.

The old code was painfully primitive and couldn't handle
distinct certificates using the same subject name.

The new code performs several tests on a candidate issuer
certificate based on certificate extensions.

It also adds several callbacks to X509_VERIFY_CTX so its
behaviour can be customised.

Unfortunately some hackery was needed to persuade X509_STORE
to tolerate this. This should go away when X509_STORE is
replaced, sometime...

This must have broken something though :-(