Fixes to host checking wild card support and add support for
setting host checking flags when verifying a certificate
chain.

PR: 2909

Update test cases to cover internal error return values.

Remove IDNA wildcard filter.

Contributed by: Florian Weimer <fweimer@redhat.com>

Fixes to X509 hostname and email address checking. Wildcard matching support.
New test program and manual page.

certificate. Add options to s_client, s_server and x509 utilities
to print results of checks.

Submitted by: Damien Miller <djm@mindrot.org>
Approved by: steve@openssl.org

Fix various typos.

Reported by: Kurt Roeckx <kurt@roeckx.be>, Tobias Ginzler <ginzler@fgan.de> (Debian bug #506111)

Conversion between void * and function pointer.
Value computed not used.
Signed/unsigned argument.

and response verification.

Submitted by: Zoltan Glozik <zglozik@opentsa.org>
Reviewed by: Ulf Moeller

dh.h, dsa.h, ec.h, ecdh.h, ecdsa.h, rsa.h), as the opaque bignum types are
already declared in ossl_typ.h. Add explicit includes for bn.h in those C
files that need access to structure internals or API functions+macros.

Fix memory leak in s2i_ASN_INTEGER and return an error
if any invalid characters are present.

Overhaul the display of certificate details in
the 'ca' utility. This can now be extensively
customised in the configuration file and handles
multibyte strings and extensions properly.

This is required when extensions copying from
certificate requests is supported: the user
must be able to view the extensions before
allowing a certificate to be issued.

Enhance s2i_ASN1_INTEGER().

Merge from the ASN1 branch of new ASN1 code
to main trunk.

Lets see if the makes it to openssl-cvs :-)

of complaints from the compiler about data pointers and function
pointers not being compatible with each other.

the OpenSSL commands x50 and req work better on a EBCDIC system.

to support multiple calls.

New function to retrieve email address from certificates and
requests.

like Malloc, Realloc and especially Free conflict with already existing names
on some operating systems or other packages.  That is reason enough to change
the names of the OpenSSL memory allocation macros to something that has a
better chance of being unique, like prepending them with OPENSSL_.

This change includes all the name changes needed throughout all C files.

documentation to reflect the STACK_OF(CONF_VALUE) change to the CONF lib and
use ANSI typedefs for X509V3_EXT_I2D and X509V3_EXT_FREE.

seemed like a good idea at the time... several hours later it was rather
obvious that these are used all over the place making the changes rather
extensive.

used with negative char values, so I've added casts to unsigned char.
Maybe what really should be done is change all those arrays and
pointers to type unsigned char [] or unsigned char *, respectively;
but using plain char with those predicates is just wrong, so something
had to be done.
Submitted by:
Reviewed by:
PR:

Submitted by:
Reviewed by:
PR: