represent everything by OIDs.

more utilities.

either and has a static and dynamic mix.

yet.

Add a function X509_STORE_CTX_purpose_inherit() which implements the logic
of "inheriting" purpose and trust from a parent structure and using a default:
this will be used in the SSL code and possibly future S/MIME.

Partial documentation of the 'verify' utility. Still need to document how all
the extension checking works and the various error messages.

in a table. Doesn't do too much yet.

Make the -<digestname> options in 'x509' affect all relevant
options.

Change the name of the 'notrust' options to 'reject' as this
causes less confusion and is a better description of the
effect.

A few constification changes.

Extend the X509_PURPOSE structure to include shortnames for purposed and default
trust ids.

Still need some extendable trust checking code and integration with the SSL and
S/MIME code.

New universal public key format.

Fix CRL+cert load problem in by_file.c

Make verify report errors when loading files or dirs

plain not working :-(

Also fix some memory leaks in the new X509_NAME code.

Fix so new app_rand code doesn't crash 'x509' and move #include so it compiles
under Win32.

certificate: currently this includes trust settings
and a "friendly name".

some utilities that should have used RANDFILE did not,
and -rand handling was broken except in genrsa.

Submitted by: Lennart Bång, Bodo Möller

ultimately lead to certificate chain verification. It is
VERY EXPERIMENTAL at present though.

on the command line for various utilities.

and to lots of PEM_... functions.
Submitted by: Damien Miller <dmiller@ilogic.com.au>

signers parameters. Changed it to never omit parameters.

doesn't have a default value like the "-config" options of other
openssl subprograms.

Submitted by:
Reviewed by:
PR:

addition to RSA certificates) to match the behaviour of `openssl dsa -noout
-modulus' as it's already the case for `openssl rsa -noout -modulus'.  For RSA
the -modulus is the real "modulus" while for DSA currently the public key is
printed (a decision which was already done by `openssl dsa -modulus' in the
past) which serves a similar purpose.  Additionally the NO_RSA no longer
completely removes the whole -modulus option; it now only avoids using the RSA
stuff. Same applies to NO_DSA now, too.

openssl.cnf for the new syntax.

the main library, but only with printing at present. To see this try:
openssl x509 -in cert.pem -text
on a certificate with some extensions in it.

GeneralizedTime.

handling to x509.c