Enhance s2i_ASN1_INTEGER().

of status info. Check nonce values. Option to disable
verify. Update usage message.

Rename status to string functions and make them global.

accordance with RFC2560.

Initial OCSP certificate verify. Not complete,
it just supports a "trusted OCSP global root CA".

This allows keeping extensions in a separate configuration file.

Submitted by: Massimiliano Pala <madwolf@comune.modena.it>

non null terminated passwords.

New OCSP utility. This can generate, parse and print
OCSP requests. It can also query reponders and parse or
print out responses.

Still needs some more work: OCSP response checks and
of course documentation.

commands.

Submitted by: Massimiliano Pala <madwolf@comune.modena.it>

Submitted by: Damien Miller <djm@mindrot.org>

OCSP basic response verify. Very incomplete
but will verify the signatures on a response
and locate the signers certifcate.

Still needs to implement a proper OCSP certificate
verify.

Fix warning in RAND_egd().

allocation callbacks so that it is no longer visible to applications
that these live at a different call level than conventional memory
allocation callbacks.

Add '-d' option for 'openssl version' (included in '-a').

handling routines that need file name and line number information,
I've added a call level to our memory handling routines to allow that
kind of hooking.

unicode strings. Certain PKCS#12 files contain these
in BMPStrings and it used to crash on them.

only queried when the /dev/[u]random devices did not return enough
entropy. Only the amount of entropy missing to reach the required minimum
is queried, as EGD may be drained.
Queried locations are: /etc/entropy, /var/run/egd-pool

on details. :-)

"doall" functions to using type-safe wrappers. As and where required, this
can be replaced by redeclaring the underlying callbacks to use the
underlying "void"-based prototypes (eg. if performance suffers from an
extra level of function invocation).

them for a short period of time (actually, poll them with select(),
then read() whatever is there), which is about 10ms (hard-coded value)
each.

Separate Windows and Unixly code, and start on a VMS variant that
currently just returns 0.

Add set of OCSP client functions. All experimental
and subject to addition, modifcation or deletion.

Add two OCSP nonce utility functions.

Fix typo in status code name.

application needs.

Add OCSP library name to error code.

Remove extensions argument from various functions
because it is not needed with the new extension
code.

New function OCSP_cert_to_id() to convert a pair
of certificates into an OCSP_CERTID.

New simple OCSP HTTP function. This is rather primitive
but just about adequate to send OCSP requests and
parse the response.

Fix typo in CRL distribution points extension.

Fix ASN1 code so it adds a final null to constructed
strings.

uses the new ASN1 code.

Rewrite PKCS#12 code and remove some of the old
horrible macros.

Fix two evil ASN1 bugs. Attempt to use 'ctx' when
NULL if input is indefinite length constructed
in asn1_check_tlen() and invalid pointer to ASN1_TYPE
when reusing existing structure (this took *ages* to
find because the new PKCS#12 code triggered it).

most of the old wrappers. A few of the old versions remain
because they are non standard and the corresponding ASN1
code has not been reimplemented yet.

zap some evil function pointers casts along the way...

* detect "unknown" algorithms (any C macro starting with NO_ that is
  not explicitely mentioned in mkdef.pl as a known algorithm) and
  report.
* add a number of algorithms that can be deselected.
* look in ssl/kssl.h as well.
* accept multiple whitespace (not just one SPC) in preprocessor lines.

currently OpenSSL itself wont compile with this set
because some old style stuff remains.

Change old functions X509_sign(), X509_verify() etc
to use new item based functions.

Replace OCSP function declarations with DECLARE macros.

The old function pointer versions will eventually go
away.