certificate: currently this includes trust settings
and a "friendly name".

problem was that one of the replacement routines had not been working since
SSLeay releases.  For now the offending routine has been replaced with
non-optimised assembler.  Even so, this now gives around 95% performance
improvement for 1024 bit RSA signs.

Add a bunch of functions to simplify the creation of X509_NAME structures.

Change the X509_NAME_entry_add stuff in req/ca so it no longer uses
X509_NAME_entry_count(): passing -1 has the same effect.

don't try to detect fork()s by looking at getpid().
The reason is that threads sharing the same memory can have different
PIDs; it's inefficient to run RAND_seed each time a different thread
calls RAND_bytes.

some utilities that should have used RANDFILE did not,
and -rand handling was broken except in genrsa.

this will be used to clear up the horrible DN mess.

tolerated in certificates.

ultimately lead to certificate chain verification. It is
VERY EXPERIMENTAL at present though.

Fix a bug in the X509_get_d2i() functions which didn't check if crit was NULL.

platforms. See crypto/rc4/rc4_enc.c for further details.

explicitly. Previously it couldn't be changed because it was hard coded as
"server.pem".

new DSA public key functions that were missing.

Also beginning of a cache for X509_EXTENSION structures: this will allow them
to be accessed more quickly for things like certificate chain verification...

Fix for d2i_ASN1_bytes and stop PKCS#7 routines crashing is signed message
contains no certificates.

Also fix typo in RANLIB changes.

an improvement on not working at all.

and verify rather than direct encrypt/decrypt.

OpenSSL is compiled with NO_RSA, no RSA operations can be used: including
key generation storage and display of RSA keys. Since these operations are
not covered by the RSA patent (my understanding is it only covers encrypt,
decrypt, sign and verify) they can be included: this is an often requested
feature, attempts to use the patented operations return an error code.

This is enabled by setting RSA_NULL. This means that if a particular application
has its own legal US RSA implementation then it can use that instead by setting
it as the default RSA method.

Still experimental and needs some fiddling of the other libraries so they have
some options that don't attempt to use RSA if it isn't allowed.

It's still totally untested ...

on the command line for various utilities.

config file (change RAW to DER).

block.

DSA_METHOD to make it more consistent with RSA_METHOD.