PR: 1648

Also, "CHANGES" clean-ups.

a delta CRL in addition to a full CRL. Check and search delta in addition to
the base.

Tidy CRL scoring system.

Add new CRL path validation error.

and don't unnecessarily fail on input size 0.

and CRL signing keys.

CRL issuer is not part of the main path.

Not complete yet and not compiled in because the CRL issuer certificate is
not validated.

Delete X509_POLICY_REF code.

Fix handling of invalid policy extensions to return the correct error.

Add command line option to inhibit policy mappings.

TODO: robustness checking on name forms.

deprecate the original (numeric-only) scheme, and replace with the
CRYPTO_THREADID object. This hides the platform-specifics and should reduce
the possibility for programming errors (where failing to explicitly check
both thread ID forms could create subtle, platform-specific bugs).

Thanks to Bodo, for invaluable review and feedback.

8KB block, +60% on 1KB, +160% on 256B...

fields.

Allow inibit any policy flag to be set in apps.

Inhibit any policy count should ignore self issued certificates.
Require explicit policy is the number certificate before an explict policy
is required.

detection, or the probability for an erroneous RSA_R_SSLV3_ROLLBACK_ATTACK
will be larger than necessary.

PR: 1695

PR: 1693
Submitted by: Stefan Neis

PR: 1681

Ignore self issued certificates when checking path length constraints.

Duplicate OIDs in policy tree in case they are allocated.

Use anyPolicy from certificate cache and not current tree level.

Conversion between void * and function pointer.
Value computed not used.
Signed/unsigned argument.