from .h files...

is made to directly cast a function of one type to what it considers and
incompatible type. In particular gcc 3.4.2.

Add new openssl_fcast macro to place functions into a form where the compiler
will allow them to be cast.

The current version achives this by casting to: void function(void).

(Also improve util/ck_errf.pl script, and occasionally
fix source code formatting.)

Now we have directory reading capabilities for VMS as well, and all
of it in a fairly general manner.

defined as follows (according to X.509_4thEditionDraftV6.pdf):

CertificatePair ::= SEQUENCE {
	forward		[0]	Certificate OPTIONAL,
	reverse		[1]	Certificate OPTIONAL,
	-- at least one of the pair shall be present -- }

The only thing I'm not sure about is if it's implicit or explicit tags
that I should count on.  For now, I'm thinking explicit, but will
gladly stand corrected.

Also implement the PEM functions to read and write certificate pairs,
and defined the PEM tag as "CERTIFICATE PAIR".

This needed to be defined, mostly for the sake of the LDAP attribute
crossCertificatePair, but may prove useful elsewhere as well.

Submitted by: Nils Larsch

This is not ECDSA specific, so it's now PEM_STRING_ECPRIVATEKEY etc.

Submitted by: Nils Larsch <nlarsch@compuserve.de>

(the same keys can be used for ECC schemes other than ECDSA)
and add some new options.

Similarly, use string "EC PARAMETERS" instead of "ECDSA PARAMETERS"
in 'PEM' format.

Fix ec_asn1.c (take into account the desired conversion form).

'make update'.

Submitted by: Nils Larsch

Submitted by: Nils Larsch <nla@trustcenter.de>

perl util/mkerr.pl -recurse -write -rebuild

More linker bloat reorganisation:

Split private key PEM and normal PEM handling. Private key
handling needs to link in stuff like PKCS#8.

Relocate the ASN1 *_dup() functions, to the relevant ASN1
modules using new macro IMPLEMENT_ASN1_DUP_FUNCTION. Previously
these were all in crypto/x509/x_all.c along with every ASN1
BIO/fp function which linked in *every* ASN1 function if
a single dup was used.

Move the authority key id ASN1 structure to a separate file.
This is used in the X509 routines and its previous location
linked in all the v3 extension code.

Also move ASN1_tag2bit to avoid linking in a_bytes.c which
is now largely obsolete.

So far under Linux stripped binary with single PEM_read_X509
is now 238K compared to 380K before these changes.

sure they are available in opensslconf.h, by giving them names starting
with "OPENSSL_" to avoid conflicts with other packages and by making
sure e_os2.h will cover all platform-specific cases together with
opensslconf.h.

I've checked fairly well that nothing breaks with this (apart from
external software that will adapt if they have used something like
NO_KRB5), but I can't guarantee it completely, so a review of this
change would be a good thing.

centralise those hacks in crypto/symhacks.h and use it everywhere it's
needed.

was a really bad idea.  For example, the following:

	#include <x509.h>
	#include <bio.h>
	#include <asn1.h>

would make sure that things like ASN1_UTCTIME_print() wasn't defined
unless you moved the inclusion of bio.h to above the inclusion of
x509.h.  The reason is that x509.h includes asn1.h, and the
declaration of ASN1_UTCTIME_print() depended on the definition of
HEADER_BIO_H.  That's what I call an obscure bug.

Instead, this change makes sure that whatever header files are needed
for the correct process of one header file are included automagically,
and that the definitions of, for example, BIO-related things are
dependent on the absence of the NO_{foo} macros.  This is also
consistent with the way parts of OpenSSL can be excluded at will.

"Jan Mikkelsen" <janm@transactionsite.com> correctly states that the
OpenSSL header files have #include's and extern "C"'s in an incorrect
order.  Thusly fixed.

more utilities.

Extend the X509_PURPOSE structure to include shortnames for purposed and default
trust ids.

Still need some extendable trust checking code and integration with the SSL and
S/MIME code.

New universal public key format.

Fix CRL+cert load problem in by_file.c

Make verify report errors when loading files or dirs

certificate: currently this includes trust settings
and a "friendly name".

new DSA public key functions that were missing.

Also beginning of a cache for X509_EXTENSION structures: this will allow them
to be accessed more quickly for things like certificate chain verification...

Submitted by: Richard Levitte <levitte@stacken.kth.se>

and to lots of PEM_... functions.
Submitted by: Damien Miller <dmiller@ilogic.com.au>

util/mkdef.pl to handle this. Also do a 'make update'.

the the PBE code and a new constant PKCS5_DEFAULT_ITER for the default
iteration count if it is passed as zero.

should make modifying them easier.

Fix the selfsign demo: it was rather ancient and used deleted functions.