Move certificate request and CRL routines to x509 dir. Reviewed-by: Rich Salz <rsalz@openssl.org>
make X509_CERT_AUX opaque Reviewed-by: Rich Salz <rsalz@openssl.org>
Identify and move common internal libcrypto header files There are header files in crypto/ that are used by a number of crypto/ submodules. Move those to crypto/include/internal and adapt the affected source code and Makefiles. The header files that got moved are: crypto/cryptolib.h crypto/md32_common.h Reviewed-by: Rich Salz <rsalz@openssl.org>
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org>
Update obsolete email address...
Security fixes brought forward from 0.9.7.
Merge from the ASN1 branch of new ASN1 code to main trunk. Lets see if the makes it to openssl-cvs :-)
Two new PKCS#12 demo programs. Update PKCS12_parse(). Make the keyid in certificate aux info more usable.
Simplify the trust structure: basically zap the bit strings and represent everything by OIDs.
Add trust setting support to the verify code. It now checks the trust settings of the root CA. After a few fixes it seems to work OK. Still need to add support to SSL and S/MIME code though.
Initial trust code: allow setting of trust checking functions in a table. Doesn't do too much yet. Make the -<digestname> options in 'x509' affect all relevant options. Change the name of the 'notrust' options to 'reject' as this causes less confusion and is a better description of the effect. A few constification changes.
New options to the -verify program which can be used for chain verification. Extend the X509_PURPOSE structure to include shortnames for purposed and default trust ids. Still need some extendable trust checking code and integration with the SSL and S/MIME code.
Allow additional information to be attached to a certificate: currently this includes trust settings and a "friendly name".