Various clarifications to extension docs: change the name of literal

extensions from RAW to DER to avoid confusion with raw extensions.

Update NEWS file.

NEWS

@@ -8,12 +8,14 @@
   Major changes between OpenSSL 0.9.2b and OpenSSL 0.9.3:
       o Lots of enhancements and cleanups to the Configuration mechanism
       o RSA OEAP related fixes
-      o Support for PKCS#5 v2.0 ASN1 PBES2 structures
       o Added `openssl ca -revoke' option for revoking a certificate
       o Source cleanups: const correctness, type-safe stacks and ASN.1 SETs
       o Source tree cleanups: removed lots of obsolete files
-      o Support for Thawte SXNet extensions
+      o Thawte SXNet, certificate policies and CRL distribution points
-      o Full integration of PKCS#12 support
+	 extension support
+      o Preliminary (experimental) S/MIME support
+      o Support for ASN.1 UTF8String and VisibleString
+      o Full integration of PKCS#12 code
       o Sparc assembler bignum implementation, optimized hash functions
 
   Major changes between OpenSSL 0.9.1c and OpenSSL 0.9.2b:

crypto/x509v3/v3_conf.c

@@ -212,7 +212,7 @@ static int v3_check_critical(char **value)
 static int v3_check_generic(char **value)
 {
 	char *p = *value;
-	if((strlen(p) < 4) || strncmp(p, "RAW:,", 4)) return 0;
+	if((strlen(p) < 4) || strncmp(p, "DER:,", 4)) return 0;
 	p+=4;
 	while(isspace((unsigned char)*p)) p++;
 	*value = p;

doc/openssl.txt

@@ -104,7 +104,7 @@ extensions. In this case a line with:
 
 extensions = extension_section
 
-in the nameless (default) section is used. If no such line is include then
+in the nameless (default) section is used. If no such line is included then
 it uses the default section.
 
 You can also add extensions to CRLs: a line
@@ -141,11 +141,11 @@ reject it as invalid. Some broken software will reject certificates which
 have *any* critical extensions (these violates PKIX but we have to live
 with it).
 
-There are three main types of extension, string extensions, multi valued
+There are three main types of extension: string extensions, multi valued
 extensions, and raw extensions.
 
-String extensions simply have a string which defines the value of the or how
+String extensions simply have a string which contains either the value itself
-it is obtained.
+or how it is obtained.
 
 For example:
 
@@ -182,19 +182,25 @@ email.2=steve@there
 This is because the configuration file code cannot handle the same name
 occurring twice in the same extension.
 
-Raw extensions allow arbitrary data to be placed in an extension. For
+The syntax of raw extensions is governed by the extension code: it can
-example
+for example contain data in multiple sections. The correct syntax to
+use is defined by the extension code itself: check out the certificate
+policies extension for an example.
 
-1.2.3.4=critical,RAW:01:02:03:04
+In addition it is also possible to use the word DER to include arbitrary
-1.2.3.4=RAW:01020304
+data in any extension.
 
-The value following RAW is a hex dump of the extension contents. Any extension
+1.2.3.4=critical,DER:01:02:03:04
-can be placed in this form to override the default behaviour. For example:
+1.2.3.4=DER:01020304
 
-basicConstraints=critical,RAW:00:01:02:03
+The value following DER is a hex dump of the DER encoding of the extension
+Any extension can be placed in this form to override the default behaviour.
+For example:
 
-WARNING: raw extensions should be used with caution. It is possible to create
+basicConstraints=critical,DER:00:01:02:03
-totally invalid extensions unless care is taken.
+
+WARNING: DER should be used with caution. It is possible to create totally
+invalid extensions unless care is taken.
 
 CURRENTLY SUPPORTED EXTENSIONS.