exit() in whatever way works for the intended platform, and define
OPENSSL_EXIT() to have the old meaning (the name is of course because
it's only used in the openssl program)
The old code was painfully primitive and couldn't handle
distinct certificates using the same subject name.
The new code performs several tests on a candidate issuer
certificate based on certificate extensions.
It also adds several callbacks to X509_VERIFY_CTX so its
behaviour can be customised.
Unfortunately some hackery was needed to persuade X509_STORE
to tolerate this. This should go away when X509_STORE is
replaced, sometime...
This must have broken something though :-(
yet.
Add a function X509_STORE_CTX_purpose_inherit() which implements the logic
of "inheriting" purpose and trust from a parent structure and using a default:
this will be used in the SSL code and possibly future S/MIME.
Partial documentation of the 'verify' utility. Still need to document how all
the extension checking works and the various error messages.
Extend the X509_PURPOSE structure to include shortnames for purposed and default
trust ids.
Still need some extendable trust checking code and integration with the SSL and
S/MIME code.
