$Id$ x501 name parsing comparing (ldap canonlisation rules) DSA support DSA2 support Rewrite the pkcs11 code to support the following: * Keep as many sessions open to the card as long as possible. * Avoid trying to login to the card over and over. * Reset the pin on card change. * Ref count the lock structure to make sure we have a prompter when we need it. * Add support for CK_TOKEN_INFO.CKF_PROTECTED_AUTHENTICATION_PATH x509 policy mappings support CRL delta support crypto make signing alg depend on signer if not given tests nist tests name constrains policy mappings http://csrc.nist.gov/pki/testing/x509paths.html building path using Subject/Issuer vs SubjKeyID vs AuthKeyID negative tests all checksums conditions/branches pkcs7 handle pkcs7 support in CMS ? certificate request generate pkcs10 request from existing cert generate CRMF request pk-init KDC/client web server/client jabber server/client email x509 issues: OtherName is left unspecified, but its used by other specs. creating this hole where a application/CA can't specify policy for SubjectAltName what covers whole space. For example, a CA is trusted to provide authentication but not authorization.