time, skipping the filter, for instance.  Also, we were parsing
twice the scope and the filter.  I think this change is right,
but could use more eyeballs...

an OID or a proper type string (letter followed by 0 or more
alnum/-).

NULL does not meet basic syntax rules.

  by <who> <access> changed to by <who>+ <access> (joined with AND)
  added peername=<regex> sockname=<regex> url=<regex>
  removed addr=<regex> (use peername instead).
replace dn_upcase with str2upper and str2lower.  Use where needed.

not yet user-settable.  Defaults "on" for now.
Partial support for temporary RSA keys, skeleton for DH.
Add call to X509V3_add_standard_extensions() on init, mod_ssl
does this too, but I am unsure about what it does.
Move management of client CA certificates to a new routine, since
it is going to get more complex than the current code.

Backout the input exhaustion change, it loops.  Still looking for
the right way.

be implemented.

The rest of this change mostly contains random ideas taken from
mod_ssl.  The purpose is to get the repository in sync with the
code I am testing.  I still can't manage to make Netscape send
its certificate to slapd, though it works with Apache/mod_ssl
(with the same certificates).  Trying s_client against both
does not shed any light.  If anyone manages to make it work,
please let us know.

Let transport (TLS or somesuch) force reading or writing on
sockets even if the higher layers think otherwise.

arena corruption.

	latest autoconf (from AnonCVS)
	aclocal from latest automake (from AnonCVS)
	libtool 1.3.3