not yet user-settable.  Defaults "on" for now.
Partial support for temporary RSA keys, skeleton for DH.
Add call to X509V3_add_standard_extensions() on init, mod_ssl
does this too, but I am unsure about what it does.
Move management of client CA certificates to a new routine, since
it is going to get more complex than the current code.

Backout the input exhaustion change, it loops.  Still looking for
the right way.

be implemented.

The rest of this change mostly contains random ideas taken from
mod_ssl.  The purpose is to get the repository in sync with the
code I am testing.  I still can't manage to make Netscape send
its certificate to slapd, though it works with Apache/mod_ssl
(with the same certificates).  Trying s_client against both
does not shed any light.  If anyone manages to make it work,
please let us know.

Let transport (TLS or somesuch) force reading or writing on
sockets even if the higher layers think otherwise.

arena corruption.

	latest autoconf (from AnonCVS)
	aclocal from latest automake (from AnonCVS)
	libtool 1.3.3

  added slap_ and ldbm_ to many structures
  added typedefs to many structures
  used typedefs
New main.c argument parsing with ldap url support (replacing -a address).
New sockaddr_in handling and support for multiple listeners.

Also free <user> in !HAVE_GETPWUID case.

ldap_modify: delete of last attribute value should delete attribute (ITS#229)
thr_nt: use sleep to yield

is ever empty.  See ITS#228.

didn't bother to acquire)...

to exhaust all protocol units received from the transport layer.
I think this is the necessary fix for the TLS-data-ready/
socket-not-ready issue, but I have not experimented that problem
yet, so I am unsure about its effectiveness.
Now, do we need something like that for connection_write?  How would
we go about implementing it?