Fleshed out more of the CMS implementation today, so that it implements the required-by-the-spec 3DES content encryption in enveloped-data messages. And NSS's cmsutil even seems to like the output.

Some version of DH key agreement/delivery is now working, too. So far it doesn't use any of the predefined domain parameter groups, so its dog slow because the client has to generate new DH paramaters for every request, but it seems to work.

A couple of things that're going to make interop testing a pain is that I've been doing all of the development with the benefit of an RHCS installation to issue the certificates, and am making pretty full use of NSS's databases, which can be filled with certificates with different defined trust parameters for each one. But for real testing, I'm probably going to have to be able to consume the PEM-formatted keys and certificates which OpenSSL prefers.

Lots of them. More on why later.