1. Tidy the code, integrate with SSLeay. The ASN1 stuff should
   go into crypto/asn1, it is possible that some equivalents already exist,
   for example I recently found out PKCS#7 DigestInfo is equivalent to
   X509_SIG in SSLeay. The password stuff really should be added to an
   enhanced EVP_BytesToKey() function and the hmac stuff added to the digests
   somehow. I hate the RC-40 hack in pfx_crpt.c, if anyone knows a "clean" way
   to do this let me know. Also the error codes are currently bogus (pick a
   number any number ...) I'm not sure if this can be done cleanly without
   making it part of SSLeay itself, if anyone knows different let me know.
2. Option to dump private key and correct certificate at same time, by checking
   thumbprints.
3. Remove the assumptions in the code (encryption algorithms, digests). All
   manner of assumption exist, for example the digests are assumed to be SHA1,
   the private keys encrypted with triple DES and the safe encrypted with RC-40.
   This should be OK for Netscape though and its unlikely anything else will use
   this standard (with its bugs) now PKCS#12 is the official standard.
4. Add support for certificate import (this is a big job).
5. Add PKCS#12 support (I am not aware of any test implementation so this
   may have to wait some time).

