sync these files with openssl-0.9.7-beta1, too

15 files changed, 359 insertions, 177 deletions

diff --git a/src/lib/libssl/src/INSTALL b/src/lib/libssl/src/INSTALL
index 06aa96bcfa..7eaa8147c3 100644
--- a/src/lib/libssl/src/INSTALL
+++ b/src/lib/libssl/src/INSTALL
@@ -2,8 +2,8 @@
  INSTALLATION ON THE UNIX PLATFORM
  ---------------------------------
 
- [See INSTALL.W32 for instructions for compiling OpenSSL on Windows systems,
-  and INSTALL.VMS for installing on OpenVMS systems.]
+ [Installation on Windows, OpenVMS and MacOS (before MacOS X) is described
+  in INSTALL.W32, INSTALL.VMS and INSTALL.MacOS.]
 
  To install OpenSSL, you will need:
 
@@ -36,7 +36,8 @@
  Configuration Options
  ---------------------
 
- There are several options to ./config to customize the build:
+ There are several options to ./config (or ./Configure) to customize
+ the build:
 
   --prefix=DIR  Install in DIR/bin, DIR/lib, DIR/include/openssl.
                 Configuration files used by OpenSSL will be in DIR/ssl
diff --git a/src/lib/libssl/src/INSTALL.W32 b/src/lib/libssl/src/INSTALL.W32
index 852a82831f..d85d81b0fd 100644
--- a/src/lib/libssl/src/INSTALL.W32
+++ b/src/lib/libssl/src/INSTALL.W32
@@ -119,10 +119,12 @@
 
  * Compile OpenSSL:
 
-   > perl Configure Mingw32
-   > ms\mw.bat
+   > ms\mingw32
 
-   This will create the library and binaries in out.
+   This will create the library and binaries in out. In case any problems
+   occur, try
+   > ms\mingw32 no-asm
+   instead.
 
    libcrypto.a and libssl.a are the static libraries. To use the DLLs,
    link with libeay32.a and libssl32.a instead.
diff --git a/src/lib/libssl/src/config b/src/lib/libssl/src/config
index ece3248393..3d443da6fb 100644
--- a/src/lib/libssl/src/config
+++ b/src/lib/libssl/src/config
@@ -390,13 +390,11 @@ exit 0
 
 # figure out if gcc is available and if so we use it otherwise
 # we fallback to whatever cc does on the system
-GCCVER=`(gcc --version) 2>/dev/null | head -1`
+GCCVER=`(gcc --version) 2>/dev/null`
 if [ "$GCCVER" != "" ]; then
   CC=gcc
-  # then strip off whatever prefix Cygnus as well as GCC 3.1 prepends
-  # the number with...  Hopefully, this will work for any future prefixes
-  # as well.
-  GCCVER=`echo $GCCVER | sed 's/^[a-zA-Z ()]*\-//'`
+  # then strip off whatever prefix Cygnus prepends the number with...
+  GCCVER=`echo $GCCVER | sed 's/^[a-z]*\-//'`
   # peak single digit before and after first dot, e.g. 2.95.1 gives 29
   GCCVER=`echo $GCCVER | sed 's/\([0-9]\)\.\([0-9]\).*/\1\2/'`
 else
@@ -525,6 +523,7 @@ EOF
         OUT="linux-ppc" ;;
   ppc-*-linux2) OUT="linux-ppc" ;;
   m68k-*-linux*) OUT="linux-m68k" ;;
+  ia64-*-linux?) OUT="linux-ia64" ;;
   ppc-apple-rhapsody) OUT="rhapsody-ppc-cc" ;;
   ppc-apple-darwin*) OUT="darwin-ppc-cc" ;;
   i386-apple-darwin*) OUT="darwin-i386-cc" ;;
@@ -625,10 +624,17 @@ EOF
   *86*-*-netbsd) OUT="NetBSD-x86" ;;
   sun3*-*-netbsd) OUT="NetBSD-m68" ;;
   *-*-netbsd) OUT="NetBSD-sparc" ;;
-  *86*-*-openbsd) OUT="OpenBSD-x86" ;;
   alpha*-*-openbsd) OUT="OpenBSD-alpha" ;;
+  *86*-*-openbsd) OUT="OpenBSD-i386" ;;
+  m68k*-*-openbsd) OUT="OpenBSD-m68k" ;;
+  m88k*-*-openbsd) OUT="OpenBSD-m88k" ;;
+  mips*-*-openbsd) OUT="OpenBSD-mips" ;;
   pmax*-*-openbsd) OUT="OpenBSD-mips" ;;
+  powerpc*-*-openbsd) OUT="OpenBSD-powerpc" ;;
+  sparc64*-*-openbsd) OUT="OpenBSD-sparc64" ;;
+  sparc*-*-openbsd) OUT="OpenBSD-sparc" ;;
   vax*-*-openbsd) OUT="OpenBSD-vax" ;;
+  hppa*-*-openbsd) OUT="OpenBSD-hppa" ;;
   *-*-openbsd) OUT="OpenBSD" ;;
   *86*-*-bsdi4) OUT="bsdi-elf-gcc" ;;
   *-*-osf) OUT="alphaold-cc" ;;
diff --git a/src/lib/libssl/src/makevms.com b/src/lib/libssl/src/makevms.com
index ba9e911fac..e5c1edbe0e 100644
--- a/src/lib/libssl/src/makevms.com
+++ b/src/lib/libssl/src/makevms.com
@@ -23,6 +23,8 @@ $!      SOFTLINKS Just fix the Unix soft links.
 $!      BUILDALL  Same as ALL, except CONFIG, BUILDINF and SOFTILNKS aren't done.
 $!      RSAREF    Just build the "[.xxx.EXE.RSAREF]LIBRSAGLUE.OLB" library.
 $!      CRYPTO    Just build the "[.xxx.EXE.CRYPTO]LIBCRYPTO.OLB" library.
+$!      CRYPTO/x  Just build the x part of the
+$!                "[.xxx.EXE.CRYPTO]LIBCRYPTO.OLB" library.
 $!      SSL       Just build the "[.xxx.EXE.SSL]LIBSSL.OLB" library.
 $!      SSL_TASK  Just build the "[.xxx.EXE.SSL]SSL_TASK.EXE" program.
 $!      TEST      Just build the "[.xxx.EXE.TEST]" test programs for OpenSSL.
@@ -529,7 +531,7 @@ $ SET DEFAULT SYS$DISK:[.CRYPTO]
 $!
 $! Build The [.xxx.EXE.CRYPTO]LIBCRYPTO.OLB Library.
 $!  
-$ @CRYPTO-LIB LIBRARY 'RSAREF' 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" 'ISSEVEN'
+$ @CRYPTO-LIB LIBRARY 'RSAREF' 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" "''ISSEVEN'" "''BUILDPART'"
 $!
 $! Build The [.xxx.EXE.CRYPTO]*.EXE Test Applications.
 $!  
@@ -675,6 +677,16 @@ $! Check The User's Options.
 $!
 $ CHECK_OPTIONS:
 $!
+$! Check if there's a "part", and separate it out
+$!
+$ BUILDPART = F$ELEMENT(1,"/",P1)
+$ IF BUILDPART .EQS. "/"
+$ THEN
+$   BUILDPART = ""
+$ ELSE
+$   P1 = F$EXTRACT(0,F$LENGTH(P1) - F$LENGTH(BUILDPART) - 1, P1)
+$ ENDIF
+$!
 $! Check To See If P1 Is Blank.
 $!
 $ IF (P1.EQS."ALL")
@@ -690,9 +702,10 @@ $ ELSE
 $!
 $!  Else, Check To See If P1 Has A Valid Arguement.
 $!
-$   IF (P1.EQS."BUILDINF").OR.(P1.EQS."SOFTLINKS").OR.(P1.EQS."CRYPTO") -
-       .OR.(P1.EQS."SSL").OR.(P1.EQS."RSAREF").OR.(P1.EQS."SSL_TASK") -
-       .OR.(P1.EQS."TEST").OR.(P1.EQS."APPS")
+$   IF (P1.EQS."CONFIG").OR.(P1.EQS."BUILDINF").OR.(P1.EQS."SOFTLINKS") -
+       .OR.(P1.EQS."BUILDALL") -
+       .OR.(P1.EQS."CRYPTO").OR.(P1.EQS."SSL").OR.(P1.EQS."RSAREF") -
+       .OR.(P1.EQS."SSL_TASK").OR.(P1.EQS."TEST").OR.(P1.EQS."APPS")
 $   THEN
 $!
 $!    A Valid Arguement.
@@ -714,6 +727,8 @@ $     WRITE SYS$OUTPUT "    BUILDINF :  Just build the [.CRYPTO]BUILDINF.H file.
 $     WRITE SYS$OUTPUT "    SOFTLINKS:  Just Fix The Unix soft links."
 $     WRITE SYS$OUTPUT "    BUILDALL :  Same as ALL, except CONFIG, BUILDINF and SOFTILNKS aren't done."
 $     WRITE SYS$OUTPUT "    CRYPTO   :  To Build Just The [.xxx.EXE.CRYPTO]LIBCRYPTO.OLB Library."
+$     WRITE SYS$OUTPUT "    CRYPTO/x :  To Build Just The x Part Of The"
+$     WRITE SYS$OUTPUT "                [.xxx.EXE.CRYPTO]LIBCRYPTO.OLB Library."
 $     WRITE SYS$OUTPUT "    SSL      :  To Build Just The [.xxx.EXE.SSL]LIBSSL.OLB Library."
 $     WRITE SYS$OUTPUT "    SSL_TASK :  To Build Just The [.xxx.EXE.SSL]SSL_TASK.EXE Program."
 $     WRITE SYS$OUTPUT "    TEST     :  To Build Just The OpenSSL Test Programs."
diff --git a/src/lib/libssl/src/ssl/ssl-lib.com b/src/lib/libssl/src/ssl/ssl-lib.com
index 1f1921e162..e706ab8e99 100644
--- a/src/lib/libssl/src/ssl/ssl-lib.com
+++ b/src/lib/libssl/src/ssl/ssl-lib.com
@@ -314,7 +314,7 @@ $ WRITE SYS$OUTPUT "Creating SSL_TASK OSU HTTP SSL Engine."
 $!
 $! Compile The File.
 $!
-$ ON ERROR THEN GOTO SSL_TASK_END
+$ ON ERROR GOTO SSL_TASK_END
 $ CC5/OBJECT='OBJ_DIR'SSL_TASK.OBJ SYS$DISK:[]SSL_TASK.C
 $!
 $! Link The Program, Check To See If We Need To Link With RSAREF Or Not.
diff --git a/src/lib/libssl/src/test/maketests.com b/src/lib/libssl/src/test/maketests.com
index b3bf8bb837..f7ff8fe407 100644
--- a/src/lib/libssl/src/test/maketests.com
+++ b/src/lib/libssl/src/test/maketests.com
@@ -910,8 +910,7 @@ $ ENDIF
 $!
 $! Time to check the contents, and to make sure we get the correct library.
 $!
-$ IF P4.EQS."SOCKETSHR" .OR. P4.EQS."MULTINET" .OR. P4.EQS."UCX" -
-     .OR. P4.EQS."TCPIP" .OR. P4.EQS."NONE"
+$ IF P4.EQS."SOCKETSHR" .OR. P4.EQS."MULTINET" .OR. P4.EQS."UCX"
 $ THEN
 $!
 $!  Check to see if SOCKETSHR was chosen
@@ -960,32 +959,6 @@ $!    Done with UCX
 $!
 $   ENDIF
 $!
-$!  Check to see if TCPIP was chosen
-$!
-$   IF P4.EQS."TCPIP"
-$   THEN
-$!
-$!    Set the library to use TCPIP (post UCX).
-$!
-$     TCPIP_LIB = "SYS$DISK:[-.VMS]TCPIP_SHR_DECC.OPT/OPT"
-$!
-$!    Done with TCPIP
-$!
-$   ENDIF
-$!
-$!  Check to see if NONE was chosen
-$!
-$   IF P4.EQS."NONE"
-$   THEN
-$!
-$!    Do not use a TCPIP library.
-$!
-$     TCPIP_LIB = ""
-$!
-$!    Done with NONE
-$!
-$   ENDIF
-$!
 $!  Print info
 $!
 $   WRITE SYS$OUTPUT "TCP/IP library spec: ", TCPIP_LIB
@@ -1001,7 +974,6 @@ $   WRITE SYS$OUTPUT "The Option ",P4," Is Invalid.  The Valid Options Are:"
 $   WRITE SYS$OUTPUT ""
 $   WRITE SYS$OUTPUT "    SOCKETSHR  :  To link with SOCKETSHR TCP/IP library."
 $   WRITE SYS$OUTPUT "    UCX        :  To link with UCX TCP/IP library."
-$   WRITE SYS$OUTPUT "    TCPIP      :  To link with TCPIP (post UCX) TCP/IP library."
 $   WRITE SYS$OUTPUT ""
 $!
 $!  Time To EXIT.
diff --git a/src/lib/libssl/src/test/testgen.com b/src/lib/libssl/src/test/testgen.com
index 0e9029371a..5d28ebec72 100644
--- a/src/lib/libssl/src/test/testgen.com
+++ b/src/lib/libssl/src/test/testgen.com
@@ -16,23 +16,35 @@ $	set on
 $
 $       write sys$output "generating certificate request"
 $
-$       write sys$output "There should be a 2 sequences of .'s and some +'s."
-$       write sys$output "There should not be more that at most 80 per line"
-$       write sys$output "This could take some time."
-$
 $       append/new nl: .rnd
 $       open/append random_file .rnd
 $       write random_file "string to make the random number generator think it has entropy"
 $       close random_file
 $
-$       mcr 'exe_dir'openssl req -config test.cnf -new -out testreq.pem
+$       set noon
+$       define/user sys$output nla0:
+$       mcr 'exe_dir'openssl no-rsa
+$       save_severity=$SEVERITY
+$       set on
+$       if save_severity
+$       then
+$           req_new="-newkey dsa:[-.apps]dsa512.pem"
+$       else
+$           req_new="-new"
+$           write sys$output "There should be a 2 sequences of .'s and some +'s."
+$           write sys$output "There should not be more that at most 80 per line"
+$       endif
+$
+$       write sys$output "This could take some time."
+$
+$       mcr 'exe_dir'openssl req -config test.cnf 'req_new' -out testreq.pem
 $       if $severity .ne. 1
 $       then
 $           write sys$output "problems creating request"
 $           exit 3
 $       endif
 $
-$       mcr 'exe_dir'openssl req -verify -in testreq.pem -noout
+$       mcr 'exe_dir'openssl req -config test.cnf -verify -in testreq.pem -noout
 $       if $severity .ne. 1
 $       then
 $           write sys$output "signature on req is wrong"
diff --git a/src/lib/libssl/src/test/testss.com b/src/lib/libssl/src/test/testss.com
index ce2c4b43f6..685ae5043d 100644
--- a/src/lib/libssl/src/test/testss.com
+++ b/src/lib/libssl/src/test/testss.com
@@ -4,7 +4,7 @@ $	__arch := VAX
 $       if f$getsyi("cpu") .ge. 128 then __arch := AXP
 $       exe_dir := sys$disk:[-.'__arch'.exe.apps]
 $
-$       digest="-mdc2"
+$       digest="-md5"
 $       reqcmd := mcr 'exe_dir'openssl req
 $       x509cmd := mcr 'exe_dir'openssl x509 'digest'
 $       verifycmd := mcr 'exe_dir'openssl verify
@@ -23,7 +23,20 @@ $	Ucert="""certU.ss"""
 $
 $       write sys$output ""
 $       write sys$output "make a certificate request using 'req'"
-$       'reqcmd' -config 'CAconf' -out 'CAreq' -keyout 'CAkey' -new ! -out err.ss
+$
+$       set noon
+$       define/user sys$output nla0:
+$       mcr 'exe_dir'openssl no-rsa
+$       save_severity=$SEVERITY
+$       set on
+$       if save_severity
+$       then
+$           req_new="-newkey dsa:[-.apps]dsa512.pem"
+$       else
+$           req_new="-new"
+$       endif
+$
+$       'reqcmd' -config 'CAconf' -out 'CAreq' -keyout 'CAkey' 'req_new' ! -out err.ss
 $       if $severity .ne. 1
 $       then
 $               write sys$output "error using 'req' to generate a certificate request"
@@ -73,7 +86,7 @@ $
 $       write sys$output ""
 $       write sys$output "make another certificate request using 'req'"
 $       define /user sys$output err.ss
-$       'reqcmd' -config 'Uconf' -out 'Ureq' -keyout 'Ukey' -new
+$       'reqcmd' -config 'Uconf' -out 'Ureq' -keyout 'Ukey' 'req_new'
 $       if $severity .ne. 1
 $       then
 $               write sys$output "error using 'req' to generate a certificate request"
diff --git a/src/lib/libssl/src/test/testssl.com b/src/lib/libssl/src/test/testssl.com
index 0b4b0a0ad3..785f262f5a 100644
--- a/src/lib/libssl/src/test/testssl.com
+++ b/src/lib/libssl/src/test/testssl.com
@@ -2,118 +2,189 @@ $! TESTSSL.COM
 $
 $       __arch := VAX
 $       if f$getsyi("cpu") .ge. 128 then __arch := AXP
-$       exe_dir := sys$disk:[-.'__arch'.exe.test]
-$
-$       copy/concatenate [-.certs]*.pem certs.tmp
+$       texe_dir := sys$disk:[-.'__arch'.exe.test]
+$       exe_dir := sys$disk:[-.'__arch'.exe.apps]
+$
+$       if p1 .eqs. ""
+$       then
+$           key="[-.apps]server.pem"
+$       else
+$           key=p1
+$       endif
+$       if p2 .eqs. ""
+$       then
+$           cert="[-.apps]server.pem"
+$       else
+$           cert=p2
+$       endif
+$       ssltest := mcr 'texe_dir'ssltest -key 'key' -cert 'cert' -c_key 'key' -c_cert 'cert'
+$
+$       define/user sys$output testssl-x509-output.
+$       define/user sys$error nla0:
+$       mcr 'exe_dir'openssl x509 -in 'cert' -text -noout
+$       set noon
+$       define/user sys$error nla0:
+$       search/output=nla0: testssl-x509-output. "DSA Public Key"/exact
+$       if $severity .eq. 1
+$       then
+$           dsa_cert := YES
+$       else
+$           dsa_cert := NO
+$       endif
+$       set on
+$       delete testssl-x509-output.;*
+$
+$       if p3 .eqs. ""
+$       then
+$           copy/concatenate [-.certs]*.pem certs.tmp
+$           CA = """-CAfile"" certs.tmp"
+$       else
+$           CA = """-CAfile"" "+p3
+$       endif
+$
+$!###########################################################################
 $
 $       write sys$output "test sslv2"
-$       mcr 'exe_dir'ssltest -ssl2
+$       'ssltest' -ssl2
 $       if $severity .ne. 1 then goto exit3
 $
 $       write sys$output "test sslv2 with server authentication"
-$       mcr 'exe_dir'ssltest -ssl2 -server_auth "-CAfile" certs.tmp
+$       'ssltest' -ssl2 -server_auth 'CA'
 $       if $severity .ne. 1 then goto exit3
 $
-$       write sys$output "test sslv2 with client authentication"
-$       mcr 'exe_dir'ssltest -ssl2 -client_auth "-CAfile" certs.tmp
-$       if $severity .ne. 1 then goto exit3
+$       if .not. dsa_cert
+$       then
+$           write sys$output "test sslv2 with client authentication"
+$           'ssltest' -ssl2 -client_auth 'CA'
+$           if $severity .ne. 1 then goto exit3
 $
-$       write sys$output "test sslv2 with both client and server authentication"
-$       mcr 'exe_dir'ssltest -ssl2 -server_auth -client_auth "-CAfile" certs.tmp
-$       if $severity .ne. 1 then goto exit3
+$           write sys$output "test sslv2 with both client and server authentication"
+$           'ssltest' -ssl2 -server_auth -client_auth 'CA'
+$           if $severity .ne. 1 then goto exit3
+$       endif
 $
 $       write sys$output "test sslv3"
-$       mcr 'exe_dir'ssltest -ssl3
+$       'ssltest' -ssl3
 $       if $severity .ne. 1 then goto exit3
 $
 $       write sys$output "test sslv3 with server authentication"
-$       mcr 'exe_dir'ssltest -ssl3 -server_auth "-CAfile" certs.tmp
+$       'ssltest' -ssl3 -server_auth 'CA'
 $       if $severity .ne. 1 then goto exit3
 $
 $       write sys$output "test sslv3 with client authentication"
-$       mcr 'exe_dir'ssltest -ssl3 -client_auth "-CAfile" certs.tmp
+$       'ssltest' -ssl3 -client_auth 'CA'
 $       if $severity .ne. 1 then goto exit3
 $
 $       write sys$output "test sslv3 with both client and server authentication"
-$       mcr 'exe_dir'ssltest -ssl3 -server_auth -client_auth "-CAfile" certs.tmp
+$       'ssltest' -ssl3 -server_auth -client_auth 'CA'
 $       if $severity .ne. 1 then goto exit3
 $
 $       write sys$output "test sslv2/sslv3"
-$       mcr 'exe_dir'ssltest
+$       'ssltest'
 $       if $severity .ne. 1 then goto exit3
 $
 $       write sys$output "test sslv2/sslv3 with server authentication"
-$       mcr 'exe_dir'ssltest -server_auth "-CAfile" certs.tmp
+$       'ssltest' -server_auth 'CA'
 $       if $severity .ne. 1 then goto exit3
 $
 $       write sys$output "test sslv2/sslv3 with client authentication"
-$       mcr 'exe_dir'ssltest -client_auth "-CAfile" certs.tmp
+$       'ssltest' -client_auth 'CA'
 $       if $severity .ne. 1 then goto exit3
 $
 $       write sys$output "test sslv2/sslv3 with both client and server authentication"
-$       mcr 'exe_dir'ssltest -server_auth -client_auth "-CAfile" certs.tmp
+$       'ssltest' -server_auth -client_auth 'CA'
 $       if $severity .ne. 1 then goto exit3
 $
 $       write sys$output "test sslv2 via BIO pair"
-$       mcr 'exe_dir'ssltest -bio_pair -ssl2 
-$       if $severity .ne. 1 then goto exit3
-$
-$       write sys$output "test sslv2/sslv3 with 1024 bit DHE via BIO pair"
-$       mcr 'exe_dir'ssltest -bio_pair -dhe1024 -v
+$       'ssltest' -bio_pair -ssl2 
 $       if $severity .ne. 1 then goto exit3
 $
 $       write sys$output "test sslv2 with server authentication via BIO pair"
-$       mcr 'exe_dir'ssltest -bio_pair -ssl2 -server_auth "-CAfile" certs.tmp 
+$       'ssltest' -bio_pair -ssl2 -server_auth 'CA' 
 $       if $severity .ne. 1 then goto exit3
 $
-$       write sys$output "test sslv2 with client authentication via BIO pair"
-$       mcr 'exe_dir'ssltest -bio_pair -ssl2 -client_auth "-CAfile" certs.tmp 
-$       if $severity .ne. 1 then goto exit3
+$       if .not. dsa_cert
+$       then
+$           write sys$output "test sslv2 with client authentication via BIO pair"
+$           'ssltest' -bio_pair -ssl2 -client_auth 'CA' 
+$           if $severity .ne. 1 then goto exit3
 $
-$       write sys$output "test sslv2 with both client and server authentication via BIO pair"
-$       mcr 'exe_dir'ssltest -bio_pair -ssl2 -server_auth -client_auth "-CAfile" certs.tmp 
-$       if $severity .ne. 1 then goto exit3
+$           write sys$output "test sslv2 with both client and server authentication via BIO pair"
+$           'ssltest' -bio_pair -ssl2 -server_auth -client_auth 'CA' 
+$           if $severity .ne. 1 then goto exit3
+$       endif
 $
 $       write sys$output "test sslv3 via BIO pair"
-$       mcr 'exe_dir'ssltest -bio_pair -ssl3 
+$       'ssltest' -bio_pair -ssl3 
 $       if $severity .ne. 1 then goto exit3
 $
 $       write sys$output "test sslv3 with server authentication via BIO pair"
-$       mcr 'exe_dir'ssltest -bio_pair -ssl3 -server_auth "-CAfile" certs.tmp 
+$       'ssltest' -bio_pair -ssl3 -server_auth 'CA' 
 $       if $severity .ne. 1 then goto exit3
 $
 $       write sys$output "test sslv3 with client authentication via BIO pair"
-$       mcr 'exe_dir'ssltest -bio_pair -ssl3 -client_auth "-CAfile" certs.tmp 
+$       'ssltest' -bio_pair -ssl3 -client_auth 'CA' 
 $       if $severity .ne. 1 then goto exit3
  
 $       write sys$output "test sslv3 with both client and server authentication via BIO pair"
-$       mcr 'exe_dir'ssltest -bio_pair -ssl3 -server_auth -client_auth "-CAfile" certs.tmp 
+$       'ssltest' -bio_pair -ssl3 -server_auth -client_auth 'CA' 
 $       if $severity .ne. 1 then goto exit3
 $
 $       write sys$output "test sslv2/sslv3 via BIO pair"
-$       mcr 'exe_dir'ssltest 
+$       'ssltest' 
 $       if $severity .ne. 1 then goto exit3
 $
-$       write sys$output "test sslv2/sslv3 w/o DHE via BIO pair"
-$       mcr 'exe_dir'ssltest -bio_pair -no_dhe
+$       if .not. dsa_cert
+$       then
+$           write sys$output "test sslv2/sslv3 w/o DHE via BIO pair"
+$           'ssltest' -bio_pair -no_dhe
+$           if $severity .ne. 1 then goto exit3
+$       endif
+$
+$       write sys$output "test sslv2/sslv3 with 1024 bit DHE via BIO pair"
+$       'ssltest' -bio_pair -dhe1024dsa -v
 $       if $severity .ne. 1 then goto exit3
 $
 $       write sys$output "test sslv2/sslv3 with server authentication"
-$       mcr 'exe_dir'ssltest -bio_pair -server_auth "-CAfile" certs.tmp 
+$       'ssltest' -bio_pair -server_auth 'CA' 
 $       if $severity .ne. 1 then goto exit3
 $
 $       write sys$output "test sslv2/sslv3 with client authentication via BIO pair"
-$       mcr 'exe_dir'ssltest -bio_pair -client_auth "-CAfile" certs.tmp 
+$       'ssltest' -bio_pair -client_auth 'CA' 
 $       if $severity .ne. 1 then goto exit3
 $
 $       write sys$output "test sslv2/sslv3 with both client and server authentication via BIO pair"
-$       mcr 'exe_dir'ssltest -bio_pair -server_auth -client_auth "-CAfile" certs.tmp 
+$       'ssltest' -bio_pair -server_auth -client_auth 'CA' 
 $       if $severity .ne. 1 then goto exit3
 $
+$!###########################################################################
+$
+$       write sys$output "test tls1 with 1024bit anonymous DH, multiple handshakes"
+$       'ssltest' -v -bio_pair -tls1 -cipher "ADH" -dhe1024dsa -num 10 -f -time
+$       if $severity .ne. 1 then goto exit3
+$
+$       set noon
+$       define/user sys$output nla0:
+$       mcr 'exe_dir'openssl no-rsa
+$       save_severity=$SEVERITY
+$       set on
+$       if save_severity
+$       then
+$           write sys$output "skipping RSA tests"
+$       else
+$           write sys$output "test tls1 with 1024bit RSA, no DHE, multiple handshakes"
+$           mcr 'texe_dir'ssltest -v -bio_pair -tls1 -cert [-.apps]server2.pem -no_dhe -num 10 -f -time
+$           if $severity .ne. 1 then goto exit3
+$
+$           write sys$output "test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes"
+$           mcr 'texe_dir'ssltest -v -bio_pair -tls1 -cert [-.apps]server2.pem -dhe1024dsa -num 10 -f -time
+$           if $severity .ne. 1 then goto exit3
+$       endif
+$
 $       RET = 1
 $       goto exit
 $ exit3:
 $       RET = 3
 $ exit:
-$       delete certs.tmp;*
+$       if p3 .eqs. "" then delete certs.tmp;*
 $       exit 'RET'
diff --git a/src/lib/libssl/src/test/trsa.com b/src/lib/libssl/src/test/trsa.com
index 28add5eefd..6b6c318e2b 100644
--- a/src/lib/libssl/src/test/trsa.com
+++ b/src/lib/libssl/src/test/trsa.com
@@ -4,6 +4,17 @@ $	__arch := VAX
 $       if f$getsyi("cpu") .ge. 128 then __arch := AXP
 $       exe_dir := sys$disk:[-.'__arch'.exe.apps]
 $
+$       set noon
+$       define/user sys$output nla0:
+$       mcr 'exe_dir'openssl no-rsa
+$       save_severity=$SEVERITY
+$       set on
+$       if save_severity
+$       then
+$           write sys$output "skipping RSA conversion test"
+$           exit
+$       endif
+$
 $       cmd := mcr 'exe_dir'openssl rsa
 $
 $       t := testrsa.pem
diff --git a/src/lib/libssl/test/maketests.com b/src/lib/libssl/test/maketests.com
index b3bf8bb837..f7ff8fe407 100644
--- a/src/lib/libssl/test/maketests.com
+++ b/src/lib/libssl/test/maketests.com
@@ -910,8 +910,7 @@ $ ENDIF
 $!
 $! Time to check the contents, and to make sure we get the correct library.
 $!
-$ IF P4.EQS."SOCKETSHR" .OR. P4.EQS."MULTINET" .OR. P4.EQS."UCX" -
-     .OR. P4.EQS."TCPIP" .OR. P4.EQS."NONE"
+$ IF P4.EQS."SOCKETSHR" .OR. P4.EQS."MULTINET" .OR. P4.EQS."UCX"
 $ THEN
 $!
 $!  Check to see if SOCKETSHR was chosen
@@ -960,32 +959,6 @@ $!    Done with UCX
 $!
 $   ENDIF
 $!
-$!  Check to see if TCPIP was chosen
-$!
-$   IF P4.EQS."TCPIP"
-$   THEN
-$!
-$!    Set the library to use TCPIP (post UCX).
-$!
-$     TCPIP_LIB = "SYS$DISK:[-.VMS]TCPIP_SHR_DECC.OPT/OPT"
-$!
-$!    Done with TCPIP
-$!
-$   ENDIF
-$!
-$!  Check to see if NONE was chosen
-$!
-$   IF P4.EQS."NONE"
-$   THEN
-$!
-$!    Do not use a TCPIP library.
-$!
-$     TCPIP_LIB = ""
-$!
-$!    Done with NONE
-$!
-$   ENDIF
-$!
 $!  Print info
 $!
 $   WRITE SYS$OUTPUT "TCP/IP library spec: ", TCPIP_LIB
@@ -1001,7 +974,6 @@ $   WRITE SYS$OUTPUT "The Option ",P4," Is Invalid.  The Valid Options Are:"
 $   WRITE SYS$OUTPUT ""
 $   WRITE SYS$OUTPUT "    SOCKETSHR  :  To link with SOCKETSHR TCP/IP library."
 $   WRITE SYS$OUTPUT "    UCX        :  To link with UCX TCP/IP library."
-$   WRITE SYS$OUTPUT "    TCPIP      :  To link with TCPIP (post UCX) TCP/IP library."
 $   WRITE SYS$OUTPUT ""
 $!
 $!  Time To EXIT.
diff --git a/src/lib/libssl/test/testgen.com b/src/lib/libssl/test/testgen.com
index 0e9029371a..5d28ebec72 100644
--- a/src/lib/libssl/test/testgen.com
+++ b/src/lib/libssl/test/testgen.com
@@ -16,23 +16,35 @@ $	set on
 $
 $       write sys$output "generating certificate request"
 $
-$       write sys$output "There should be a 2 sequences of .'s and some +'s."
-$       write sys$output "There should not be more that at most 80 per line"
-$       write sys$output "This could take some time."
-$
 $       append/new nl: .rnd
 $       open/append random_file .rnd
 $       write random_file "string to make the random number generator think it has entropy"
 $       close random_file
 $
-$       mcr 'exe_dir'openssl req -config test.cnf -new -out testreq.pem
+$       set noon
+$       define/user sys$output nla0:
+$       mcr 'exe_dir'openssl no-rsa
+$       save_severity=$SEVERITY
+$       set on
+$       if save_severity
+$       then
+$           req_new="-newkey dsa:[-.apps]dsa512.pem"
+$       else
+$           req_new="-new"
+$           write sys$output "There should be a 2 sequences of .'s and some +'s."
+$           write sys$output "There should not be more that at most 80 per line"
+$       endif
+$
+$       write sys$output "This could take some time."
+$
+$       mcr 'exe_dir'openssl req -config test.cnf 'req_new' -out testreq.pem
 $       if $severity .ne. 1
 $       then
 $           write sys$output "problems creating request"
 $           exit 3
 $       endif
 $
-$       mcr 'exe_dir'openssl req -verify -in testreq.pem -noout
+$       mcr 'exe_dir'openssl req -config test.cnf -verify -in testreq.pem -noout
 $       if $severity .ne. 1
 $       then
 $           write sys$output "signature on req is wrong"
diff --git a/src/lib/libssl/test/testss.com b/src/lib/libssl/test/testss.com
index ce2c4b43f6..685ae5043d 100644
--- a/src/lib/libssl/test/testss.com
+++ b/src/lib/libssl/test/testss.com
@@ -4,7 +4,7 @@ $	__arch := VAX
 $       if f$getsyi("cpu") .ge. 128 then __arch := AXP
 $       exe_dir := sys$disk:[-.'__arch'.exe.apps]
 $
-$       digest="-mdc2"
+$       digest="-md5"
 $       reqcmd := mcr 'exe_dir'openssl req
 $       x509cmd := mcr 'exe_dir'openssl x509 'digest'
 $       verifycmd := mcr 'exe_dir'openssl verify
@@ -23,7 +23,20 @@ $	Ucert="""certU.ss"""
 $
 $       write sys$output ""
 $       write sys$output "make a certificate request using 'req'"
-$       'reqcmd' -config 'CAconf' -out 'CAreq' -keyout 'CAkey' -new ! -out err.ss
+$
+$       set noon
+$       define/user sys$output nla0:
+$       mcr 'exe_dir'openssl no-rsa
+$       save_severity=$SEVERITY
+$       set on
+$       if save_severity
+$       then
+$           req_new="-newkey dsa:[-.apps]dsa512.pem"
+$       else
+$           req_new="-new"
+$       endif
+$
+$       'reqcmd' -config 'CAconf' -out 'CAreq' -keyout 'CAkey' 'req_new' ! -out err.ss
 $       if $severity .ne. 1
 $       then
 $               write sys$output "error using 'req' to generate a certificate request"
@@ -73,7 +86,7 @@ $
 $       write sys$output ""
 $       write sys$output "make another certificate request using 'req'"
 $       define /user sys$output err.ss
-$       'reqcmd' -config 'Uconf' -out 'Ureq' -keyout 'Ukey' -new
+$       'reqcmd' -config 'Uconf' -out 'Ureq' -keyout 'Ukey' 'req_new'
 $       if $severity .ne. 1
 $       then
 $               write sys$output "error using 'req' to generate a certificate request"
diff --git a/src/lib/libssl/test/testssl.com b/src/lib/libssl/test/testssl.com
index 0b4b0a0ad3..785f262f5a 100644
--- a/src/lib/libssl/test/testssl.com
+++ b/src/lib/libssl/test/testssl.com
@@ -2,118 +2,189 @@ $! TESTSSL.COM
 $
 $       __arch := VAX
 $       if f$getsyi("cpu") .ge. 128 then __arch := AXP
-$       exe_dir := sys$disk:[-.'__arch'.exe.test]
-$
-$       copy/concatenate [-.certs]*.pem certs.tmp
+$       texe_dir := sys$disk:[-.'__arch'.exe.test]
+$       exe_dir := sys$disk:[-.'__arch'.exe.apps]
+$
+$       if p1 .eqs. ""
+$       then
+$           key="[-.apps]server.pem"
+$       else
+$           key=p1
+$       endif
+$       if p2 .eqs. ""
+$       then
+$           cert="[-.apps]server.pem"
+$       else
+$           cert=p2
+$       endif
+$       ssltest := mcr 'texe_dir'ssltest -key 'key' -cert 'cert' -c_key 'key' -c_cert 'cert'
+$
+$       define/user sys$output testssl-x509-output.
+$       define/user sys$error nla0:
+$       mcr 'exe_dir'openssl x509 -in 'cert' -text -noout
+$       set noon
+$       define/user sys$error nla0:
+$       search/output=nla0: testssl-x509-output. "DSA Public Key"/exact
+$       if $severity .eq. 1
+$       then
+$           dsa_cert := YES
+$       else
+$           dsa_cert := NO
+$       endif
+$       set on
+$       delete testssl-x509-output.;*
+$
+$       if p3 .eqs. ""
+$       then
+$           copy/concatenate [-.certs]*.pem certs.tmp
+$           CA = """-CAfile"" certs.tmp"
+$       else
+$           CA = """-CAfile"" "+p3
+$       endif
+$
+$!###########################################################################
 $
 $       write sys$output "test sslv2"
-$       mcr 'exe_dir'ssltest -ssl2
+$       'ssltest' -ssl2
 $       if $severity .ne. 1 then goto exit3
 $
 $       write sys$output "test sslv2 with server authentication"
-$       mcr 'exe_dir'ssltest -ssl2 -server_auth "-CAfile" certs.tmp
+$       'ssltest' -ssl2 -server_auth 'CA'
 $       if $severity .ne. 1 then goto exit3
 $
-$       write sys$output "test sslv2 with client authentication"
-$       mcr 'exe_dir'ssltest -ssl2 -client_auth "-CAfile" certs.tmp
-$       if $severity .ne. 1 then goto exit3
+$       if .not. dsa_cert
+$       then
+$           write sys$output "test sslv2 with client authentication"
+$           'ssltest' -ssl2 -client_auth 'CA'
+$           if $severity .ne. 1 then goto exit3
 $
-$       write sys$output "test sslv2 with both client and server authentication"
-$       mcr 'exe_dir'ssltest -ssl2 -server_auth -client_auth "-CAfile" certs.tmp
-$       if $severity .ne. 1 then goto exit3
+$           write sys$output "test sslv2 with both client and server authentication"
+$           'ssltest' -ssl2 -server_auth -client_auth 'CA'
+$           if $severity .ne. 1 then goto exit3
+$       endif
 $
 $       write sys$output "test sslv3"
-$       mcr 'exe_dir'ssltest -ssl3
+$       'ssltest' -ssl3
 $       if $severity .ne. 1 then goto exit3
 $
 $       write sys$output "test sslv3 with server authentication"
-$       mcr 'exe_dir'ssltest -ssl3 -server_auth "-CAfile" certs.tmp
+$       'ssltest' -ssl3 -server_auth 'CA'
 $       if $severity .ne. 1 then goto exit3
 $
 $       write sys$output "test sslv3 with client authentication"
-$       mcr 'exe_dir'ssltest -ssl3 -client_auth "-CAfile" certs.tmp
+$       'ssltest' -ssl3 -client_auth 'CA'
 $       if $severity .ne. 1 then goto exit3
 $
 $       write sys$output "test sslv3 with both client and server authentication"
-$       mcr 'exe_dir'ssltest -ssl3 -server_auth -client_auth "-CAfile" certs.tmp
+$       'ssltest' -ssl3 -server_auth -client_auth 'CA'
 $       if $severity .ne. 1 then goto exit3
 $
 $       write sys$output "test sslv2/sslv3"
-$       mcr 'exe_dir'ssltest
+$       'ssltest'
 $       if $severity .ne. 1 then goto exit3
 $
 $       write sys$output "test sslv2/sslv3 with server authentication"
-$       mcr 'exe_dir'ssltest -server_auth "-CAfile" certs.tmp
+$       'ssltest' -server_auth 'CA'
 $       if $severity .ne. 1 then goto exit3
 $
 $       write sys$output "test sslv2/sslv3 with client authentication"
-$       mcr 'exe_dir'ssltest -client_auth "-CAfile" certs.tmp
+$       'ssltest' -client_auth 'CA'
 $       if $severity .ne. 1 then goto exit3
 $
 $       write sys$output "test sslv2/sslv3 with both client and server authentication"
-$       mcr 'exe_dir'ssltest -server_auth -client_auth "-CAfile" certs.tmp
+$       'ssltest' -server_auth -client_auth 'CA'
 $       if $severity .ne. 1 then goto exit3
 $
 $       write sys$output "test sslv2 via BIO pair"
-$       mcr 'exe_dir'ssltest -bio_pair -ssl2 
-$       if $severity .ne. 1 then goto exit3
-$
-$       write sys$output "test sslv2/sslv3 with 1024 bit DHE via BIO pair"
-$       mcr 'exe_dir'ssltest -bio_pair -dhe1024 -v
+$       'ssltest' -bio_pair -ssl2 
 $       if $severity .ne. 1 then goto exit3
 $
 $       write sys$output "test sslv2 with server authentication via BIO pair"
-$       mcr 'exe_dir'ssltest -bio_pair -ssl2 -server_auth "-CAfile" certs.tmp 
+$       'ssltest' -bio_pair -ssl2 -server_auth 'CA' 
 $       if $severity .ne. 1 then goto exit3
 $
-$       write sys$output "test sslv2 with client authentication via BIO pair"
-$       mcr 'exe_dir'ssltest -bio_pair -ssl2 -client_auth "-CAfile" certs.tmp 
-$       if $severity .ne. 1 then goto exit3
+$       if .not. dsa_cert
+$       then
+$           write sys$output "test sslv2 with client authentication via BIO pair"
+$           'ssltest' -bio_pair -ssl2 -client_auth 'CA' 
+$           if $severity .ne. 1 then goto exit3
 $
-$       write sys$output "test sslv2 with both client and server authentication via BIO pair"
-$       mcr 'exe_dir'ssltest -bio_pair -ssl2 -server_auth -client_auth "-CAfile" certs.tmp 
-$       if $severity .ne. 1 then goto exit3
+$           write sys$output "test sslv2 with both client and server authentication via BIO pair"
+$           'ssltest' -bio_pair -ssl2 -server_auth -client_auth 'CA' 
+$           if $severity .ne. 1 then goto exit3
+$       endif
 $
 $       write sys$output "test sslv3 via BIO pair"
-$       mcr 'exe_dir'ssltest -bio_pair -ssl3 
+$       'ssltest' -bio_pair -ssl3 
 $       if $severity .ne. 1 then goto exit3
 $
 $       write sys$output "test sslv3 with server authentication via BIO pair"
-$       mcr 'exe_dir'ssltest -bio_pair -ssl3 -server_auth "-CAfile" certs.tmp 
+$       'ssltest' -bio_pair -ssl3 -server_auth 'CA' 
 $       if $severity .ne. 1 then goto exit3
 $
 $       write sys$output "test sslv3 with client authentication via BIO pair"
-$       mcr 'exe_dir'ssltest -bio_pair -ssl3 -client_auth "-CAfile" certs.tmp 
+$       'ssltest' -bio_pair -ssl3 -client_auth 'CA' 
 $       if $severity .ne. 1 then goto exit3
  
 $       write sys$output "test sslv3 with both client and server authentication via BIO pair"
-$       mcr 'exe_dir'ssltest -bio_pair -ssl3 -server_auth -client_auth "-CAfile" certs.tmp 
+$       'ssltest' -bio_pair -ssl3 -server_auth -client_auth 'CA' 
 $       if $severity .ne. 1 then goto exit3
 $
 $       write sys$output "test sslv2/sslv3 via BIO pair"
-$       mcr 'exe_dir'ssltest 
+$       'ssltest' 
 $       if $severity .ne. 1 then goto exit3
 $
-$       write sys$output "test sslv2/sslv3 w/o DHE via BIO pair"
-$       mcr 'exe_dir'ssltest -bio_pair -no_dhe
+$       if .not. dsa_cert
+$       then
+$           write sys$output "test sslv2/sslv3 w/o DHE via BIO pair"
+$           'ssltest' -bio_pair -no_dhe
+$           if $severity .ne. 1 then goto exit3
+$       endif
+$
+$       write sys$output "test sslv2/sslv3 with 1024 bit DHE via BIO pair"
+$       'ssltest' -bio_pair -dhe1024dsa -v
 $       if $severity .ne. 1 then goto exit3
 $
 $       write sys$output "test sslv2/sslv3 with server authentication"
-$       mcr 'exe_dir'ssltest -bio_pair -server_auth "-CAfile" certs.tmp 
+$       'ssltest' -bio_pair -server_auth 'CA' 
 $       if $severity .ne. 1 then goto exit3
 $
 $       write sys$output "test sslv2/sslv3 with client authentication via BIO pair"
-$       mcr 'exe_dir'ssltest -bio_pair -client_auth "-CAfile" certs.tmp 
+$       'ssltest' -bio_pair -client_auth 'CA' 
 $       if $severity .ne. 1 then goto exit3
 $
 $       write sys$output "test sslv2/sslv3 with both client and server authentication via BIO pair"
-$       mcr 'exe_dir'ssltest -bio_pair -server_auth -client_auth "-CAfile" certs.tmp 
+$       'ssltest' -bio_pair -server_auth -client_auth 'CA' 
 $       if $severity .ne. 1 then goto exit3
 $
+$!###########################################################################
+$
+$       write sys$output "test tls1 with 1024bit anonymous DH, multiple handshakes"
+$       'ssltest' -v -bio_pair -tls1 -cipher "ADH" -dhe1024dsa -num 10 -f -time
+$       if $severity .ne. 1 then goto exit3
+$
+$       set noon
+$       define/user sys$output nla0:
+$       mcr 'exe_dir'openssl no-rsa
+$       save_severity=$SEVERITY
+$       set on
+$       if save_severity
+$       then
+$           write sys$output "skipping RSA tests"
+$       else
+$           write sys$output "test tls1 with 1024bit RSA, no DHE, multiple handshakes"
+$           mcr 'texe_dir'ssltest -v -bio_pair -tls1 -cert [-.apps]server2.pem -no_dhe -num 10 -f -time
+$           if $severity .ne. 1 then goto exit3
+$
+$           write sys$output "test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes"
+$           mcr 'texe_dir'ssltest -v -bio_pair -tls1 -cert [-.apps]server2.pem -dhe1024dsa -num 10 -f -time
+$           if $severity .ne. 1 then goto exit3
+$       endif
+$
 $       RET = 1
 $       goto exit
 $ exit3:
 $       RET = 3
 $ exit:
-$       delete certs.tmp;*
+$       if p3 .eqs. "" then delete certs.tmp;*
 $       exit 'RET'
diff --git a/src/lib/libssl/test/trsa.com b/src/lib/libssl/test/trsa.com
index 28add5eefd..6b6c318e2b 100644
--- a/src/lib/libssl/test/trsa.com
+++ b/src/lib/libssl/test/trsa.com
@@ -4,6 +4,17 @@ $	__arch := VAX
 $       if f$getsyi("cpu") .ge. 128 then __arch := AXP
 $       exe_dir := sys$disk:[-.'__arch'.exe.apps]
 $
+$       set noon
+$       define/user sys$output nla0:
+$       mcr 'exe_dir'openssl no-rsa
+$       save_severity=$SEVERITY
+$       set on
+$       if save_severity
+$       then
+$           write sys$output "skipping RSA conversion test"
+$           exit
+$       endif
+$
 $       cmd := mcr 'exe_dir'openssl rsa
 $
 $       t := testrsa.pem