resolve conflicts, fix local changes

9 files changed, 82 insertions, 370 deletions

diff --git a/src/lib/libcrypto/ocsp/Makefile.ssl b/src/lib/libcrypto/ocsp/Makefile.ssl
deleted file mode 100644
index 02477be538..0000000000
--- a/src/lib/libcrypto/ocsp/Makefile.ssl
+++ /dev/null
@@ -1,293 +0,0 @@
-#
-# OpenSSL/ocsp/Makefile.ssl
-#
-
-DIR=    ocsp
-TOP=    ../..
-CC=     cc
-INCLUDES= -I.. -I$(TOP) -I../../include
-CFLAG=-g
-INSTALL_PREFIX=
-OPENSSLDIR=     /usr/local/ssl
-INSTALLTOP=/usr/local/ssl
-MAKE=           make -f Makefile.ssl
-MAKEDEPPROG=    makedepend
-MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
-MAKEFILE=       Makefile.ssl
-AR=             ar r
-
-CFLAGS= $(INCLUDES) $(CFLAG)
-
-GENERAL=Makefile README
-TEST=
-APPS=
-
-LIB=$(TOP)/libcrypto.a
-LIBSRC= ocsp_asn.c ocsp_ext.c ocsp_ht.c ocsp_lib.c ocsp_cl.c \
-        ocsp_srv.c ocsp_prn.c ocsp_vfy.c ocsp_err.c
-
-LIBOBJ= ocsp_asn.o ocsp_ext.o ocsp_ht.o ocsp_lib.o ocsp_cl.o \
-        ocsp_srv.o ocsp_prn.o ocsp_vfy.o ocsp_err.o
-
-SRC= $(LIBSRC)
-
-EXHEADER= ocsp.h
-HEADER= $(EXHEADER)
-
-ALL=    $(GENERAL) $(SRC) $(HEADER)
-
-top:
-        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
-
-all:    lib
-
-lib:    $(LIBOBJ)
-        $(AR) $(LIB) $(LIBOBJ)
-        $(RANLIB) $(LIB) || echo Never mind.
-        @touch lib
-
-files:
-        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
-
-links:
-        @sh $(TOP)/util/point.sh Makefile.ssl Makefile ;
-        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
-        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
-        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
-
-install:
-        @for i in $(EXHEADER) ; \
-        do  \
-        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
-        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
-        done;
-
-tags:
-        ctags $(SRC)
-
-tests:
-
-lint:
-        lint -DLINT $(INCLUDES) $(SRC)>fluff
-
-depend:
-        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC)
-
-dclean:
-        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
-        mv -f Makefile.new $(MAKEFILE)
-
-clean:
-        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-
-ocsp_asn.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
-ocsp_asn.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
-ocsp_asn.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-ocsp_asn.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-ocsp_asn.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
-ocsp_asn.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
-ocsp_asn.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-ocsp_asn.o: ../../include/openssl/e_os2.h ../../include/openssl/evp.h
-ocsp_asn.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-ocsp_asn.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-ocsp_asn.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-ocsp_asn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-ocsp_asn.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h
-ocsp_asn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-ocsp_asn.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-ocsp_asn.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-ocsp_asn.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-ocsp_asn.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-ocsp_asn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-ocsp_asn.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
-ocsp_asn.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-ocsp_asn.o: ../../include/openssl/x509v3.h ocsp_asn.c
-ocsp_cl.o: ../../e_os.h ../../include/openssl/aes.h
-ocsp_cl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-ocsp_cl.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-ocsp_cl.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-ocsp_cl.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
-ocsp_cl.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
-ocsp_cl.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-ocsp_cl.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-ocsp_cl.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-ocsp_cl.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-ocsp_cl.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-ocsp_cl.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-ocsp_cl.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h
-ocsp_cl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-ocsp_cl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
-ocsp_cl.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
-ocsp_cl.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
-ocsp_cl.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-ocsp_cl.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-ocsp_cl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-ocsp_cl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-ocsp_cl.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
-ocsp_cl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-ocsp_cl.o: ../../include/openssl/x509v3.h ../cryptlib.h ocsp_cl.c
-ocsp_err.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
-ocsp_err.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-ocsp_err.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-ocsp_err.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
-ocsp_err.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-ocsp_err.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
-ocsp_err.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-ocsp_err.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-ocsp_err.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-ocsp_err.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-ocsp_err.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-ocsp_err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-ocsp_err.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h
-ocsp_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-ocsp_err.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-ocsp_err.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-ocsp_err.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-ocsp_err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-ocsp_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-ocsp_err.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
-ocsp_err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-ocsp_err.o: ../../include/openssl/x509v3.h ocsp_err.c
-ocsp_ext.o: ../../e_os.h ../../include/openssl/aes.h
-ocsp_ext.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-ocsp_ext.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-ocsp_ext.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-ocsp_ext.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
-ocsp_ext.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
-ocsp_ext.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-ocsp_ext.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-ocsp_ext.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-ocsp_ext.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-ocsp_ext.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-ocsp_ext.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-ocsp_ext.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h
-ocsp_ext.o: ../../include/openssl/opensslconf.h
-ocsp_ext.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-ocsp_ext.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
-ocsp_ext.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-ocsp_ext.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-ocsp_ext.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-ocsp_ext.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-ocsp_ext.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
-ocsp_ext.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
-ocsp_ext.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-ocsp_ext.o: ../cryptlib.h ocsp_ext.c
-ocsp_ht.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
-ocsp_ht.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-ocsp_ht.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-ocsp_ht.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
-ocsp_ht.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-ocsp_ht.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
-ocsp_ht.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-ocsp_ht.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-ocsp_ht.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-ocsp_ht.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-ocsp_ht.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-ocsp_ht.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-ocsp_ht.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h
-ocsp_ht.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-ocsp_ht.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-ocsp_ht.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-ocsp_ht.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-ocsp_ht.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-ocsp_ht.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-ocsp_ht.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
-ocsp_ht.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-ocsp_ht.o: ../../include/openssl/x509v3.h ocsp_ht.c
-ocsp_lib.o: ../../e_os.h ../../include/openssl/aes.h
-ocsp_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-ocsp_lib.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-ocsp_lib.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-ocsp_lib.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
-ocsp_lib.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
-ocsp_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-ocsp_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-ocsp_lib.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-ocsp_lib.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-ocsp_lib.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-ocsp_lib.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-ocsp_lib.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h
-ocsp_lib.o: ../../include/openssl/opensslconf.h
-ocsp_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-ocsp_lib.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
-ocsp_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
-ocsp_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-ocsp_lib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-ocsp_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-ocsp_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-ocsp_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
-ocsp_lib.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
-ocsp_lib.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-ocsp_lib.o: ../cryptlib.h ocsp_lib.c
-ocsp_prn.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
-ocsp_prn.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-ocsp_prn.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-ocsp_prn.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
-ocsp_prn.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-ocsp_prn.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
-ocsp_prn.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-ocsp_prn.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-ocsp_prn.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-ocsp_prn.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-ocsp_prn.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-ocsp_prn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-ocsp_prn.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h
-ocsp_prn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-ocsp_prn.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
-ocsp_prn.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-ocsp_prn.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-ocsp_prn.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-ocsp_prn.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-ocsp_prn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-ocsp_prn.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
-ocsp_prn.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-ocsp_prn.o: ../../include/openssl/x509v3.h ocsp_prn.c
-ocsp_srv.o: ../../e_os.h ../../include/openssl/aes.h
-ocsp_srv.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-ocsp_srv.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-ocsp_srv.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-ocsp_srv.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
-ocsp_srv.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
-ocsp_srv.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-ocsp_srv.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-ocsp_srv.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-ocsp_srv.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-ocsp_srv.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-ocsp_srv.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-ocsp_srv.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h
-ocsp_srv.o: ../../include/openssl/opensslconf.h
-ocsp_srv.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-ocsp_srv.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
-ocsp_srv.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
-ocsp_srv.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-ocsp_srv.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-ocsp_srv.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-ocsp_srv.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-ocsp_srv.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
-ocsp_srv.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
-ocsp_srv.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-ocsp_srv.o: ../cryptlib.h ocsp_srv.c
-ocsp_vfy.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
-ocsp_vfy.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-ocsp_vfy.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-ocsp_vfy.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
-ocsp_vfy.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-ocsp_vfy.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
-ocsp_vfy.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-ocsp_vfy.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-ocsp_vfy.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-ocsp_vfy.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-ocsp_vfy.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-ocsp_vfy.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-ocsp_vfy.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h
-ocsp_vfy.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-ocsp_vfy.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-ocsp_vfy.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-ocsp_vfy.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-ocsp_vfy.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-ocsp_vfy.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-ocsp_vfy.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
-ocsp_vfy.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-ocsp_vfy.o: ../../include/openssl/x509v3.h ocsp_vfy.c
diff --git a/src/lib/libcrypto/ocsp/ocsp.h b/src/lib/libcrypto/ocsp/ocsp.h
index a0577a717e..31e45744ba 100644
--- a/src/lib/libcrypto/ocsp/ocsp.h
+++ b/src/lib/libcrypto/ocsp/ocsp.h
@@ -64,6 +64,7 @@
 #ifndef HEADER_OCSP_H
 #define HEADER_OCSP_H
 
+#include <openssl/ossl_typ.h>
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
 #include <openssl/safestack.h>
@@ -394,17 +395,20 @@ typedef struct ocsp_service_locator_st
 #define ASN1_BIT_STRING_digest(data,type,md,len) \
         ASN1_item_digest(ASN1_ITEM_rptr(ASN1_BIT_STRING),type,data,md,len)
 
-#define OCSP_CERTID_dup(cid) ASN1_dup_of(OCSP_CERTID,i2d_OCSP_CERTID,d2i_OCSP_CERTID,cid)
-
 #define OCSP_CERTSTATUS_dup(cs)\
                 (OCSP_CERTSTATUS*)ASN1_dup((int(*)())i2d_OCSP_CERTSTATUS,\
                 (char *(*)())d2i_OCSP_CERTSTATUS,(char *)(cs))
 
+OCSP_CERTID *OCSP_CERTID_dup(OCSP_CERTID *id);
+
 OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, char *path, OCSP_REQUEST *req);
 OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, char *path, OCSP_REQUEST *req,
                                                                 int maxline);
 int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx);
 void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx);
+int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, OCSP_REQUEST *req);
+int OCSP_REQ_CTX_add1_header(OCSP_REQ_CTX *rctx,
+                const char *name, const char *value);
 
 OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, X509 *subject, X509 *issuer);
 
@@ -474,11 +478,6 @@ int OCSP_basic_sign(OCSP_BASICRESP *brsp,
                         X509 *signer, EVP_PKEY *key, const EVP_MD *dgst,
                         STACK_OF(X509) *certs, unsigned long flags);
 
-ASN1_STRING *ASN1_STRING_encode(ASN1_STRING *s, i2d_of_void *i2d,
-                                void *data, STACK_OF(ASN1_OBJECT) *sk);
-#define ASN1_STRING_encode_of(type,s,i2d,data,sk) \
-        ASN1_STRING_encode(s, CHECKED_I2D_OF(type, i2d), data, sk)
-
 X509_EXTENSION *OCSP_crlID_new(char *url, long *n, char *tim);
 
 X509_EXTENSION *OCSP_accept_responses_new(char **oids);
@@ -547,9 +546,9 @@ DECLARE_ASN1_FUNCTIONS(OCSP_REQINFO)
 DECLARE_ASN1_FUNCTIONS(OCSP_CRLID)
 DECLARE_ASN1_FUNCTIONS(OCSP_SERVICELOC)
 
-char *OCSP_response_status_str(long s);
-char *OCSP_cert_status_str(long s);
-char *OCSP_crl_reason_str(long s);
+const char *OCSP_response_status_str(long s);
+const char *OCSP_cert_status_str(long s);
+const char *OCSP_crl_reason_str(long s);
 
 int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST* a, unsigned long flags);
 int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags);
@@ -582,7 +581,8 @@ void ERR_load_OCSP_strings(void);
 #define OCSP_F_OCSP_REQUEST_VERIFY                       116
 #define OCSP_F_OCSP_RESPONSE_GET1_BASIC                  111
 #define OCSP_F_OCSP_SENDREQ_BIO                          112
-#define OCSP_F_PARSE_HTTP_LINE1                          117
+#define OCSP_F_OCSP_SENDREQ_NBIO                         117
+#define OCSP_F_PARSE_HTTP_LINE1                          118
 #define OCSP_F_REQUEST_VERIFY                            113
 
 /* Reason codes. */
diff --git a/src/lib/libcrypto/ocsp/ocsp_cl.c b/src/lib/libcrypto/ocsp/ocsp_cl.c
index 17bab5fc59..9c14d9da27 100644
--- a/src/lib/libcrypto/ocsp/ocsp_cl.c
+++ b/src/lib/libcrypto/ocsp/ocsp_cl.c
@@ -155,7 +155,6 @@ int OCSP_request_sign(OCSP_REQUEST   *req,
                         goto err;
 
         if (!(req->optionalSignature = sig = OCSP_SIGNATURE_new())) goto err;
-        if (!dgst) dgst = EVP_sha1();
         if (key)
                 {
                 if (!X509_check_private_key(signer, key))
diff --git a/src/lib/libcrypto/ocsp/ocsp_err.c b/src/lib/libcrypto/ocsp/ocsp_err.c
index d2f2e79f44..0cedcea682 100644
--- a/src/lib/libcrypto/ocsp/ocsp_err.c
+++ b/src/lib/libcrypto/ocsp/ocsp_err.c
@@ -1,6 +1,6 @@
 /* crypto/ocsp/ocsp_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -86,6 +86,7 @@ static ERR_STRING_DATA OCSP_str_functs[]=
 {ERR_FUNC(OCSP_F_OCSP_REQUEST_VERIFY),  "OCSP_request_verify"},
 {ERR_FUNC(OCSP_F_OCSP_RESPONSE_GET1_BASIC),     "OCSP_response_get1_basic"},
 {ERR_FUNC(OCSP_F_OCSP_SENDREQ_BIO),     "OCSP_sendreq_bio"},
+{ERR_FUNC(OCSP_F_OCSP_SENDREQ_NBIO),    "OCSP_sendreq_nbio"},
 {ERR_FUNC(OCSP_F_PARSE_HTTP_LINE1),     "PARSE_HTTP_LINE1"},
 {ERR_FUNC(OCSP_F_REQUEST_VERIFY),       "REQUEST_VERIFY"},
 {0,NULL}
diff --git a/src/lib/libcrypto/ocsp/ocsp_ext.c b/src/lib/libcrypto/ocsp/ocsp_ext.c
index 815cc29d58..ec884cb08f 100644
--- a/src/lib/libcrypto/ocsp/ocsp_ext.c
+++ b/src/lib/libcrypto/ocsp/ocsp_ext.c
@@ -264,7 +264,7 @@ int OCSP_SINGLERESP_add_ext(OCSP_SINGLERESP *x, X509_EXTENSION *ex, int loc)
         }
 
 /* also CRL Entry Extensions */
-
+#if 0
 ASN1_STRING *ASN1_STRING_encode(ASN1_STRING *s, i2d_of_void *i2d,
                                 void *data, STACK_OF(ASN1_OBJECT) *sk)
         {
@@ -305,6 +305,7 @@ err:
         if (b) OPENSSL_free(b);
         return NULL;
         }
+#endif
 
 /* Nonce handling functions */
 
@@ -442,17 +443,10 @@ X509_EXTENSION *OCSP_crlID_new(char *url, long *n, char *tim)
                 if (!(ASN1_GENERALIZEDTIME_set_string(cid->crlTime, tim))) 
                         goto err;
                 }
-        if (!(x = X509_EXTENSION_new())) goto err;
-        if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_CrlID))) goto err;
-        if (!(ASN1_STRING_encode_of(OCSP_CRLID,x->value,i2d_OCSP_CRLID,cid,
-                                    NULL)))
-                goto err;
-        OCSP_CRLID_free(cid);
-        return x;
+        x = X509V3_EXT_i2d(NID_id_pkix_OCSP_CrlID, 0, cid);
 err:
-        if (x) X509_EXTENSION_free(x);
         if (cid) OCSP_CRLID_free(cid);
-        return NULL;
+        return x;
         }
 
 /*   AcceptableResponses ::= SEQUENCE OF OBJECT IDENTIFIER */
@@ -470,18 +464,10 @@ X509_EXTENSION *OCSP_accept_responses_new(char **oids)
                         sk_ASN1_OBJECT_push(sk, o);
                 oids++;
                 }
-        if (!(x = X509_EXTENSION_new())) goto err;
-        if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_acceptableResponses)))
-                goto err;
-        if (!(ASN1_STRING_encode_of(ASN1_OBJECT,x->value,i2d_ASN1_OBJECT,NULL,
-                                    sk)))
-                goto err;
-        sk_ASN1_OBJECT_pop_free(sk, ASN1_OBJECT_free);
-        return x;
+        x = X509V3_EXT_i2d(NID_id_pkix_OCSP_acceptableResponses, 0, sk);
 err:
-        if (x) X509_EXTENSION_free(x);
         if (sk) sk_ASN1_OBJECT_pop_free(sk, ASN1_OBJECT_free);
-        return NULL;
+        return x;
         }
 
 /*  ArchiveCutoff ::= GeneralizedTime */
@@ -492,16 +478,10 @@ X509_EXTENSION *OCSP_archive_cutoff_new(char* tim)
 
         if (!(gt = ASN1_GENERALIZEDTIME_new())) goto err;
         if (!(ASN1_GENERALIZEDTIME_set_string(gt, tim))) goto err;
-        if (!(x = X509_EXTENSION_new())) goto err;
-        if (!(x->object=OBJ_nid2obj(NID_id_pkix_OCSP_archiveCutoff)))goto err;
-        if (!(ASN1_STRING_encode_of(ASN1_GENERALIZEDTIME,x->value,
-                                    i2d_ASN1_GENERALIZEDTIME,gt,NULL))) goto err;
-        ASN1_GENERALIZEDTIME_free(gt);
-        return x;
+        x = X509V3_EXT_i2d(NID_id_pkix_OCSP_archiveCutoff, 0, gt);
 err:
         if (gt) ASN1_GENERALIZEDTIME_free(gt);
-        if (x) X509_EXTENSION_free(x);
-        return NULL;
+        return x;
         }
 
 /* per ACCESS_DESCRIPTION parameter are oids, of which there are currently
@@ -530,16 +510,9 @@ X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME* issuer, char **urls)
                 if (!sk_ACCESS_DESCRIPTION_push(sloc->locator, ad)) goto err;
                 urls++;
                 }
-        if (!(x = X509_EXTENSION_new())) goto err;
-        if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_serviceLocator))) 
-                goto err;
-        if (!(ASN1_STRING_encode_of(OCSP_SERVICELOC,x->value,
-                                    i2d_OCSP_SERVICELOC,sloc,NULL))) goto err;
-        OCSP_SERVICELOC_free(sloc);
-        return x;
+        x = X509V3_EXT_i2d(NID_id_pkix_OCSP_serviceLocator, 0, sloc);
 err:
-        if (x) X509_EXTENSION_free(x);
         if (sloc) OCSP_SERVICELOC_free(sloc);
-        return NULL;
+        return x;
         }
 
diff --git a/src/lib/libcrypto/ocsp/ocsp_ht.c b/src/lib/libcrypto/ocsp/ocsp_ht.c
index 6abb30b2c0..12bbfcffd1 100644
--- a/src/lib/libcrypto/ocsp/ocsp_ht.c
+++ b/src/lib/libcrypto/ocsp/ocsp_ht.c
@@ -118,39 +118,65 @@ void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx)
         OPENSSL_free(rctx);
         }
 
-OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, char *path, OCSP_REQUEST *req,
-                                                                int maxline)
+int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, OCSP_REQUEST *req)
         {
-        static char post_hdr[] = "POST %s HTTP/1.0\r\n"
+        static const char req_hdr[] =
         "Content-Type: application/ocsp-request\r\n"
         "Content-Length: %d\r\n\r\n";
+        if (BIO_printf(rctx->mem, req_hdr, i2d_OCSP_REQUEST(req, NULL)) <= 0)
+                return 0;
+        if (i2d_OCSP_REQUEST_bio(rctx->mem, req) <= 0)
+                return 0;
+        rctx->state = OHS_ASN1_WRITE;
+        rctx->asn1_len = BIO_get_mem_data(rctx->mem, NULL);
+        return 1;
+        }
+
+int OCSP_REQ_CTX_add1_header(OCSP_REQ_CTX *rctx,
+                const char *name, const char *value)
+        {
+        if (!name)
+                return 0;
+        if (BIO_puts(rctx->mem, name) <= 0)
+                return 0;
+        if (value)
+                {
+                if (BIO_write(rctx->mem, ": ", 2) != 2)
+                        return 0;
+                if (BIO_puts(rctx->mem, value) <= 0)
+                        return 0;
+                }
+        if (BIO_write(rctx->mem, "\r\n", 2) != 2)
+                return 0;
+        return 1;
+        }
+
+OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, char *path, OCSP_REQUEST *req,
+                                                                int maxline)
+        {
+        static const char post_hdr[] = "POST %s HTTP/1.0\r\n";
 
         OCSP_REQ_CTX *rctx;
         rctx = OPENSSL_malloc(sizeof(OCSP_REQ_CTX));
-        rctx->state = OHS_FIRSTLINE;
+        rctx->state = OHS_ERROR;
         rctx->mem = BIO_new(BIO_s_mem());
         rctx->io = io;
+        rctx->asn1_len = 0;
         if (maxline > 0)
                 rctx->iobuflen = maxline;
         else
                 rctx->iobuflen = OCSP_MAX_LINE_LEN;
         rctx->iobuf = OPENSSL_malloc(rctx->iobuflen);
+        if (!rctx->iobuf)
+                return 0;
         if (!path)
                 path = "/";
 
-        if (BIO_printf(rctx->mem, post_hdr, path,
-                                i2d_OCSP_REQUEST(req, NULL)) <= 0)
-                {
-                rctx->state = OHS_ERROR;
+        if (BIO_printf(rctx->mem, post_hdr, path) <= 0)
                 return 0;
-                }
-        if (i2d_OCSP_REQUEST_bio(rctx->mem, req) <= 0)
-                {
-                rctx->state = OHS_ERROR;
+
+        if (req && !OCSP_REQ_CTX_set1_req(rctx, req))
                 return 0;
-                }
-        rctx->state = OHS_ASN1_WRITE;
-        rctx->asn1_len = BIO_get_mem_data(rctx->mem, NULL);
 
         return rctx;
         }
diff --git a/src/lib/libcrypto/ocsp/ocsp_lib.c b/src/lib/libcrypto/ocsp/ocsp_lib.c
index 27450811d7..36905d76cd 100644
--- a/src/lib/libcrypto/ocsp/ocsp_lib.c
+++ b/src/lib/libcrypto/ocsp/ocsp_lib.c
@@ -69,6 +69,7 @@
 #include <openssl/pem.h>
 #include <openssl/x509v3.h>
 #include <openssl/ocsp.h>
+#include <openssl/asn1t.h>
 
 /* Convert a certificate and its issuer to an OCSP_CERTID */
 
@@ -260,3 +261,5 @@ int OCSP_parse_url(char *url, char **phost, char **pport, char **ppath, int *pss
         return 0;
 
         }
+
+IMPLEMENT_ASN1_DUP_FUNCTION(OCSP_CERTID)
diff --git a/src/lib/libcrypto/ocsp/ocsp_prn.c b/src/lib/libcrypto/ocsp/ocsp_prn.c
index 3dfb51c1e4..1695c9c4ad 100644
--- a/src/lib/libcrypto/ocsp/ocsp_prn.c
+++ b/src/lib/libcrypto/ocsp/ocsp_prn.c
@@ -85,21 +85,21 @@ static int ocsp_certid_print(BIO *bp, OCSP_CERTID* a, int indent)
 typedef struct
         {
         long t;
-        char *m;
+        const char *m;
         } OCSP_TBLSTR;
 
-static char *table2string(long s, OCSP_TBLSTR *ts, int len)
+static const char *table2string(long s, const OCSP_TBLSTR *ts, int len)
 {
-        OCSP_TBLSTR *p;
+        const OCSP_TBLSTR *p;
         for (p=ts; p < ts + len; p++)
                 if (p->t == s)
                          return p->m;
         return "(UNKNOWN)";
 }
 
-char *OCSP_response_status_str(long s)
+const char *OCSP_response_status_str(long s)
         {
-        static OCSP_TBLSTR rstat_tbl[] = {
+        static const OCSP_TBLSTR rstat_tbl[] = {
                 { OCSP_RESPONSE_STATUS_SUCCESSFUL, "successful" },
                 { OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, "malformedrequest" },
                 { OCSP_RESPONSE_STATUS_INTERNALERROR, "internalerror" },
@@ -109,18 +109,18 @@ char *OCSP_response_status_str(long s)
         return table2string(s, rstat_tbl, 6);
         } 
 
-char *OCSP_cert_status_str(long s)
+const char *OCSP_cert_status_str(long s)
         {
-        static OCSP_TBLSTR cstat_tbl[] = {
+        static const OCSP_TBLSTR cstat_tbl[] = {
                 { V_OCSP_CERTSTATUS_GOOD, "good" },
                 { V_OCSP_CERTSTATUS_REVOKED, "revoked" },
                 { V_OCSP_CERTSTATUS_UNKNOWN, "unknown" } };
         return table2string(s, cstat_tbl, 3);
         } 
 
-char *OCSP_crl_reason_str(long s)
+const char *OCSP_crl_reason_str(long s)
         {
-        OCSP_TBLSTR reason_tbl[] = {
+        static const OCSP_TBLSTR reason_tbl[] = {
           { OCSP_REVOKED_STATUS_UNSPECIFIED, "unspecified" },
           { OCSP_REVOKED_STATUS_KEYCOMPROMISE, "keyCompromise" },
           { OCSP_REVOKED_STATUS_CACOMPROMISE, "cACompromise" },
@@ -266,15 +266,16 @@ int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags)
                         if (!ASN1_GENERALIZEDTIME_print(bp,single->nextUpdate))
                                 goto err;
                         }
-                if (!BIO_write(bp,"\n",1)) goto err;
+                if (BIO_write(bp,"\n",1) <= 0) goto err;
                 if (!X509V3_extensions_print(bp,
                                         "Response Single Extensions",
                                         single->singleExtensions, flags, 8))
                                                         goto err;
-                if (!BIO_write(bp,"\n",1)) goto err;
+                if (BIO_write(bp,"\n",1) <= 0) goto err;
                 }
         if (!X509V3_extensions_print(bp, "Response Extensions",
                                         rd->responseExtensions, flags, 4))
+                                                        goto err;
         if(X509_signature_print(bp, br->signatureAlgorithm, br->signature) <= 0)
                                                         goto err;
 
diff --git a/src/lib/libcrypto/ocsp/ocsp_vfy.c b/src/lib/libcrypto/ocsp/ocsp_vfy.c
index 4a0c3870d8..415d67e61c 100644
--- a/src/lib/libcrypto/ocsp/ocsp_vfy.c
+++ b/src/lib/libcrypto/ocsp/ocsp_vfy.c
@@ -308,6 +308,8 @@ static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid,
                         }
 
                 mdlen = EVP_MD_size(dgst);
+                if (mdlen < 0)
+                    return -1;
                 if ((cid->issuerNameHash->length != mdlen) ||
                    (cid->issuerKeyHash->length != mdlen))
                         return 0;
@@ -316,7 +318,7 @@ static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid,
                         return -1;
                 if (memcmp(md, cid->issuerNameHash->data, mdlen))
                         return 0;
-                X509_pubkey_digest(cert, EVP_sha1(), md, NULL);
+                X509_pubkey_digest(cert, dgst, md, NULL);
                 if (memcmp(md, cid->issuerKeyHash->data, mdlen))
                         return 0;