OpenSSL 0.9.7 stable 2002 05 08 merge

author: beck <> 2002-05-15 02:29:21 +0000
committer: beck <> 2002-05-15 02:29:21 +0000
commit: b64270d1e45fe7f3241e4c9b6ce60d5ac89bc2e9 (patch)
tree: fa27cf82a1250b64ed3bf5f4a18c7354d470bbcc /src/lib/libcrypto/x509v3
parent: e471e1ea98d673597b182ea85f29e30c97cd08b5 (diff)
download: openbsd-b64270d1e45fe7f3241e4c9b6ce60d5ac89bc2e9.tar.gz
openbsd-b64270d1e45fe7f3241e4c9b6ce60d5ac89bc2e9.tar.bz2
openbsd-b64270d1e45fe7f3241e4c9b6ce60d5ac89bc2e9.zip
27 files changed, 1637 insertions, 1799 deletions
diff --git a/src/lib/libcrypto/x509v3/Makefile.ssl b/src/lib/libcrypto/x509v3/Makefile.ssl
index 236e13af4e..8620992280 100644
--- a/src/lib/libcrypto/x509v3/Makefile.ssl
+++ b/src/lib/libcrypto/x509v3/Makefile.ssl
@@ -5,13 +5,14 @@
 DIR=    x509v3
 TOP=    ../..
 CC=     cc
-INCLUDES= -I.. -I../../include
+INCLUDES= -I.. -I$(TOP) -I../../include
 CFLAG=-g
 INSTALL_PREFIX=
 OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=           make -f Makefile.ssl
-MAKEDEPEND=     $(TOP)/util/domd $(TOP)
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
 MAKEFILE=       Makefile.ssl
 AR=             ar r
@@ -22,12 +23,14 @@ TEST=
 APPS=
 LIB=$(TOP)/libcrypto.a
-LIBSRC= v3_bcons.c v3_bitst.c v3_conf.c v3_extku.c v3_ia5.c \
+LIBSRC= v3_bcons.c v3_bitst.c v3_conf.c v3_extku.c v3_ia5.c v3_lib.c \
-v3_lib.c v3_prn.c v3_utl.c v3err.c v3_genn.c v3_alt.c v3_skey.c v3_akey.c \
+v3_prn.c v3_utl.c v3err.c v3_genn.c v3_alt.c v3_skey.c v3_akey.c v3_pku.c \
-v3_pku.c v3_int.c v3_enum.c v3_sxnet.c v3_cpols.c v3_crld.c v3_purp.c v3_info.c
+v3_int.c v3_enum.c v3_sxnet.c v3_cpols.c v3_crld.c v3_purp.c v3_info.c \
+v3_ocsp.c v3_akeya.c
 LIBOBJ= v3_bcons.o v3_bitst.o v3_conf.o v3_extku.o v3_ia5.o v3_lib.o \
 v3_prn.o v3_utl.o v3err.o v3_genn.o v3_alt.o v3_skey.o v3_akey.o v3_pku.o \
-v3_int.o v3_enum.o v3_sxnet.o v3_cpols.o v3_crld.o v3_purp.o v3_info.o
+v3_int.o v3_enum.o v3_sxnet.o v3_cpols.o v3_crld.o v3_purp.o v3_info.o \
+v3_ocsp.o v3_akeya.o
 SRC= $(LIBSRC)
@@ -43,8 +46,7 @@ all:	lib
 lib:    $(LIBOBJ)
        $(AR) $(LIB) $(LIBOBJ)
-        @echo You may get an error following this line.  Please ignore.
+        $(RANLIB) $(LIB) || echo Never mind.
-        - $(RANLIB) $(LIB)
        @touch lib
 files:
@@ -83,432 +85,336 @@ clean:
 # DO NOT DELETE THIS LINE -- make depend depends on it.
-v3_akey.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+v3_akey.o: ../../e_os.h ../../include/openssl/asn1.h
-v3_akey.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+v3_akey.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 v3_akey.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-v3_akey.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+v3_akey.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
-v3_akey.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 v3_akey.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-v3_akey.o: ../../include/openssl/e_os.h ../../include/openssl/e_os.h
 v3_akey.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-v3_akey.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+v3_akey.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-v3_akey.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+v3_akey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-v3_akey.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+v3_akey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-v3_akey.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+v3_akey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-v3_akey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-v3_akey.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-v3_akey.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-v3_akey.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 v3_akey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 v3_akey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 v3_akey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
 v3_akey.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-v3_akey.o: ../cryptlib.h
+v3_akey.o: ../cryptlib.h v3_akey.c
-v3_alt.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+v3_akeya.o: ../../e_os.h ../../include/openssl/asn1.h
-v3_alt.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+v3_akeya.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
-v3_alt.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+v3_akeya.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+v3_akeya.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+v3_akeya.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+v3_akeya.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+v3_akeya.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+v3_akeya.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_akeya.o: ../../include/openssl/opensslconf.h
+v3_akeya.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_akeya.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
+v3_akeya.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_akeya.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_akeya.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_akeya.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_akeya.c
+v3_alt.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+v3_alt.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 v3_alt.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
-v3_alt.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+v3_alt.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-v3_alt.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+v3_alt.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-v3_alt.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+v3_alt.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-v3_alt.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-v3_alt.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-v3_alt.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-v3_alt.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
 v3_alt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 v3_alt.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-v3_alt.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+v3_alt.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-v3_alt.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+v3_alt.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-v3_alt.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+v3_alt.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-v3_alt.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_alt.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-v3_alt.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_alt.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-v3_alt.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_alt.o: ../cryptlib.h v3_alt.c
-v3_alt.o: ../../include/openssl/x509v3.h ../cryptlib.h
+v3_bcons.o: ../../e_os.h ../../include/openssl/asn1.h
-v3_bcons.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+v3_bcons.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
-v3_bcons.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
 v3_bcons.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-v3_bcons.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+v3_bcons.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
-v3_bcons.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 v3_bcons.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-v3_bcons.o: ../../include/openssl/e_os.h ../../include/openssl/e_os.h
 v3_bcons.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-v3_bcons.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+v3_bcons.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-v3_bcons.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+v3_bcons.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-v3_bcons.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+v3_bcons.o: ../../include/openssl/opensslconf.h
-v3_bcons.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+v3_bcons.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-v3_bcons.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_bcons.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
-v3_bcons.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+v3_bcons.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-v3_bcons.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+v3_bcons.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-v3_bcons.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+v3_bcons.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-v3_bcons.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+v3_bcons.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_bcons.c
-v3_bcons.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_bitst.o: ../../e_os.h ../../include/openssl/asn1.h
-v3_bcons.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+v3_bitst.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-v3_bcons.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_bitst.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
-v3_bcons.o: ../cryptlib.h
+v3_bitst.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
-v3_bitst.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+v3_bitst.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-v3_bitst.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-v3_bitst.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-v3_bitst.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
-v3_bitst.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-v3_bitst.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-v3_bitst.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
 v3_bitst.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-v3_bitst.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+v3_bitst.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-v3_bitst.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+v3_bitst.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-v3_bitst.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+v3_bitst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-v3_bitst.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_bitst.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
-v3_bitst.o: ../../include/openssl/opensslconf.h
+v3_bitst.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-v3_bitst.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+v3_bitst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-v3_bitst.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+v3_bitst.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-v3_bitst.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+v3_bitst.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_bitst.c
-v3_bitst.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+v3_conf.o: ../../e_os.h ../../include/openssl/asn1.h
-v3_bitst.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_conf.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-v3_bitst.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+v3_conf.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
-v3_bitst.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_conf.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
-v3_bitst.o: ../cryptlib.h
+v3_conf.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-v3_conf.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-v3_conf.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-v3_conf.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-v3_conf.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
-v3_conf.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-v3_conf.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-v3_conf.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
 v3_conf.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-v3_conf.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+v3_conf.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-v3_conf.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+v3_conf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-v3_conf.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+v3_conf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-v3_conf.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_conf.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
-v3_conf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-v3_conf.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-v3_conf.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-v3_conf.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
 v3_conf.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
 v3_conf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 v3_conf.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-v3_conf.o: ../../include/openssl/x509v3.h ../cryptlib.h
+v3_conf.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_conf.c
-v3_cpols.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+v3_cpols.o: ../../e_os.h ../../include/openssl/asn1.h
-v3_cpols.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+v3_cpols.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 v3_cpols.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-v3_cpols.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+v3_cpols.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
-v3_cpols.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 v3_cpols.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-v3_cpols.o: ../../include/openssl/e_os.h ../../include/openssl/e_os.h
 v3_cpols.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-v3_cpols.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+v3_cpols.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-v3_cpols.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+v3_cpols.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-v3_cpols.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+v3_cpols.o: ../../include/openssl/opensslconf.h
-v3_cpols.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+v3_cpols.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-v3_cpols.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_cpols.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
-v3_cpols.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+v3_cpols.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-v3_cpols.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+v3_cpols.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-v3_cpols.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+v3_cpols.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-v3_cpols.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+v3_cpols.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_cpols.c
-v3_cpols.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_crld.o: ../../e_os.h ../../include/openssl/asn1.h
-v3_cpols.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+v3_crld.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
-v3_cpols.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-v3_cpols.o: ../cryptlib.h
-v3_crld.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-v3_crld.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
 v3_crld.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-v3_crld.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+v3_crld.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
-v3_crld.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 v3_crld.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-v3_crld.o: ../../include/openssl/e_os.h ../../include/openssl/e_os.h
 v3_crld.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-v3_crld.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+v3_crld.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-v3_crld.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+v3_crld.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-v3_crld.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+v3_crld.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-v3_crld.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+v3_crld.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-v3_crld.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-v3_crld.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-v3_crld.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-v3_crld.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 v3_crld.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 v3_crld.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 v3_crld.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
 v3_crld.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-v3_crld.o: ../cryptlib.h
+v3_crld.o: ../cryptlib.h v3_crld.c
-v3_enum.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+v3_enum.o: ../../e_os.h ../../include/openssl/asn1.h
-v3_enum.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+v3_enum.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-v3_enum.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+v3_enum.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
-v3_enum.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+v3_enum.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
-v3_enum.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+v3_enum.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-v3_enum.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-v3_enum.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
 v3_enum.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-v3_enum.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+v3_enum.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-v3_enum.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+v3_enum.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-v3_enum.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+v3_enum.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-v3_enum.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_enum.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
-v3_enum.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-v3_enum.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-v3_enum.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-v3_enum.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
 v3_enum.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
 v3_enum.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 v3_enum.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-v3_enum.o: ../../include/openssl/x509v3.h ../cryptlib.h
+v3_enum.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_enum.c
-v3_extku.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+v3_extku.o: ../../e_os.h ../../include/openssl/asn1.h
-v3_extku.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+v3_extku.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
-v3_extku.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+v3_extku.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 v3_extku.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
-v3_extku.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+v3_extku.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-v3_extku.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+v3_extku.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-v3_extku.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+v3_extku.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-v3_extku.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-v3_extku.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-v3_extku.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-v3_extku.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
 v3_extku.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 v3_extku.o: ../../include/openssl/opensslconf.h
-v3_extku.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+v3_extku.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-v3_extku.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+v3_extku.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
-v3_extku.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+v3_extku.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-v3_extku.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+v3_extku.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-v3_extku.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_extku.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-v3_extku.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+v3_extku.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_extku.c
-v3_extku.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_genn.o: ../../e_os.h ../../include/openssl/asn1.h
-v3_extku.o: ../cryptlib.h
+v3_genn.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
-v3_genn.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-v3_genn.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
 v3_genn.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-v3_genn.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+v3_genn.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
-v3_genn.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 v3_genn.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-v3_genn.o: ../../include/openssl/e_os.h ../../include/openssl/e_os.h
 v3_genn.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-v3_genn.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+v3_genn.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-v3_genn.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+v3_genn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-v3_genn.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+v3_genn.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-v3_genn.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+v3_genn.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-v3_genn.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-v3_genn.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-v3_genn.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-v3_genn.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 v3_genn.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 v3_genn.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 v3_genn.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
 v3_genn.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-v3_genn.o: ../cryptlib.h
+v3_genn.o: ../cryptlib.h v3_genn.c
-v3_ia5.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+v3_ia5.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-v3_ia5.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+v3_ia5.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-v3_ia5.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 v3_ia5.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
-v3_ia5.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+v3_ia5.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-v3_ia5.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+v3_ia5.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-v3_ia5.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+v3_ia5.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-v3_ia5.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-v3_ia5.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-v3_ia5.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-v3_ia5.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
 v3_ia5.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 v3_ia5.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-v3_ia5.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+v3_ia5.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-v3_ia5.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+v3_ia5.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-v3_ia5.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+v3_ia5.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-v3_ia5.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_ia5.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-v3_ia5.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_ia5.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-v3_ia5.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_ia5.o: ../cryptlib.h v3_ia5.c
-v3_ia5.o: ../../include/openssl/x509v3.h ../cryptlib.h
+v3_info.o: ../../e_os.h ../../include/openssl/asn1.h
-v3_info.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+v3_info.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
-v3_info.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
 v3_info.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-v3_info.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+v3_info.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
-v3_info.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 v3_info.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-v3_info.o: ../../include/openssl/e_os.h ../../include/openssl/e_os.h
 v3_info.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-v3_info.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+v3_info.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-v3_info.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+v3_info.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-v3_info.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+v3_info.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-v3_info.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+v3_info.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-v3_info.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-v3_info.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-v3_info.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-v3_info.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 v3_info.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 v3_info.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 v3_info.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
 v3_info.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-v3_info.o: ../cryptlib.h
+v3_info.o: ../cryptlib.h v3_info.c
-v3_int.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+v3_int.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-v3_int.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+v3_int.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-v3_int.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 v3_int.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
-v3_int.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+v3_int.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-v3_int.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+v3_int.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-v3_int.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+v3_int.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-v3_int.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-v3_int.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-v3_int.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-v3_int.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
 v3_int.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 v3_int.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-v3_int.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+v3_int.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-v3_int.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+v3_int.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-v3_int.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+v3_int.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-v3_int.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_int.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-v3_int.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_int.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-v3_int.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_int.o: ../cryptlib.h v3_int.c
-v3_int.o: ../../include/openssl/x509v3.h ../cryptlib.h
+v3_lib.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-v3_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+v3_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-v3_lib.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-v3_lib.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 v3_lib.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
-v3_lib.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+v3_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-v3_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+v3_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-v3_lib.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+v3_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-v3_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-v3_lib.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-v3_lib.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-v3_lib.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
 v3_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 v3_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-v3_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+v3_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-v3_lib.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+v3_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-v3_lib.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+v3_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-v3_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-v3_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_lib.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-v3_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_lib.o: ../cryptlib.h ext_dat.h v3_lib.c
-v3_lib.o: ../../include/openssl/x509v3.h ../cryptlib.h ext_dat.h
+v3_ocsp.o: ../../e_os.h ../../include/openssl/asn1.h
-v3_pku.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+v3_ocsp.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-v3_pku.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+v3_ocsp.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
+v3_ocsp.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+v3_ocsp.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+v3_ocsp.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3_ocsp.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+v3_ocsp.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h
+v3_ocsp.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_ocsp.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+v3_ocsp.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+v3_ocsp.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_ocsp.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+v3_ocsp.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_ocsp.o: ../cryptlib.h v3_ocsp.c
+v3_pku.o: ../../e_os.h ../../include/openssl/asn1.h
+v3_pku.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 v3_pku.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-v3_pku.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+v3_pku.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
-v3_pku.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 v3_pku.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-v3_pku.o: ../../include/openssl/e_os.h ../../include/openssl/e_os.h
 v3_pku.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-v3_pku.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+v3_pku.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-v3_pku.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+v3_pku.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-v3_pku.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+v3_pku.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-v3_pku.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+v3_pku.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-v3_pku.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-v3_pku.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-v3_pku.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-v3_pku.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 v3_pku.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 v3_pku.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 v3_pku.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
 v3_pku.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-v3_pku.o: ../cryptlib.h
+v3_pku.o: ../cryptlib.h v3_pku.c
-v3_prn.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+v3_prn.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-v3_prn.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+v3_prn.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-v3_prn.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 v3_prn.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
-v3_prn.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+v3_prn.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-v3_prn.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+v3_prn.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-v3_prn.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+v3_prn.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-v3_prn.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-v3_prn.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-v3_prn.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-v3_prn.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
 v3_prn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 v3_prn.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-v3_prn.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+v3_prn.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-v3_prn.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+v3_prn.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-v3_prn.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+v3_prn.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-v3_prn.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_prn.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-v3_prn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_prn.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-v3_prn.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_prn.o: ../cryptlib.h v3_prn.c
-v3_prn.o: ../../include/openssl/x509v3.h ../cryptlib.h
+v3_purp.o: ../../e_os.h ../../include/openssl/asn1.h
-v3_purp.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+v3_purp.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-v3_purp.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+v3_purp.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
-v3_purp.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+v3_purp.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
-v3_purp.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+v3_purp.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-v3_purp.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-v3_purp.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-v3_purp.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
 v3_purp.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-v3_purp.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+v3_purp.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-v3_purp.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+v3_purp.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-v3_purp.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+v3_purp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-v3_purp.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_purp.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
-v3_purp.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-v3_purp.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-v3_purp.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-v3_purp.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
 v3_purp.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
 v3_purp.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 v3_purp.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-v3_purp.o: ../../include/openssl/x509v3.h ../cryptlib.h
+v3_purp.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_purp.c
-v3_skey.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+v3_skey.o: ../../e_os.h ../../include/openssl/asn1.h
-v3_skey.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+v3_skey.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-v3_skey.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+v3_skey.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
-v3_skey.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+v3_skey.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
-v3_skey.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+v3_skey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-v3_skey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-v3_skey.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
 v3_skey.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-v3_skey.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+v3_skey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-v3_skey.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+v3_skey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-v3_skey.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+v3_skey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-v3_skey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_skey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
-v3_skey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-v3_skey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-v3_skey.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-v3_skey.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
 v3_skey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
 v3_skey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 v3_skey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-v3_skey.o: ../../include/openssl/x509v3.h ../cryptlib.h
+v3_skey.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_skey.c
-v3_sxnet.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+v3_sxnet.o: ../../e_os.h ../../include/openssl/asn1.h
-v3_sxnet.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+v3_sxnet.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 v3_sxnet.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-v3_sxnet.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+v3_sxnet.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
-v3_sxnet.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 v3_sxnet.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-v3_sxnet.o: ../../include/openssl/e_os.h ../../include/openssl/e_os.h
 v3_sxnet.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-v3_sxnet.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+v3_sxnet.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-v3_sxnet.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+v3_sxnet.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-v3_sxnet.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+v3_sxnet.o: ../../include/openssl/opensslconf.h
-v3_sxnet.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+v3_sxnet.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-v3_sxnet.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_sxnet.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
-v3_sxnet.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+v3_sxnet.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-v3_sxnet.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+v3_sxnet.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-v3_sxnet.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+v3_sxnet.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-v3_sxnet.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+v3_sxnet.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_sxnet.c
-v3_sxnet.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_utl.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-v3_sxnet.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+v3_utl.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-v3_sxnet.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-v3_sxnet.o: ../cryptlib.h
-v3_utl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-v3_utl.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-v3_utl.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 v3_utl.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
-v3_utl.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+v3_utl.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-v3_utl.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+v3_utl.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-v3_utl.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+v3_utl.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-v3_utl.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-v3_utl.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-v3_utl.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-v3_utl.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
 v3_utl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 v3_utl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-v3_utl.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+v3_utl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-v3_utl.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+v3_utl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-v3_utl.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+v3_utl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-v3_utl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_utl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-v3_utl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_utl.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-v3_utl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_utl.o: ../cryptlib.h v3_utl.c
-v3_utl.o: ../../include/openssl/x509v3.h ../cryptlib.h
 v3err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-v3err.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+v3err.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-v3err.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 v3err.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
-v3err.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+v3err.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-v3err.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
 v3err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-v3err.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+v3err.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-v3err.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+v3err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-v3err.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+v3err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-v3err.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+v3err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-v3err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-v3err.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-v3err.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-v3err.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 v3err.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 v3err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 v3err.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
 v3err.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3err.o: v3err.c
diff --git a/src/lib/libcrypto/x509v3/ext_dat.h b/src/lib/libcrypto/x509v3/ext_dat.h
index 801a585a52..586f116db5 100644
--- a/src/lib/libcrypto/x509v3/ext_dat.h
+++ b/src/lib/libcrypto/x509v3/ext_dat.h
@@ -58,9 +58,12 @@
 /* This file contains a table of "standard" extensions */
 extern X509V3_EXT_METHOD v3_bcons, v3_nscert, v3_key_usage, v3_ext_ku;
-extern X509V3_EXT_METHOD v3_pkey_usage_period, v3_sxnet, v3_info;
+extern X509V3_EXT_METHOD v3_pkey_usage_period, v3_sxnet, v3_info, v3_sinfo;
 extern X509V3_EXT_METHOD v3_ns_ia5_list[], v3_alt[], v3_skey_id, v3_akey_id;
-extern X509V3_EXT_METHOD v3_crl_num, v3_crl_reason, v3_cpols, v3_crld;
+extern X509V3_EXT_METHOD v3_crl_num, v3_crl_reason, v3_crl_invdate, v3_cpols, v3_crld;
+extern X509V3_EXT_METHOD v3_ocsp_nonce, v3_ocsp_accresp, v3_ocsp_acutoff;
+extern X509V3_EXT_METHOD v3_ocsp_crlid, v3_ocsp_nocheck, v3_ocsp_serviceloc;
+extern X509V3_EXT_METHOD v3_crl_hold;
 /* This table will be searched using OBJ_bsearch so it *must* kept in
 * order of the ext_nid values.
@@ -87,8 +90,17 @@ static X509V3_EXT_METHOD *standard_exts[] = {
 &v3_crld,
 &v3_ext_ku,
 &v3_crl_reason,
+&v3_crl_invdate,
 &v3_sxnet,
 &v3_info,
+&v3_ocsp_nonce,
+&v3_ocsp_crlid,
+&v3_ocsp_accresp,
+&v3_ocsp_nocheck,
+&v3_ocsp_acutoff,
+&v3_ocsp_serviceloc,
+&v3_crl_hold,
+&v3_sinfo
 };
 /* Number of standard extensions */
diff --git a/src/lib/libcrypto/x509v3/v3_akey.c b/src/lib/libcrypto/x509v3/v3_akey.c
index 0889a18993..97e686f97a 100644
--- a/src/lib/libcrypto/x509v3/v3_akey.c
+++ b/src/lib/libcrypto/x509v3/v3_akey.c
@@ -60,7 +60,7 @@
 #include "cryptlib.h"
 #include <openssl/conf.h>
 #include <openssl/asn1.h>
-#include <openssl/asn1_mac.h>
+#include <openssl/asn1t.h>
 #include <openssl/x509v3.h>
 static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
@@ -69,72 +69,15 @@ static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
                        X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values);
 X509V3_EXT_METHOD v3_akey_id = {
-NID_authority_key_identifier, X509V3_EXT_MULTILINE,
+NID_authority_key_identifier, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(AUTHORITY_KEYID),
-(X509V3_EXT_NEW)AUTHORITY_KEYID_new,
+0,0,0,0,
-(X509V3_EXT_FREE)AUTHORITY_KEYID_free,
+0,0,
-(X509V3_EXT_D2I)d2i_AUTHORITY_KEYID,
-(X509V3_EXT_I2D)i2d_AUTHORITY_KEYID,
-NULL, NULL,
 (X509V3_EXT_I2V)i2v_AUTHORITY_KEYID,
 (X509V3_EXT_V2I)v2i_AUTHORITY_KEYID,
-NULL,NULL,
+0,0,
 NULL
 };
-int i2d_AUTHORITY_KEYID(AUTHORITY_KEYID *a, unsigned char **pp)
-{
-        M_ASN1_I2D_vars(a);
-        M_ASN1_I2D_len_IMP_opt (a->keyid, i2d_ASN1_OCTET_STRING);
-        M_ASN1_I2D_len_IMP_opt (a->issuer, i2d_GENERAL_NAMES);
-        M_ASN1_I2D_len_IMP_opt (a->serial, i2d_ASN1_INTEGER);
-        M_ASN1_I2D_seq_total();
-        M_ASN1_I2D_put_IMP_opt (a->keyid, i2d_ASN1_OCTET_STRING, 0);
-        M_ASN1_I2D_put_IMP_opt (a->issuer, i2d_GENERAL_NAMES, 1);
-        M_ASN1_I2D_put_IMP_opt (a->serial, i2d_ASN1_INTEGER, 2);
-        M_ASN1_I2D_finish();
-}
-AUTHORITY_KEYID *AUTHORITY_KEYID_new(void)
-{
-        AUTHORITY_KEYID *ret=NULL;
-        ASN1_CTX c;
-        M_ASN1_New_Malloc(ret, AUTHORITY_KEYID);
-        ret->keyid = NULL;
-        ret->issuer = NULL;
-        ret->serial = NULL;
-        return (ret);
-        M_ASN1_New_Error(ASN1_F_AUTHORITY_KEYID_NEW);
-}
-AUTHORITY_KEYID *d2i_AUTHORITY_KEYID(AUTHORITY_KEYID **a, unsigned char **pp,
-             long length)
-{
-        M_ASN1_D2I_vars(a,AUTHORITY_KEYID *,AUTHORITY_KEYID_new);
-        M_ASN1_D2I_Init();
-        M_ASN1_D2I_start_sequence();
-        M_ASN1_D2I_get_IMP_opt (ret->keyid, d2i_ASN1_OCTET_STRING, 0,
-                                                        V_ASN1_OCTET_STRING);
-        M_ASN1_D2I_get_IMP_opt (ret->issuer, d2i_GENERAL_NAMES, 1,
-                                                        V_ASN1_SEQUENCE);
-        M_ASN1_D2I_get_IMP_opt (ret->serial, d2i_ASN1_INTEGER, 2,
-                                                        V_ASN1_INTEGER);
-        M_ASN1_D2I_Finish(a, AUTHORITY_KEYID_free, ASN1_F_D2I_AUTHORITY_KEYID);
-}
-void AUTHORITY_KEYID_free(AUTHORITY_KEYID *a)
-{
-        if (a == NULL) return;
-        M_ASN1_OCTET_STRING_free(a->keyid);
-        sk_GENERAL_NAME_pop_free(a->issuer, GENERAL_NAME_free);
-        M_ASN1_INTEGER_free (a->serial);
-        OPENSSL_free (a);
-}
 static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
             AUTHORITY_KEYID *akeyid, STACK_OF(CONF_VALUE) *extlist)
 {
@@ -171,7 +114,7 @@ int i;
 CONF_VALUE *cnf;
 ASN1_OCTET_STRING *ikeyid = NULL;
 X509_NAME *isname = NULL;
-STACK_OF(GENERAL_NAME) * gens = NULL;
+GENERAL_NAMES * gens = NULL;
 GENERAL_NAME *gen = NULL;
 ASN1_INTEGER *serial = NULL;
 X509_EXTENSION *ext;
@@ -192,8 +135,6 @@ for(i = 0; i < sk_CONF_VALUE_num(values); i++) {
        }
 }
 if(!ctx || !ctx->issuer_cert) {
        if(ctx && (ctx->flags==CTX_TEST)) return AUTHORITY_KEYID_new();
        X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_NO_ISSUER_CERTIFICATE);
diff --git a/src/lib/libcrypto/x509v3/v3_akeya.c b/src/lib/libcrypto/x509v3/v3_akeya.c
new file mode 100644
index 0000000000..2aafa26ba7
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/v3_akeya.c
@@ -0,0 +1,72 @@
+/* v3_akey_asn1.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509v3.h>
+ASN1_SEQUENCE(AUTHORITY_KEYID) = {
+        ASN1_IMP_OPT(AUTHORITY_KEYID, keyid, ASN1_OCTET_STRING, 0),
+        ASN1_IMP_SEQUENCE_OF_OPT(AUTHORITY_KEYID, issuer, GENERAL_NAME, 1),
+        ASN1_IMP_OPT(AUTHORITY_KEYID, serial, ASN1_INTEGER, 2)
+} ASN1_SEQUENCE_END(AUTHORITY_KEYID)
+IMPLEMENT_ASN1_FUNCTIONS(AUTHORITY_KEYID)
diff --git a/src/lib/libcrypto/x509v3/v3_alt.c b/src/lib/libcrypto/x509v3/v3_alt.c
index 94bebcd448..0e9e7dcb4f 100644
--- a/src/lib/libcrypto/x509v3/v3_alt.c
+++ b/src/lib/libcrypto/x509v3/v3_alt.c
@@ -61,33 +61,28 @@
 #include <openssl/conf.h>
 #include <openssl/x509v3.h>
-static STACK_OF(GENERAL_NAME) *v2i_subject_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
+static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
-static STACK_OF(GENERAL_NAME) *v2i_issuer_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
+static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
-static int copy_email(X509V3_CTX *ctx, STACK_OF(GENERAL_NAME) *gens);
+static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p);
-static int copy_issuer(X509V3_CTX *ctx, STACK_OF(GENERAL_NAME) *gens);
+static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens);
 X509V3_EXT_METHOD v3_alt[] = {
-{ NID_subject_alt_name, 0,
+{ NID_subject_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES),
-(X509V3_EXT_NEW)GENERAL_NAMES_new,
+0,0,0,0,
-(X509V3_EXT_FREE)GENERAL_NAMES_free,
+0,0,
-(X509V3_EXT_D2I)d2i_GENERAL_NAMES,
-(X509V3_EXT_I2D)i2d_GENERAL_NAMES,
-NULL, NULL,
 (X509V3_EXT_I2V)i2v_GENERAL_NAMES,
 (X509V3_EXT_V2I)v2i_subject_alt,
 NULL, NULL, NULL},
-{ NID_issuer_alt_name, 0,
-(X509V3_EXT_NEW)GENERAL_NAMES_new,
+{ NID_issuer_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES),
-(X509V3_EXT_FREE)GENERAL_NAMES_free,
+0,0,0,0,
-(X509V3_EXT_D2I)d2i_GENERAL_NAMES,
+0,0,
-(X509V3_EXT_I2D)i2d_GENERAL_NAMES,
-NULL, NULL,
 (X509V3_EXT_I2V)i2v_GENERAL_NAMES,
 (X509V3_EXT_V2I)v2i_issuer_alt,
 NULL, NULL, NULL},
 };
 STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method,
-                STACK_OF(GENERAL_NAME) *gens, STACK_OF(CONF_VALUE) *ret)
+                GENERAL_NAMES *gens, STACK_OF(CONF_VALUE) *ret)
 {
        int i;
        GENERAL_NAME *gen;
@@ -102,8 +97,8 @@ STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method,
 STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method,
                                GENERAL_NAME *gen, STACK_OF(CONF_VALUE) *ret)
 {
-        char oline[256];
        unsigned char *p;
+        char oline[256];
        switch (gen->type)
        {
                case GEN_OTHERNAME:
@@ -154,10 +149,63 @@ STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method,
        return ret;
 }
-static STACK_OF(GENERAL_NAME) *v2i_issuer_alt(X509V3_EXT_METHOD *method,
+int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen)
+{
+        unsigned char *p;
+        switch (gen->type)
+        {
+                case GEN_OTHERNAME:
+                BIO_printf(out, "othername:<unsupported>");
+                break;
+                case GEN_X400:
+                BIO_printf(out, "X400Name:<unsupported>");
+                break;
+                case GEN_EDIPARTY:
+                /* Maybe fix this: it is supported now */
+                BIO_printf(out, "EdiPartyName:<unsupported>");
+                break;
+                case GEN_EMAIL:
+                BIO_printf(out, "email:%s",gen->d.ia5->data);
+                break;
+                case GEN_DNS:
+                BIO_printf(out, "DNS:%s",gen->d.ia5->data);
+                break;
+                case GEN_URI:
+                BIO_printf(out, "URI:%s",gen->d.ia5->data);
+                break;
+                case GEN_DIRNAME:
+                BIO_printf(out, "DirName: ");
+                X509_NAME_print_ex(out, gen->d.dirn, 0, XN_FLAG_ONELINE);
+                break;
+                case GEN_IPADD:
+                p = gen->d.ip->data;
+                /* BUG: doesn't support IPV6 */
+                if(gen->d.ip->length != 4) {
+                        BIO_printf(out,"IP Address:<invalid>");
+                        break;
+                }
+                BIO_printf(out, "IP Address:%d.%d.%d.%d", p[0], p[1], p[2], p[3]);
+                break;
+                case GEN_RID:
+                BIO_printf(out, "Registered ID");
+                i2a_ASN1_OBJECT(out, gen->d.rid);
+                break;
+        }
+        return 1;
+}
+static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method,
                                 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
 {
-        STACK_OF(GENERAL_NAME) *gens = NULL;
+        GENERAL_NAMES *gens = NULL;
        CONF_VALUE *cnf;
        int i;
        if(!(gens = sk_GENERAL_NAME_new_null())) {
@@ -184,9 +232,9 @@ static STACK_OF(GENERAL_NAME) *v2i_issuer_alt(X509V3_EXT_METHOD *method,
 /* Append subject altname of issuer to issuer alt name of subject */
-static int copy_issuer(X509V3_CTX *ctx, STACK_OF(GENERAL_NAME) *gens)
+static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens)
 {
-        STACK_OF(GENERAL_NAME) *ialt;
+        GENERAL_NAMES *ialt;
        GENERAL_NAME *gen;
        X509_EXTENSION *ext;
        int i;
@@ -219,10 +267,10 @@ static int copy_issuer(X509V3_CTX *ctx, STACK_OF(GENERAL_NAME) *gens)
        
 }
-static STACK_OF(GENERAL_NAME) *v2i_subject_alt(X509V3_EXT_METHOD *method,
+static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method,
                                 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
 {
-        STACK_OF(GENERAL_NAME) *gens = NULL;
+        GENERAL_NAMES *gens = NULL;
        CONF_VALUE *cnf;
        int i;
        if(!(gens = sk_GENERAL_NAME_new_null())) {
@@ -233,7 +281,10 @@ static STACK_OF(GENERAL_NAME) *v2i_subject_alt(X509V3_EXT_METHOD *method,
                cnf = sk_CONF_VALUE_value(nval, i);
                if(!name_cmp(cnf->name, "email") && cnf->value &&
                                                !strcmp(cnf->value, "copy")) {
-                        if(!copy_email(ctx, gens)) goto err;
+                        if(!copy_email(ctx, gens, 0)) goto err;
+                } else if(!name_cmp(cnf->name, "email") && cnf->value &&
+                                                !strcmp(cnf->value, "move")) {
+                        if(!copy_email(ctx, gens, 1)) goto err;
                } else {
                        GENERAL_NAME *gen;
                        if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf)))
@@ -251,7 +302,7 @@ static STACK_OF(GENERAL_NAME) *v2i_subject_alt(X509V3_EXT_METHOD *method,
 * GENERAL_NAMES
 */
-static int copy_email(X509V3_CTX *ctx, STACK_OF(GENERAL_NAME) *gens)
+static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p)
 {
        X509_NAME *nm;
        ASN1_IA5STRING *email = NULL;
@@ -273,6 +324,11 @@ static int copy_email(X509V3_CTX *ctx, STACK_OF(GENERAL_NAME) *gens)
                                         NID_pkcs9_emailAddress, i)) >= 0) {
                ne = X509_NAME_get_entry(nm, i);
                email = M_ASN1_IA5STRING_dup(X509_NAME_ENTRY_get_data(ne));
+                if (move_p)
+                        {
+                        X509_NAME_delete_entry(nm, i);
+                        i--;
+                        }
                if(!email || !(gen = GENERAL_NAME_new())) {
                        X509V3err(X509V3_F_COPY_EMAIL,ERR_R_MALLOC_FAILURE);
                        goto err;
@@ -297,11 +353,11 @@ static int copy_email(X509V3_CTX *ctx, STACK_OF(GENERAL_NAME) *gens)
        
 }
-STACK_OF(GENERAL_NAME) *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method,
+GENERAL_NAMES *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method,
                                X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
 {
        GENERAL_NAME *gen;
-        STACK_OF(GENERAL_NAME) *gens = NULL;
+        GENERAL_NAMES *gens = NULL;
        CONF_VALUE *cnf;
        int i;
        if(!(gens = sk_GENERAL_NAME_new_null())) {
diff --git a/src/lib/libcrypto/x509v3/v3_bcons.c b/src/lib/libcrypto/x509v3/v3_bcons.c
index c576b8e955..cbb012715e 100644
--- a/src/lib/libcrypto/x509v3/v3_bcons.c
+++ b/src/lib/libcrypto/x509v3/v3_bcons.c
@@ -60,7 +60,7 @@
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/asn1.h>
-#include <openssl/asn1_mac.h>
+#include <openssl/asn1t.h>
 #include <openssl/conf.h>
 #include <openssl/x509v3.h>
@@ -69,62 +69,22 @@ static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, X509V
 X509V3_EXT_METHOD v3_bcons = {
 NID_basic_constraints, 0,
-(X509V3_EXT_NEW)BASIC_CONSTRAINTS_new,
+ASN1_ITEM_ref(BASIC_CONSTRAINTS),
-(X509V3_EXT_FREE)BASIC_CONSTRAINTS_free,
+0,0,0,0,
-(X509V3_EXT_D2I)d2i_BASIC_CONSTRAINTS,
+0,0,
-(X509V3_EXT_I2D)i2d_BASIC_CONSTRAINTS,
-NULL, NULL,
 (X509V3_EXT_I2V)i2v_BASIC_CONSTRAINTS,
 (X509V3_EXT_V2I)v2i_BASIC_CONSTRAINTS,
 NULL,NULL,
 NULL
 };
+ASN1_SEQUENCE(BASIC_CONSTRAINTS) = {
+        ASN1_OPT(BASIC_CONSTRAINTS, ca, ASN1_FBOOLEAN),
+        ASN1_OPT(BASIC_CONSTRAINTS, pathlen, ASN1_INTEGER)
+} ASN1_SEQUENCE_END(BASIC_CONSTRAINTS)
-int i2d_BASIC_CONSTRAINTS(BASIC_CONSTRAINTS *a, unsigned char **pp)
+IMPLEMENT_ASN1_FUNCTIONS(BASIC_CONSTRAINTS)
-{
-        M_ASN1_I2D_vars(a);
-        if(a->ca) M_ASN1_I2D_len (a->ca, i2d_ASN1_BOOLEAN);
-        M_ASN1_I2D_len (a->pathlen, i2d_ASN1_INTEGER);
-        M_ASN1_I2D_seq_total();
-        if (a->ca) M_ASN1_I2D_put (a->ca, i2d_ASN1_BOOLEAN);
-        M_ASN1_I2D_put (a->pathlen, i2d_ASN1_INTEGER);
-        M_ASN1_I2D_finish();
-}
-BASIC_CONSTRAINTS *BASIC_CONSTRAINTS_new(void)
-{
-        BASIC_CONSTRAINTS *ret=NULL;
-        ASN1_CTX c;
-        M_ASN1_New_Malloc(ret, BASIC_CONSTRAINTS);
-        ret->ca = 0;
-        ret->pathlen = NULL;
-        return (ret);
-        M_ASN1_New_Error(ASN1_F_BASIC_CONSTRAINTS_NEW);
-}
-BASIC_CONSTRAINTS *d2i_BASIC_CONSTRAINTS(BASIC_CONSTRAINTS **a,
-             unsigned char **pp, long length)
-{
-        M_ASN1_D2I_vars(a,BASIC_CONSTRAINTS *,BASIC_CONSTRAINTS_new);
-        M_ASN1_D2I_Init();
-        M_ASN1_D2I_start_sequence();
-        if((M_ASN1_next & (~V_ASN1_CONSTRUCTED)) ==
-                 (V_ASN1_UNIVERSAL|V_ASN1_BOOLEAN) ) {
-                        M_ASN1_D2I_get_int (ret->ca, d2i_ASN1_BOOLEAN);
-        }
-        M_ASN1_D2I_get_opt (ret->pathlen, d2i_ASN1_INTEGER, V_ASN1_INTEGER);
-        M_ASN1_D2I_Finish(a, BASIC_CONSTRAINTS_free, ASN1_F_D2I_BASIC_CONSTRAINTS);
-}
-void BASIC_CONSTRAINTS_free(BASIC_CONSTRAINTS *a)
-{
-        if (a == NULL) return;
-        M_ASN1_INTEGER_free (a->pathlen);
-        OPENSSL_free (a);
-}
 static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method,
             BASIC_CONSTRAINTS *bcons, STACK_OF(CONF_VALUE) *extlist)
diff --git a/src/lib/libcrypto/x509v3/v3_bitst.c b/src/lib/libcrypto/x509v3/v3_bitst.c
index 0e1167d05c..16cf125562 100644
--- a/src/lib/libcrypto/x509v3/v3_bitst.c
+++ b/src/lib/libcrypto/x509v3/v3_bitst.c
@@ -66,6 +66,7 @@ static ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
 static STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
                                ASN1_BIT_STRING *bits,
                                STACK_OF(CONF_VALUE) *extlist);
 static BIT_STRING_BITNAME ns_cert_type_table[] = {
 {0, "SSL Client", "client"},
 {1, "SSL Server", "server"},
diff --git a/src/lib/libcrypto/x509v3/v3_conf.c b/src/lib/libcrypto/x509v3/v3_conf.c
index bdc9c1cbc1..1a3448e121 100644
--- a/src/lib/libcrypto/x509v3/v3_conf.c
+++ b/src/lib/libcrypto/x509v3/v3_conf.c
@@ -68,114 +68,137 @@
 static int v3_check_critical(char **value);
 static int v3_check_generic(char **value);
-static X509_EXTENSION *do_ext_conf(LHASH *conf, X509V3_CTX *ctx, int ext_nid, int crit, char *value);
+static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, int crit, char *value);
 static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, int crit, int type);
 static char *conf_lhash_get_string(void *db, char *section, char *value);
 static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section);
 static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid,
                                                 int crit, void *ext_struc);
-/* LHASH *conf:  Config file    */
+/* CONF *conf:  Config file    */
 /* char *name:  Name    */
 /* char *value:  Value    */
-X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name,
+X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name,
             char *value)
-{
+        {
        int crit;
        int ext_type;
        X509_EXTENSION *ret;
        crit = v3_check_critical(&value);
-        if((ext_type = v3_check_generic(&value))) 
+        if ((ext_type = v3_check_generic(&value))) 
                return v3_generic_extension(name, value, crit, ext_type);
-        ret = do_ext_conf(conf, ctx, OBJ_sn2nid(name), crit, value);
+        ret = do_ext_nconf(conf, ctx, OBJ_sn2nid(name), crit, value);
-        if(!ret) {
+        if (!ret)
+                {
                X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_ERROR_IN_EXTENSION);
                ERR_add_error_data(4,"name=", name, ", value=", value);
-        }
+                }
        return ret;
-}
+        }
-/* LHASH *conf:  Config file    */
+/* CONF *conf:  Config file    */
 /* char *value:  Value    */
-X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid,
+X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid,
             char *value)
-{
+        {
        int crit;
        int ext_type;
        crit = v3_check_critical(&value);
-        if((ext_type = v3_check_generic(&value))) 
+        if ((ext_type = v3_check_generic(&value))) 
                return v3_generic_extension(OBJ_nid2sn(ext_nid),
                                                         value, crit, ext_type);
-        return do_ext_conf(conf, ctx, ext_nid, crit, value);
+        return do_ext_nconf(conf, ctx, ext_nid, crit, value);
-}
+        }
-/* LHASH *conf:  Config file    */
+/* CONF *conf:  Config file    */
 /* char *value:  Value    */
-static X509_EXTENSION *do_ext_conf(LHASH *conf, X509V3_CTX *ctx, int ext_nid,
+static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid,
             int crit, char *value)
-{
+        {
        X509V3_EXT_METHOD *method;
        X509_EXTENSION *ext;
        STACK_OF(CONF_VALUE) *nval;
        void *ext_struc;
-        if(ext_nid == NID_undef) {
+        if (ext_nid == NID_undef)
+                {
                X509V3err(X509V3_F_DO_EXT_CONF,X509V3_R_UNKNOWN_EXTENSION_NAME);
                return NULL;
-        }
+                }
-        if(!(method = X509V3_EXT_get_nid(ext_nid))) {
+        if (!(method = X509V3_EXT_get_nid(ext_nid)))
+                {
                X509V3err(X509V3_F_DO_EXT_CONF,X509V3_R_UNKNOWN_EXTENSION);
                return NULL;
-        }
+                }
        /* Now get internal extension representation based on type */
-        if(method->v2i) {
+        if (method->v2i)
-                if(*value == '@') nval = CONF_get_section(conf, value + 1);
+                {
+                if(*value == '@') nval = NCONF_get_section(conf, value + 1);
                else nval = X509V3_parse_list(value);
-                if(!nval) {
+                if(!nval)
+                        {
                        X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_INVALID_EXTENSION_STRING);
                        ERR_add_error_data(4, "name=", OBJ_nid2sn(ext_nid), ",section=", value);
                        return NULL;
-                }
+                        }
                ext_struc = method->v2i(method, ctx, nval);
                if(*value != '@') sk_CONF_VALUE_pop_free(nval,
                                                         X509V3_conf_free);
                if(!ext_struc) return NULL;
-        } else if(method->s2i) {
+                }
+        else if(method->s2i)
+                {
                if(!(ext_struc = method->s2i(method, ctx, value))) return NULL;
-        } else if(method->r2i) {
+                }
-                if(!ctx->db) {
+        else if(method->r2i)
+                {
+                if(!ctx->db)
+                        {
                        X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_NO_CONFIG_DATABASE);
                        return NULL;
-                }
+                        }
                if(!(ext_struc = method->r2i(method, ctx, value))) return NULL;
-        } else {
+                }
+        else
+                {
                X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED);
                ERR_add_error_data(2, "name=", OBJ_nid2sn(ext_nid));
                return NULL;
-        }
+                }
        ext  = do_ext_i2d(method, ext_nid, crit, ext_struc);
-        method->ext_free(ext_struc);
+        if(method->it) ASN1_item_free(ext_struc, ASN1_ITEM_ptr(method->it));
+        else method->ext_free(ext_struc);
        return ext;
-}
+        }
 static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid,
                                                 int crit, void *ext_struc)
-{
+        {
-        unsigned char *ext_der, *p;
+        unsigned char *ext_der;
        int ext_len;
        ASN1_OCTET_STRING *ext_oct;
        X509_EXTENSION *ext;
        /* Convert internal representation to DER */
-        ext_len = method->i2d(ext_struc, NULL);
+        if (method->it)
-        if(!(ext_der = OPENSSL_malloc(ext_len))) goto merr;
+                {
-        p = ext_der;
+                ext_der = NULL;
-        method->i2d(ext_struc, &p);
+                ext_len = ASN1_item_i2d(ext_struc, &ext_der, ASN1_ITEM_ptr(method->it));
-        if(!(ext_oct = M_ASN1_OCTET_STRING_new())) goto merr;
+                if (ext_len < 0) goto merr;
+                }
+         else
+                {
+                unsigned char *p;
+                ext_len = method->i2d(ext_struc, NULL);
+                if(!(ext_der = OPENSSL_malloc(ext_len))) goto merr;
+                p = ext_der;
+                method->i2d(ext_struc, &p);
+                }
+        if (!(ext_oct = M_ASN1_OCTET_STRING_new())) goto merr;
        ext_oct->data = ext_der;
        ext_oct->length = ext_len;
-        
        ext = X509_EXTENSION_create_by_NID(NULL, ext_nid, crit, ext_oct);
-        if(!ext) goto merr;
+        if (!ext) goto merr;
        M_ASN1_OCTET_STRING_free(ext_oct);
        return ext;
@@ -184,14 +207,14 @@ static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid,
        X509V3err(X509V3_F_DO_EXT_I2D,ERR_R_MALLOC_FAILURE);
        return NULL;
-}
+        }
 /* Given an internal structure, nid and critical flag create an extension */
 X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc)
-{
+        {
        X509V3_EXT_METHOD *method;
-        if(!(method = X509V3_EXT_get_nid(ext_nid))) {
+        if (!(method = X509V3_EXT_get_nid(ext_nid))) {
                X509V3err(X509V3_F_X509V3_EXT_I2D,X509V3_R_UNKNOWN_EXTENSION);
                return NULL;
        }
@@ -202,7 +225,7 @@ X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc)
 static int v3_check_critical(char **value)
 {
        char *p = *value;
-        if((strlen(p) < 9) || strncmp(p, "critical,", 9)) return 0;
+        if ((strlen(p) < 9) || strncmp(p, "critical,", 9)) return 0;
        p+=9;
        while(isspace((unsigned char)*p)) p++;
        *value = p;
@@ -213,9 +236,9 @@ static int v3_check_critical(char **value)
 static int v3_check_generic(char **value)
 {
        char *p = *value;
-        if((strlen(p) < 4) || strncmp(p, "DER:,", 4)) return 0;
+        if ((strlen(p) < 4) || strncmp(p, "DER:,", 4)) return 0;
        p+=4;
-        while(isspace((unsigned char)*p)) p++;
+        while (isspace((unsigned char)*p)) p++;
        *value = p;
        return 1;
 }
@@ -223,148 +246,202 @@ static int v3_check_generic(char **value)
 /* Create a generic extension: for now just handle DER type */
 static X509_EXTENSION *v3_generic_extension(const char *ext, char *value,
             int crit, int type)
-{
+        {
-unsigned char *ext_der=NULL;
+        unsigned char *ext_der=NULL;
-long ext_len;
+        long ext_len;
-ASN1_OBJECT *obj=NULL;
+        ASN1_OBJECT *obj=NULL;
-ASN1_OCTET_STRING *oct=NULL;
+        ASN1_OCTET_STRING *oct=NULL;
-X509_EXTENSION *extension=NULL;
+        X509_EXTENSION *extension=NULL;
-if(!(obj = OBJ_txt2obj(ext, 0))) {
+        if (!(obj = OBJ_txt2obj(ext, 0)))
-        X509V3err(X509V3_F_V3_GENERIC_EXTENSION,X509V3_R_EXTENSION_NAME_ERROR);
+                {
-        ERR_add_error_data(2, "name=", ext);
+                X509V3err(X509V3_F_V3_GENERIC_EXTENSION,X509V3_R_EXTENSION_NAME_ERROR);
-        goto err;
+                ERR_add_error_data(2, "name=", ext);
-}
+                goto err;
+                }
-if(!(ext_der = string_to_hex(value, &ext_len))) {
+        if (!(ext_der = string_to_hex(value, &ext_len)))
-        X509V3err(X509V3_F_V3_GENERIC_EXTENSION,X509V3_R_EXTENSION_VALUE_ERROR);
+                {
-        ERR_add_error_data(2, "value=", value);
+                X509V3err(X509V3_F_V3_GENERIC_EXTENSION,X509V3_R_EXTENSION_VALUE_ERROR);
-        goto err;
+                ERR_add_error_data(2, "value=", value);
-}
+                goto err;
+                }
-if(!(oct = M_ASN1_OCTET_STRING_new())) {
+        if (!(oct = M_ASN1_OCTET_STRING_new()))
-        X509V3err(X509V3_F_V3_GENERIC_EXTENSION,ERR_R_MALLOC_FAILURE);
+                {
-        goto err;
+                X509V3err(X509V3_F_V3_GENERIC_EXTENSION,ERR_R_MALLOC_FAILURE);
-}
+                goto err;
+                }
-oct->data = ext_der;
+        oct->data = ext_der;
-oct->length = ext_len;
+        oct->length = ext_len;
-ext_der = NULL;
+        ext_der = NULL;
-extension = X509_EXTENSION_create_by_OBJ(NULL, obj, crit, oct);
+        extension = X509_EXTENSION_create_by_OBJ(NULL, obj, crit, oct);
-err:
+        err:
-ASN1_OBJECT_free(obj);
+        ASN1_OBJECT_free(obj);
-M_ASN1_OCTET_STRING_free(oct);
+        M_ASN1_OCTET_STRING_free(oct);
-if(ext_der) OPENSSL_free(ext_der);
+        if(ext_der) OPENSSL_free(ext_der);
-return extension;
+        return extension;
-}
+        }
 /* This is the main function: add a bunch of extensions based on a config file
- * section
+ * section to an extension STACK.
 */
-int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
-             X509 *cert)
+int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section,
-{
+             STACK_OF(X509_EXTENSION) **sk)
+        {
        X509_EXTENSION *ext;
        STACK_OF(CONF_VALUE) *nval;
        CONF_VALUE *val;        
        int i;
-        if(!(nval = CONF_get_section(conf, section))) return 0;
+        if (!(nval = NCONF_get_section(conf, section))) return 0;
-        for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+        for (i = 0; i < sk_CONF_VALUE_num(nval); i++)
+                {
                val = sk_CONF_VALUE_value(nval, i);
-                if(!(ext = X509V3_EXT_conf(conf, ctx, val->name, val->value)))
+                if (!(ext = X509V3_EXT_nconf(conf, ctx, val->name, val->value)))
                                                                return 0;
-                if(cert) X509_add_ext(cert, ext, -1);
+                if (sk) X509v3_add_ext(sk, ext, -1);
                X509_EXTENSION_free(ext);
-        }
+                }
        return 1;
-}
+        }
+/* Convenience functions to add extensions to a certificate, CRL and request */
+int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
+             X509 *cert)
+        {
+        STACK_OF(X509_EXTENSION) **sk = NULL;
+        if (cert)
+                sk = &cert->cert_info->extensions;
+        return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk);
+        }
 /* Same as above but for a CRL */
-int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
+int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
             X509_CRL *crl)
-{
+        {
-        X509_EXTENSION *ext;
+        STACK_OF(X509_EXTENSION) **sk = NULL;
-        STACK_OF(CONF_VALUE) *nval;
+        if (crl)
-        CONF_VALUE *val;        
+                sk = &crl->crl->extensions;
-        int i;
+        return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk);
-        if(!(nval = CONF_get_section(conf, section))) return 0;
-        for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
-                val = sk_CONF_VALUE_value(nval, i);
-                if(!(ext = X509V3_EXT_conf(conf, ctx, val->name, val->value)))
-                                                                return 0;
-                if(crl) X509_CRL_add_ext(crl, ext, -1);
-                X509_EXTENSION_free(ext);
        }
-        return 1;
-}
 /* Add extensions to certificate request */
-int X509V3_EXT_REQ_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
+int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
             X509_REQ *req)
-{
+        {
-        X509_EXTENSION *ext;
+        STACK_OF(X509_EXTENSION) *extlist = NULL, **sk = NULL;
-        STACK_OF(X509_EXTENSION) *extlist = NULL;
-        STACK_OF(CONF_VALUE) *nval;
-        CONF_VALUE *val;        
        int i;
-        if(!(nval = CONF_get_section(conf, section))) return 0;
+        if (req)
-        for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+                sk = &extlist;
-                val = sk_CONF_VALUE_value(nval, i);
+        i = X509V3_EXT_add_nconf_sk(conf, ctx, section, sk);
-                if(!(ext = X509V3_EXT_conf(conf, ctx, val->name, val->value)))
+        if (!i || !sk)
-                                                                return 0;
+                return i;
-                if(!extlist) extlist = sk_X509_EXTENSION_new_null();
+        i = X509_REQ_add_extensions(req, extlist);
-                sk_X509_EXTENSION_push(extlist, ext);
-        }
-        if(req) i = X509_REQ_add_extensions(req, extlist);
-        else i = 1;
        sk_X509_EXTENSION_pop_free(extlist, X509_EXTENSION_free);
        return i;
-}
+        }
 /* Config database functions */
 char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section)
-{
+        {
-        if(ctx->db_meth->get_string)
+        if (ctx->db_meth->get_string)
                        return ctx->db_meth->get_string(ctx->db, name, section);
        return NULL;
-}
+        }
 STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section)
-{
+        {
-        if(ctx->db_meth->get_section)
+        if (ctx->db_meth->get_section)
                        return ctx->db_meth->get_section(ctx->db, section);
        return NULL;
-}
+        }
 void X509V3_string_free(X509V3_CTX *ctx, char *str)
-{
+        {
-        if(!str) return;
+        if (!str) return;
-        if(ctx->db_meth->free_string)
+        if (ctx->db_meth->free_string)
                        ctx->db_meth->free_string(ctx->db, str);
-}
+        }
 void X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section)
-{
+        {
-        if(!section) return;
+        if (!section) return;
-        if(ctx->db_meth->free_section)
+        if (ctx->db_meth->free_section)
                        ctx->db_meth->free_section(ctx->db, section);
-}
+        }
+static char *nconf_get_string(void *db, char *section, char *value)
+        {
+        return NCONF_get_string(db, section, value);
+        }
+static STACK_OF(CONF_VALUE) *nconf_get_section(void *db, char *section)
+        {
+        return NCONF_get_section(db, section);
+        }
+static X509V3_CONF_METHOD nconf_method = {
+nconf_get_string,
+nconf_get_section,
+NULL,
+NULL
+};
+void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf)
+        {
+        ctx->db_meth = &nconf_method;
+        ctx->db = conf;
+        }
+void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subj, X509_REQ *req,
+             X509_CRL *crl, int flags)
+        {
+        ctx->issuer_cert = issuer;
+        ctx->subject_cert = subj;
+        ctx->crl = crl;
+        ctx->subject_req = req;
+        ctx->flags = flags;
+        }
+/* Old conf compatibility functions */
+X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name,
+             char *value)
+        {
+        CONF ctmp;
+        CONF_set_nconf(&ctmp, conf);
+        return X509V3_EXT_nconf(&ctmp, ctx, name, value);
+        }
+/* LHASH *conf:  Config file    */
+/* char *value:  Value    */
+X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid,
+             char *value)
+        {
+        CONF ctmp;
+        CONF_set_nconf(&ctmp, conf);
+        return X509V3_EXT_nconf_nid(&ctmp, ctx, ext_nid, value);
+        }
 static char *conf_lhash_get_string(void *db, char *section, char *value)
-{
+        {
        return CONF_get_string(db, section, value);
-}
+        }
 static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section)
-{
+        {
        return CONF_get_section(db, section);
-}
+        }
 static X509V3_CONF_METHOD conf_lhash_method = {
 conf_lhash_get_string,
@@ -374,17 +451,35 @@ NULL
 };
 void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH *lhash)
-{
+        {
        ctx->db_meth = &conf_lhash_method;
        ctx->db = lhash;
-}
+        }
-void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subj, X509_REQ *req,
+int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
-             X509_CRL *crl, int flags)
+             X509 *cert)
-{
+        {
-        ctx->issuer_cert = issuer;
+        CONF ctmp;
-        ctx->subject_cert = subj;
+        CONF_set_nconf(&ctmp, conf);
-        ctx->crl = crl;
+        return X509V3_EXT_add_nconf(&ctmp, ctx, section, cert);
-        ctx->subject_req = req;
+        }
-        ctx->flags = flags;
-}
+/* Same as above but for a CRL */
+int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
+             X509_CRL *crl)
+        {
+        CONF ctmp;
+        CONF_set_nconf(&ctmp, conf);
+        return X509V3_EXT_CRL_add_nconf(&ctmp, ctx, section, crl);
+        }
+/* Add extensions to certificate request */
+int X509V3_EXT_REQ_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
+             X509_REQ *req)
+        {
+        CONF ctmp;
+        CONF_set_nconf(&ctmp, conf);
+        return X509V3_EXT_REQ_add_nconf(&ctmp, ctx, section, req);
+        }
diff --git a/src/lib/libcrypto/x509v3/v3_cpols.c b/src/lib/libcrypto/x509v3/v3_cpols.c
index 8203ed7571..0d4ab1f680 100644
--- a/src/lib/libcrypto/x509v3/v3_cpols.c
+++ b/src/lib/libcrypto/x509v3/v3_cpols.c
@@ -60,7 +60,7 @@
 #include "cryptlib.h"
 #include <openssl/conf.h>
 #include <openssl/asn1.h>
-#include <openssl/asn1_mac.h>
+#include <openssl/asn1t.h>
 #include <openssl/x509v3.h>
 /* Certificate policies extension support: this one is a bit complex... */
@@ -76,18 +76,55 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
 static STACK_OF(ASN1_INTEGER) *nref_nos(STACK_OF(CONF_VALUE) *nos);
 X509V3_EXT_METHOD v3_cpols = {
-NID_certificate_policies, 0,
+NID_certificate_policies, 0,ASN1_ITEM_ref(CERTIFICATEPOLICIES),
-(X509V3_EXT_NEW)CERTIFICATEPOLICIES_new,
+0,0,0,0,
-(X509V3_EXT_FREE)CERTIFICATEPOLICIES_free,
+0,0,
-(X509V3_EXT_D2I)d2i_CERTIFICATEPOLICIES,
+0,0,
-(X509V3_EXT_I2D)i2d_CERTIFICATEPOLICIES,
-NULL, NULL,
-NULL, NULL,
 (X509V3_EXT_I2R)i2r_certpol,
 (X509V3_EXT_R2I)r2i_certpol,
 NULL
 };
+ASN1_ITEM_TEMPLATE(CERTIFICATEPOLICIES) = 
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CERTIFICATEPOLICIES, POLICYINFO)
+ASN1_ITEM_TEMPLATE_END(CERTIFICATEPOLICIES)
+IMPLEMENT_ASN1_FUNCTIONS(CERTIFICATEPOLICIES)
+ASN1_SEQUENCE(POLICYINFO) = {
+        ASN1_SIMPLE(POLICYINFO, policyid, ASN1_OBJECT),
+        ASN1_SEQUENCE_OF_OPT(POLICYINFO, qualifiers, POLICYQUALINFO)
+} ASN1_SEQUENCE_END(POLICYINFO)
+IMPLEMENT_ASN1_FUNCTIONS(POLICYINFO)
+ASN1_ADB_TEMPLATE(policydefault) = ASN1_SIMPLE(POLICYQUALINFO, d.other, ASN1_ANY);
+ASN1_ADB(POLICYQUALINFO) = {
+        ADB_ENTRY(NID_id_qt_cps, ASN1_SIMPLE(POLICYQUALINFO, d.cpsuri, ASN1_IA5STRING)),
+        ADB_ENTRY(NID_id_qt_unotice, ASN1_SIMPLE(POLICYQUALINFO, d.usernotice, USERNOTICE))
+} ASN1_ADB_END(POLICYQUALINFO, 0, pqualid, 0, &policydefault_tt, NULL);
+ASN1_SEQUENCE(POLICYQUALINFO) = {
+        ASN1_SIMPLE(POLICYQUALINFO, pqualid, ASN1_OBJECT),
+        ASN1_ADB_OBJECT(POLICYQUALINFO)
+} ASN1_SEQUENCE_END(POLICYQUALINFO)
+IMPLEMENT_ASN1_FUNCTIONS(POLICYQUALINFO)
+ASN1_SEQUENCE(USERNOTICE) = {
+        ASN1_OPT(USERNOTICE, noticeref, NOTICEREF),
+        ASN1_OPT(USERNOTICE, exptext, DISPLAYTEXT)
+} ASN1_SEQUENCE_END(USERNOTICE)
+IMPLEMENT_ASN1_FUNCTIONS(USERNOTICE)
+ASN1_SEQUENCE(NOTICEREF) = {
+        ASN1_SIMPLE(NOTICEREF, organization, DISPLAYTEXT),
+        ASN1_SEQUENCE_OF(NOTICEREF, noticenos, ASN1_INTEGER)
+} ASN1_SEQUENCE_END(NOTICEREF)
+IMPLEMENT_ASN1_FUNCTIONS(NOTICEREF)
 static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method,
                X509V3_CTX *ctx, char *value)
@@ -327,83 +364,6 @@ static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol,
        return 1;
 }
-int i2d_CERTIFICATEPOLICIES(STACK_OF(POLICYINFO) *a, unsigned char **pp)
-{
-return i2d_ASN1_SET_OF_POLICYINFO(a, pp, i2d_POLICYINFO, V_ASN1_SEQUENCE,
-                                                 V_ASN1_UNIVERSAL, IS_SEQUENCE);}
-STACK_OF(POLICYINFO) *CERTIFICATEPOLICIES_new(void)
-{
-        return sk_POLICYINFO_new_null();
-}
-void CERTIFICATEPOLICIES_free(STACK_OF(POLICYINFO) *a)
-{
-        sk_POLICYINFO_pop_free(a, POLICYINFO_free);
-}
-STACK_OF(POLICYINFO) *d2i_CERTIFICATEPOLICIES(STACK_OF(POLICYINFO) **a,
-                unsigned char **pp,long length)
-{
-return d2i_ASN1_SET_OF_POLICYINFO(a, pp, length, d2i_POLICYINFO,
-                         POLICYINFO_free, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
-}
-IMPLEMENT_STACK_OF(POLICYINFO)
-IMPLEMENT_ASN1_SET_OF(POLICYINFO)
-int i2d_POLICYINFO(POLICYINFO *a, unsigned char **pp)
-{
-        M_ASN1_I2D_vars(a);
-        M_ASN1_I2D_len (a->policyid, i2d_ASN1_OBJECT);
-        M_ASN1_I2D_len_SEQUENCE_type(POLICYQUALINFO, a->qualifiers,
-                                                         i2d_POLICYQUALINFO);
-        M_ASN1_I2D_seq_total();
-        M_ASN1_I2D_put (a->policyid, i2d_ASN1_OBJECT);
-        M_ASN1_I2D_put_SEQUENCE_type(POLICYQUALINFO, a->qualifiers,
-                                                         i2d_POLICYQUALINFO);
-        M_ASN1_I2D_finish();
-}
-POLICYINFO *POLICYINFO_new(void)
-{
-        POLICYINFO *ret=NULL;
-        ASN1_CTX c;
-        M_ASN1_New_Malloc(ret, POLICYINFO);
-        ret->policyid = NULL;
-        ret->qualifiers = NULL;
-        return (ret);
-        M_ASN1_New_Error(ASN1_F_POLICYINFO_NEW);
-}
-POLICYINFO *d2i_POLICYINFO(POLICYINFO **a, unsigned char **pp,long length)
-{
-        M_ASN1_D2I_vars(a,POLICYINFO *,POLICYINFO_new);
-        M_ASN1_D2I_Init();
-        M_ASN1_D2I_start_sequence();
-        M_ASN1_D2I_get(ret->policyid, d2i_ASN1_OBJECT);
-        if(!M_ASN1_D2I_end_sequence()) {
-                M_ASN1_D2I_get_seq_type (POLICYQUALINFO, ret->qualifiers,
-                                 d2i_POLICYQUALINFO, POLICYQUALINFO_free);
-        }
-        M_ASN1_D2I_Finish(a, POLICYINFO_free, ASN1_F_D2I_POLICYINFO);
-}
-void POLICYINFO_free(POLICYINFO *a)
-{
-        if (a == NULL) return;
-        ASN1_OBJECT_free(a->policyid);
-        sk_POLICYQUALINFO_pop_free(a->qualifiers, POLICYQUALINFO_free);
-        OPENSSL_free (a);
-}
 static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals,
                int indent)
 {
@@ -459,202 +419,4 @@ static void print_notice(BIO *out, USERNOTICE *notice, int indent)
                BIO_printf(out, "%*sExplicit Text: %s\n", indent, "",
                                                         notice->exptext->data);
 }
-                
-        
-int i2d_POLICYQUALINFO(POLICYQUALINFO *a, unsigned char **pp)
-{
-        M_ASN1_I2D_vars(a);
-        M_ASN1_I2D_len (a->pqualid, i2d_ASN1_OBJECT);
-        switch(OBJ_obj2nid(a->pqualid)) {
-                case NID_id_qt_cps:
-                M_ASN1_I2D_len(a->d.cpsuri, i2d_ASN1_IA5STRING);
-                break;
-                case NID_id_qt_unotice:
-                M_ASN1_I2D_len(a->d.usernotice, i2d_USERNOTICE);
-                break;
-                default:
-                M_ASN1_I2D_len(a->d.other, i2d_ASN1_TYPE);
-                break;
-        }
-        M_ASN1_I2D_seq_total();
-        M_ASN1_I2D_put (a->pqualid, i2d_ASN1_OBJECT);
-        switch(OBJ_obj2nid(a->pqualid)) {
-                case NID_id_qt_cps:
-                M_ASN1_I2D_put(a->d.cpsuri, i2d_ASN1_IA5STRING);
-                break;
-                case NID_id_qt_unotice:
-                M_ASN1_I2D_put(a->d.usernotice, i2d_USERNOTICE);
-                break;
-                default:
-                M_ASN1_I2D_put(a->d.other, i2d_ASN1_TYPE);
-                break;
-        }
-        M_ASN1_I2D_finish();
-}
-POLICYQUALINFO *POLICYQUALINFO_new(void)
-{
-        POLICYQUALINFO *ret=NULL;
-        ASN1_CTX c;
-        M_ASN1_New_Malloc(ret, POLICYQUALINFO);
-        ret->pqualid = NULL;
-        ret->d.other = NULL;
-        return (ret);
-        M_ASN1_New_Error(ASN1_F_POLICYQUALINFO_NEW);
-}
-POLICYQUALINFO *d2i_POLICYQUALINFO(POLICYQUALINFO **a, unsigned char **pp,
-                long length)
-{
-        M_ASN1_D2I_vars(a,POLICYQUALINFO *,POLICYQUALINFO_new);
-        M_ASN1_D2I_Init();
-        M_ASN1_D2I_start_sequence();
-        M_ASN1_D2I_get (ret->pqualid, d2i_ASN1_OBJECT);
-        switch(OBJ_obj2nid(ret->pqualid)) {
-                case NID_id_qt_cps:
-                M_ASN1_D2I_get(ret->d.cpsuri, d2i_ASN1_IA5STRING);
-                break;
-                case NID_id_qt_unotice:
-                M_ASN1_D2I_get(ret->d.usernotice, d2i_USERNOTICE);
-                break;
-                default:
-                M_ASN1_D2I_get(ret->d.other, d2i_ASN1_TYPE);
-                break;
-        }
-        M_ASN1_D2I_Finish(a, POLICYQUALINFO_free, ASN1_F_D2I_POLICYQUALINFO);
-}
-void POLICYQUALINFO_free(POLICYQUALINFO *a)
-{
-        if (a == NULL) return;
-        switch(OBJ_obj2nid(a->pqualid)) {
-                case NID_id_qt_cps:
-                M_ASN1_IA5STRING_free(a->d.cpsuri);
-                break;
-                case NID_id_qt_unotice:
-                USERNOTICE_free(a->d.usernotice);
-                break;
-                default:
-                ASN1_TYPE_free(a->d.other);
-                break;
-        }
-        
-        ASN1_OBJECT_free(a->pqualid);
-        OPENSSL_free (a);
-}
-int i2d_USERNOTICE(USERNOTICE *a, unsigned char **pp)
-{
-        M_ASN1_I2D_vars(a);
-        M_ASN1_I2D_len (a->noticeref, i2d_NOTICEREF);
-        M_ASN1_I2D_len (a->exptext, i2d_DISPLAYTEXT);
-        M_ASN1_I2D_seq_total();
-        M_ASN1_I2D_put (a->noticeref, i2d_NOTICEREF);
-        M_ASN1_I2D_put (a->exptext, i2d_DISPLAYTEXT);
-        M_ASN1_I2D_finish();
-}
-USERNOTICE *USERNOTICE_new(void)
-{
-        USERNOTICE *ret=NULL;
-        ASN1_CTX c;
-        M_ASN1_New_Malloc(ret, USERNOTICE);
-        ret->noticeref = NULL;
-        ret->exptext = NULL;
-        return (ret);
-        M_ASN1_New_Error(ASN1_F_USERNOTICE_NEW);
-}
-USERNOTICE *d2i_USERNOTICE(USERNOTICE **a, unsigned char **pp,long length)
-{
-        M_ASN1_D2I_vars(a,USERNOTICE *,USERNOTICE_new);
-        M_ASN1_D2I_Init();
-        M_ASN1_D2I_start_sequence();
-        M_ASN1_D2I_get_opt(ret->noticeref, d2i_NOTICEREF, V_ASN1_SEQUENCE);
-        if (!M_ASN1_D2I_end_sequence()) {
-                M_ASN1_D2I_get(ret->exptext, d2i_DISPLAYTEXT);
-        }
-        M_ASN1_D2I_Finish(a, USERNOTICE_free, ASN1_F_D2I_USERNOTICE);
-}
-void USERNOTICE_free(USERNOTICE *a)
-{
-        if (a == NULL) return;
-        NOTICEREF_free(a->noticeref);
-        M_DISPLAYTEXT_free(a->exptext);
-        OPENSSL_free (a);
-}
-int i2d_NOTICEREF(NOTICEREF *a, unsigned char **pp)
-{
-        M_ASN1_I2D_vars(a);
-        M_ASN1_I2D_len (a->organization, i2d_DISPLAYTEXT);
-        M_ASN1_I2D_len_SEQUENCE_type(ASN1_INTEGER, a->noticenos,
-                                     i2d_ASN1_INTEGER);
-        M_ASN1_I2D_seq_total();
-        M_ASN1_I2D_put (a->organization, i2d_DISPLAYTEXT);
-        M_ASN1_I2D_put_SEQUENCE_type(ASN1_INTEGER, a->noticenos,
-                                     i2d_ASN1_INTEGER);
-        M_ASN1_I2D_finish();
-}
-NOTICEREF *NOTICEREF_new(void)
-{
-        NOTICEREF *ret=NULL;
-        ASN1_CTX c;
-        M_ASN1_New_Malloc(ret, NOTICEREF);
-        ret->organization = NULL;
-        ret->noticenos = NULL;
-        return (ret);
-        M_ASN1_New_Error(ASN1_F_NOTICEREF_NEW);
-}
-NOTICEREF *d2i_NOTICEREF(NOTICEREF **a, unsigned char **pp,long length)
-{
-        M_ASN1_D2I_vars(a,NOTICEREF *,NOTICEREF_new);
-        M_ASN1_D2I_Init();
-        M_ASN1_D2I_start_sequence();
-        /* This is to cope with some broken encodings that use IA5STRING for
-         * the organization field
-         */
-        M_ASN1_D2I_get_opt(ret->organization, d2i_ASN1_IA5STRING,
-                                                         V_ASN1_IA5STRING);
-        if(!ret->organization) {
-                 M_ASN1_D2I_get(ret->organization, d2i_DISPLAYTEXT);
-        }
-        M_ASN1_D2I_get_seq_type(ASN1_INTEGER, ret->noticenos, d2i_ASN1_INTEGER,
-                                ASN1_STRING_free);
-        M_ASN1_D2I_Finish(a, NOTICEREF_free, ASN1_F_D2I_NOTICEREF);
-}
-void NOTICEREF_free(NOTICEREF *a)
-{
-        if (a == NULL) return;
-        M_DISPLAYTEXT_free(a->organization);
-        sk_ASN1_INTEGER_pop_free(a->noticenos, ASN1_STRING_free);
-        OPENSSL_free (a);
-}
-IMPLEMENT_STACK_OF(POLICYQUALINFO)
-IMPLEMENT_ASN1_SET_OF(POLICYQUALINFO)
diff --git a/src/lib/libcrypto/x509v3/v3_crld.c b/src/lib/libcrypto/x509v3/v3_crld.c
index 67feea4017..894a8b94d8 100644
--- a/src/lib/libcrypto/x509v3/v3_crld.c
+++ b/src/lib/libcrypto/x509v3/v3_crld.c
@@ -60,7 +60,7 @@
 #include "cryptlib.h"
 #include <openssl/conf.h>
 #include <openssl/asn1.h>
-#include <openssl/asn1_mac.h>
+#include <openssl/asn1t.h>
 #include <openssl/x509v3.h>
 static STACK_OF(CONF_VALUE) *i2v_crld(X509V3_EXT_METHOD *method,
@@ -69,15 +69,13 @@ static STACK_OF(DIST_POINT) *v2i_crld(X509V3_EXT_METHOD *method,
                                X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
 X509V3_EXT_METHOD v3_crld = {
-NID_crl_distribution_points, X509V3_EXT_MULTILINE,
+NID_crl_distribution_points, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(CRL_DIST_POINTS),
-(X509V3_EXT_NEW)CRL_DIST_POINTS_new,
+0,0,0,0,
-(X509V3_EXT_FREE)CRL_DIST_POINTS_free,
+0,0,
-(X509V3_EXT_D2I)d2i_CRL_DIST_POINTS,
-(X509V3_EXT_I2D)i2d_CRL_DIST_POINTS,
-NULL, NULL,
 (X509V3_EXT_I2V)i2v_crld,
 (X509V3_EXT_V2I)v2i_crld,
-NULL, NULL, NULL
+0,0,
+NULL
 };
 static STACK_OF(CONF_VALUE) *i2v_crld(X509V3_EXT_METHOD *method,
@@ -87,16 +85,16 @@ static STACK_OF(CONF_VALUE) *i2v_crld(X509V3_EXT_METHOD *method,
        int i;
        for(i = 0; i < sk_DIST_POINT_num(crld); i++) {
                point = sk_DIST_POINT_value(crld, i);
-                if(point->distpoint && point->distpoint->fullname) {
+                if(point->distpoint) {
-                        exts = i2v_GENERAL_NAMES(NULL,
+                        if(point->distpoint->type == 0)
-                                         point->distpoint->fullname, exts);
+                                exts = i2v_GENERAL_NAMES(NULL,
+                                         point->distpoint->name.fullname, exts);
+                        else X509V3_add_value("RelativeName","<UNSUPPORTED>", &exts);
                }
                if(point->reasons) 
                        X509V3_add_value("reasons","<UNSUPPORTED>", &exts);
                if(point->CRLissuer)
                        X509V3_add_value("CRLissuer","<UNSUPPORTED>", &exts);
-                if(point->distpoint && point->distpoint->relativename)
-                        X509V3_add_value("RelativeName","<UNSUPPORTED>", &exts);
        }
        return exts;
 }
@@ -105,7 +103,7 @@ static STACK_OF(DIST_POINT) *v2i_crld(X509V3_EXT_METHOD *method,
                                X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
 {
        STACK_OF(DIST_POINT) *crld = NULL;
-        STACK_OF(GENERAL_NAME) *gens = NULL;
+        GENERAL_NAMES *gens = NULL;
        GENERAL_NAME *gen = NULL;
        CONF_VALUE *cnf;
        int i;
@@ -123,7 +121,8 @@ static STACK_OF(DIST_POINT) *v2i_crld(X509V3_EXT_METHOD *method,
                        goto merr;
                }
                if(!(point->distpoint = DIST_POINT_NAME_new())) goto merr;
-                point->distpoint->fullname = gens;
+                point->distpoint->name.fullname = gens;
+                point->distpoint->type = 0;
                gens = NULL;
        }
        return crld;
@@ -137,149 +136,27 @@ static STACK_OF(DIST_POINT) *v2i_crld(X509V3_EXT_METHOD *method,
        return NULL;
 }
-int i2d_CRL_DIST_POINTS(STACK_OF(DIST_POINT) *a, unsigned char **pp)
-{
-return i2d_ASN1_SET_OF_DIST_POINT(a, pp, i2d_DIST_POINT, V_ASN1_SEQUENCE,
-                                                 V_ASN1_UNIVERSAL, IS_SEQUENCE);}
-STACK_OF(DIST_POINT) *CRL_DIST_POINTS_new(void)
-{
-        return sk_DIST_POINT_new_null();
-}
-void CRL_DIST_POINTS_free(STACK_OF(DIST_POINT) *a)
-{
-        sk_DIST_POINT_pop_free(a, DIST_POINT_free);
-}
-STACK_OF(DIST_POINT) *d2i_CRL_DIST_POINTS(STACK_OF(DIST_POINT) **a,
-                unsigned char **pp,long length)
-{
-return d2i_ASN1_SET_OF_DIST_POINT(a, pp, length, d2i_DIST_POINT,
-                         DIST_POINT_free, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
-}
 IMPLEMENT_STACK_OF(DIST_POINT)
 IMPLEMENT_ASN1_SET_OF(DIST_POINT)
-int i2d_DIST_POINT(DIST_POINT *a, unsigned char **pp)
-{
-        int v = 0;
-        M_ASN1_I2D_vars(a);
-        /* NB: underlying type is a CHOICE so need EXPLICIT tagging */
-        M_ASN1_I2D_len_EXP_opt (a->distpoint, i2d_DIST_POINT_NAME, 0, v);
-        M_ASN1_I2D_len_IMP_opt (a->reasons, i2d_ASN1_BIT_STRING);
-        M_ASN1_I2D_len_IMP_opt (a->CRLissuer, i2d_GENERAL_NAMES);
-        M_ASN1_I2D_seq_total();
+ASN1_CHOICE(DIST_POINT_NAME) = {
+        ASN1_IMP_SEQUENCE_OF(DIST_POINT_NAME, name.fullname, GENERAL_NAME, 0),
+        ASN1_IMP_SET_OF(DIST_POINT_NAME, name.relativename, X509_NAME_ENTRY, 1)
+} ASN1_CHOICE_END(DIST_POINT_NAME)
-        M_ASN1_I2D_put_EXP_opt (a->distpoint, i2d_DIST_POINT_NAME, 0, v);
+IMPLEMENT_ASN1_FUNCTIONS(DIST_POINT_NAME)
-        M_ASN1_I2D_put_IMP_opt (a->reasons, i2d_ASN1_BIT_STRING, 1);
-        M_ASN1_I2D_put_IMP_opt (a->CRLissuer, i2d_GENERAL_NAMES, 2);
-        M_ASN1_I2D_finish();
+ASN1_SEQUENCE(DIST_POINT) = {
-}
+        ASN1_EXP_OPT(DIST_POINT, distpoint, DIST_POINT_NAME, 0),
+        ASN1_IMP_OPT(DIST_POINT, reasons, ASN1_BIT_STRING, 1),
+        ASN1_IMP_SEQUENCE_OF_OPT(DIST_POINT, CRLissuer, GENERAL_NAME, 2)
+} ASN1_SEQUENCE_END(DIST_POINT)
-DIST_POINT *DIST_POINT_new(void)
+IMPLEMENT_ASN1_FUNCTIONS(DIST_POINT)
-{
-        DIST_POINT *ret=NULL;
-        ASN1_CTX c;
-        M_ASN1_New_Malloc(ret, DIST_POINT);
-        ret->distpoint = NULL;
-        ret->reasons = NULL;
-        ret->CRLissuer = NULL;
-        return (ret);
-        M_ASN1_New_Error(ASN1_F_DIST_POINT_NEW);
-}
-DIST_POINT *d2i_DIST_POINT(DIST_POINT **a, unsigned char **pp, long length)
+ASN1_ITEM_TEMPLATE(CRL_DIST_POINTS) = 
-{
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, DIST_POINT, DIST_POINT)
-        M_ASN1_D2I_vars(a,DIST_POINT *,DIST_POINT_new);
+ASN1_ITEM_TEMPLATE_END(CRL_DIST_POINTS)
-        M_ASN1_D2I_Init();
-        M_ASN1_D2I_start_sequence();
-        M_ASN1_D2I_get_EXP_opt (ret->distpoint, d2i_DIST_POINT_NAME, 0);
-        M_ASN1_D2I_get_IMP_opt (ret->reasons, d2i_ASN1_BIT_STRING, 1,
-                                                        V_ASN1_BIT_STRING);
-        M_ASN1_D2I_get_IMP_opt (ret->CRLissuer, d2i_GENERAL_NAMES, 2,
-                                                        V_ASN1_SEQUENCE);
-        M_ASN1_D2I_Finish(a, DIST_POINT_free, ASN1_F_D2I_DIST_POINT);
-}
-void DIST_POINT_free(DIST_POINT *a)
+IMPLEMENT_ASN1_FUNCTIONS(CRL_DIST_POINTS)
-{
-        if (a == NULL) return;
-        DIST_POINT_NAME_free(a->distpoint);
-        M_ASN1_BIT_STRING_free(a->reasons);
-        sk_GENERAL_NAME_pop_free(a->CRLissuer, GENERAL_NAME_free);
-        OPENSSL_free (a);
-}
-int i2d_DIST_POINT_NAME(DIST_POINT_NAME *a, unsigned char **pp)
-{
-        M_ASN1_I2D_vars(a);
-        if(a->fullname) {
-                M_ASN1_I2D_len_IMP_opt (a->fullname, i2d_GENERAL_NAMES);
-        } else {
-                M_ASN1_I2D_len_IMP_SET_opt_type(X509_NAME_ENTRY,
-                                a->relativename, i2d_X509_NAME_ENTRY, 1);
-        }
-        /* Don't want a SEQUENCE so... */
-        if(pp == NULL) return ret;
-        p = *pp;
-        if(a->fullname) {
-                M_ASN1_I2D_put_IMP_opt (a->fullname, i2d_GENERAL_NAMES, 0);
-        } else {
-                M_ASN1_I2D_put_IMP_SET_opt_type(X509_NAME_ENTRY,
-                                a->relativename, i2d_X509_NAME_ENTRY, 1);
-        }
-        M_ASN1_I2D_finish();
-}
-DIST_POINT_NAME *DIST_POINT_NAME_new(void)
-{
-        DIST_POINT_NAME *ret=NULL;
-        ASN1_CTX c;
-        M_ASN1_New_Malloc(ret, DIST_POINT_NAME);
-        ret->fullname = NULL;
-        ret->relativename = NULL;
-        return (ret);
-        M_ASN1_New_Error(ASN1_F_DIST_POINT_NAME_NEW);
-}
-void DIST_POINT_NAME_free(DIST_POINT_NAME *a)
-{
-        if (a == NULL) return;
-        sk_X509_NAME_ENTRY_pop_free(a->relativename, X509_NAME_ENTRY_free);
-        sk_GENERAL_NAME_pop_free(a->fullname, GENERAL_NAME_free);
-        OPENSSL_free (a);
-}
-DIST_POINT_NAME *d2i_DIST_POINT_NAME(DIST_POINT_NAME **a, unsigned char **pp,
-             long length)
-{
-        unsigned char _tmp, tag;
-        M_ASN1_D2I_vars(a,DIST_POINT_NAME *,DIST_POINT_NAME_new);
-        M_ASN1_D2I_Init();
-        c.slen = length;
-        _tmp = M_ASN1_next;
-        tag = _tmp & ~V_ASN1_CONSTRUCTED;
-        
-        if(tag == (0|V_ASN1_CONTEXT_SPECIFIC)) {
-                M_ASN1_D2I_get_imp(ret->fullname, d2i_GENERAL_NAMES,
-                                                        V_ASN1_SEQUENCE);
-        } else if (tag == (1|V_ASN1_CONTEXT_SPECIFIC)) {
-                M_ASN1_D2I_get_IMP_set_opt_type (X509_NAME_ENTRY,
-                        ret->relativename, d2i_X509_NAME_ENTRY, X509_NAME_ENTRY_free, 1);
-        } else {
-                c.error = ASN1_R_BAD_TAG;
-                goto err;
-        }
-        M_ASN1_D2I_Finish(a, DIST_POINT_NAME_free, ASN1_F_D2I_DIST_POINT_NAME);
-}
diff --git a/src/lib/libcrypto/x509v3/v3_enum.c b/src/lib/libcrypto/x509v3/v3_enum.c
index aecfdc87f8..010c9d6260 100644
--- a/src/lib/libcrypto/x509v3/v3_enum.c
+++ b/src/lib/libcrypto/x509v3/v3_enum.c
@@ -73,14 +73,12 @@ static ENUMERATED_NAMES crl_reasons[] = {
 };
 X509V3_EXT_METHOD v3_crl_reason = { 
-NID_crl_reason, 0,
+NID_crl_reason, 0, ASN1_ITEM_ref(ASN1_ENUMERATED),
-(X509V3_EXT_NEW)ASN1_ENUMERATED_new,
+0,0,0,0,
-(X509V3_EXT_FREE)ASN1_ENUMERATED_free,
-(X509V3_EXT_D2I)d2i_ASN1_ENUMERATED,
-(X509V3_EXT_I2D)i2d_ASN1_ENUMERATED,
 (X509V3_EXT_I2S)i2s_ASN1_ENUMERATED_TABLE,
-(X509V3_EXT_S2I)0,
+0,
-NULL, NULL, NULL, NULL, crl_reasons};
+0,0,0,0,
+crl_reasons};
 char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *method,
diff --git a/src/lib/libcrypto/x509v3/v3_extku.c b/src/lib/libcrypto/x509v3/v3_extku.c
index 53ec40a027..b1cfaba1aa 100644
--- a/src/lib/libcrypto/x509v3/v3_extku.c
+++ b/src/lib/libcrypto/x509v3/v3_extku.c
@@ -59,92 +59,84 @@
 #include <stdio.h>
 #include "cryptlib.h"
-#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
 #include <openssl/conf.h>
 #include <openssl/x509v3.h>
-static STACK_OF(ASN1_OBJECT) *v2i_ext_ku(X509V3_EXT_METHOD *method,
+static void *v2i_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method,
                                X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
-static STACK_OF(CONF_VALUE) *i2v_ext_ku(X509V3_EXT_METHOD *method,
+static STACK_OF(CONF_VALUE) *i2v_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method,
-                STACK_OF(ASN1_OBJECT) *eku, STACK_OF(CONF_VALUE) *extlist);
+                void *eku, STACK_OF(CONF_VALUE) *extlist);
 X509V3_EXT_METHOD v3_ext_ku = {
-NID_ext_key_usage, 0,
+        NID_ext_key_usage, 0,
-(X509V3_EXT_NEW)ext_ku_new,
+        ASN1_ITEM_ref(EXTENDED_KEY_USAGE),
-(X509V3_EXT_FREE)ext_ku_free,
+        0,0,0,0,
-(X509V3_EXT_D2I)d2i_ext_ku,
+        0,0,
-(X509V3_EXT_I2D)i2d_ext_ku,
+        i2v_EXTENDED_KEY_USAGE,
-NULL, NULL,
+        v2i_EXTENDED_KEY_USAGE,
-(X509V3_EXT_I2V)i2v_ext_ku,
+        0,0,
-(X509V3_EXT_V2I)v2i_ext_ku,
+        NULL
-NULL,NULL,
-NULL
 };
-STACK_OF(ASN1_OBJECT) *ext_ku_new(void)
+/* NB OCSP acceptable responses also is a SEQUENCE OF OBJECT */
-{
+X509V3_EXT_METHOD v3_ocsp_accresp = {
-        return sk_ASN1_OBJECT_new_null();
+        NID_id_pkix_OCSP_acceptableResponses, 0,
-}
+        ASN1_ITEM_ref(EXTENDED_KEY_USAGE),
+        0,0,0,0,
-void ext_ku_free(STACK_OF(ASN1_OBJECT) *eku)
+        0,0,
-{
+        i2v_EXTENDED_KEY_USAGE,
-        sk_ASN1_OBJECT_pop_free(eku, ASN1_OBJECT_free);
+        v2i_EXTENDED_KEY_USAGE,
-        return;
+        0,0,
-}
+        NULL
+};
-int i2d_ext_ku(STACK_OF(ASN1_OBJECT) *a, unsigned char **pp)
-{
-        return i2d_ASN1_SET_OF_ASN1_OBJECT(a, pp, i2d_ASN1_OBJECT,
-                                V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, IS_SEQUENCE);
-}
-STACK_OF(ASN1_OBJECT) *d2i_ext_ku(STACK_OF(ASN1_OBJECT) **a,
-                                        unsigned char **pp, long length)
-{
-        return d2i_ASN1_SET_OF_ASN1_OBJECT(a, pp, length, d2i_ASN1_OBJECT,
-                         ASN1_OBJECT_free, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
-}
+ASN1_ITEM_TEMPLATE(EXTENDED_KEY_USAGE) = 
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, EXTENDED_KEY_USAGE, ASN1_OBJECT)
+ASN1_ITEM_TEMPLATE_END(EXTENDED_KEY_USAGE)
+IMPLEMENT_ASN1_FUNCTIONS(EXTENDED_KEY_USAGE)
-static STACK_OF(CONF_VALUE) *i2v_ext_ku(X509V3_EXT_METHOD *method,
+static STACK_OF(CONF_VALUE) *i2v_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method,
-                STACK_OF(ASN1_OBJECT) *eku, STACK_OF(CONF_VALUE) *ext_list)
+                void *a, STACK_OF(CONF_VALUE) *ext_list)
 {
-int i;
+        EXTENDED_KEY_USAGE *eku = a;
-ASN1_OBJECT *obj;
+        int i;
-char obj_tmp[80];
+        ASN1_OBJECT *obj;
-for(i = 0; i < sk_ASN1_OBJECT_num(eku); i++) {
+        char obj_tmp[80];
-        obj = sk_ASN1_OBJECT_value(eku, i);
+        for(i = 0; i < sk_ASN1_OBJECT_num(eku); i++) {
-        i2t_ASN1_OBJECT(obj_tmp, 80, obj);
+                obj = sk_ASN1_OBJECT_value(eku, i);
-        X509V3_add_value(NULL, obj_tmp, &ext_list);
+                i2t_ASN1_OBJECT(obj_tmp, 80, obj);
-}
+                X509V3_add_value(NULL, obj_tmp, &ext_list);
-return ext_list;
+        }
+        return ext_list;
 }
-static STACK_OF(ASN1_OBJECT) *v2i_ext_ku(X509V3_EXT_METHOD *method,
+static void *v2i_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method,
                                X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
 {
-STACK_OF(ASN1_OBJECT) *extku;
+        EXTENDED_KEY_USAGE *extku;
-char *extval;
+        char *extval;
-ASN1_OBJECT *objtmp;
+        ASN1_OBJECT *objtmp;
-CONF_VALUE *val;
+        CONF_VALUE *val;
-int i;
+        int i;
-if(!(extku = sk_ASN1_OBJECT_new_null())) {
+        if(!(extku = sk_ASN1_OBJECT_new_null())) {
-        X509V3err(X509V3_F_V2I_EXT_KU,ERR_R_MALLOC_FAILURE);
+                X509V3err(X509V3_F_V2I_EXT_KU,ERR_R_MALLOC_FAILURE);
-        return NULL;
-}
-for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
-        val = sk_CONF_VALUE_value(nval, i);
-        if(val->value) extval = val->value;
-        else extval = val->name;
-        if(!(objtmp = OBJ_txt2obj(extval, 0))) {
-                sk_ASN1_OBJECT_pop_free(extku, ASN1_OBJECT_free);
-                X509V3err(X509V3_F_V2I_EXT_KU,X509V3_R_INVALID_OBJECT_IDENTIFIER);
-                X509V3_conf_err(val);
                return NULL;
        }
-        sk_ASN1_OBJECT_push(extku, objtmp);
-}
+        for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
-return extku;
+                val = sk_CONF_VALUE_value(nval, i);
+                if(val->value) extval = val->value;
+                else extval = val->name;
+                if(!(objtmp = OBJ_txt2obj(extval, 0))) {
+                        sk_ASN1_OBJECT_pop_free(extku, ASN1_OBJECT_free);
+                        X509V3err(X509V3_F_V2I_EXT_KU,X509V3_R_INVALID_OBJECT_IDENTIFIER);
+                        X509V3_conf_err(val);
+                        return NULL;
+                }
+                sk_ASN1_OBJECT_push(extku, objtmp);
+        }
+        return extku;
 }
diff --git a/src/lib/libcrypto/x509v3/v3_genn.c b/src/lib/libcrypto/x509v3/v3_genn.c
index d44751458e..650b510980 100644
--- a/src/lib/libcrypto/x509v3/v3_genn.c
+++ b/src/lib/libcrypto/x509v3/v3_genn.c
@@ -59,233 +59,43 @@
 #include <stdio.h>
 #include "cryptlib.h"
-#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
-#include <openssl/asn1_mac.h>
 #include <openssl/conf.h>
 #include <openssl/x509v3.h>
-int i2d_GENERAL_NAME(GENERAL_NAME *a, unsigned char **pp)
+ASN1_SEQUENCE(OTHERNAME) = {
-{
+        ASN1_SIMPLE(OTHERNAME, type_id, ASN1_OBJECT),
-        unsigned char *p;
+        /* Maybe have a true ANY DEFINED BY later */
-        int ret;
+        ASN1_EXP(OTHERNAME, value, ASN1_ANY, 0)
+} ASN1_SEQUENCE_END(OTHERNAME)
-        ret = 0;
+IMPLEMENT_ASN1_FUNCTIONS(OTHERNAME)
-        /* Save the location of initial TAG */
-        if(pp) p = *pp;
+ASN1_SEQUENCE(EDIPARTYNAME) = {
-        else p = NULL;
+        ASN1_IMP_OPT(EDIPARTYNAME, nameAssigner, DIRECTORYSTRING, 0),
+        ASN1_IMP_OPT(EDIPARTYNAME, partyName, DIRECTORYSTRING, 1)
-        /* GEN_DNAME needs special treatment because of EXPLICIT tag */
+} ASN1_SEQUENCE_END(EDIPARTYNAME)
-        if(a->type == GEN_DIRNAME) {
+IMPLEMENT_ASN1_FUNCTIONS(EDIPARTYNAME)
-                int v = 0;
-                M_ASN1_I2D_len_EXP_opt(a->d.dirn, i2d_X509_NAME, 4, v);
+ASN1_CHOICE(GENERAL_NAME) = {
-                if(!p) return ret;
+        ASN1_IMP(GENERAL_NAME, d.otherName, OTHERNAME, GEN_OTHERNAME),
-                M_ASN1_I2D_put_EXP_opt(a->d.dirn, i2d_X509_NAME, 4, v);
+        ASN1_IMP(GENERAL_NAME, d.rfc822Name, ASN1_IA5STRING, GEN_EMAIL),
-                *pp = p;
+        ASN1_IMP(GENERAL_NAME, d.dNSName, ASN1_IA5STRING, GEN_DNS),
-                return ret;
+        /* Don't decode this */
-        }
+        ASN1_IMP(GENERAL_NAME, d.x400Address, ASN1_SEQUENCE, GEN_X400),
+        /* X509_NAME is a CHOICE type so use EXPLICIT */
-        switch(a->type) {
+        ASN1_EXP(GENERAL_NAME, d.directoryName, X509_NAME, GEN_DIRNAME),
+        ASN1_IMP(GENERAL_NAME, d.ediPartyName, EDIPARTYNAME, GEN_EDIPARTY),
-                case GEN_X400:
+        ASN1_IMP(GENERAL_NAME, d.uniformResourceIdentifier, ASN1_IA5STRING, GEN_URI),
-                case GEN_EDIPARTY:
+        ASN1_IMP(GENERAL_NAME, d.iPAddress, ASN1_OCTET_STRING, GEN_IPADD),
-                ret = i2d_ASN1_TYPE(a->d.other, pp);
+        ASN1_IMP(GENERAL_NAME, d.registeredID, ASN1_OBJECT, GEN_RID)
-                break;
+} ASN1_CHOICE_END(GENERAL_NAME)
-                case GEN_OTHERNAME:
+IMPLEMENT_ASN1_FUNCTIONS(GENERAL_NAME)
-                ret = i2d_OTHERNAME(a->d.otherName, pp);
-                break;
+ASN1_ITEM_TEMPLATE(GENERAL_NAMES) = 
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, GeneralNames, GENERAL_NAME)
-                case GEN_EMAIL:
+ASN1_ITEM_TEMPLATE_END(GENERAL_NAMES)
-                case GEN_DNS:
-                case GEN_URI:
+IMPLEMENT_ASN1_FUNCTIONS(GENERAL_NAMES)
-                ret = i2d_ASN1_IA5STRING(a->d.ia5, pp);
-                break;
-                case GEN_IPADD:
-                ret = i2d_ASN1_OCTET_STRING(a->d.ip, pp);
-                break;
-        
-                case GEN_RID:
-                ret = i2d_ASN1_OBJECT(a->d.rid, pp);
-                break;
-        }
-        /* Replace TAG with IMPLICIT value */
-        if(p) *p = (*p & V_ASN1_CONSTRUCTED) | a->type;
-        return ret;
-}
-GENERAL_NAME *GENERAL_NAME_new()
-{
-        GENERAL_NAME *ret=NULL;
-        ASN1_CTX c;
-        M_ASN1_New_Malloc(ret, GENERAL_NAME);
-        ret->type = -1;
-        ret->d.ptr = NULL;
-        return (ret);
-        M_ASN1_New_Error(ASN1_F_GENERAL_NAME_NEW);
-}
-GENERAL_NAME *d2i_GENERAL_NAME(GENERAL_NAME **a, unsigned char **pp,
-                                                                 long length)
-{
-        unsigned char _tmp;
-        M_ASN1_D2I_vars(a,GENERAL_NAME *,GENERAL_NAME_new);
-        M_ASN1_D2I_Init();
-        c.slen = length;
-        _tmp = M_ASN1_next;
-        ret->type = _tmp & ~V_ASN1_CONSTRUCTED;
-        switch(ret->type) {
-                /* Just put these in a "blob" for now */
-                case GEN_X400:
-                case GEN_EDIPARTY:
-                M_ASN1_D2I_get_imp(ret->d.other, d2i_ASN1_TYPE,V_ASN1_SEQUENCE);
-                break;
-                case GEN_OTHERNAME:
-                M_ASN1_D2I_get_imp(ret->d.otherName, d2i_OTHERNAME,V_ASN1_SEQUENCE);
-                break;
-                case GEN_EMAIL:
-                case GEN_DNS:
-                case GEN_URI:
-                M_ASN1_D2I_get_imp(ret->d.ia5, d2i_ASN1_IA5STRING,
-                                                        V_ASN1_IA5STRING);
-                break;
-                case GEN_DIRNAME:
-                M_ASN1_D2I_get_EXP_opt(ret->d.dirn, d2i_X509_NAME, 4);
-                break;
-                case GEN_IPADD:
-                M_ASN1_D2I_get_imp(ret->d.ip, d2i_ASN1_OCTET_STRING,
-                                                        V_ASN1_OCTET_STRING);
-                break;
-        
-                case GEN_RID:
-                M_ASN1_D2I_get_imp(ret->d.rid, d2i_ASN1_OBJECT,V_ASN1_OBJECT);
-                break;
-                default:
-                c.error = ASN1_R_BAD_TAG;
-                goto err;
-        }
-        c.slen = 0;
-        M_ASN1_D2I_Finish(a, GENERAL_NAME_free, ASN1_F_D2I_GENERAL_NAME);
-}
-void GENERAL_NAME_free(GENERAL_NAME *a)
-{
-        if (a == NULL) return;
-        switch(a->type) {
-                case GEN_X400:
-                case GEN_EDIPARTY:
-                ASN1_TYPE_free(a->d.other);
-                break;
-                case GEN_OTHERNAME:
-                OTHERNAME_free(a->d.otherName);
-                break;
-                case GEN_EMAIL:
-                case GEN_DNS:
-                case GEN_URI:
-                M_ASN1_IA5STRING_free(a->d.ia5);
-                break;
-                case GEN_DIRNAME:
-                X509_NAME_free(a->d.dirn);
-                break;
-                case GEN_IPADD:
-                M_ASN1_OCTET_STRING_free(a->d.ip);
-                break;
-        
-                case GEN_RID:
-                ASN1_OBJECT_free(a->d.rid);
-                break;
-        }
-        OPENSSL_free (a);
-}
-/* Now the GeneralNames versions: a SEQUENCE OF GeneralName. These are needed as
- * explicit functions.
- */
-STACK_OF(GENERAL_NAME) *GENERAL_NAMES_new()
-{
-        return sk_GENERAL_NAME_new_null();
-}
-void GENERAL_NAMES_free(STACK_OF(GENERAL_NAME) *a)
-{
-        sk_GENERAL_NAME_pop_free(a, GENERAL_NAME_free);
-}
-STACK_OF(GENERAL_NAME) *d2i_GENERAL_NAMES(STACK_OF(GENERAL_NAME) **a,
-                                         unsigned char **pp, long length)
-{
-return d2i_ASN1_SET_OF_GENERAL_NAME(a, pp, length, d2i_GENERAL_NAME,
-                         GENERAL_NAME_free, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
-}
-int i2d_GENERAL_NAMES(STACK_OF(GENERAL_NAME) *a, unsigned char **pp)
-{
-return i2d_ASN1_SET_OF_GENERAL_NAME(a, pp, i2d_GENERAL_NAME, V_ASN1_SEQUENCE,
-                                                 V_ASN1_UNIVERSAL, IS_SEQUENCE);
-}
-IMPLEMENT_STACK_OF(GENERAL_NAME)
-IMPLEMENT_ASN1_SET_OF(GENERAL_NAME)
-int i2d_OTHERNAME(OTHERNAME *a, unsigned char **pp)
-{
-        int v = 0;
-        M_ASN1_I2D_vars(a);
-        M_ASN1_I2D_len(a->type_id, i2d_ASN1_OBJECT);
-        M_ASN1_I2D_len_EXP_opt(a->value, i2d_ASN1_TYPE, 0, v);
-        M_ASN1_I2D_seq_total();
-        M_ASN1_I2D_put(a->type_id, i2d_ASN1_OBJECT);
-        M_ASN1_I2D_put_EXP_opt(a->value, i2d_ASN1_TYPE, 0, v);
-        M_ASN1_I2D_finish();
-}
-OTHERNAME *OTHERNAME_new(void)
-{
-        OTHERNAME *ret=NULL;
-        ASN1_CTX c;
-        M_ASN1_New_Malloc(ret, OTHERNAME);
-        ret->type_id = OBJ_nid2obj(NID_undef);
-        M_ASN1_New(ret->value, ASN1_TYPE_new);
-        return (ret);
-        M_ASN1_New_Error(ASN1_F_OTHERNAME_NEW);
-}
-OTHERNAME *d2i_OTHERNAME(OTHERNAME **a, unsigned char **pp, long length)
-{
-        M_ASN1_D2I_vars(a,OTHERNAME *,OTHERNAME_new);
-        M_ASN1_D2I_Init();
-        M_ASN1_D2I_start_sequence();
-        M_ASN1_D2I_get(ret->type_id, d2i_ASN1_OBJECT);
-        M_ASN1_D2I_get_EXP_opt(ret->value, d2i_ASN1_TYPE, 0);
-        M_ASN1_D2I_Finish(a, OTHERNAME_free, ASN1_F_D2I_OTHERNAME);
-}
-void OTHERNAME_free(OTHERNAME *a)
-{
-        if (a == NULL) return;
-        ASN1_OBJECT_free(a->type_id);
-        ASN1_TYPE_free(a->value);
-        OPENSSL_free (a);
-}
diff --git a/src/lib/libcrypto/x509v3/v3_info.c b/src/lib/libcrypto/x509v3/v3_info.c
index a045a629ee..7f17f3231d 100644
--- a/src/lib/libcrypto/x509v3/v3_info.c
+++ b/src/lib/libcrypto/x509v3/v3_info.c
@@ -60,28 +60,48 @@
 #include "cryptlib.h"
 #include <openssl/conf.h>
 #include <openssl/asn1.h>
-#include <openssl/asn1_mac.h>
+#include <openssl/asn1t.h>
 #include <openssl/x509v3.h>
 static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method,
-                                STACK_OF(ACCESS_DESCRIPTION) *ainfo,
+                                AUTHORITY_INFO_ACCESS *ainfo,
                                                STACK_OF(CONF_VALUE) *ret);
-static STACK_OF(ACCESS_DESCRIPTION) *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method,
+static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method,
                                 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
 X509V3_EXT_METHOD v3_info =
-{ NID_info_access, X509V3_EXT_MULTILINE,
+{ NID_info_access, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(AUTHORITY_INFO_ACCESS),
-(X509V3_EXT_NEW)AUTHORITY_INFO_ACCESS_new,
+0,0,0,0,
-(X509V3_EXT_FREE)AUTHORITY_INFO_ACCESS_free,
+0,0,
-(X509V3_EXT_D2I)d2i_AUTHORITY_INFO_ACCESS,
-(X509V3_EXT_I2D)i2d_AUTHORITY_INFO_ACCESS,
-NULL, NULL,
 (X509V3_EXT_I2V)i2v_AUTHORITY_INFO_ACCESS,
 (X509V3_EXT_V2I)v2i_AUTHORITY_INFO_ACCESS,
-NULL, NULL, NULL};
+0,0,
+NULL};
+X509V3_EXT_METHOD v3_sinfo =
+{ NID_sinfo_access, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(AUTHORITY_INFO_ACCESS),
+0,0,0,0,
+0,0,
+(X509V3_EXT_I2V)i2v_AUTHORITY_INFO_ACCESS,
+(X509V3_EXT_V2I)v2i_AUTHORITY_INFO_ACCESS,
+0,0,
+NULL};
+ASN1_SEQUENCE(ACCESS_DESCRIPTION) = {
+        ASN1_SIMPLE(ACCESS_DESCRIPTION, method, ASN1_OBJECT),
+        ASN1_SIMPLE(ACCESS_DESCRIPTION, location, GENERAL_NAME)
+} ASN1_SEQUENCE_END(ACCESS_DESCRIPTION)
+IMPLEMENT_ASN1_FUNCTIONS(ACCESS_DESCRIPTION)
+ASN1_ITEM_TEMPLATE(AUTHORITY_INFO_ACCESS) = 
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, GeneralNames, ACCESS_DESCRIPTION)
+ASN1_ITEM_TEMPLATE_END(AUTHORITY_INFO_ACCESS)
+IMPLEMENT_ASN1_FUNCTIONS(AUTHORITY_INFO_ACCESS)
 static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method,
-                                STACK_OF(ACCESS_DESCRIPTION) *ainfo,
+                                AUTHORITY_INFO_ACCESS *ainfo,
                                                STACK_OF(CONF_VALUE) *ret)
 {
        ACCESS_DESCRIPTION *desc;
@@ -111,10 +131,10 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method
        return ret;
 }
-static STACK_OF(ACCESS_DESCRIPTION) *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method,
+static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method,
                                 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
 {
-        STACK_OF(ACCESS_DESCRIPTION) *ainfo = NULL;
+        AUTHORITY_INFO_ACCESS *ainfo = NULL;
        CONF_VALUE *cnf, ctmp;
        ACCESS_DESCRIPTION *acc;
        int i, objlen;
@@ -162,75 +182,11 @@ static STACK_OF(ACCESS_DESCRIPTION) *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD
        return NULL;
 }
-int i2d_ACCESS_DESCRIPTION(ACCESS_DESCRIPTION *a, unsigned char **pp)
+int i2a_ACCESS_DESCRIPTION(BIO *bp, ACCESS_DESCRIPTION* a)
-{
+        {
-        M_ASN1_I2D_vars(a);
+        i2a_ASN1_OBJECT(bp, a->method);
+#ifdef UNDEF
-        M_ASN1_I2D_len(a->method, i2d_ASN1_OBJECT);
+        i2a_GENERAL_NAME(bp, a->location);
-        M_ASN1_I2D_len(a->location, i2d_GENERAL_NAME);
+#endif
+        return 2;
-        M_ASN1_I2D_seq_total();
+        }
-        M_ASN1_I2D_put(a->method, i2d_ASN1_OBJECT);
-        M_ASN1_I2D_put(a->location, i2d_GENERAL_NAME);
-        M_ASN1_I2D_finish();
-}
-ACCESS_DESCRIPTION *ACCESS_DESCRIPTION_new(void)
-{
-        ACCESS_DESCRIPTION *ret=NULL;
-        ASN1_CTX c;
-        M_ASN1_New_Malloc(ret, ACCESS_DESCRIPTION);
-        ret->method = OBJ_nid2obj(NID_undef);
-        ret->location = NULL;
-        return (ret);
-        M_ASN1_New_Error(ASN1_F_ACCESS_DESCRIPTION_NEW);
-}
-ACCESS_DESCRIPTION *d2i_ACCESS_DESCRIPTION(ACCESS_DESCRIPTION **a, unsigned char **pp,
-             long length)
-{
-        M_ASN1_D2I_vars(a,ACCESS_DESCRIPTION *,ACCESS_DESCRIPTION_new);
-        M_ASN1_D2I_Init();
-        M_ASN1_D2I_start_sequence();
-        M_ASN1_D2I_get(ret->method, d2i_ASN1_OBJECT);
-        M_ASN1_D2I_get(ret->location, d2i_GENERAL_NAME);
-        M_ASN1_D2I_Finish(a, ACCESS_DESCRIPTION_free, ASN1_F_D2I_ACCESS_DESCRIPTION);
-}
-void ACCESS_DESCRIPTION_free(ACCESS_DESCRIPTION *a)
-{
-        if (a == NULL) return;
-        ASN1_OBJECT_free(a->method);
-        GENERAL_NAME_free(a->location);
-        OPENSSL_free (a);
-}
-STACK_OF(ACCESS_DESCRIPTION) *AUTHORITY_INFO_ACCESS_new(void)
-{
-        return sk_ACCESS_DESCRIPTION_new_null();
-}
-void AUTHORITY_INFO_ACCESS_free(STACK_OF(ACCESS_DESCRIPTION) *a)
-{
-        sk_ACCESS_DESCRIPTION_pop_free(a, ACCESS_DESCRIPTION_free);
-}
-STACK_OF(ACCESS_DESCRIPTION) *d2i_AUTHORITY_INFO_ACCESS(STACK_OF(ACCESS_DESCRIPTION) **a,
-                                         unsigned char **pp, long length)
-{
-return d2i_ASN1_SET_OF_ACCESS_DESCRIPTION(a, pp, length, d2i_ACCESS_DESCRIPTION,
-                         ACCESS_DESCRIPTION_free, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
-}
-int i2d_AUTHORITY_INFO_ACCESS(STACK_OF(ACCESS_DESCRIPTION) *a, unsigned char **pp)
-{
-return i2d_ASN1_SET_OF_ACCESS_DESCRIPTION(a, pp, i2d_ACCESS_DESCRIPTION, V_ASN1_SEQUENCE,
-                                                 V_ASN1_UNIVERSAL, IS_SEQUENCE);
-}
-IMPLEMENT_STACK_OF(ACCESS_DESCRIPTION)
-IMPLEMENT_ASN1_SET_OF(ACCESS_DESCRIPTION)
diff --git a/src/lib/libcrypto/x509v3/v3_int.c b/src/lib/libcrypto/x509v3/v3_int.c
index 63c201e5f4..f34cbfb731 100644
--- a/src/lib/libcrypto/x509v3/v3_int.c
+++ b/src/lib/libcrypto/x509v3/v3_int.c
@@ -61,12 +61,9 @@
 #include <openssl/x509v3.h>
 X509V3_EXT_METHOD v3_crl_num = { 
-NID_crl_number, 0,
+NID_crl_number, 0, ASN1_ITEM_ref(ASN1_INTEGER),
-(X509V3_EXT_NEW)ASN1_INTEGER_new,
+0,0,0,0,
-(X509V3_EXT_FREE)ASN1_INTEGER_free,
-(X509V3_EXT_D2I)d2i_ASN1_INTEGER,
-(X509V3_EXT_I2D)i2d_ASN1_INTEGER,
 (X509V3_EXT_I2S)i2s_ASN1_INTEGER,
-(X509V3_EXT_S2I)0,
+0,
-NULL, NULL, NULL, NULL, NULL};
+0,0,0,0, NULL};
diff --git a/src/lib/libcrypto/x509v3/v3_lib.c b/src/lib/libcrypto/x509v3/v3_lib.c
index ea86b9ebb9..482ca8ccf5 100644
--- a/src/lib/libcrypto/x509v3/v3_lib.c
+++ b/src/lib/libcrypto/x509v3/v3_lib.c
@@ -163,8 +163,9 @@ void *X509V3_EXT_d2i(X509_EXTENSION *ext)
 {
        X509V3_EXT_METHOD *method;
        unsigned char *p;
-        if(!(method = X509V3_EXT_get(ext)) || !method->d2i) return NULL;
+        if(!(method = X509V3_EXT_get(ext))) return NULL;
        p = ext->value->data;
+        if(method->it) return ASN1_item_d2i(NULL, &p, ext->value->length, ASN1_ITEM_ptr(method->it));
        return method->d2i(NULL, &p, ext->value->length);
 }
@@ -212,7 +213,7 @@ void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx)
        }
        if(found_ex) {
                /* Found it */
-                if(crit) *crit = found_ex->critical;
+                if(crit) *crit = X509_EXTENSION_get_critical(found_ex);
                return X509V3_EXT_d2i(found_ex);
        }
@@ -222,4 +223,79 @@ void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx)
        return NULL;
 }
+/* This function is a general extension append, replace and delete utility.
+ * The precise operation is governed by the 'flags' value. The 'crit' and
+ * 'value' arguments (if relevant) are the extensions internal structure.
+ */
+int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value,
+                                        int crit, unsigned long flags)
+{
+        int extidx = -1;
+        int errcode;
+        X509_EXTENSION *ext, *extmp;
+        unsigned long ext_op = flags & X509V3_ADD_OP_MASK;
+        /* If appending we don't care if it exists, otherwise
+         * look for existing extension.
+         */
+        if(ext_op != X509V3_ADD_APPEND)
+                extidx = X509v3_get_ext_by_NID(*x, nid, -1);
+        /* See if extension exists */
+        if(extidx >= 0) {
+                /* If keep existing, nothing to do */
+                if(ext_op == X509V3_ADD_KEEP_EXISTING)
+                        return 1;
+                /* If default then its an error */
+                if(ext_op == X509V3_ADD_DEFAULT) {
+                        errcode = X509V3_R_EXTENSION_EXISTS;
+                        goto err;
+                }
+                /* If delete, just delete it */
+                if(ext_op == X509V3_ADD_DELETE) {
+                        if(!sk_X509_EXTENSION_delete(*x, extidx)) return -1;
+                        return 1;
+                }
+        } else {
+                /* If replace existing or delete, error since 
+                 * extension must exist
+                 */
+                if((ext_op == X509V3_ADD_REPLACE_EXISTING) ||
+                   (ext_op == X509V3_ADD_DELETE)) {
+                        errcode = X509V3_R_EXTENSION_NOT_FOUND;
+                        goto err;
+                }
+        }
+        /* If we get this far then we have to create an extension:
+         * could have some flags for alternative encoding schemes...
+         */
+        ext = X509V3_EXT_i2d(nid, crit, value);
+        if(!ext) {
+                X509V3err(X509V3_F_X509V3_ADD_I2D, X509V3_R_ERROR_CREATING_EXTENSION);
+                return 0;
+        }
+        /* If extension exists replace it.. */
+        if(extidx >= 0) {
+                extmp = sk_X509_EXTENSION_value(*x, extidx);
+                X509_EXTENSION_free(extmp);
+                if(!sk_X509_EXTENSION_set(*x, extidx, ext)) return -1;
+                return 1;
+        }
+        if(!*x && !(*x = sk_X509_EXTENSION_new_null())) return -1;
+        if(!sk_X509_EXTENSION_push(*x, ext)) return -1;
+        return 1;
+        err:
+        if(!(flags & X509V3_ADD_SILENT))
+                X509V3err(X509V3_F_X509V3_ADD_I2D, errcode);
+        return 0;
+}
 IMPLEMENT_STACK_OF(X509V3_EXT_METHOD)
diff --git a/src/lib/libcrypto/x509v3/v3_ocsp.c b/src/lib/libcrypto/x509v3/v3_ocsp.c
new file mode 100644
index 0000000000..083112314e
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/v3_ocsp.c
@@ -0,0 +1,272 @@
+/* v3_ocsp.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/asn1.h>
+#include <openssl/ocsp.h>
+#include <openssl/x509v3.h>
+/* OCSP extensions and a couple of CRL entry extensions
+ */
+static int i2r_ocsp_crlid(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent);
+static int i2r_ocsp_acutoff(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent);
+static int i2r_object(X509V3_EXT_METHOD *method, void *obj, BIO *out, int indent);
+static void *ocsp_nonce_new(void);
+static int i2d_ocsp_nonce(void *a, unsigned char **pp);
+static void *d2i_ocsp_nonce(void *a, unsigned char **pp, long length);
+static void ocsp_nonce_free(void *a);
+static int i2r_ocsp_nonce(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent);
+static int i2r_ocsp_nocheck(X509V3_EXT_METHOD *method, void *nocheck, BIO *out, int indent);
+static void *s2i_ocsp_nocheck(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str);
+static int i2r_ocsp_serviceloc(X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind);
+X509V3_EXT_METHOD v3_ocsp_crlid = {
+        NID_id_pkix_OCSP_CrlID, 0, ASN1_ITEM_ref(OCSP_CRLID),
+        0,0,0,0,
+        0,0,
+        0,0,
+        i2r_ocsp_crlid,0,
+        NULL
+};
+X509V3_EXT_METHOD v3_ocsp_acutoff = {
+        NID_id_pkix_OCSP_archiveCutoff, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME),
+        0,0,0,0,
+        0,0,
+        0,0,
+        i2r_ocsp_acutoff,0,
+        NULL
+};
+X509V3_EXT_METHOD v3_crl_invdate = {
+        NID_invalidity_date, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME),
+        0,0,0,0,
+        0,0,
+        0,0,
+        i2r_ocsp_acutoff,0,
+        NULL
+};
+X509V3_EXT_METHOD v3_crl_hold = {
+        NID_hold_instruction_code, 0, ASN1_ITEM_ref(ASN1_OBJECT),
+        0,0,0,0,
+        0,0,
+        0,0,
+        i2r_object,0,
+        NULL
+};
+X509V3_EXT_METHOD v3_ocsp_nonce = {
+        NID_id_pkix_OCSP_Nonce, 0, NULL,
+        ocsp_nonce_new,
+        ocsp_nonce_free,
+        d2i_ocsp_nonce,
+        i2d_ocsp_nonce,
+        0,0,
+        0,0,
+        i2r_ocsp_nonce,0,
+        NULL
+};
+X509V3_EXT_METHOD v3_ocsp_nocheck = {
+        NID_id_pkix_OCSP_noCheck, 0, ASN1_ITEM_ref(ASN1_NULL),
+        0,0,0,0,
+        0,s2i_ocsp_nocheck,
+        0,0,
+        i2r_ocsp_nocheck,0,
+        NULL
+};
+X509V3_EXT_METHOD v3_ocsp_serviceloc = {
+        NID_id_pkix_OCSP_serviceLocator, 0, ASN1_ITEM_ref(OCSP_SERVICELOC),
+        0,0,0,0,
+        0,0,
+        0,0,
+        i2r_ocsp_serviceloc,0,
+        NULL
+};
+static int i2r_ocsp_crlid(X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind)
+{
+        OCSP_CRLID *a = in;
+        if (a->crlUrl)
+                {
+                if (!BIO_printf(bp, "%*scrlUrl: ", ind, "")) goto err;
+                if (!ASN1_STRING_print(bp, (ASN1_STRING*)a->crlUrl)) goto err;
+                if (!BIO_write(bp, "\n", 1)) goto err;
+                }
+        if (a->crlNum)
+                {
+                if (!BIO_printf(bp, "%*scrlNum: ", ind, "")) goto err;
+                if (!i2a_ASN1_INTEGER(bp, a->crlNum)) goto err;
+                if (!BIO_write(bp, "\n", 1)) goto err;
+                }
+        if (a->crlTime)
+                {
+                if (!BIO_printf(bp, "%*scrlTime: ", ind, "")) goto err;
+                if (!ASN1_GENERALIZEDTIME_print(bp, a->crlTime)) goto err;
+                if (!BIO_write(bp, "\n", 1)) goto err;
+                }
+        return 1;
+        err:
+        return 0;
+}
+static int i2r_ocsp_acutoff(X509V3_EXT_METHOD *method, void *cutoff, BIO *bp, int ind)
+{
+        if (!BIO_printf(bp, "%*s", ind, "")) return 0;
+        if(!ASN1_GENERALIZEDTIME_print(bp, cutoff)) return 0;
+        return 1;
+}
+static int i2r_object(X509V3_EXT_METHOD *method, void *oid, BIO *bp, int ind)
+{
+        if (!BIO_printf(bp, "%*s", ind, "")) return 0;
+        if(!i2a_ASN1_OBJECT(bp, oid)) return 0;
+        return 1;
+}
+/* OCSP nonce. This is needs special treatment because it doesn't have
+ * an ASN1 encoding at all: it just contains arbitrary data.
+ */
+static void *ocsp_nonce_new(void)
+{
+        return ASN1_OCTET_STRING_new();
+}
+static int i2d_ocsp_nonce(void *a, unsigned char **pp)
+{
+        ASN1_OCTET_STRING *os = a;
+        if(pp) {
+                memcpy(*pp, os->data, os->length);
+                *pp += os->length;
+        }
+        return os->length;
+}
+static void *d2i_ocsp_nonce(void *a, unsigned char **pp, long length)
+{
+        ASN1_OCTET_STRING *os, **pos;
+        pos = a;
+        if(!pos || !*pos) os = ASN1_OCTET_STRING_new();
+        else os = *pos;
+        if(!ASN1_OCTET_STRING_set(os, *pp, length)) goto err;
+        *pp += length;
+        if(pos) *pos = os;
+        return os;
+        err:
+        if(os && (!pos || (*pos != os))) M_ASN1_OCTET_STRING_free(os);
+        OCSPerr(OCSP_F_D2I_OCSP_NONCE, ERR_R_MALLOC_FAILURE);
+        return NULL;
+}
+static void ocsp_nonce_free(void *a)
+{
+        M_ASN1_OCTET_STRING_free(a);
+}
+static int i2r_ocsp_nonce(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent)
+{
+        if(BIO_printf(out, "%*s", indent, "") <= 0) return 0;
+        if(i2a_ASN1_STRING(out, nonce, V_ASN1_OCTET_STRING) <= 0) return 0;
+        return 1;
+}
+/* Nocheck is just a single NULL. Don't print anything and always set it */
+static int i2r_ocsp_nocheck(X509V3_EXT_METHOD *method, void *nocheck, BIO *out, int indent)
+{
+        return 1;
+}
+static void *s2i_ocsp_nocheck(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str)
+{
+        return ASN1_NULL_new();
+}
+static int i2r_ocsp_serviceloc(X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind)
+        {
+        int i;
+        OCSP_SERVICELOC *a = in;
+        ACCESS_DESCRIPTION *ad;
+        if (BIO_printf(bp, "%*sIssuer: ", ind, "") <= 0) goto err;
+        if (X509_NAME_print_ex(bp, a->issuer, 0, XN_FLAG_ONELINE) <= 0) goto err;
+        for (i = 0; i < sk_ACCESS_DESCRIPTION_num(a->locator); i++)
+                {
+                                ad = sk_ACCESS_DESCRIPTION_value(a->locator,i);
+                                if (BIO_printf(bp, "\n%*s", (2*ind), "") <= 0) 
+                                        goto err;
+                                if(i2a_ASN1_OBJECT(bp, ad->method) <= 0) goto err;
+                                if(BIO_puts(bp, " - ") <= 0) goto err;
+                                if(GENERAL_NAME_print(bp, ad->location) <= 0) goto err;
+                }
+        return 1;
+err:
+        return 0;
+        }
diff --git a/src/lib/libcrypto/x509v3/v3_pku.c b/src/lib/libcrypto/x509v3/v3_pku.c
index 47f9e8f123..49a2e4697a 100644
--- a/src/lib/libcrypto/x509v3/v3_pku.c
+++ b/src/lib/libcrypto/x509v3/v3_pku.c
@@ -59,7 +59,7 @@
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/asn1.h>
-#include <openssl/asn1_mac.h>
+#include <openssl/asn1t.h>
 #include <openssl/x509v3.h>
 static int i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, PKEY_USAGE_PERIOD *usage, BIO *out, int indent);
@@ -67,62 +67,19 @@ static int i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, PKEY_USAGE_PERIOD *u
 static PKEY_USAGE_PERIOD *v2i_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values);
 */
 X509V3_EXT_METHOD v3_pkey_usage_period = {
-NID_private_key_usage_period, 0,
+NID_private_key_usage_period, 0, ASN1_ITEM_ref(PKEY_USAGE_PERIOD),
-(X509V3_EXT_NEW)PKEY_USAGE_PERIOD_new,
+0,0,0,0,
-(X509V3_EXT_FREE)PKEY_USAGE_PERIOD_free,
+0,0,0,0,
-(X509V3_EXT_D2I)d2i_PKEY_USAGE_PERIOD,
-(X509V3_EXT_I2D)i2d_PKEY_USAGE_PERIOD,
-NULL, NULL, NULL, NULL,
 (X509V3_EXT_I2R)i2r_PKEY_USAGE_PERIOD, NULL,
 NULL
 };
-int i2d_PKEY_USAGE_PERIOD(PKEY_USAGE_PERIOD *a, unsigned char **pp)
+ASN1_SEQUENCE(PKEY_USAGE_PERIOD) = {
-{
+        ASN1_IMP_OPT(PKEY_USAGE_PERIOD, notBefore, ASN1_GENERALIZEDTIME, 0),
-        M_ASN1_I2D_vars(a);
+        ASN1_IMP_OPT(PKEY_USAGE_PERIOD, notAfter, ASN1_GENERALIZEDTIME, 1)
+} ASN1_SEQUENCE_END(PKEY_USAGE_PERIOD)
-        M_ASN1_I2D_len_IMP_opt (a->notBefore, i2d_ASN1_GENERALIZEDTIME);
-        M_ASN1_I2D_len_IMP_opt (a->notAfter, i2d_ASN1_GENERALIZEDTIME);
-        M_ASN1_I2D_seq_total();
-        M_ASN1_I2D_put_IMP_opt (a->notBefore, i2d_ASN1_GENERALIZEDTIME, 0);
-        M_ASN1_I2D_put_IMP_opt (a->notAfter, i2d_ASN1_GENERALIZEDTIME, 1);
-        M_ASN1_I2D_finish();
-}
-PKEY_USAGE_PERIOD *PKEY_USAGE_PERIOD_new(void)
-{
-        PKEY_USAGE_PERIOD *ret=NULL;
-        ASN1_CTX c;
-        M_ASN1_New_Malloc(ret, PKEY_USAGE_PERIOD);
-        ret->notBefore = NULL;
-        ret->notAfter = NULL;
-        return (ret);
-        M_ASN1_New_Error(ASN1_F_PKEY_USAGE_PERIOD_NEW);
-}
-PKEY_USAGE_PERIOD *d2i_PKEY_USAGE_PERIOD(PKEY_USAGE_PERIOD **a,
+IMPLEMENT_ASN1_FUNCTIONS(PKEY_USAGE_PERIOD)
-             unsigned char **pp, long length)
-{
-        M_ASN1_D2I_vars(a,PKEY_USAGE_PERIOD *,PKEY_USAGE_PERIOD_new);
-        M_ASN1_D2I_Init();
-        M_ASN1_D2I_start_sequence();
-        M_ASN1_D2I_get_IMP_opt (ret->notBefore, d2i_ASN1_GENERALIZEDTIME, 0,
-                                                        V_ASN1_GENERALIZEDTIME);
-        M_ASN1_D2I_get_IMP_opt (ret->notAfter, d2i_ASN1_GENERALIZEDTIME, 1,
-                                                        V_ASN1_GENERALIZEDTIME);
-        M_ASN1_D2I_Finish(a, PKEY_USAGE_PERIOD_free, ASN1_F_D2I_PKEY_USAGE_PERIOD);
-}
-void PKEY_USAGE_PERIOD_free(PKEY_USAGE_PERIOD *a)
-{
-        if (a == NULL) return;
-        M_ASN1_GENERALIZEDTIME_free(a->notBefore);
-        M_ASN1_GENERALIZEDTIME_free(a->notAfter);
-        OPENSSL_free (a);
-}
 static int i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method,
             PKEY_USAGE_PERIOD *usage, BIO *out, int indent)
diff --git a/src/lib/libcrypto/x509v3/v3_prn.c b/src/lib/libcrypto/x509v3/v3_prn.c
index 14b804c4ad..aeaf6170fe 100644
--- a/src/lib/libcrypto/x509v3/v3_prn.c
+++ b/src/lib/libcrypto/x509v3/v3_prn.c
@@ -64,6 +64,8 @@
 /* Extension printing routines */
+static int unknown_ext_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent, int supported);
 /* Print out a name+value stack */
 void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent, int ml)
@@ -103,16 +105,22 @@ void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent, int ml)
 /* Main routine: print out a general extension */
-int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, int flag, int indent)
+int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent)
 {
-        char *ext_str = NULL, *value = NULL;
+        void *ext_str = NULL;
+        char *value = NULL;
        unsigned char *p;
        X509V3_EXT_METHOD *method;      
        STACK_OF(CONF_VALUE) *nval = NULL;
        int ok = 1;
-        if(!(method = X509V3_EXT_get(ext))) return 0;
+        if(!(method = X509V3_EXT_get(ext)))
+                return unknown_ext_print(out, ext, flag, indent, 0);
        p = ext->value->data;
-        if(!(ext_str = method->d2i(NULL, &p, ext->value->length))) return 0;
+        if(method->it) ext_str = ASN1_item_d2i(NULL, &p, ext->value->length, ASN1_ITEM_ptr(method->it));
+        else ext_str = method->d2i(NULL, &p, ext->value->length);
+        if(!ext_str) return unknown_ext_print(out, ext, flag, indent, 1);
        if(method->i2s) {
                if(!(value = method->i2s(method, ext_str))) {
                        ok = 0;
@@ -148,11 +156,71 @@ int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, int flag, int indent)
        err:
                sk_CONF_VALUE_pop_free(nval, X509V3_conf_free);
                if(value) OPENSSL_free(value);
-                method->ext_free(ext_str);
+                if(method->it) ASN1_item_free(ext_str, ASN1_ITEM_ptr(method->it));
+                else method->ext_free(ext_str);
                return ok;
 }
-#ifndef NO_FP_API
+int X509V3_extensions_print(BIO *bp, char *title, STACK_OF(X509_EXTENSION) *exts, unsigned long flag, int indent)
+{
+        int i, j;
+        if(sk_X509_EXTENSION_num(exts) <= 0) return 1;
+        if(title) 
+                {
+                BIO_printf(bp,"%*s%s:\n",indent, "", title);
+                indent += 4;
+                }
+        for (i=0; i<sk_X509_EXTENSION_num(exts); i++)
+                {
+                ASN1_OBJECT *obj;
+                X509_EXTENSION *ex;
+                ex=sk_X509_EXTENSION_value(exts, i);
+                if (BIO_printf(bp,"%*s",indent, "") <= 0) return 0;
+                obj=X509_EXTENSION_get_object(ex);
+                i2a_ASN1_OBJECT(bp,obj);
+                j=X509_EXTENSION_get_critical(ex);
+                if (BIO_printf(bp,": %s\n",j?"critical":"","") <= 0)
+                        return 0;
+                if(!X509V3_EXT_print(bp, ex, flag, 12))
+                        {
+                        BIO_printf(bp, "%*s", indent + 4, "");
+                        M_ASN1_OCTET_STRING_print(bp,ex->value);
+                        }
+                if (BIO_write(bp,"\n",1) <= 0) return 0;
+                }
+        return 1;
+}
+static int unknown_ext_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent, int supported)
+{
+        switch(flag & X509V3_EXT_UNKNOWN_MASK) {
+                case X509V3_EXT_DEFAULT:
+                return 0;
+                case X509V3_EXT_ERROR_UNKNOWN:
+                if(supported)
+                        BIO_printf(out, "%*s<Parse Error>", indent, "");
+                else
+                        BIO_printf(out, "%*s<Not Supported>", indent, "");
+                return 1;
+                case X509V3_EXT_PARSE_UNKNOWN:
+                        return ASN1_parse_dump(out,
+                                ext->value->data, ext->value->length, indent, -1);
+                case X509V3_EXT_DUMP_UNKNOWN:
+                        return BIO_dump_indent(out, (char *)ext->value->data, ext->value->length, indent);
+                default:
+                return 1;
+        }
+}
+        
+#ifndef OPENSSL_NO_FP_API
 int X509V3_EXT_print_fp(FILE *fp, X509_EXTENSION *ext, int flag, int indent)
 {
        BIO *bio_tmp;
diff --git a/src/lib/libcrypto/x509v3/v3_purp.c b/src/lib/libcrypto/x509v3/v3_purp.c
index 8aecd00e63..b739e4fd83 100644
--- a/src/lib/libcrypto/x509v3/v3_purp.c
+++ b/src/lib/libcrypto/x509v3/v3_purp.c
@@ -1,9 +1,9 @@
 /* v3_purp.c */
 /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 1999.
+ * project 2001.
 */
 /* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -61,7 +61,6 @@
 #include <openssl/x509v3.h>
 #include <openssl/x509_vfy.h>
 static void x509v3_cache_extensions(X509 *x);
 static int ca_check(const X509 *x);
@@ -74,6 +73,7 @@ static int check_purpose_smime_sign(const X509_PURPOSE *xp, const X509 *x, int c
 static int check_purpose_smime_encrypt(const X509_PURPOSE *xp, const X509 *x, int ca);
 static int check_purpose_crl_sign(const X509_PURPOSE *xp, const X509 *x, int ca);
 static int no_check(const X509_PURPOSE *xp, const X509 *x, int ca);
+static int ocsp_helper(const X509_PURPOSE *xp, const X509 *x, int ca);
 static int xp_cmp(const X509_PURPOSE * const *a,
                const X509_PURPOSE * const *b);
@@ -87,6 +87,7 @@ static X509_PURPOSE xstandard[] = {
        {X509_PURPOSE_SMIME_ENCRYPT, X509_TRUST_EMAIL, 0, check_purpose_smime_encrypt, "S/MIME encryption", "smimeencrypt", NULL},
        {X509_PURPOSE_CRL_SIGN, X509_TRUST_COMPAT, 0, check_purpose_crl_sign, "CRL signing", "crlsign", NULL},
        {X509_PURPOSE_ANY, X509_TRUST_DEFAULT, 0, no_check, "Any Purpose", "any", NULL},
+        {X509_PURPOSE_OCSP_HELPER, X509_TRUST_COMPAT, 0, ocsp_helper, "OCSP helper", "ocsphelper", NULL},
 };
 #define X509_PURPOSE_COUNT (sizeof(xstandard)/sizeof(X509_PURPOSE))
@@ -120,6 +121,16 @@ int X509_check_purpose(X509 *x, int id, int ca)
        return pt->check_purpose(pt, x, ca);
 }
+int X509_PURPOSE_set(int *p, int purpose)
+{
+        if(X509_PURPOSE_get_by_id(purpose) == -1) {
+                X509V3err(X509V3_F_X509_PURPOSE_SET, X509V3_R_INVALID_PURPOSE);
+                return 0;
+        }
+        *p = purpose;
+        return 1;
+}
 int X509_PURPOSE_get_count(void)
 {
        if(!xptable) return X509_PURPOSE_COUNT;
@@ -144,7 +155,6 @@ int X509_PURPOSE_get_by_sname(char *sname)
        return -1;
 }
 int X509_PURPOSE_get_by_id(int purpose)
 {
        X509_PURPOSE tmp;
@@ -256,16 +266,55 @@ int X509_PURPOSE_get_trust(X509_PURPOSE *xp)
        return xp->trust;
 }
+static int nid_cmp(int *a, int *b)
+        {
+        return *a - *b;
+        }
+int X509_supported_extension(X509_EXTENSION *ex)
+        {
+        /* This table is a list of the NIDs of supported extensions:
+         * that is those which are used by the verify process. If
+         * an extension is critical and doesn't appear in this list
+         * then the verify process will normally reject the certificate.
+         * The list must be kept in numerical order because it will be
+         * searched using bsearch.
+         */
+        static int supported_nids[] = {
+                NID_netscape_cert_type, /* 71 */
+                NID_key_usage,          /* 83 */
+                NID_subject_alt_name,   /* 85 */
+                NID_basic_constraints,  /* 87 */
+                NID_ext_key_usage       /* 126 */
+        };
+        int ex_nid;
+        ex_nid = OBJ_obj2nid(X509_EXTENSION_get_object(ex));
+        if (ex_nid == NID_undef) 
+                return 0;
+        if (OBJ_bsearch((char *)&ex_nid, (char *)supported_nids,
+                sizeof(supported_nids)/sizeof(int), sizeof(int),
+                (int (*)(const void *, const void *))nid_cmp))
+                return 1;
+        return 0;
+        }
+ 
 static void x509v3_cache_extensions(X509 *x)
 {
        BASIC_CONSTRAINTS *bs;
        ASN1_BIT_STRING *usage;
        ASN1_BIT_STRING *ns;
-        STACK_OF(ASN1_OBJECT) *extusage;
+        EXTENDED_KEY_USAGE *extusage;
+        X509_EXTENSION *ex;
        
        int i;
        if(x->ex_flags & EXFLAG_SET) return;
-#ifndef NO_SHA
+#ifndef OPENSSL_NO_SHA
        X509_digest(x, EVP_sha1(), x->sha1_hash, NULL);
 #endif
        /* Does subject name match issuer ? */
@@ -320,6 +369,15 @@ static void x509v3_cache_extensions(X509 *x)
                                case NID_ms_sgc:
                                case NID_ns_sgc:
                                x->ex_xkusage |= XKU_SGC;
+                                break;
+                                case NID_OCSP_sign:
+                                x->ex_xkusage |= XKU_OCSP_SIGN;
+                                break;
+                                case NID_time_stamp:
+                                x->ex_xkusage |= XKU_TIMESTAMP;
+                                break;
                        }
                }
                sk_ASN1_OBJECT_pop_free(extusage, ASN1_OBJECT_free);
@@ -333,6 +391,17 @@ static void x509v3_cache_extensions(X509 *x)
        }
        x->skid =X509_get_ext_d2i(x, NID_subject_key_identifier, NULL, NULL);
        x->akid =X509_get_ext_d2i(x, NID_authority_key_identifier, NULL, NULL);
+        for (i = 0; i < X509_get_ext_count(x); i++)
+                {
+                ex = X509_get_ext(x, i);
+                if (!X509_EXTENSION_get_critical(ex))
+                        continue;
+                if (!X509_supported_extension(ex))
+                        {
+                        x->ex_flags |= EXFLAG_CRITICAL;
+                        break;
+                        }
+                }
        x->ex_flags |= EXFLAG_SET;
 }
@@ -472,6 +541,27 @@ static int check_purpose_crl_sign(const X509_PURPOSE *xp, const X509 *x, int ca)
        return 1;
 }
+/* OCSP helper: this is *not* a full OCSP check. It just checks that
+ * each CA is valid. Additional checks must be made on the chain.
+ */
+static int ocsp_helper(const X509_PURPOSE *xp, const X509 *x, int ca)
+{
+        /* Must be a valid CA */
+        if(ca) {
+                int ca_ret;
+                ca_ret = ca_check(x);
+                if(ca_ret != 2) return ca_ret;
+                if(x->ex_flags & EXFLAG_NSCERT) {
+                        if(x->ex_nscert & NS_ANY_CA) return ca_ret;
+                        return 0;
+                }
+                return 0;
+        }
+        /* leaf certificate is checked in OCSP_verify() */
+        return 1;
+}
 static int no_check(const X509_PURPOSE *xp, const X509 *x, int ca)
 {
        return 1;
@@ -513,7 +603,7 @@ int X509_check_issued(X509 *issuer, X509 *subject)
                         * There may be more than one but we only take any
                         * notice of the first.
                         */
-                        STACK_OF(GENERAL_NAME) *gens;
+                        GENERAL_NAMES *gens;
                        GENERAL_NAME *gen;
                        X509_NAME *nm = NULL;
                        int i;
diff --git a/src/lib/libcrypto/x509v3/v3_skey.c b/src/lib/libcrypto/x509v3/v3_skey.c
index 939845fa8f..c0f044ac1b 100644
--- a/src/lib/libcrypto/x509v3/v3_skey.c
+++ b/src/lib/libcrypto/x509v3/v3_skey.c
@@ -63,14 +63,12 @@
 static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str);
 X509V3_EXT_METHOD v3_skey_id = { 
-NID_subject_key_identifier, 0,
+NID_subject_key_identifier, 0, ASN1_ITEM_ref(ASN1_OCTET_STRING),
-(X509V3_EXT_NEW)ASN1_OCTET_STRING_new,
+0,0,0,0,
-(X509V3_EXT_FREE)ASN1_OCTET_STRING_free,
-(X509V3_EXT_D2I)d2i_ASN1_OCTET_STRING,
-(X509V3_EXT_I2D)i2d_ASN1_OCTET_STRING,
 (X509V3_EXT_I2S)i2s_ASN1_OCTET_STRING,
 (X509V3_EXT_S2I)s2i_skey_id,
-NULL, NULL, NULL, NULL, NULL};
+0,0,0,0,
+NULL};
 char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method,
             ASN1_OCTET_STRING *oct)
@@ -106,7 +104,6 @@ static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method,
        ASN1_OCTET_STRING *oct;
        ASN1_BIT_STRING *pk;
        unsigned char pkey_dig[EVP_MAX_MD_SIZE];
-        EVP_MD_CTX md;
        unsigned int diglen;
        if(strcmp(str, "hash")) return s2i_ASN1_OCTET_STRING(method, ctx, str);
@@ -132,9 +129,7 @@ static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method,
                goto err;
        }
-        EVP_DigestInit(&md, EVP_sha1());
+        EVP_Digest(pk->data, pk->length, pkey_dig, &diglen, EVP_sha1(), NULL);
-        EVP_DigestUpdate(&md, pk->data, pk->length);
-        EVP_DigestFinal(&md, pkey_dig, &diglen);
        if(!M_ASN1_OCTET_STRING_set(oct, pkey_dig, diglen)) {
                X509V3err(X509V3_F_S2I_S2I_SKEY_ID,ERR_R_MALLOC_FAILURE);
diff --git a/src/lib/libcrypto/x509v3/v3_sxnet.c b/src/lib/libcrypto/x509v3/v3_sxnet.c
index bfecacd336..d3f4ba3a72 100644
--- a/src/lib/libcrypto/x509v3/v3_sxnet.c
+++ b/src/lib/libcrypto/x509v3/v3_sxnet.c
@@ -60,7 +60,7 @@
 #include "cryptlib.h"
 #include <openssl/conf.h>
 #include <openssl/asn1.h>
-#include <openssl/asn1_mac.h>
+#include <openssl/asn1t.h>
 #include <openssl/x509v3.h>
 /* Support for Thawte strong extranet extension */
@@ -73,111 +73,33 @@ static SXNET * sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
                                                STACK_OF(CONF_VALUE) *nval);
 #endif
 X509V3_EXT_METHOD v3_sxnet = {
-NID_sxnet, X509V3_EXT_MULTILINE,
+NID_sxnet, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(SXNET),
-(X509V3_EXT_NEW)SXNET_new,
+0,0,0,0,
-(X509V3_EXT_FREE)SXNET_free,
+0,0,
-(X509V3_EXT_D2I)d2i_SXNET,
+0, 
-(X509V3_EXT_I2D)i2d_SXNET,
-NULL, NULL,
-NULL, 
 #ifdef SXNET_TEST
 (X509V3_EXT_V2I)sxnet_v2i,
 #else
-NULL,
+0,
 #endif
 (X509V3_EXT_I2R)sxnet_i2r,
-NULL,
+0,
 NULL
 };
+ASN1_SEQUENCE(SXNETID) = {
+        ASN1_SIMPLE(SXNETID, zone, ASN1_INTEGER),
+        ASN1_SIMPLE(SXNETID, user, ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END(SXNETID)
-int i2d_SXNET(SXNET *a, unsigned char **pp)
+IMPLEMENT_ASN1_FUNCTIONS(SXNETID)
-{
-        M_ASN1_I2D_vars(a);
-        M_ASN1_I2D_len (a->version, i2d_ASN1_INTEGER);
-        M_ASN1_I2D_len_SEQUENCE_type (SXNETID, a->ids, i2d_SXNETID);
-        M_ASN1_I2D_seq_total();
-        M_ASN1_I2D_put (a->version, i2d_ASN1_INTEGER);
-        M_ASN1_I2D_put_SEQUENCE_type (SXNETID, a->ids, i2d_SXNETID);
-        M_ASN1_I2D_finish();
+ASN1_SEQUENCE(SXNET) = {
-}
+        ASN1_SIMPLE(SXNET, version, ASN1_INTEGER),
+        ASN1_SEQUENCE_OF(SXNET, ids, SXNETID)
-SXNET *SXNET_new(void)
+} ASN1_SEQUENCE_END(SXNET)
-{
-        SXNET *ret=NULL;
-        ASN1_CTX c;
-        M_ASN1_New_Malloc(ret, SXNET);
-        M_ASN1_New(ret->version,M_ASN1_INTEGER_new);
-        M_ASN1_New(ret->ids,sk_SXNETID_new_null);
-        return (ret);
-        M_ASN1_New_Error(ASN1_F_SXNET_NEW);
-}
-SXNET *d2i_SXNET(SXNET **a, unsigned char **pp, long length)
+IMPLEMENT_ASN1_FUNCTIONS(SXNET)
-{
-        M_ASN1_D2I_vars(a,SXNET *,SXNET_new);
-        M_ASN1_D2I_Init();
-        M_ASN1_D2I_start_sequence();
-        M_ASN1_D2I_get (ret->version, d2i_ASN1_INTEGER);
-        M_ASN1_D2I_get_seq_type (SXNETID, ret->ids, d2i_SXNETID, SXNETID_free);
-        M_ASN1_D2I_Finish(a, SXNET_free, ASN1_F_D2I_SXNET);
-}
-void SXNET_free(SXNET *a)
-{
-        if (a == NULL) return;
-        M_ASN1_INTEGER_free(a->version);
-        sk_SXNETID_pop_free(a->ids, SXNETID_free);
-        OPENSSL_free (a);
-}
-int i2d_SXNETID(SXNETID *a, unsigned char **pp)
-{
-        M_ASN1_I2D_vars(a);
-        M_ASN1_I2D_len (a->zone, i2d_ASN1_INTEGER);
-        M_ASN1_I2D_len (a->user, i2d_ASN1_OCTET_STRING);
-        M_ASN1_I2D_seq_total();
-        M_ASN1_I2D_put (a->zone, i2d_ASN1_INTEGER);
-        M_ASN1_I2D_put (a->user, i2d_ASN1_OCTET_STRING);
-        M_ASN1_I2D_finish();
-}
-SXNETID *SXNETID_new(void)
-{
-        SXNETID *ret=NULL;
-        ASN1_CTX c;
-        M_ASN1_New_Malloc(ret, SXNETID);
-        ret->zone = NULL;
-        M_ASN1_New(ret->user,M_ASN1_OCTET_STRING_new);
-        return (ret);
-        M_ASN1_New_Error(ASN1_F_SXNETID_NEW);
-}
-SXNETID *d2i_SXNETID(SXNETID **a, unsigned char **pp, long length)
-{
-        M_ASN1_D2I_vars(a,SXNETID *,SXNETID_new);
-        M_ASN1_D2I_Init();
-        M_ASN1_D2I_start_sequence();
-        M_ASN1_D2I_get(ret->zone, d2i_ASN1_INTEGER);
-        M_ASN1_D2I_get(ret->user, d2i_ASN1_OCTET_STRING);
-        M_ASN1_D2I_Finish(a, SXNETID_free, ASN1_F_D2I_SXNETID);
-}
-void SXNETID_free(SXNETID *a)
-{
-        if (a == NULL) return;
-        M_ASN1_INTEGER_free(a->zone);
-        M_ASN1_OCTET_STRING_free(a->user);
-        OPENSSL_free (a);
-}
 static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out,
             int indent)
diff --git a/src/lib/libcrypto/x509v3/v3_utl.c b/src/lib/libcrypto/x509v3/v3_utl.c
index 619f161b58..283e943e46 100644
--- a/src/lib/libcrypto/x509v3/v3_utl.c
+++ b/src/lib/libcrypto/x509v3/v3_utl.c
@@ -66,7 +66,7 @@
 static char *strip_spaces(char *name);
 static int sk_strcmp(const char * const *a, const char * const *b);
-static STACK *get_email(X509_NAME *name, STACK_OF(GENERAL_NAME) *gens);
+static STACK *get_email(X509_NAME *name, GENERAL_NAMES *gens);
 static void str_free(void *str);
 static int append_ia5(STACK **sk, ASN1_IA5STRING *email);
@@ -154,21 +154,40 @@ ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *method, char *value)
 {
        BIGNUM *bn = NULL;
        ASN1_INTEGER *aint;
+        int isneg, ishex;
+        int ret;
        bn = BN_new();
-        if(!value) {
+        if (!value) {
                X509V3err(X509V3_F_S2I_ASN1_INTEGER,X509V3_R_INVALID_NULL_VALUE);
                return 0;
        }
-        if(!BN_dec2bn(&bn, value)) {
+        if (value[0] == '-') {
+                value++;
+                isneg = 1;
+        } else isneg = 0;
+        if (value[0] == '0' && ((value[1] == 'x') || (value[1] == 'X'))) {
+                value += 2;
+                ishex = 1;
+        } else ishex = 0;
+        if (ishex) ret = BN_hex2bn(&bn, value);
+        else ret = BN_dec2bn(&bn, value);
+        if (!ret) {
                X509V3err(X509V3_F_S2I_ASN1_INTEGER,X509V3_R_BN_DEC2BN_ERROR);
                return 0;
        }
-        if(!(aint = BN_to_ASN1_INTEGER(bn, NULL))) {
+        if (isneg && BN_is_zero(bn)) isneg = 0;
+        aint = BN_to_ASN1_INTEGER(bn, NULL);
+        BN_free(bn);
+        if (!aint) {
                X509V3err(X509V3_F_S2I_ASN1_INTEGER,X509V3_R_BN_TO_ASN1_INTEGER_ERROR);
                return 0;
        }
-        BN_free(bn);
+        if (isneg) aint->type |= V_ASN1_NEG;
        return aint;
 }
@@ -221,7 +240,7 @@ int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint)
 /*#define DEBUG*/
-STACK_OF(CONF_VALUE) *X509V3_parse_list(char *line)
+STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line)
 {
        char *p, *q, c;
        char *ntmp, *vtmp;
@@ -250,7 +269,7 @@ STACK_OF(CONF_VALUE) *X509V3_parse_list(char *line)
                                *p = 0;
                                ntmp = strip_spaces(q);
                                q = p + 1;
-#ifdef DEBUG
+#if 0
                                printf("%s\n", ntmp);
 #endif
                                if(!ntmp) {
@@ -266,7 +285,7 @@ STACK_OF(CONF_VALUE) *X509V3_parse_list(char *line)
                                state = HDR_NAME;
                                *p = 0;
                                vtmp = strip_spaces(q);
-#ifdef DEBUG
+#if 0
                                printf("%s\n", ntmp);
 #endif
                                if(!vtmp) {
@@ -283,7 +302,7 @@ STACK_OF(CONF_VALUE) *X509V3_parse_list(char *line)
        if(state == HDR_VALUE) {
                vtmp = strip_spaces(q);
-#ifdef DEBUG
+#if 0
                printf("%s=%s\n", ntmp, vtmp);
 #endif
                if(!vtmp) {
@@ -293,7 +312,7 @@ STACK_OF(CONF_VALUE) *X509V3_parse_list(char *line)
                X509V3_add_value(ntmp, vtmp, &values);
        } else {
                ntmp = strip_spaces(q);
-#ifdef DEBUG
+#if 0
                printf("%s\n", ntmp);
 #endif
                if(!ntmp) {
@@ -439,7 +458,7 @@ static int sk_strcmp(const char * const *a, const char * const *b)
 STACK *X509_get1_email(X509 *x)
 {
-        STACK_OF(GENERAL_NAME) *gens;
+        GENERAL_NAMES *gens;
        STACK *ret;
        gens = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL);
        ret = get_email(X509_get_subject_name(x), gens);
@@ -449,7 +468,7 @@ STACK *X509_get1_email(X509 *x)
 STACK *X509_REQ_get1_email(X509_REQ *x)
 {
-        STACK_OF(GENERAL_NAME) *gens;
+        GENERAL_NAMES *gens;
        STACK_OF(X509_EXTENSION) *exts;
        STACK *ret;
        exts = X509_REQ_get_extensions(x);
@@ -461,7 +480,7 @@ STACK *X509_REQ_get1_email(X509_REQ *x)
 }
-static STACK *get_email(X509_NAME *name, STACK_OF(GENERAL_NAME) *gens)
+static STACK *get_email(X509_NAME *name, GENERAL_NAMES *gens)
 {
        STACK *ret = NULL;
        X509_NAME_ENTRY *ne;
diff --git a/src/lib/libcrypto/x509v3/v3conf.c b/src/lib/libcrypto/x509v3/v3conf.c
index 21cf746f45..67ee14f334 100644
--- a/src/lib/libcrypto/x509v3/v3conf.c
+++ b/src/lib/libcrypto/x509v3/v3conf.c
@@ -60,7 +60,6 @@
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/asn1.h>
-#include <openssl/asn1_mac.h>
 #include <openssl/conf.h>
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
diff --git a/src/lib/libcrypto/x509v3/v3err.c b/src/lib/libcrypto/x509v3/v3err.c
index aa4a605dc4..6458e95bb9 100644
--- a/src/lib/libcrypto/x509v3/v3err.c
+++ b/src/lib/libcrypto/x509v3/v3err.c
@@ -63,7 +63,7 @@
 #include <openssl/x509v3.h>
 /* BEGIN ERROR CODES */
-#ifndef NO_ERR
+#ifndef OPENSSL_NO_ERR
 static ERR_STRING_DATA X509V3_str_functs[]=
        {
 {ERR_PACK(0,X509V3_F_COPY_EMAIL,0),     "COPY_EMAIL"},
@@ -98,6 +98,7 @@ static ERR_STRING_DATA X509V3_str_functs[]=
 {ERR_PACK(0,X509V3_F_V2I_GENERAL_NAME,0),       "v2i_GENERAL_NAME"},
 {ERR_PACK(0,X509V3_F_V2I_GENERAL_NAMES,0),      "v2i_GENERAL_NAMES"},
 {ERR_PACK(0,X509V3_F_V3_GENERIC_EXTENSION,0),   "V3_GENERIC_EXTENSION"},
+{ERR_PACK(0,X509V3_F_X509V3_ADD_I2D,0), "X509V3_ADD_I2D"},
 {ERR_PACK(0,X509V3_F_X509V3_ADD_VALUE,0),       "X509V3_add_value"},
 {ERR_PACK(0,X509V3_F_X509V3_EXT_ADD,0), "X509V3_EXT_add"},
 {ERR_PACK(0,X509V3_F_X509V3_EXT_ADD_ALIAS,0),   "X509V3_EXT_add_alias"},
@@ -106,6 +107,7 @@ static ERR_STRING_DATA X509V3_str_functs[]=
 {ERR_PACK(0,X509V3_F_X509V3_GET_VALUE_BOOL,0),  "X509V3_get_value_bool"},
 {ERR_PACK(0,X509V3_F_X509V3_PARSE_LIST,0),      "X509V3_parse_list"},
 {ERR_PACK(0,X509V3_F_X509_PURPOSE_ADD,0),       "X509_PURPOSE_add"},
+{ERR_PACK(0,X509V3_F_X509_PURPOSE_SET,0),       "X509_PURPOSE_set"},
 {0,NULL}
        };
@@ -117,8 +119,10 @@ static ERR_STRING_DATA X509V3_str_reasons[]=
 {X509V3_R_BN_TO_ASN1_INTEGER_ERROR       ,"bn to asn1 integer error"},
 {X509V3_R_DUPLICATE_ZONE_ID              ,"duplicate zone id"},
 {X509V3_R_ERROR_CONVERTING_ZONE          ,"error converting zone"},
+{X509V3_R_ERROR_CREATING_EXTENSION       ,"error creating extension"},
 {X509V3_R_ERROR_IN_EXTENSION             ,"error in extension"},
 {X509V3_R_EXPECTED_A_SECTION_NAME        ,"expected a section name"},
+{X509V3_R_EXTENSION_EXISTS               ,"extension exists"},
 {X509V3_R_EXTENSION_NAME_ERROR           ,"extension name error"},
 {X509V3_R_EXTENSION_NOT_FOUND            ,"extension not found"},
 {X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED,"extension setting not supported"},
@@ -135,6 +139,7 @@ static ERR_STRING_DATA X509V3_str_reasons[]=
 {X509V3_R_INVALID_OBJECT_IDENTIFIER      ,"invalid object identifier"},
 {X509V3_R_INVALID_OPTION                 ,"invalid option"},
 {X509V3_R_INVALID_POLICY_IDENTIFIER      ,"invalid policy identifier"},
+{X509V3_R_INVALID_PURPOSE                ,"invalid purpose"},
 {X509V3_R_INVALID_SECTION                ,"invalid section"},
 {X509V3_R_INVALID_SYNTAX                 ,"invalid syntax"},
 {X509V3_R_ISSUER_DECODE_ERROR            ,"issuer decode error"},
@@ -167,7 +172,7 @@ void ERR_load_X509V3_strings(void)
        if (init)
                {
                init=0;
-#ifndef NO_ERR
+#ifndef OPENSSL_NO_ERR
                ERR_load_strings(ERR_LIB_X509V3,X509V3_str_functs);
                ERR_load_strings(ERR_LIB_X509V3,X509V3_str_reasons);
 #endif
diff --git a/src/lib/libcrypto/x509v3/v3prin.c b/src/lib/libcrypto/x509v3/v3prin.c
index ee798859f0..b529814319 100644
--- a/src/lib/libcrypto/x509v3/v3prin.c
+++ b/src/lib/libcrypto/x509v3/v3prin.c
@@ -59,9 +59,7 @@
 #include <stdio.h>
-#include "cryptlib.h"
 #include <openssl/asn1.h>
-#include <openssl/asn1_mac.h>
 #include <openssl/conf.h>
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
diff --git a/src/lib/libcrypto/x509v3/x509v3.h b/src/lib/libcrypto/x509v3/x509v3.h
index 0453b12d63..daecc55271 100644
--- a/src/lib/libcrypto/x509v3/x509v3.h
+++ b/src/lib/libcrypto/x509v3/x509v3.h
@@ -88,6 +88,9 @@ typedef void * (*X509V3_EXT_R2I)(struct v3_ext_method *method, struct v3_ext_ctx
 struct v3_ext_method {
 int ext_nid;
 int ext_flags;
+/* If this is set the following four fields are ignored */
+ASN1_ITEM_EXP *it;
+/* Old style ASN1 calls */
 X509V3_EXT_NEW ext_new;
 X509V3_EXT_FREE ext_free;
 X509V3_EXT_D2I d2i;
@@ -156,35 +159,56 @@ ASN1_OBJECT *type_id;
 ASN1_TYPE *value;
 } OTHERNAME;
+typedef struct EDIPartyName_st {
+        ASN1_STRING *nameAssigner;
+        ASN1_STRING *partyName;
+} EDIPARTYNAME;
 typedef struct GENERAL_NAME_st {
-#define GEN_OTHERNAME   (0|V_ASN1_CONTEXT_SPECIFIC)
+#define GEN_OTHERNAME   0
-#define GEN_EMAIL       (1|V_ASN1_CONTEXT_SPECIFIC)
+#define GEN_EMAIL       1
-#define GEN_DNS         (2|V_ASN1_CONTEXT_SPECIFIC)
+#define GEN_DNS         2
-#define GEN_X400        (3|V_ASN1_CONTEXT_SPECIFIC)
+#define GEN_X400        3
-#define GEN_DIRNAME     (4|V_ASN1_CONTEXT_SPECIFIC)
+#define GEN_DIRNAME     4
-#define GEN_EDIPARTY    (5|V_ASN1_CONTEXT_SPECIFIC)
+#define GEN_EDIPARTY    5
-#define GEN_URI         (6|V_ASN1_CONTEXT_SPECIFIC)
+#define GEN_URI         6
-#define GEN_IPADD       (7|V_ASN1_CONTEXT_SPECIFIC)
+#define GEN_IPADD       7
-#define GEN_RID         (8|V_ASN1_CONTEXT_SPECIFIC)
+#define GEN_RID         8
 int type;
 union {
        char *ptr;
-        ASN1_IA5STRING *ia5;/* rfc822Name, dNSName, uniformResourceIdentifier */
+        OTHERNAME *otherName; /* otherName */
+        ASN1_IA5STRING *rfc822Name;
+        ASN1_IA5STRING *dNSName;
+        ASN1_TYPE *x400Address;
+        X509_NAME *directoryName;
+        EDIPARTYNAME *ediPartyName;
+        ASN1_IA5STRING *uniformResourceIdentifier;
+        ASN1_OCTET_STRING *iPAddress;
+        ASN1_OBJECT *registeredID;
+        /* Old names */
        ASN1_OCTET_STRING *ip; /* iPAddress */
        X509_NAME *dirn;                /* dirn */
+        ASN1_IA5STRING *ia5;/* rfc822Name, dNSName, uniformResourceIdentifier */
        ASN1_OBJECT *rid; /* registeredID */
-        OTHERNAME *otherName; /* otherName */
+        ASN1_TYPE *other; /* x400Address */
-        ASN1_TYPE *other; /* ediPartyName, x400Address */
 } d;
 } GENERAL_NAME;
+typedef STACK_OF(GENERAL_NAME) GENERAL_NAMES;
 typedef struct ACCESS_DESCRIPTION_st {
        ASN1_OBJECT *method;
        GENERAL_NAME *location;
 } ACCESS_DESCRIPTION;
+typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
+typedef STACK_OF(ASN1_OBJECT) EXTENDED_KEY_USAGE;
 DECLARE_STACK_OF(GENERAL_NAME)
 DECLARE_ASN1_SET_OF(GENERAL_NAME)
@@ -192,23 +216,27 @@ DECLARE_STACK_OF(ACCESS_DESCRIPTION)
 DECLARE_ASN1_SET_OF(ACCESS_DESCRIPTION)
 typedef struct DIST_POINT_NAME_st {
-/* NB: this is a CHOICE type and only one of these should be set */
+int type;
-STACK_OF(GENERAL_NAME) *fullname;
+union {
-STACK_OF(X509_NAME_ENTRY) *relativename;
+        GENERAL_NAMES *fullname;
+        STACK_OF(X509_NAME_ENTRY) *relativename;
+} name;
 } DIST_POINT_NAME;
 typedef struct DIST_POINT_st {
 DIST_POINT_NAME *distpoint;
 ASN1_BIT_STRING *reasons;
-STACK_OF(GENERAL_NAME) *CRLissuer;
+GENERAL_NAMES *CRLissuer;
 } DIST_POINT;
+typedef STACK_OF(DIST_POINT) CRL_DIST_POINTS;
 DECLARE_STACK_OF(DIST_POINT)
 DECLARE_ASN1_SET_OF(DIST_POINT)
 typedef struct AUTHORITY_KEYID_st {
 ASN1_OCTET_STRING *keyid;
-STACK_OF(GENERAL_NAME) *issuer;
+GENERAL_NAMES *issuer;
 ASN1_INTEGER *serial;
 } AUTHORITY_KEYID;
@@ -254,6 +282,8 @@ typedef struct POLICYINFO_st {
        STACK_OF(POLICYQUALINFO) *qualifiers;
 } POLICYINFO;
+typedef STACK_OF(POLICYINFO) CERTIFICATEPOLICIES;
 DECLARE_STACK_OF(POLICYINFO)
 DECLARE_ASN1_SET_OF(POLICYINFO)
@@ -262,32 +292,24 @@ DECLARE_ASN1_SET_OF(POLICYINFO)
 #define X509V3_set_ctx_test(ctx) \
                        X509V3_set_ctx(ctx, NULL, NULL, NULL, NULL, CTX_TEST)
-#define X509V3_set_ctx_nodb(ctx) ctx->db = NULL;
+#define X509V3_set_ctx_nodb(ctx) (ctx)->db = NULL;
-#define EXT_BITSTRING(nid, table) { nid, 0, \
+#define EXT_BITSTRING(nid, table) { nid, 0, ASN1_ITEM_ref(ASN1_BIT_STRING), \
-                        (X509V3_EXT_NEW)ASN1_BIT_STRING_new, \
+                        0,0,0,0, \
-                        (X509V3_EXT_FREE)ASN1_BIT_STRING_free, \
+                        0,0, \
-                        (X509V3_EXT_D2I)d2i_ASN1_BIT_STRING, \
-                        (X509V3_EXT_I2D)i2d_ASN1_BIT_STRING, \
-                        NULL, NULL, \
                        (X509V3_EXT_I2V)i2v_ASN1_BIT_STRING, \
                        (X509V3_EXT_V2I)v2i_ASN1_BIT_STRING, \
                        NULL, NULL, \
-                        (char *)table}
+                        table}
-#define EXT_IA5STRING(nid) { nid, 0, \
+#define EXT_IA5STRING(nid) { nid, 0, ASN1_ITEM_ref(ASN1_IA5STRING), \
-                        (X509V3_EXT_NEW)ASN1_IA5STRING_new, \
+                        0,0,0,0, \
-                        (X509V3_EXT_FREE)ASN1_IA5STRING_free, \
-                        (X509V3_EXT_D2I)d2i_ASN1_IA5STRING, \
-                        (X509V3_EXT_I2D)i2d_ASN1_IA5STRING, \
                        (X509V3_EXT_I2S)i2s_ASN1_IA5STRING, \
                        (X509V3_EXT_S2I)s2i_ASN1_IA5STRING, \
-                        NULL, NULL, NULL, NULL, \
+                        0,0,0,0, \
                        NULL}
-#define EXT_END { -1, 0, NULL, NULL, NULL, NULL, NULL, NULL, \
+#define EXT_END { -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}
-                         NULL, NULL, NULL, NULL, \
-                         NULL}
 /* X509_PURPOSE stuff */
@@ -302,6 +324,7 @@ DECLARE_ASN1_SET_OF(POLICYINFO)
 #define EXFLAG_V1               0x40
 #define EXFLAG_INVALID          0x80
 #define EXFLAG_SET              0x100
+#define EXFLAG_CRITICAL         0x200
 #define KU_DIGITAL_SIGNATURE    0x0080
 #define KU_NON_REPUDIATION      0x0040
@@ -320,12 +343,15 @@ DECLARE_ASN1_SET_OF(POLICYINFO)
 #define NS_SSL_CA               0x04
 #define NS_SMIME_CA             0x02
 #define NS_OBJSIGN_CA           0x01
+#define NS_ANY_CA               (NS_SSL_CA|NS_SMIME_CA|NS_OBJSIGN_CA)
 #define XKU_SSL_SERVER          0x1     
 #define XKU_SSL_CLIENT          0x2
 #define XKU_SMIME               0x4
 #define XKU_CODE_SIGN           0x8
 #define XKU_SGC                 0x10
+#define XKU_OCSP_SIGN           0x20
+#define XKU_TIMESTAMP           0x40
 #define X509_PURPOSE_DYNAMIC    0x1
 #define X509_PURPOSE_DYNAMIC_NAME       0x2
@@ -348,33 +374,40 @@ typedef struct x509_purpose_st {
 #define X509_PURPOSE_SMIME_ENCRYPT      5
 #define X509_PURPOSE_CRL_SIGN           6
 #define X509_PURPOSE_ANY                7
+#define X509_PURPOSE_OCSP_HELPER        8
 #define X509_PURPOSE_MIN                1
-#define X509_PURPOSE_MAX                7
+#define X509_PURPOSE_MAX                8
+/* Flags for X509V3_EXT_print() */
+#define X509V3_EXT_UNKNOWN_MASK         (0xfL << 16)
+/* Return error for unknown extensions */
+#define X509V3_EXT_DEFAULT              0
+/* Print error for unknown extensions */
+#define X509V3_EXT_ERROR_UNKNOWN        (1L << 16)
+/* ASN1 parse unknown extensions */
+#define X509V3_EXT_PARSE_UNKNOWN        (2L << 16)
+/* BIO_dump unknown extensions */
+#define X509V3_EXT_DUMP_UNKNOWN         (3L << 16)
+/* Flags for X509V3_add1_i2d */
+#define X509V3_ADD_OP_MASK              0xfL
+#define X509V3_ADD_DEFAULT              0L
+#define X509V3_ADD_APPEND               1L
+#define X509V3_ADD_REPLACE              2L
+#define X509V3_ADD_REPLACE_EXISTING     3L
+#define X509V3_ADD_KEEP_EXISTING        4L
+#define X509V3_ADD_DELETE               5L
+#define X509V3_ADD_SILENT               0x10
 DECLARE_STACK_OF(X509_PURPOSE)
-void ERR_load_X509V3_strings(void);
+DECLARE_ASN1_FUNCTIONS(BASIC_CONSTRAINTS)
-int i2d_BASIC_CONSTRAINTS(BASIC_CONSTRAINTS *a, unsigned char **pp);
-BASIC_CONSTRAINTS *d2i_BASIC_CONSTRAINTS(BASIC_CONSTRAINTS **a, unsigned char **pp, long length);
-BASIC_CONSTRAINTS *BASIC_CONSTRAINTS_new(void);
-void BASIC_CONSTRAINTS_free(BASIC_CONSTRAINTS *a);
-int i2d_GENERAL_NAME(GENERAL_NAME *a, unsigned char **pp);
-GENERAL_NAME *d2i_GENERAL_NAME(GENERAL_NAME **a, unsigned char **pp, long length);
-GENERAL_NAME *GENERAL_NAME_new(void);
-void GENERAL_NAME_free(GENERAL_NAME *a);
-STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, GENERAL_NAME *gen, STACK_OF(CONF_VALUE) *ret);
-int i2d_SXNET(SXNET *a, unsigned char **pp);
-SXNET *d2i_SXNET(SXNET **a, unsigned char **pp, long length);
-SXNET *SXNET_new(void);
-void SXNET_free(SXNET *a);
-int i2d_SXNETID(SXNETID *a, unsigned char **pp);
+DECLARE_ASN1_FUNCTIONS(SXNET)
-SXNETID *d2i_SXNETID(SXNETID **a, unsigned char **pp, long length);
+DECLARE_ASN1_FUNCTIONS(SXNETID)
-SXNETID *SXNETID_new(void);
-void SXNETID_free(SXNETID *a);
 int SXNET_add_id_asc(SXNET **psx, char *zone, char *user, int userlen); 
 int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, char *user, int userlen); 
@@ -384,108 +417,66 @@ ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, char *zone);
 ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone);
 ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone);
-int i2d_AUTHORITY_KEYID(AUTHORITY_KEYID *a, unsigned char **pp);
+DECLARE_ASN1_FUNCTIONS(AUTHORITY_KEYID)
-AUTHORITY_KEYID *d2i_AUTHORITY_KEYID(AUTHORITY_KEYID **a, unsigned char **pp, long length);
-AUTHORITY_KEYID *AUTHORITY_KEYID_new(void);
-void AUTHORITY_KEYID_free(AUTHORITY_KEYID *a);
-int i2d_PKEY_USAGE_PERIOD(PKEY_USAGE_PERIOD *a, unsigned char **pp);
+DECLARE_ASN1_FUNCTIONS(PKEY_USAGE_PERIOD)
-PKEY_USAGE_PERIOD *d2i_PKEY_USAGE_PERIOD(PKEY_USAGE_PERIOD **a, unsigned char **pp, long length);
-PKEY_USAGE_PERIOD *PKEY_USAGE_PERIOD_new(void);
+DECLARE_ASN1_FUNCTIONS(GENERAL_NAME)
-void PKEY_USAGE_PERIOD_free(PKEY_USAGE_PERIOD *a);
+STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, GENERAL_NAME *gen, STACK_OF(CONF_VALUE) *ret);
+int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen);
+DECLARE_ASN1_FUNCTIONS(GENERAL_NAMES)
-STACK_OF(GENERAL_NAME) *GENERAL_NAMES_new(void);
-void GENERAL_NAMES_free(STACK_OF(GENERAL_NAME) *a);
-STACK_OF(GENERAL_NAME) *d2i_GENERAL_NAMES(STACK_OF(GENERAL_NAME) **a, unsigned char **pp, long length);
-int i2d_GENERAL_NAMES(STACK_OF(GENERAL_NAME) *a, unsigned char **pp);
 STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method,
-                STACK_OF(GENERAL_NAME) *gen, STACK_OF(CONF_VALUE) *extlist);
+                GENERAL_NAMES *gen, STACK_OF(CONF_VALUE) *extlist);
-STACK_OF(GENERAL_NAME) *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method,
+GENERAL_NAMES *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method,
                                X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
-int i2d_OTHERNAME(OTHERNAME *a, unsigned char **pp);
+DECLARE_ASN1_FUNCTIONS(OTHERNAME)
-OTHERNAME *OTHERNAME_new(void);
+DECLARE_ASN1_FUNCTIONS(EDIPARTYNAME)
-OTHERNAME *d2i_OTHERNAME(OTHERNAME **a, unsigned char **pp, long length);
-void OTHERNAME_free(OTHERNAME *a);
 char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, ASN1_OCTET_STRING *ia5);
 ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str);
-int i2d_ext_ku(STACK_OF(ASN1_OBJECT) *a, unsigned char **pp);
+DECLARE_ASN1_FUNCTIONS(EXTENDED_KEY_USAGE)
-STACK_OF(ASN1_OBJECT) *d2i_ext_ku(STACK_OF(ASN1_OBJECT) **a,
+int i2a_ACCESS_DESCRIPTION(BIO *bp, ACCESS_DESCRIPTION* a);
-                                        unsigned char **pp, long length);
-void ext_ku_free(STACK_OF(ASN1_OBJECT) *a);
+DECLARE_ASN1_FUNCTIONS(CERTIFICATEPOLICIES)
-STACK_OF(ASN1_OBJECT) *ext_ku_new(void);
+DECLARE_ASN1_FUNCTIONS(POLICYINFO)
+DECLARE_ASN1_FUNCTIONS(POLICYQUALINFO)
-int i2d_CERTIFICATEPOLICIES(STACK_OF(POLICYINFO) *a, unsigned char **pp);
+DECLARE_ASN1_FUNCTIONS(USERNOTICE)
-STACK_OF(POLICYINFO) *CERTIFICATEPOLICIES_new(void);
+DECLARE_ASN1_FUNCTIONS(NOTICEREF)
-void CERTIFICATEPOLICIES_free(STACK_OF(POLICYINFO) *a);
-STACK_OF(POLICYINFO) *d2i_CERTIFICATEPOLICIES(STACK_OF(POLICYINFO) **a, unsigned char **pp, long length);
-int i2d_POLICYINFO(POLICYINFO *a, unsigned char **pp);
-POLICYINFO *POLICYINFO_new(void);
-POLICYINFO *d2i_POLICYINFO(POLICYINFO **a, unsigned char **pp, long length);
-void POLICYINFO_free(POLICYINFO *a);
-int i2d_POLICYQUALINFO(POLICYQUALINFO *a, unsigned char **pp);
-POLICYQUALINFO *POLICYQUALINFO_new(void);
-POLICYQUALINFO *d2i_POLICYQUALINFO(POLICYQUALINFO **a, unsigned char **pp,
-                                                                 long length);
-void POLICYQUALINFO_free(POLICYQUALINFO *a);
-int i2d_USERNOTICE(USERNOTICE *a, unsigned char **pp);
-USERNOTICE *USERNOTICE_new(void);
-USERNOTICE *d2i_USERNOTICE(USERNOTICE **a, unsigned char **pp, long length);
-void USERNOTICE_free(USERNOTICE *a);
-int i2d_NOTICEREF(NOTICEREF *a, unsigned char **pp);
-NOTICEREF *NOTICEREF_new(void);
-NOTICEREF *d2i_NOTICEREF(NOTICEREF **a, unsigned char **pp, long length);
-void NOTICEREF_free(NOTICEREF *a);
-int i2d_CRL_DIST_POINTS(STACK_OF(DIST_POINT) *a, unsigned char **pp);
-STACK_OF(DIST_POINT) *CRL_DIST_POINTS_new(void);
-void CRL_DIST_POINTS_free(STACK_OF(DIST_POINT) *a);
-STACK_OF(DIST_POINT) *d2i_CRL_DIST_POINTS(STACK_OF(DIST_POINT) **a,
-                unsigned char **pp,long length);
-int i2d_DIST_POINT(DIST_POINT *a, unsigned char **pp);
-DIST_POINT *DIST_POINT_new(void);
-DIST_POINT *d2i_DIST_POINT(DIST_POINT **a, unsigned char **pp, long length);
-void DIST_POINT_free(DIST_POINT *a);
-int i2d_DIST_POINT_NAME(DIST_POINT_NAME *a, unsigned char **pp);
-DIST_POINT_NAME *DIST_POINT_NAME_new(void);
-void DIST_POINT_NAME_free(DIST_POINT_NAME *a);
-DIST_POINT_NAME *d2i_DIST_POINT_NAME(DIST_POINT_NAME **a, unsigned char **pp,
-             long length);
-int i2d_ACCESS_DESCRIPTION(ACCESS_DESCRIPTION *a, unsigned char **pp);
-ACCESS_DESCRIPTION *ACCESS_DESCRIPTION_new(void);
-void ACCESS_DESCRIPTION_free(ACCESS_DESCRIPTION *a);
-ACCESS_DESCRIPTION *d2i_ACCESS_DESCRIPTION(ACCESS_DESCRIPTION **a, unsigned char **pp,
-             long length);
-STACK_OF(ACCESS_DESCRIPTION) *AUTHORITY_INFO_ACCESS_new(void);
-void AUTHORITY_INFO_ACCESS_free(STACK_OF(ACCESS_DESCRIPTION) *a);
-STACK_OF(ACCESS_DESCRIPTION) *d2i_AUTHORITY_INFO_ACCESS(STACK_OF(ACCESS_DESCRIPTION) **a,
-                                         unsigned char **pp, long length);
-int i2d_AUTHORITY_INFO_ACCESS(STACK_OF(ACCESS_DESCRIPTION) *a, unsigned char **pp);
+DECLARE_ASN1_FUNCTIONS(CRL_DIST_POINTS)
+DECLARE_ASN1_FUNCTIONS(DIST_POINT)
+DECLARE_ASN1_FUNCTIONS(DIST_POINT_NAME)
+DECLARE_ASN1_FUNCTIONS(ACCESS_DESCRIPTION)
+DECLARE_ASN1_FUNCTIONS(AUTHORITY_INFO_ACCESS)
 #ifdef HEADER_CONF_H
 GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, CONF_VALUE *cnf);
 void X509V3_conf_free(CONF_VALUE *val);
+X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, char *value);
+X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name, char *value);
+int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section, STACK_OF(X509_EXTENSION) **sk);
+int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509 *cert);
+int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509_REQ *req);
+int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509_CRL *crl);
 X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid, char *value);
 X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name, char *value);
 int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509 *cert);
 int X509V3_EXT_REQ_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509_REQ *req);
 int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509_CRL *crl);
 int X509V3_add_value_bool_nf(char *name, int asn1_bool,
                                                STACK_OF(CONF_VALUE) **extlist);
 int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool);
 int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint);
+void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf);
 void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH *lhash);
 #endif
@@ -516,11 +507,13 @@ void X509V3_EXT_cleanup(void);
 X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext);
 X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid);
 int X509V3_add_standard_extensions(void);
-STACK_OF(CONF_VALUE) *X509V3_parse_list(char *line);
+STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line);
 void *X509V3_EXT_d2i(X509_EXTENSION *ext);
 void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx);
 X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc);
+int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, int crit, unsigned long flags);
 char *hex_to_string(unsigned char *buffer, long len);
 unsigned char *string_to_hex(char *str, long *len);
@@ -528,10 +521,14 @@ int name_cmp(const char *name, const char *cmp);
 void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent,
                                                                 int ml);
-int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, int flag, int indent);
+int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent);
 int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent);
+int X509V3_extensions_print(BIO *out, char *title, STACK_OF(X509_EXTENSION) *exts, unsigned long flag, int indent);
 int X509_check_purpose(X509 *x, int id, int ca);
+int X509_supported_extension(X509_EXTENSION *ex);
+int X509_PURPOSE_set(int *p, int purpose);
 int X509_check_issued(X509 *issuer, X509 *subject);
 int X509_PURPOSE_get_count(void);
 X509_PURPOSE * X509_PURPOSE_get0(int idx);
@@ -555,6 +552,7 @@ void X509_email_free(STACK *sk);
 /* The following lines are auto generated by the script mkerr.pl. Any changes
 * made after this point may be overwritten when the script is next run.
 */
+void ERR_load_X509V3_strings(void);
 /* Error codes for the X509V3 functions. */
@@ -591,6 +589,7 @@ void X509_email_free(STACK *sk);
 #define X509V3_F_V2I_GENERAL_NAME                        117
 #define X509V3_F_V2I_GENERAL_NAMES                       118
 #define X509V3_F_V3_GENERIC_EXTENSION                    116
+#define X509V3_F_X509V3_ADD_I2D                          140
 #define X509V3_F_X509V3_ADD_VALUE                        105
 #define X509V3_F_X509V3_EXT_ADD                          104
 #define X509V3_F_X509V3_EXT_ADD_ALIAS                    106
@@ -599,6 +598,7 @@ void X509_email_free(STACK *sk);
 #define X509V3_F_X509V3_GET_VALUE_BOOL                   110
 #define X509V3_F_X509V3_PARSE_LIST                       109
 #define X509V3_F_X509_PURPOSE_ADD                        137
+#define X509V3_F_X509_PURPOSE_SET                        141
 /* Reason codes. */
 #define X509V3_R_BAD_IP_ADDRESS                          118
@@ -607,8 +607,10 @@ void X509_email_free(STACK *sk);
 #define X509V3_R_BN_TO_ASN1_INTEGER_ERROR                101
 #define X509V3_R_DUPLICATE_ZONE_ID                       133
 #define X509V3_R_ERROR_CONVERTING_ZONE                   131
+#define X509V3_R_ERROR_CREATING_EXTENSION                144
 #define X509V3_R_ERROR_IN_EXTENSION                      128
 #define X509V3_R_EXPECTED_A_SECTION_NAME                 137
+#define X509V3_R_EXTENSION_EXISTS                        145
 #define X509V3_R_EXTENSION_NAME_ERROR                    115
 #define X509V3_R_EXTENSION_NOT_FOUND                     102
 #define X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED         103
@@ -625,6 +627,7 @@ void X509_email_free(STACK *sk);
 #define X509V3_R_INVALID_OBJECT_IDENTIFIER               110
 #define X509V3_R_INVALID_OPTION                          138
 #define X509V3_R_INVALID_POLICY_IDENTIFIER               134
+#define X509V3_R_INVALID_PURPOSE                         146
 #define X509V3_R_INVALID_SECTION                         135
 #define X509V3_R_INVALID_SYNTAX                          143
 #define X509V3_R_ISSUER_DECODE_ERROR                     126
@@ -650,4 +653,3 @@ void X509_email_free(STACK *sk);
 }
 #endif
 #endif
author	beck <>	2002-05-15 02:29:21 +0000
committer	beck <>	2002-05-15 02:29:21 +0000
commit	b64270d1e45fe7f3241e4c9b6ce60d5ac89bc2e9 (patch)
tree	fa27cf82a1250b64ed3bf5f4a18c7354d470bbcc /src/lib/libcrypto/x509v3
parent	e471e1ea98d673597b182ea85f29e30c97cd08b5 (diff)
download	openbsd-b64270d1e45fe7f3241e4c9b6ce60d5ac89bc2e9.tar.gz openbsd-b64270d1e45fe7f3241e4c9b6ce60d5ac89bc2e9.tar.bz2 openbsd-b64270d1e45fe7f3241e4c9b6ce60d5ac89bc2e9.zip