19 files changed, 1134 insertions, 822 deletions
diff --git a/src/lib/libcrypto/x509/Makefile.ssl b/src/lib/libcrypto/x509/Makefile.ssl
index 79f09d4f71..62243ae812 100644
--- a/src/lib/libcrypto/x509/Makefile.ssl
+++ b/src/lib/libcrypto/x509/Makefile.ssl
@@ -5,13 +5,14 @@
 DIR=    x509
 TOP=    ../..
 CC=     cc
-INCLUDES= -I.. -I../../include
+INCLUDES= -I.. -I$(TOP) -I../../include
 CFLAG=-g
 INSTALL_PREFIX=
 OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=           make -f Makefile.ssl
-MAKEDEPEND=     $(TOP)/util/domd $(TOP)
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
 MAKEFILE=       Makefile.ssl
 AR=             ar r
@@ -24,13 +25,13 @@ APPS=
 LIB=$(TOP)/libcrypto.a
 LIBSRC= x509_def.c x509_d2.c x509_r2x.c x509_cmp.c \
        x509_obj.c x509_req.c x509spki.c x509_vfy.c \
-        x509_set.c x509rset.c x509_err.c \
+        x509_set.c x509cset.c x509rset.c x509_err.c \
        x509name.c x509_v3.c x509_ext.c x509_att.c \
        x509type.c x509_lu.c x_all.c x509_txt.c \
        x509_trs.c by_file.c by_dir.c 
 LIBOBJ= x509_def.o x509_d2.o x509_r2x.o x509_cmp.o \
        x509_obj.o x509_req.o x509spki.o x509_vfy.o \
-        x509_set.o x509rset.o x509_err.o \
+        x509_set.o x509cset.o x509rset.o x509_err.o \
        x509name.o x509_v3.o x509_ext.o x509_att.o \
        x509type.o x509_lu.o x_all.o x509_txt.o \
        x509_trs.o by_file.o by_dir.o
@@ -49,8 +50,7 @@ all:	lib
 lib:    $(LIBOBJ)
        $(AR) $(LIB) $(LIBOBJ)
-        @echo You may get an error following this line.  Please ignore.
+        $(RANLIB) $(LIB) || echo Never mind.
-        - $(RANLIB) $(LIB)
        @touch lib
 files:
@@ -89,433 +89,322 @@ clean:
 # DO NOT DELETE THIS LINE -- make depend depends on it.
-by_dir.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+by_dir.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-by_dir.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+by_dir.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-by_dir.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+by_dir.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
-by_dir.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+by_dir.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-by_dir.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-by_dir.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
 by_dir.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-by_dir.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+by_dir.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-by_dir.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+by_dir.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-by_dir.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+by_dir.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-by_dir.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+by_dir.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
-by_dir.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-by_dir.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-by_dir.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-by_dir.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
 by_dir.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
 by_dir.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 by_dir.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-by_dir.o: ../cryptlib.h
+by_dir.o: ../cryptlib.h by_dir.c
-by_file.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+by_file.o: ../../e_os.h ../../include/openssl/asn1.h
-by_file.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+by_file.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-by_file.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+by_file.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-by_file.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 by_file.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-by_file.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+by_file.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-by_file.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+by_file.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-by_file.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-by_file.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-by_file.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
 by_file.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 by_file.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-by_file.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+by_file.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
-by_file.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+by_file.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
-by_file.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+by_file.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-by_file.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+by_file.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-by_file.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+by_file.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-by_file.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+by_file.o: ../../include/openssl/x509_vfy.h ../cryptlib.h by_file.c
-by_file.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509_att.o: ../../e_os.h ../../include/openssl/asn1.h
-by_file.o: ../cryptlib.h
+x509_att.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-x509_att.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509_att.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
-x509_att.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509_att.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
-x509_att.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509_att.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-x509_att.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
-x509_att.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-x509_att.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-x509_att.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
 x509_att.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x509_att.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x509_att.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-x509_att.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+x509_att.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x509_att.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x509_att.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-x509_att.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_att.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
-x509_att.o: ../../include/openssl/opensslconf.h
+x509_att.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-x509_att.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+x509_att.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-x509_att.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+x509_att.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-x509_att.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+x509_att.o: ../../include/openssl/x509v3.h ../cryptlib.h x509_att.c
-x509_att.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+x509_cmp.o: ../../e_os.h ../../include/openssl/asn1.h
-x509_att.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x509_cmp.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-x509_att.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x509_cmp.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
-x509_att.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+x509_cmp.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
-x509_att.o: ../cryptlib.h
+x509_cmp.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-x509_cmp.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-x509_cmp.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-x509_cmp.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-x509_cmp.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
-x509_cmp.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-x509_cmp.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-x509_cmp.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
 x509_cmp.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x509_cmp.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x509_cmp.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-x509_cmp.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+x509_cmp.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x509_cmp.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x509_cmp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-x509_cmp.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_cmp.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
-x509_cmp.o: ../../include/openssl/opensslconf.h
+x509_cmp.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-x509_cmp.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+x509_cmp.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-x509_cmp.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+x509_cmp.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-x509_cmp.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+x509_cmp.o: ../../include/openssl/x509v3.h ../cryptlib.h x509_cmp.c
-x509_cmp.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+x509_d2.o: ../../e_os.h ../../include/openssl/asn1.h
-x509_cmp.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x509_d2.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-x509_cmp.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x509_d2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-x509_cmp.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-x509_cmp.o: ../cryptlib.h
-x509_d2.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-x509_d2.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-x509_d2.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-x509_d2.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 x509_d2.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-x509_d2.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+x509_d2.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-x509_d2.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509_d2.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-x509_d2.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-x509_d2.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-x509_d2.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
 x509_d2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 x509_d2.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-x509_d2.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x509_d2.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-x509_d2.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x509_d2.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-x509_d2.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x509_d2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x509_d2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509_d2.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x509_d2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x509_d2.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x509_d2.c
-x509_d2.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509_def.o: ../../e_os.h ../../include/openssl/asn1.h
-x509_d2.o: ../cryptlib.h
+x509_def.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-x509_def.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509_def.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-x509_def.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-x509_def.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-x509_def.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 x509_def.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-x509_def.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+x509_def.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-x509_def.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509_def.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-x509_def.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-x509_def.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-x509_def.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
 x509_def.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 x509_def.o: ../../include/openssl/opensslconf.h
-x509_def.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+x509_def.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-x509_def.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+x509_def.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
-x509_def.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+x509_def.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-x509_def.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+x509_def.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-x509_def.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x509_def.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-x509_def.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x509_def.o: ../cryptlib.h x509_def.c
-x509_def.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
 x509_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-x509_err.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509_err.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-x509_err.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509_err.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
-x509_err.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x509_err.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-x509_err.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+x509_err.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x509_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+x509_err.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-x509_err.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-x509_err.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-x509_err.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-x509_err.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 x509_err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x509_err.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+x509_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-x509_err.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+x509_err.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
-x509_err.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+x509_err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-x509_err.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+x509_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-x509_err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x509_err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-x509_err.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x509_err.o: x509_err.c
-x509_err.o: ../../include/openssl/x509_vfy.h
+x509_ext.o: ../../e_os.h ../../include/openssl/asn1.h
-x509_ext.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509_ext.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-x509_ext.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509_ext.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
-x509_ext.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509_ext.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
-x509_ext.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+x509_ext.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-x509_ext.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-x509_ext.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-x509_ext.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
 x509_ext.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x509_ext.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x509_ext.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-x509_ext.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+x509_ext.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x509_ext.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x509_ext.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-x509_ext.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_ext.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
-x509_ext.o: ../../include/openssl/opensslconf.h
+x509_ext.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-x509_ext.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+x509_ext.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-x509_ext.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+x509_ext.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-x509_ext.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+x509_ext.o: ../../include/openssl/x509v3.h ../cryptlib.h x509_ext.c
-x509_ext.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+x509_lu.o: ../../e_os.h ../../include/openssl/asn1.h
-x509_ext.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x509_lu.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-x509_ext.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x509_lu.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
-x509_ext.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+x509_lu.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
-x509_ext.o: ../cryptlib.h
+x509_lu.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-x509_lu.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-x509_lu.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-x509_lu.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-x509_lu.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-x509_lu.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-x509_lu.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
 x509_lu.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x509_lu.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x509_lu.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-x509_lu.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+x509_lu.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x509_lu.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x509_lu.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-x509_lu.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_lu.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
-x509_lu.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-x509_lu.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-x509_lu.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-x509_lu.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
 x509_lu.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
 x509_lu.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 x509_lu.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-x509_lu.o: ../cryptlib.h
+x509_lu.o: ../../include/openssl/x509v3.h ../cryptlib.h x509_lu.c
-x509_obj.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509_obj.o: ../../e_os.h ../../include/openssl/asn1.h
-x509_obj.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509_obj.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-x509_obj.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509_obj.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-x509_obj.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 x509_obj.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-x509_obj.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+x509_obj.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-x509_obj.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509_obj.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-x509_obj.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-x509_obj.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-x509_obj.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
 x509_obj.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 x509_obj.o: ../../include/openssl/opensslconf.h
-x509_obj.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+x509_obj.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-x509_obj.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+x509_obj.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
-x509_obj.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+x509_obj.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-x509_obj.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+x509_obj.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-x509_obj.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x509_obj.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-x509_obj.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x509_obj.o: ../cryptlib.h x509_obj.c
-x509_obj.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+x509_r2x.o: ../../e_os.h ../../include/openssl/asn1.h
-x509_r2x.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509_r2x.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-x509_r2x.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509_r2x.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-x509_r2x.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-x509_r2x.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 x509_r2x.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-x509_r2x.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+x509_r2x.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-x509_r2x.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509_r2x.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-x509_r2x.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-x509_r2x.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-x509_r2x.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
 x509_r2x.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 x509_r2x.o: ../../include/openssl/opensslconf.h
-x509_r2x.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+x509_r2x.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-x509_r2x.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+x509_r2x.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
-x509_r2x.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+x509_r2x.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-x509_r2x.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+x509_r2x.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-x509_r2x.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x509_r2x.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-x509_r2x.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x509_r2x.o: ../cryptlib.h x509_r2x.c
-x509_r2x.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+x509_req.o: ../../e_os.h ../../include/openssl/asn1.h
-x509_req.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509_req.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-x509_req.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509_req.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-x509_req.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-x509_req.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 x509_req.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-x509_req.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+x509_req.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-x509_req.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509_req.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-x509_req.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-x509_req.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-x509_req.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
 x509_req.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 x509_req.o: ../../include/openssl/opensslconf.h
-x509_req.o: ../../include/openssl/opensslv.h ../../include/openssl/pem.h
+x509_req.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-x509_req.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
+x509_req.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
-x509_req.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+x509_req.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
-x509_req.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+x509_req.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-x509_req.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+x509_req.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-x509_req.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x509_req.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-x509_req.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x509_req.o: ../cryptlib.h x509_req.c
-x509_req.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+x509_set.o: ../../e_os.h ../../include/openssl/asn1.h
-x509_set.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509_set.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-x509_set.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509_set.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-x509_set.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-x509_set.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 x509_set.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-x509_set.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+x509_set.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-x509_set.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509_set.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-x509_set.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-x509_set.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-x509_set.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
 x509_set.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 x509_set.o: ../../include/openssl/opensslconf.h
-x509_set.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+x509_set.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-x509_set.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+x509_set.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
-x509_set.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+x509_set.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-x509_set.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+x509_set.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-x509_set.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x509_set.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-x509_set.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x509_set.o: ../cryptlib.h x509_set.c
-x509_set.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+x509_trs.o: ../../e_os.h ../../include/openssl/asn1.h
-x509_trs.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509_trs.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-x509_trs.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509_trs.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
-x509_trs.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509_trs.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
-x509_trs.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+x509_trs.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-x509_trs.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-x509_trs.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-x509_trs.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
 x509_trs.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x509_trs.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x509_trs.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-x509_trs.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+x509_trs.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x509_trs.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x509_trs.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-x509_trs.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_trs.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
-x509_trs.o: ../../include/openssl/opensslconf.h
+x509_trs.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-x509_trs.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+x509_trs.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-x509_trs.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+x509_trs.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-x509_trs.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+x509_trs.o: ../../include/openssl/x509v3.h ../cryptlib.h x509_trs.c
-x509_trs.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+x509_txt.o: ../../e_os.h ../../include/openssl/asn1.h
-x509_trs.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x509_txt.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-x509_trs.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x509_txt.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-x509_trs.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-x509_trs.o: ../cryptlib.h
-x509_txt.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-x509_txt.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-x509_txt.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-x509_txt.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 x509_txt.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-x509_txt.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+x509_txt.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-x509_txt.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509_txt.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-x509_txt.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-x509_txt.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-x509_txt.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
 x509_txt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 x509_txt.o: ../../include/openssl/opensslconf.h
-x509_txt.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+x509_txt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-x509_txt.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+x509_txt.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
-x509_txt.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+x509_txt.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-x509_txt.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+x509_txt.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-x509_txt.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x509_txt.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-x509_txt.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x509_txt.o: ../cryptlib.h x509_txt.c
-x509_txt.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+x509_v3.o: ../../e_os.h ../../include/openssl/asn1.h
-x509_v3.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509_v3.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-x509_v3.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509_v3.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
-x509_v3.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509_v3.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
-x509_v3.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+x509_v3.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-x509_v3.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-x509_v3.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-x509_v3.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
 x509_v3.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x509_v3.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x509_v3.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-x509_v3.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+x509_v3.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x509_v3.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x509_v3.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-x509_v3.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_v3.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
-x509_v3.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-x509_v3.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-x509_v3.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-x509_v3.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
 x509_v3.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
 x509_v3.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 x509_v3.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-x509_v3.o: ../../include/openssl/x509v3.h ../cryptlib.h
+x509_v3.o: ../../include/openssl/x509v3.h ../cryptlib.h x509_v3.c
-x509_vfy.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509_vfy.o: ../../e_os.h ../../include/openssl/asn1.h
-x509_vfy.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509_vfy.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-x509_vfy.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509_vfy.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
-x509_vfy.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+x509_vfy.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
-x509_vfy.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+x509_vfy.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-x509_vfy.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-x509_vfy.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
 x509_vfy.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x509_vfy.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x509_vfy.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-x509_vfy.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+x509_vfy.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x509_vfy.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x509_vfy.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-x509_vfy.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_vfy.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
-x509_vfy.o: ../../include/openssl/opensslconf.h
+x509_vfy.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-x509_vfy.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+x509_vfy.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-x509_vfy.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+x509_vfy.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-x509_vfy.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+x509_vfy.o: ../../include/openssl/x509v3.h ../cryptlib.h x509_vfy.c
-x509_vfy.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+x509cset.o: ../../e_os.h ../../include/openssl/asn1.h
-x509_vfy.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x509cset.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-x509_vfy.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x509cset.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-x509_vfy.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+x509cset.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-x509_vfy.o: ../cryptlib.h
+x509cset.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-x509name.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509cset.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-x509name.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509cset.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-x509name.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509cset.o: ../../include/openssl/opensslconf.h
-x509name.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x509cset.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509cset.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
+x509cset.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509cset.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x509cset.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509cset.o: ../cryptlib.h x509cset.c
+x509name.o: ../../e_os.h ../../include/openssl/asn1.h
+x509name.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+x509name.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 x509name.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-x509name.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+x509name.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-x509name.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509name.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-x509name.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-x509name.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-x509name.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
 x509name.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 x509name.o: ../../include/openssl/opensslconf.h
-x509name.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+x509name.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-x509name.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+x509name.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
-x509name.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+x509name.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-x509name.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+x509name.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-x509name.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x509name.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-x509name.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x509name.o: ../cryptlib.h x509name.c
-x509name.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+x509rset.o: ../../e_os.h ../../include/openssl/asn1.h
-x509rset.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509rset.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-x509rset.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509rset.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-x509rset.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-x509rset.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 x509rset.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-x509rset.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+x509rset.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-x509rset.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509rset.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-x509rset.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-x509rset.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-x509rset.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
 x509rset.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 x509rset.o: ../../include/openssl/opensslconf.h
-x509rset.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+x509rset.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-x509rset.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+x509rset.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
-x509rset.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+x509rset.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-x509rset.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+x509rset.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-x509rset.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x509rset.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-x509rset.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x509rset.o: ../cryptlib.h x509rset.c
-x509rset.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+x509spki.o: ../../e_os.h ../../include/openssl/asn1.h
-x509spki.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+x509spki.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-x509spki.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+x509spki.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-x509spki.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+x509spki.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-x509spki.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-x509spki.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-x509spki.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
 x509spki.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-x509spki.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+x509spki.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-x509spki.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+x509spki.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-x509spki.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+x509spki.o: ../../include/openssl/opensslconf.h
-x509spki.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+x509spki.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-x509spki.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509spki.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
-x509spki.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+x509spki.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-x509spki.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+x509spki.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-x509spki.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+x509spki.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-x509spki.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+x509spki.o: ../cryptlib.h x509spki.c
-x509spki.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x509type.o: ../../e_os.h ../../include/openssl/asn1.h
-x509spki.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x509type.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-x509spki.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+x509type.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-x509type.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-x509type.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-x509type.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-x509type.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 x509type.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-x509type.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+x509type.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-x509type.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509type.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-x509type.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-x509type.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-x509type.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
 x509type.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 x509type.o: ../../include/openssl/opensslconf.h
-x509type.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+x509type.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-x509type.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+x509type.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
-x509type.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+x509type.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-x509type.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+x509type.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-x509type.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x509type.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-x509type.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x509type.o: ../cryptlib.h x509type.c
-x509type.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+x_all.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-x_all.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x_all.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-x_all.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x_all.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
-x_all.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x_all.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-x_all.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-x_all.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-x_all.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
 x_all.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x_all.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x_all.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-x_all.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+x_all.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x_all.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x_all.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-x_all.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_all.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
-x_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-x_all.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-x_all.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-x_all.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
 x_all.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
 x_all.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 x_all.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-x_all.o: ../cryptlib.h
+x_all.o: ../cryptlib.h x_all.c
diff --git a/src/lib/libcrypto/x509/by_file.c b/src/lib/libcrypto/x509/by_file.c
index 78e9240a8d..92e00d2d73 100644
--- a/src/lib/libcrypto/x509/by_file.c
+++ b/src/lib/libcrypto/x509/by_file.c
@@ -66,7 +66,7 @@
 #include <openssl/x509.h>
 #include <openssl/pem.h>
-#ifndef NO_STDIO
+#ifndef OPENSSL_NO_STDIO
 static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc,
        long argl, char **ret);
@@ -294,5 +294,5 @@ int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type)
 }
-#endif /* NO_STDIO */
+#endif /* OPENSSL_NO_STDIO */
diff --git a/src/lib/libcrypto/x509/x509.h b/src/lib/libcrypto/x509/x509.h
index 813c8adffd..c75aa0c717 100644
--- a/src/lib/libcrypto/x509/x509.h
+++ b/src/lib/libcrypto/x509/x509.h
@@ -60,47 +60,46 @@
 #define HEADER_X509_H
 #include <openssl/symhacks.h>
-#ifndef NO_BUFFER
+#ifndef OPENSSL_NO_BUFFER
 #include <openssl/buffer.h>
 #endif
-#ifndef NO_EVP
+#ifndef OPENSSL_NO_EVP
 #include <openssl/evp.h>
 #endif
-#ifndef NO_BIO
+#ifndef OPENSSL_NO_BIO
 #include <openssl/bio.h>
 #endif
 #include <openssl/stack.h>
 #include <openssl/asn1.h>
 #include <openssl/safestack.h>
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 #include <openssl/rsa.h>
 #endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 #include <openssl/dsa.h>
 #endif
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
 #include <openssl/dh.h>
 #endif
+#ifndef OPENSSL_NO_SHA
+#include <openssl/sha.h>
+#endif
 #include <openssl/evp.h>
+#include <openssl/e_os2.h>
+#include <openssl/ossl_typ.h>
 #ifdef  __cplusplus
 extern "C" {
 #endif
-#ifdef WIN32
+#ifdef OPENSSL_SYS_WIN32
 /* Under Win32 this is defined in wincrypt.h */
 #undef X509_NAME
 #endif
-  /* If placed in pkcs12.h, we end up with a circular depency with pkcs7.h */
-#define DECLARE_PKCS12_STACK_OF(type) /* Nothing */
-#define IMPLEMENT_PKCS12_STACK_OF(type) /* Nothing */
 #define X509_FILETYPE_PEM       1
 #define X509_FILETYPE_ASN1      2
 #define X509_FILETYPE_DEFAULT   3
@@ -123,11 +122,11 @@ typedef struct X509_objects_st
        int (*i2a)();
        } X509_OBJECTS;
-typedef struct X509_algor_st
+struct X509_algor_st
        {
        ASN1_OBJECT *algorithm;
        ASN1_TYPE *parameter;
-        } X509_ALGOR;
+        } /* X509_ALGOR */;
 DECLARE_STACK_OF(X509_ALGOR)
 DECLARE_ASN1_SET_OF(X509_ALGOR)
@@ -163,17 +162,17 @@ DECLARE_STACK_OF(X509_NAME_ENTRY)
 DECLARE_ASN1_SET_OF(X509_NAME_ENTRY)
 /* we always keep X509_NAMEs in 2 forms. */
-typedef struct X509_name_st
+struct X509_name_st
        {
        STACK_OF(X509_NAME_ENTRY) *entries;
        int modified;   /* true if 'bytes' needs to be built */
-#ifndef NO_BUFFER
+#ifndef OPENSSL_NO_BUFFER
        BUF_MEM *bytes;
 #else
        char *bytes;
 #endif
        unsigned long hash; /* Keep the hash around for lookups */
-        } X509_NAME;
+        } /* X509_NAME */;
 DECLARE_STACK_OF(X509_NAME)
@@ -182,11 +181,8 @@ DECLARE_STACK_OF(X509_NAME)
 typedef struct X509_extension_st
        {
        ASN1_OBJECT *object;
-        short critical;
+        ASN1_BOOLEAN critical;
-        short netscape_hack;
        ASN1_OCTET_STRING *value;
-        struct v3_ext_method *method;   /* V3 method to use */
-        void *ext_val;                  /* extension value */
        } X509_EXTENSION;
 DECLARE_STACK_OF(X509_EXTENSION)
@@ -196,27 +192,26 @@ DECLARE_ASN1_SET_OF(X509_EXTENSION)
 typedef struct x509_attributes_st
        {
        ASN1_OBJECT *object;
-        int set; /* 1 for a set, 0 for a single item (which is wrong) */
+        int single; /* 0 for a set, 1 for a single item (which is wrong) */
        union   {
                char            *ptr;
-/* 1 */         STACK_OF(ASN1_TYPE) *set;
+/* 0 */         STACK_OF(ASN1_TYPE) *set;
-/* 0 */         ASN1_TYPE       *single;
+/* 1 */         ASN1_TYPE       *single;
                } value;
        } X509_ATTRIBUTE;
 DECLARE_STACK_OF(X509_ATTRIBUTE)
 DECLARE_ASN1_SET_OF(X509_ATTRIBUTE)
 typedef struct X509_req_info_st
        {
-        unsigned char *asn1;
+        ASN1_ENCODING enc;
-        int length;
        ASN1_INTEGER *version;
        X509_NAME *subject;
        X509_PUBKEY *pubkey;
        /*  d=2 hl=2 l=  0 cons: cont: 00 */
        STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */
-        int req_kludge;
        } X509_REQ_INFO;
 typedef struct X509_req_st
@@ -256,7 +251,7 @@ typedef struct x509_cert_aux_st
        STACK_OF(X509_ALGOR) *other;            /* other unspecified info */
        } X509_CERT_AUX;
-typedef struct x509_st
+struct x509_st
        {
        X509_CINF *cert_info;
        X509_ALGOR *sig_alg;
@@ -273,11 +268,11 @@ typedef struct x509_st
        unsigned long ex_nscert;
        ASN1_OCTET_STRING *skid;
        struct AUTHORITY_KEYID_st *akid;
-#ifndef NO_SHA
+#ifndef OPENSSL_NO_SHA
        unsigned char sha1_hash[SHA_DIGEST_LENGTH];
 #endif
        X509_CERT_AUX *aux;
-        } X509;
+        } /* X509 */;
 DECLARE_STACK_OF(X509)
 DECLARE_ASN1_SET_OF(X509)
@@ -304,10 +299,12 @@ DECLARE_STACK_OF(X509_TRUST)
 #define X509_TRUST_SSL_SERVER   3
 #define X509_TRUST_EMAIL        4
 #define X509_TRUST_OBJECT_SIGN  5
+#define X509_TRUST_OCSP_SIGN    6
+#define X509_TRUST_OCSP_REQUEST 7
 /* Keep these up to date! */
 #define X509_TRUST_MIN          1
-#define X509_TRUST_MAX          5
+#define X509_TRUST_MAX          7
 /* trust_flags values */
@@ -320,6 +317,21 @@ DECLARE_STACK_OF(X509_TRUST)
 #define X509_TRUST_REJECTED     2
 #define X509_TRUST_UNTRUSTED    3
+/* Flags for X509_print_ex() */
+#define X509_FLAG_COMPAT                0
+#define X509_FLAG_NO_HEADER             1L
+#define X509_FLAG_NO_VERSION            (1L << 1)
+#define X509_FLAG_NO_SERIAL             (1L << 2)
+#define X509_FLAG_NO_SIGNAME            (1L << 3)
+#define X509_FLAG_NO_ISSUER             (1L << 4)
+#define X509_FLAG_NO_VALIDITY           (1L << 5)
+#define X509_FLAG_NO_SUBJECT            (1L << 6)
+#define X509_FLAG_NO_PUBKEY             (1L << 7)
+#define X509_FLAG_NO_EXTENSIONS         (1L << 8)
+#define X509_FLAG_NO_SIGDUMP            (1L << 9)
+#define X509_FLAG_NO_AUX                (1L << 10)
 /* Flags specific to X509_NAME_print_ex() */    
 /* The field separator information */
@@ -351,6 +363,8 @@ DECLARE_STACK_OF(X509_TRUST)
 #define XN_FLAG_DUMP_UNKNOWN_FIELDS (1 << 24)
+#define XN_FLAG_FN_ALIGN        (1 << 25)       /* Align field names to 20 characters */
 /* Complete set of RFC2253 flags */
 #define XN_FLAG_RFC2253 (ASN1_STRFLGS_RFC2253 | \
@@ -373,7 +387,8 @@ DECLARE_STACK_OF(X509_TRUST)
                        ASN1_STRFLGS_ESC_MSB | \
                        XN_FLAG_SEP_MULTILINE | \
                        XN_FLAG_SPC_EQ | \
-                        XN_FLAG_FN_LN)
+                        XN_FLAG_FN_LN | \
+                        XN_FLAG_FN_ALIGN)
 typedef struct X509_revoked_st
        {
@@ -397,14 +412,14 @@ typedef struct X509_crl_info_st
        STACK_OF(X509_EXTENSION) /* [0] */ *extensions;
        } X509_CRL_INFO;
-typedef struct X509_crl_st
+struct X509_crl_st
        {
        /* actual signature */
        X509_CRL_INFO *crl;
        X509_ALGOR *sig_alg;
        ASN1_BIT_STRING *signature;
        int references;
-        } X509_CRL;
+        } /* X509_CRL */;
 DECLARE_STACK_OF(X509_CRL)
 DECLARE_ASN1_SET_OF(X509_CRL)
@@ -430,7 +445,7 @@ typedef struct private_key_st
        int references;
        } X509_PKEY;
-#ifndef NO_EVP
+#ifndef OPENSSL_NO_EVP
 typedef struct X509_info_st
        {
        X509 *x509;
@@ -686,7 +701,7 @@ extern "C" {
 const char *X509_verify_cert_error_string(long n);
 #ifndef SSLEAY_MACROS
-#ifndef NO_EVP
+#ifndef OPENSSL_NO_EVP
 int X509_verify(X509 *a, EVP_PKEY *r);
 int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r);
@@ -700,11 +715,15 @@ int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey);
 int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki);
+int X509_signature_print(BIO *bp,X509_ALGOR *alg, ASN1_STRING *sig);
 int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md);
 int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md);
 int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md);
 int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md);
+int X509_pubkey_digest(const X509 *data,const EVP_MD *type,
+                unsigned char *md, unsigned int *len);
 int X509_digest(const X509 *data,const EVP_MD *type,
                unsigned char *md, unsigned int *len);
 int X509_CRL_digest(const X509_CRL *data,const EVP_MD *type,
@@ -715,14 +734,14 @@ int X509_NAME_digest(const X509_NAME *data,const EVP_MD *type,
                unsigned char *md, unsigned int *len);
 #endif
-#ifndef NO_FP_API
+#ifndef OPENSSL_NO_FP_API
 X509 *d2i_X509_fp(FILE *fp, X509 **x509);
 int i2d_X509_fp(FILE *fp,X509 *x509);
 X509_CRL *d2i_X509_CRL_fp(FILE *fp,X509_CRL **crl);
 int i2d_X509_CRL_fp(FILE *fp,X509_CRL *crl);
 X509_REQ *d2i_X509_REQ_fp(FILE *fp,X509_REQ **req);
 int i2d_X509_REQ_fp(FILE *fp,X509_REQ *req);
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 RSA *d2i_RSAPrivateKey_fp(FILE *fp,RSA **rsa);
 int i2d_RSAPrivateKey_fp(FILE *fp,RSA *rsa);
 RSA *d2i_RSAPublicKey_fp(FILE *fp,RSA **rsa);
@@ -730,7 +749,7 @@ int i2d_RSAPublicKey_fp(FILE *fp,RSA *rsa);
 RSA *d2i_RSA_PUBKEY_fp(FILE *fp,RSA **rsa);
 int i2d_RSA_PUBKEY_fp(FILE *fp,RSA *rsa);
 #endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa);
 int i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa);
 DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa);
@@ -748,14 +767,14 @@ int i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey);
 EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a);
 #endif
-#ifndef NO_BIO
+#ifndef OPENSSL_NO_BIO
 X509 *d2i_X509_bio(BIO *bp,X509 **x509);
 int i2d_X509_bio(BIO *bp,X509 *x509);
 X509_CRL *d2i_X509_CRL_bio(BIO *bp,X509_CRL **crl);
 int i2d_X509_CRL_bio(BIO *bp,X509_CRL *crl);
 X509_REQ *d2i_X509_REQ_bio(BIO *bp,X509_REQ **req);
 int i2d_X509_REQ_bio(BIO *bp,X509_REQ *req);
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 RSA *d2i_RSAPrivateKey_bio(BIO *bp,RSA **rsa);
 int i2d_RSAPrivateKey_bio(BIO *bp,RSA *rsa);
 RSA *d2i_RSAPublicKey_bio(BIO *bp,RSA **rsa);
@@ -763,7 +782,7 @@ int i2d_RSAPublicKey_bio(BIO *bp,RSA *rsa);
 RSA *d2i_RSA_PUBKEY_bio(BIO *bp,RSA **rsa);
 int i2d_RSA_PUBKEY_bio(BIO *bp,RSA *rsa);
 #endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa);
 int i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa);
 DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa);
@@ -789,7 +808,7 @@ X509_REQ *X509_REQ_dup(X509_REQ *req);
 X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *xn);
 X509_NAME *X509_NAME_dup(X509_NAME *xn);
 X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne);
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 RSA *RSAPublicKey_dup(RSA *rsa);
 RSA *RSAPrivateKey_dup(RSA *rsa);
 #endif
@@ -810,25 +829,12 @@ const char *	X509_get_default_private_dir(void );
 X509_REQ *      X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md);
 X509 *          X509_REQ_to_X509(X509_REQ *r, int days,EVP_PKEY *pkey);
-void ERR_load_X509_strings(void );
-X509_ALGOR *    X509_ALGOR_new(void );
+DECLARE_ASN1_FUNCTIONS(X509_ALGOR)
-void            X509_ALGOR_free(X509_ALGOR *a);
+DECLARE_ASN1_FUNCTIONS(X509_VAL)
-int             i2d_X509_ALGOR(X509_ALGOR *a,unsigned char **pp);
-X509_ALGOR *    d2i_X509_ALGOR(X509_ALGOR **a,unsigned char **pp,
-                        long length);
-X509_VAL *      X509_VAL_new(void );
+DECLARE_ASN1_FUNCTIONS(X509_PUBKEY)
-void            X509_VAL_free(X509_VAL *a);
-int             i2d_X509_VAL(X509_VAL *a,unsigned char **pp);
-X509_VAL *      d2i_X509_VAL(X509_VAL **a,unsigned char **pp,
-                        long length);
-X509_PUBKEY *   X509_PUBKEY_new(void );
-void            X509_PUBKEY_free(X509_PUBKEY *a);
-int             i2d_X509_PUBKEY(X509_PUBKEY *a,unsigned char **pp);
-X509_PUBKEY *   d2i_X509_PUBKEY(X509_PUBKEY **a,unsigned char **pp,
-                        long length);
 int             X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey);
 EVP_PKEY *      X509_PUBKEY_get(X509_PUBKEY *key);
 int             X509_get_pubkey_parameters(EVP_PKEY *pkey,
@@ -836,69 +842,37 @@ int		X509_get_pubkey_parameters(EVP_PKEY *pkey,
 int             i2d_PUBKEY(EVP_PKEY *a,unsigned char **pp);
 EVP_PKEY *      d2i_PUBKEY(EVP_PKEY **a,unsigned char **pp,
                        long length);
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 int             i2d_RSA_PUBKEY(RSA *a,unsigned char **pp);
 RSA *           d2i_RSA_PUBKEY(RSA **a,unsigned char **pp,
                        long length);
 #endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 int             i2d_DSA_PUBKEY(DSA *a,unsigned char **pp);
 DSA *           d2i_DSA_PUBKEY(DSA **a,unsigned char **pp,
                        long length);
 #endif
-X509_SIG *      X509_SIG_new(void );
+DECLARE_ASN1_FUNCTIONS(X509_SIG)
-void            X509_SIG_free(X509_SIG *a);
+DECLARE_ASN1_FUNCTIONS(X509_REQ_INFO)
-int             i2d_X509_SIG(X509_SIG *a,unsigned char **pp);
+DECLARE_ASN1_FUNCTIONS(X509_REQ)
-X509_SIG *      d2i_X509_SIG(X509_SIG **a,unsigned char **pp,long length);
-X509_REQ_INFO *X509_REQ_INFO_new(void);
-void            X509_REQ_INFO_free(X509_REQ_INFO *a);
-int             i2d_X509_REQ_INFO(X509_REQ_INFO *a,unsigned char **pp);
-X509_REQ_INFO *d2i_X509_REQ_INFO(X509_REQ_INFO **a,unsigned char **pp,
-                        long length);
-X509_REQ *      X509_REQ_new(void);
+DECLARE_ASN1_FUNCTIONS(X509_ATTRIBUTE)
-void            X509_REQ_free(X509_REQ *a);
-int             i2d_X509_REQ(X509_REQ *a,unsigned char **pp);
-X509_REQ *      d2i_X509_REQ(X509_REQ **a,unsigned char **pp,long length);
-X509_ATTRIBUTE *X509_ATTRIBUTE_new(void );
-void            X509_ATTRIBUTE_free(X509_ATTRIBUTE *a);
-int             i2d_X509_ATTRIBUTE(X509_ATTRIBUTE *a,unsigned char **pp);
-X509_ATTRIBUTE *d2i_X509_ATTRIBUTE(X509_ATTRIBUTE **a,unsigned char **pp,
-                        long length);
 X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value);
+DECLARE_ASN1_FUNCTIONS(X509_EXTENSION)
-X509_EXTENSION *X509_EXTENSION_new(void );
+DECLARE_ASN1_FUNCTIONS(X509_NAME_ENTRY)
-void            X509_EXTENSION_free(X509_EXTENSION *a);
-int             i2d_X509_EXTENSION(X509_EXTENSION *a,unsigned char **pp);
-X509_EXTENSION *d2i_X509_EXTENSION(X509_EXTENSION **a,unsigned char **pp,
-                        long length);
-X509_NAME_ENTRY *X509_NAME_ENTRY_new(void);
+DECLARE_ASN1_FUNCTIONS(X509_NAME)
-void            X509_NAME_ENTRY_free(X509_NAME_ENTRY *a);
-int             i2d_X509_NAME_ENTRY(X509_NAME_ENTRY *a,unsigned char **pp);
-X509_NAME_ENTRY *d2i_X509_NAME_ENTRY(X509_NAME_ENTRY **a,unsigned char **pp,
-                        long length);
-X509_NAME *     X509_NAME_new(void);
-void            X509_NAME_free(X509_NAME *a);
-int             i2d_X509_NAME(X509_NAME *a,unsigned char **pp);
-X509_NAME *     d2i_X509_NAME(X509_NAME **a,unsigned char **pp,long length);
 int             X509_NAME_set(X509_NAME **xn, X509_NAME *name);
+DECLARE_ASN1_FUNCTIONS(X509_CINF)
-X509_CINF *     X509_CINF_new(void);
+DECLARE_ASN1_FUNCTIONS(X509)
-void            X509_CINF_free(X509_CINF *a);
+DECLARE_ASN1_FUNCTIONS(X509_CERT_AUX)
-int             i2d_X509_CINF(X509_CINF *a,unsigned char **pp);
-X509_CINF *     d2i_X509_CINF(X509_CINF **a,unsigned char **pp,long length);
-X509 *          X509_new(void);
-void            X509_free(X509 *a);
-int             i2d_X509(X509 *a,unsigned char **pp);
-X509 *          d2i_X509(X509 **a,unsigned char **pp,long length);
 int X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
             CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
 int X509_set_ex_data(X509 *r, int idx, void *arg);
@@ -906,60 +880,32 @@ void *X509_get_ex_data(X509 *r, int idx);
 int             i2d_X509_AUX(X509 *a,unsigned char **pp);
 X509 *          d2i_X509_AUX(X509 **a,unsigned char **pp,long length);
-X509_CERT_AUX * X509_CERT_AUX_new(void);
-void            X509_CERT_AUX_free(X509_CERT_AUX *a);
-int             i2d_X509_CERT_AUX(X509_CERT_AUX *a,unsigned char **pp);
-X509_CERT_AUX * d2i_X509_CERT_AUX(X509_CERT_AUX **a,unsigned char **pp,
-                                                                long length);
 int X509_alias_set1(X509 *x, unsigned char *name, int len);
 int X509_keyid_set1(X509 *x, unsigned char *id, int len);
 unsigned char * X509_alias_get0(X509 *x, int *len);
 int (*X509_TRUST_set_default(int (*trust)(int , X509 *, int)))(int, X509 *, int);
+int X509_TRUST_set(int *t, int trust);
 int X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj);
 int X509_add1_reject_object(X509 *x, ASN1_OBJECT *obj);
 void X509_trust_clear(X509 *x);
 void X509_reject_clear(X509 *x);
-X509_REVOKED *  X509_REVOKED_new(void);
+DECLARE_ASN1_FUNCTIONS(X509_REVOKED)
-void            X509_REVOKED_free(X509_REVOKED *a);
+DECLARE_ASN1_FUNCTIONS(X509_CRL_INFO)
-int             i2d_X509_REVOKED(X509_REVOKED *a,unsigned char **pp);
+DECLARE_ASN1_FUNCTIONS(X509_CRL)
-X509_REVOKED *  d2i_X509_REVOKED(X509_REVOKED **a,unsigned char **pp,long length);
-X509_CRL_INFO *X509_CRL_INFO_new(void);
+int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev);
-void            X509_CRL_INFO_free(X509_CRL_INFO *a);
-int             i2d_X509_CRL_INFO(X509_CRL_INFO *a,unsigned char **pp);
-X509_CRL_INFO *d2i_X509_CRL_INFO(X509_CRL_INFO **a,unsigned char **pp,
-                        long length);
-X509_CRL *      X509_CRL_new(void);
-void            X509_CRL_free(X509_CRL *a);
-int             i2d_X509_CRL(X509_CRL *a,unsigned char **pp);
-X509_CRL *      d2i_X509_CRL(X509_CRL **a,unsigned char **pp,long length);
 X509_PKEY *     X509_PKEY_new(void );
 void            X509_PKEY_free(X509_PKEY *a);
 int             i2d_X509_PKEY(X509_PKEY *a,unsigned char **pp);
 X509_PKEY *     d2i_X509_PKEY(X509_PKEY **a,unsigned char **pp,long length);
-NETSCAPE_SPKI * NETSCAPE_SPKI_new(void );
+DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKI)
-void            NETSCAPE_SPKI_free(NETSCAPE_SPKI *a);
+DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKAC)
-int             i2d_NETSCAPE_SPKI(NETSCAPE_SPKI *a,unsigned char **pp);
+DECLARE_ASN1_FUNCTIONS(NETSCAPE_CERT_SEQUENCE)
-NETSCAPE_SPKI * d2i_NETSCAPE_SPKI(NETSCAPE_SPKI **a,unsigned char **pp,
-                        long length);
-NETSCAPE_SPKAC *NETSCAPE_SPKAC_new(void );
+#ifndef OPENSSL_NO_EVP
-void            NETSCAPE_SPKAC_free(NETSCAPE_SPKAC *a);
-int             i2d_NETSCAPE_SPKAC(NETSCAPE_SPKAC *a,unsigned char **pp);
-NETSCAPE_SPKAC *d2i_NETSCAPE_SPKAC(NETSCAPE_SPKAC **a,unsigned char **pp,
-                long length);
-int i2d_NETSCAPE_CERT_SEQUENCE(NETSCAPE_CERT_SEQUENCE *a, unsigned char **pp);
-NETSCAPE_CERT_SEQUENCE *NETSCAPE_CERT_SEQUENCE_new(void);
-NETSCAPE_CERT_SEQUENCE *d2i_NETSCAPE_CERT_SEQUENCE(NETSCAPE_CERT_SEQUENCE **a, unsigned char **pp, long length);
-void NETSCAPE_CERT_SEQUENCE_free(NETSCAPE_CERT_SEQUENCE *a);
-#ifndef NO_EVP
 X509_INFO *     X509_INFO_new(void);
 void            X509_INFO_free(X509_INFO *a);
 char *          X509_NAME_oneline(X509_NAME *a,char *buf,int size);
@@ -973,6 +919,16 @@ int ASN1_digest(int (*i2d)(),const EVP_MD *type,char *data,
 int ASN1_sign(int (*i2d)(), X509_ALGOR *algor1, X509_ALGOR *algor2,
        ASN1_BIT_STRING *signature,
        char *data,EVP_PKEY *pkey, const EVP_MD *type);
+int ASN1_item_digest(const ASN1_ITEM *it,const EVP_MD *type,void *data,
+        unsigned char *md,unsigned int *len);
+int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *algor1,
+        ASN1_BIT_STRING *signature,void *data,EVP_PKEY *pkey);
+int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,
+        ASN1_BIT_STRING *signature,
+        void *data, EVP_PKEY *pkey, const EVP_MD *type);
 #endif
 int             X509_set_version(X509 *x,long version);
@@ -986,6 +942,7 @@ int 		X509_set_notBefore(X509 *x, ASN1_TIME *tm);
 int             X509_set_notAfter(X509 *x, ASN1_TIME *tm);
 int             X509_set_pubkey(X509 *x, EVP_PKEY *pkey);
 EVP_PKEY *      X509_get_pubkey(X509 *x);
+ASN1_BIT_STRING * X509_get0_pubkey_bitstr(const X509 *x);
 int             X509_certificate_type(X509 *x,EVP_PKEY *pubkey /* optional */);
 int             X509_REQ_set_version(X509_REQ *x,long version);
@@ -1008,14 +965,23 @@ X509_ATTRIBUTE *X509_REQ_get_attr(const X509_REQ *req, int loc);
 X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc);
 int X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr);
 int X509_REQ_add1_attr_by_OBJ(X509_REQ *req,
-                        ASN1_OBJECT *obj, int type,
+                        const ASN1_OBJECT *obj, int type,
-                        unsigned char *bytes, int len);
+                        const unsigned char *bytes, int len);
 int X509_REQ_add1_attr_by_NID(X509_REQ *req,
                        int nid, int type,
-                        unsigned char *bytes, int len);
+                        const unsigned char *bytes, int len);
 int X509_REQ_add1_attr_by_txt(X509_REQ *req,
-                        char *attrname, int type,
+                        const char *attrname, int type,
-                        unsigned char *bytes, int len);
+                        const unsigned char *bytes, int len);
+int X509_CRL_set_version(X509_CRL *x, long version);
+int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name);
+int X509_CRL_set_lastUpdate(X509_CRL *x, ASN1_TIME *tm);
+int X509_CRL_set_nextUpdate(X509_CRL *x, ASN1_TIME *tm);
+int X509_CRL_sort(X509_CRL *crl);
+int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial);
+int X509_REVOKED_set_revocationDate(X509_REVOKED *r, ASN1_TIME *tm);
 int             X509_check_private_key(X509 *x509,EVP_PKEY *pkey);
@@ -1033,17 +999,20 @@ int		X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b);
 unsigned long   X509_NAME_hash(X509_NAME *x);
 int             X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b);
-#ifndef NO_FP_API
+#ifndef OPENSSL_NO_FP_API
+int             X509_print_ex_fp(FILE *bp,X509 *x, unsigned long nmflag, unsigned long cflag);
 int             X509_print_fp(FILE *bp,X509 *x);
 int             X509_CRL_print_fp(FILE *bp,X509_CRL *x);
 int             X509_REQ_print_fp(FILE *bp,X509_REQ *req);
 int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, unsigned long flags);
 #endif
-#ifndef NO_BIO
+#ifndef OPENSSL_NO_BIO
 int             X509_NAME_print(BIO *bp, X509_NAME *name, int obase);
 int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, unsigned long flags);
+int             X509_print_ex(BIO *bp,X509 *x, unsigned long nmflag, unsigned long cflag);
 int             X509_print(BIO *bp,X509 *x);
+int             X509_ocspid_print(BIO *bp,X509 *x);
 int             X509_CERT_AUX_print(BIO *bp,X509_CERT_AUX *x, int indent);
 int             X509_CRL_print(BIO *bp,X509_CRL *x);
 int             X509_REQ_print(BIO *bp,X509_REQ *req);
@@ -1104,6 +1073,8 @@ X509_EXTENSION *X509_get_ext(X509 *x, int loc);
 X509_EXTENSION *X509_delete_ext(X509 *x, int loc);
 int             X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc);
 void    *       X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx);
+int             X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit,
+                                                        unsigned long flags);
 int             X509_CRL_get_ext_count(X509_CRL *x);
 int             X509_CRL_get_ext_by_NID(X509_CRL *x, int nid, int lastpos);
@@ -1113,6 +1084,8 @@ X509_EXTENSION *X509_CRL_get_ext(X509_CRL *x, int loc);
 X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc);
 int             X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc);
 void    *       X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, int *idx);
+int             X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value, int crit,
+                                                        unsigned long flags);
 int             X509_REVOKED_get_ext_count(X509_REVOKED *x);
 int             X509_REVOKED_get_ext_by_NID(X509_REVOKED *x, int nid, int lastpos);
@@ -1122,6 +1095,8 @@ X509_EXTENSION *X509_REVOKED_get_ext(X509_REVOKED *x, int loc);
 X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc);
 int             X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc);
 void    *       X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid, int *crit, int *idx);
+int             X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid, void *value, int crit,
+                                                        unsigned long flags);
 X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex,
                        int nid, int crit, ASN1_OCTET_STRING *data);
@@ -1145,22 +1120,22 @@ X509_ATTRIBUTE *X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x, int loc);
 STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x,
                                         X509_ATTRIBUTE *attr);
 STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) **x,
-                        ASN1_OBJECT *obj, int type,
+                        const ASN1_OBJECT *obj, int type,
-                        unsigned char *bytes, int len);
+                        const unsigned char *bytes, int len);
 STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) **x,
                        int nid, int type,
-                        unsigned char *bytes, int len);
+                        const unsigned char *bytes, int len);
 STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) **x,
-                        char *attrname, int type,
+                        const char *attrname, int type,
-                        unsigned char *bytes, int len);
+                        const unsigned char *bytes, int len);
 X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid,
-             int atrtype, void *data, int len);
+             int atrtype, const void *data, int len);
 X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr,
-             ASN1_OBJECT *obj, int atrtype, void *data, int len);
+             const ASN1_OBJECT *obj, int atrtype, const void *data, int len);
 X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr,
-                char *atrname, int type, unsigned char *bytes, int len);
+                const char *atrname, int type, const unsigned char *bytes, int len);
-int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, ASN1_OBJECT *obj);
+int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, const ASN1_OBJECT *obj);
-int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, void *data, int len);
+int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, const void *data, int len);
 void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx,
                                        int atrtype, void *data);
 int X509_ATTRIBUTE_count(X509_ATTRIBUTE *attr);
@@ -1174,31 +1149,17 @@ X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk,X509_NAME *name,
                                     ASN1_INTEGER *serial);
 X509 *X509_find_by_subject(STACK_OF(X509) *sk,X509_NAME *name);
-int i2d_PBEPARAM(PBEPARAM *a, unsigned char **pp);
+DECLARE_ASN1_FUNCTIONS(PBEPARAM)
-PBEPARAM *PBEPARAM_new(void);
+DECLARE_ASN1_FUNCTIONS(PBE2PARAM)
-PBEPARAM *d2i_PBEPARAM(PBEPARAM **a, unsigned char **pp, long length);
+DECLARE_ASN1_FUNCTIONS(PBKDF2PARAM)
-void PBEPARAM_free(PBEPARAM *a);
 X509_ALGOR *PKCS5_pbe_set(int alg, int iter, unsigned char *salt, int saltlen);
 X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
                                         unsigned char *salt, int saltlen);
-int i2d_PBKDF2PARAM(PBKDF2PARAM *a, unsigned char **pp);
-PBKDF2PARAM *PBKDF2PARAM_new(void);
-PBKDF2PARAM *d2i_PBKDF2PARAM(PBKDF2PARAM **a, unsigned char **pp, long length);
-void PBKDF2PARAM_free(PBKDF2PARAM *a);
-int i2d_PBE2PARAM(PBE2PARAM *a, unsigned char **pp);
-PBE2PARAM *PBE2PARAM_new(void);
-PBE2PARAM *d2i_PBE2PARAM(PBE2PARAM **a, unsigned char **pp, long length);
-void PBE2PARAM_free(PBE2PARAM *a);
 /* PKCS#8 utilities */
-int i2d_PKCS8_PRIV_KEY_INFO(PKCS8_PRIV_KEY_INFO *a, unsigned char **pp);
+DECLARE_ASN1_FUNCTIONS(PKCS8_PRIV_KEY_INFO)
-PKCS8_PRIV_KEY_INFO *PKCS8_PRIV_KEY_INFO_new(void);
-PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO(PKCS8_PRIV_KEY_INFO **a,
-                                         unsigned char **pp, long length);
-void PKCS8_PRIV_KEY_INFO_free(PKCS8_PRIV_KEY_INFO *a);
 EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8);
 PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey);
@@ -1220,6 +1181,7 @@ int X509_TRUST_get_trust(X509_TRUST *xp);
 /* The following lines are auto generated by the script mkerr.pl. Any changes
 * made after this point may be overwritten when the script is next run.
 */
+void ERR_load_X509_strings(void);
 /* Error codes for the X509 functions. */
@@ -1258,9 +1220,12 @@ int X509_TRUST_get_trust(X509_TRUST *xp);
 #define X509_F_X509_REQ_TO_X509                          123
 #define X509_F_X509_STORE_ADD_CERT                       124
 #define X509_F_X509_STORE_ADD_CRL                        125
+#define X509_F_X509_STORE_CTX_INIT                       143
+#define X509_F_X509_STORE_CTX_NEW                        142
 #define X509_F_X509_STORE_CTX_PURPOSE_INHERIT            134
 #define X509_F_X509_TO_X509_REQ                          126
 #define X509_F_X509_TRUST_ADD                            133
+#define X509_F_X509_TRUST_SET                            141
 #define X509_F_X509_VERIFY_CERT                          127
 /* Reason codes. */
@@ -1271,6 +1236,7 @@ int X509_TRUST_get_trust(X509_TRUST *xp);
 #define X509_R_ERR_ASN1_LIB                              102
 #define X509_R_INVALID_DIRECTORY                         113
 #define X509_R_INVALID_FIELD_NAME                        119
+#define X509_R_INVALID_TRUST                             123
 #define X509_R_KEY_TYPE_MISMATCH                         115
 #define X509_R_KEY_VALUES_MISMATCH                       116
 #define X509_R_LOADING_CERT_DIR                          103
@@ -1291,4 +1257,3 @@ int X509_TRUST_get_trust(X509_TRUST *xp);
 }
 #endif
 #endif
diff --git a/src/lib/libcrypto/x509/x509_att.c b/src/lib/libcrypto/x509/x509_att.c
index caafde658f..0bae3d32a1 100644
--- a/src/lib/libcrypto/x509/x509_att.c
+++ b/src/lib/libcrypto/x509/x509_att.c
@@ -149,8 +149,8 @@ err2:
 }
 STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) **x,
-                        ASN1_OBJECT *obj, int type,
+                        const ASN1_OBJECT *obj, int type,
-                        unsigned char *bytes, int len)
+                        const unsigned char *bytes, int len)
 {
        X509_ATTRIBUTE *attr;
        STACK_OF(X509_ATTRIBUTE) *ret;
@@ -163,7 +163,7 @@ STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) **x,
 STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) **x,
                        int nid, int type,
-                        unsigned char *bytes, int len)
+                        const unsigned char *bytes, int len)
 {
        X509_ATTRIBUTE *attr;
        STACK_OF(X509_ATTRIBUTE) *ret;
@@ -175,8 +175,8 @@ STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) **x,
 }
 STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) **x,
-                        char *attrname, int type,
+                        const char *attrname, int type,
-                        unsigned char *bytes, int len)
+                        const unsigned char *bytes, int len)
 {
        X509_ATTRIBUTE *attr;
        STACK_OF(X509_ATTRIBUTE) *ret;
@@ -188,7 +188,7 @@ STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) **x,
 }
 X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid,
-             int atrtype, void *data, int len)
+             int atrtype, const void *data, int len)
 {
        ASN1_OBJECT *obj;
        X509_ATTRIBUTE *ret;
@@ -205,7 +205,7 @@ X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid,
 }
 X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr,
-             ASN1_OBJECT *obj, int atrtype, void *data, int len)
+             const ASN1_OBJECT *obj, int atrtype, const void *data, int len)
 {
        X509_ATTRIBUTE *ret;
@@ -234,7 +234,7 @@ err:
 }
 X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr,
-                char *atrname, int type, unsigned char *bytes, int len)
+                const char *atrname, int type, const unsigned char *bytes, int len)
        {
        ASN1_OBJECT *obj;
        X509_ATTRIBUTE *nattr;
@@ -252,7 +252,7 @@ X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr,
        return nattr;
        }
-int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, ASN1_OBJECT *obj)
+int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, const ASN1_OBJECT *obj)
 {
        if ((attr == NULL) || (obj == NULL))
                return(0);
@@ -261,7 +261,7 @@ int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, ASN1_OBJECT *obj)
        return(1);
 }
-int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, void *data, int len)
+int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, const void *data, int len)
 {
        ASN1_TYPE *ttmp;
        ASN1_STRING *stmp;
@@ -283,7 +283,7 @@ int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, void *data, int
        if(!(attr->value.set = sk_ASN1_TYPE_new_null())) goto err;
        if(!(ttmp = ASN1_TYPE_new())) goto err;
        if(!sk_ASN1_TYPE_push(attr->value.set, ttmp)) goto err;
-        attr->set = 1;
+        attr->single = 0;
        ASN1_TYPE_set(ttmp, atype, stmp);
        return 1;
        err:
@@ -293,7 +293,7 @@ int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, void *data, int
 int X509_ATTRIBUTE_count(X509_ATTRIBUTE *attr)
 {
-        if(attr->set) return sk_ASN1_TYPE_num(attr->value.set);
+        if(!attr->single) return sk_ASN1_TYPE_num(attr->value.set);
        if(attr->value.single) return 1;
        return 0;
 }
@@ -321,6 +321,6 @@ ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx)
 {
        if (attr == NULL) return(NULL);
        if(idx >= X509_ATTRIBUTE_count(attr)) return NULL;
-        if(attr->set) return sk_ASN1_TYPE_value(attr->value.set, idx);
+        if(!attr->single) return sk_ASN1_TYPE_value(attr->value.set, idx);
        else return attr->value.single;
 }
diff --git a/src/lib/libcrypto/x509/x509_cmp.c b/src/lib/libcrypto/x509/x509_cmp.c
index 3f9f9b3d47..cd20b6d66f 100644
--- a/src/lib/libcrypto/x509/x509_cmp.c
+++ b/src/lib/libcrypto/x509/x509_cmp.c
@@ -75,24 +75,26 @@ int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b)
        return(X509_NAME_cmp(ai->issuer,bi->issuer));
        }
-#ifndef NO_MD5
+#ifndef OPENSSL_NO_MD5
 unsigned long X509_issuer_and_serial_hash(X509 *a)
        {
        unsigned long ret=0;
-        MD5_CTX ctx;
+        EVP_MD_CTX ctx;
        unsigned char md[16];
        char str[256];
+        EVP_MD_CTX_init(&ctx);
        X509_NAME_oneline(a->cert_info->issuer,str,256);
        ret=strlen(str);
-        MD5_Init(&ctx);
+        EVP_DigestInit_ex(&ctx, EVP_md5(), NULL);
-        MD5_Update(&ctx,(unsigned char *)str,ret);
+        EVP_DigestUpdate(&ctx,(unsigned char *)str,ret);
-        MD5_Update(&ctx,(unsigned char *)a->cert_info->serialNumber->data,
+        EVP_DigestUpdate(&ctx,(unsigned char *)a->cert_info->serialNumber->data,
                (unsigned long)a->cert_info->serialNumber->length);
-        MD5_Final(&(md[0]),&ctx);
+        EVP_DigestFinal_ex(&ctx,&(md[0]),NULL);
        ret=(   ((unsigned long)md[0]     )|((unsigned long)md[1]<<8L)|
                ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)
                )&0xffffffffL;
+        EVP_MD_CTX_cleanup(&ctx);
        return(ret);
        }
 #endif
@@ -137,7 +139,7 @@ unsigned long X509_subject_name_hash(X509 *x)
        return(X509_NAME_hash(x->cert_info->subject));
        }
-#ifndef NO_SHA
+#ifndef OPENSSL_NO_SHA
 /* Compare two certificates: they must be identical for
 * this to work. NB: Although "cmp" operations are generally
 * prototyped to take "const" arguments (eg. for use in
@@ -192,7 +194,7 @@ int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b)
        return(0);
        }
-#ifndef NO_MD5
+#ifndef OPENSSL_NO_MD5
 /* I now DER encode the name and hash it.  Since I cache the DER encoding,
 * this is reasonably efficient. */
 unsigned long X509_NAME_hash(X509_NAME *x)
@@ -200,12 +202,9 @@ unsigned long X509_NAME_hash(X509_NAME *x)
        unsigned long ret=0;
        unsigned char md[16];
-        /* Ensure cached version is up to date */
+        /* Make sure X509_NAME structure contains valid cached encoding */
        i2d_X509_NAME(x,NULL);
-        /* Use cached encoding directly rather than copying: this should
+        EVP_Digest(x->bytes->data, x->bytes->length, md, NULL, EVP_md5(), NULL);
-         * keep libsafe happy.
-         */
-        MD5((unsigned char *)x->bytes->data,x->bytes->length,&(md[0]));
        ret=(   ((unsigned long)md[0]     )|((unsigned long)md[1]<<8L)|
                ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)
@@ -258,6 +257,12 @@ EVP_PKEY *X509_get_pubkey(X509 *x)
        return(X509_PUBKEY_get(x->cert_info->key));
        }
+ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x)
+        {
+        if(!x) return NULL;
+        return x->cert_info->key->public_key;
+        }
 int X509_check_private_key(X509 *x, EVP_PKEY *k)
        {
        EVP_PKEY *xk=NULL;
@@ -271,7 +276,7 @@ int X509_check_private_key(X509 *x, EVP_PKEY *k)
            }
        switch (k->type)
                {
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
        case EVP_PKEY_RSA:
                if (BN_cmp(xk->pkey.rsa->n,k->pkey.rsa->n) != 0
                    || BN_cmp(xk->pkey.rsa->e,k->pkey.rsa->e) != 0)
@@ -281,7 +286,7 @@ int X509_check_private_key(X509 *x, EVP_PKEY *k)
                    }
                break;
 #endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
        case EVP_PKEY_DSA:
                if (BN_cmp(xk->pkey.dsa->pub_key,k->pkey.dsa->pub_key) != 0)
                    {
@@ -290,7 +295,7 @@ int X509_check_private_key(X509 *x, EVP_PKEY *k)
                    }
                break;
 #endif
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
        case EVP_PKEY_DH:
                /* No idea */
                X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_CANT_CHECK_DH_KEY);
diff --git a/src/lib/libcrypto/x509/x509_d2.c b/src/lib/libcrypto/x509/x509_d2.c
index 753d53eb43..51410cfd1a 100644
--- a/src/lib/libcrypto/x509/x509_d2.c
+++ b/src/lib/libcrypto/x509/x509_d2.c
@@ -61,7 +61,7 @@
 #include <openssl/crypto.h>
 #include <openssl/x509.h>
-#ifndef NO_STDIO
+#ifndef OPENSSL_NO_STDIO
 int X509_STORE_set_default_paths(X509_STORE *ctx)
        {
        X509_LOOKUP *lookup;
diff --git a/src/lib/libcrypto/x509/x509_err.c b/src/lib/libcrypto/x509/x509_err.c
index 848add56e9..5bbf4acf76 100644
--- a/src/lib/libcrypto/x509/x509_err.c
+++ b/src/lib/libcrypto/x509/x509_err.c
@@ -63,7 +63,7 @@
 #include <openssl/x509.h>
 /* BEGIN ERROR CODES */
-#ifndef NO_ERR
+#ifndef OPENSSL_NO_ERR
 static ERR_STRING_DATA X509_str_functs[]=
        {
 {ERR_PACK(0,X509_F_ADD_CERT_DIR,0),     "ADD_CERT_DIR"},
@@ -100,9 +100,12 @@ static ERR_STRING_DATA X509_str_functs[]=
 {ERR_PACK(0,X509_F_X509_REQ_TO_X509,0), "X509_REQ_to_X509"},
 {ERR_PACK(0,X509_F_X509_STORE_ADD_CERT,0),      "X509_STORE_add_cert"},
 {ERR_PACK(0,X509_F_X509_STORE_ADD_CRL,0),       "X509_STORE_add_crl"},
+{ERR_PACK(0,X509_F_X509_STORE_CTX_INIT,0),      "X509_STORE_CTX_init"},
+{ERR_PACK(0,X509_F_X509_STORE_CTX_NEW,0),       "X509_STORE_CTX_new"},
 {ERR_PACK(0,X509_F_X509_STORE_CTX_PURPOSE_INHERIT,0),   "X509_STORE_CTX_purpose_inherit"},
 {ERR_PACK(0,X509_F_X509_TO_X509_REQ,0), "X509_to_X509_REQ"},
 {ERR_PACK(0,X509_F_X509_TRUST_ADD,0),   "X509_TRUST_add"},
+{ERR_PACK(0,X509_F_X509_TRUST_SET,0),   "X509_TRUST_set"},
 {ERR_PACK(0,X509_F_X509_VERIFY_CERT,0), "X509_verify_cert"},
 {0,NULL}
        };
@@ -116,6 +119,7 @@ static ERR_STRING_DATA X509_str_reasons[]=
 {X509_R_ERR_ASN1_LIB                     ,"err asn1 lib"},
 {X509_R_INVALID_DIRECTORY                ,"invalid directory"},
 {X509_R_INVALID_FIELD_NAME               ,"invalid field name"},
+{X509_R_INVALID_TRUST                    ,"invalid trust"},
 {X509_R_KEY_TYPE_MISMATCH                ,"key type mismatch"},
 {X509_R_KEY_VALUES_MISMATCH              ,"key values mismatch"},
 {X509_R_LOADING_CERT_DIR                 ,"loading cert dir"},
@@ -143,7 +147,7 @@ void ERR_load_X509_strings(void)
        if (init)
                {
                init=0;
-#ifndef NO_ERR
+#ifndef OPENSSL_NO_ERR
                ERR_load_strings(ERR_LIB_X509,X509_str_functs);
                ERR_load_strings(ERR_LIB_X509,X509_str_reasons);
 #endif
diff --git a/src/lib/libcrypto/x509/x509_ext.c b/src/lib/libcrypto/x509/x509_ext.c
index 2955989807..e7fdacb5e4 100644
--- a/src/lib/libcrypto/x509/x509_ext.c
+++ b/src/lib/libcrypto/x509/x509_ext.c
@@ -101,6 +101,12 @@ void *X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, int *idx)
        return X509V3_get_d2i(x->crl->extensions, nid, crit, idx);
 }
+int X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value, int crit,
+                                                        unsigned long flags)
+{
+        return X509V3_add1_i2d(&x->crl->extensions, nid, value, crit, flags);
+}
 int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc)
        {
        return(X509v3_add_ext(&(x->crl->extensions),ex,loc) != NULL);
@@ -146,6 +152,13 @@ void *X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx)
        return X509V3_get_d2i(x->cert_info->extensions, nid, crit, idx);
 }
+int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit,
+                                                        unsigned long flags)
+{
+        return X509V3_add1_i2d(&x->cert_info->extensions, nid, value, crit,
+                                                        flags);
+}
 int X509_REVOKED_get_ext_count(X509_REVOKED *x)
        {
        return(X509v3_get_ext_count(x->extensions));
@@ -187,5 +200,11 @@ void *X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid, int *crit, int *idx)
        return X509V3_get_d2i(x->extensions, nid, crit, idx);
 }
+int X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid, void *value, int crit,
+                                                        unsigned long flags)
+{
+        return X509V3_add1_i2d(&x->extensions, nid, value, crit, flags);
+}
 IMPLEMENT_STACK_OF(X509_EXTENSION)
 IMPLEMENT_ASN1_SET_OF(X509_EXTENSION)
diff --git a/src/lib/libcrypto/x509/x509_lu.c b/src/lib/libcrypto/x509/x509_lu.c
index 863c738cad..b780dae5e2 100644
--- a/src/lib/libcrypto/x509/x509_lu.c
+++ b/src/lib/libcrypto/x509/x509_lu.c
@@ -60,8 +60,7 @@
 #include "cryptlib.h"
 #include <openssl/lhash.h>
 #include <openssl/x509.h>
+#include <openssl/x509v3.h>
-static STACK_OF(CRYPTO_EX_DATA_FUNCS) *x509_store_meth=NULL;
 X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method)
        {
@@ -185,9 +184,23 @@ X509_STORE *X509_STORE_new(void)
        ret->objs = sk_X509_OBJECT_new(x509_object_cmp);
        ret->cache=1;
        ret->get_cert_methods=sk_X509_LOOKUP_new_null();
-        ret->verify=NULL;
+        ret->verify=0;
-        ret->verify_cb=NULL;
+        ret->verify_cb=0;
-        memset(&ret->ex_data,0,sizeof(CRYPTO_EX_DATA));
+        ret->purpose = 0;
+        ret->trust = 0;
+        ret->flags = 0;
+        ret->get_issuer = 0;
+        ret->check_issued = 0;
+        ret->check_revocation = 0;
+        ret->get_crl = 0;
+        ret->check_crl = 0;
+        ret->cert_crl = 0;
+        ret->cleanup = 0;
+        CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, ret, &ret->ex_data);
        ret->references=1;
        ret->depth=0;
        return ret;
@@ -230,7 +243,7 @@ void X509_STORE_free(X509_STORE *vfy)
        sk_X509_LOOKUP_free(sk);
        sk_X509_OBJECT_pop_free(vfy->objs, cleanup);
-        CRYPTO_free_ex_data(x509_store_meth,vfy,&vfy->ex_data);
+        CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE, vfy, &vfy->ex_data);
        OPENSSL_free(vfy);
        }
@@ -525,5 +538,20 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
        return 0;
 }
+void X509_STORE_set_flags(X509_STORE *ctx, long flags)
+        {
+        ctx->flags |= flags;
+        }
+int X509_STORE_set_purpose(X509_STORE *ctx, int purpose)
+        {
+        return X509_PURPOSE_set(&ctx->purpose, purpose);
+        }
+int X509_STORE_set_trust(X509_STORE *ctx, int trust)
+        {
+        return X509_TRUST_set(&ctx->trust, trust);
+        }
 IMPLEMENT_STACK_OF(X509_LOOKUP)
 IMPLEMENT_STACK_OF(X509_OBJECT)
diff --git a/src/lib/libcrypto/x509/x509_obj.c b/src/lib/libcrypto/x509/x509_obj.c
index f0271fdfa1..1e718f76eb 100644
--- a/src/lib/libcrypto/x509/x509_obj.c
+++ b/src/lib/libcrypto/x509/x509_obj.c
@@ -94,6 +94,7 @@ int i;
                OPENSSL_free(b);
                }
            strncpy(buf,"NO X509_NAME",len);
+            buf[len-1]='\0';
            return buf;
            }
diff --git a/src/lib/libcrypto/x509/x509_req.c b/src/lib/libcrypto/x509/x509_req.c
index 7eca1bd57a..0affa3bf30 100644
--- a/src/lib/libcrypto/x509/x509_req.c
+++ b/src/lib/libcrypto/x509/x509_req.c
@@ -156,9 +156,9 @@ STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req)
        for(i = 0; i < sk_X509_ATTRIBUTE_num(sk); i++) {
                attr = sk_X509_ATTRIBUTE_value(sk, i);
                if(X509_REQ_extension_nid(OBJ_obj2nid(attr->object))) {
-                        if(attr->set && sk_ASN1_TYPE_num(attr->value.set))
+                        if(attr->single) ext = attr->value.single;
+                        else if(sk_ASN1_TYPE_num(attr->value.set))
                                ext = sk_ASN1_TYPE_value(attr->value.set, 0);
-                        else ext = attr->value.single;
                        break;
                }
        }
@@ -199,7 +199,7 @@ int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts,
        if(!(attr->value.set = sk_ASN1_TYPE_new_null())) goto err;
        if(!sk_ASN1_TYPE_push(attr->value.set, at)) goto err;
        at = NULL;
-        attr->set = 1;
+        attr->single = 0;
        attr->object = OBJ_nid2obj(nid);
        if(!sk_X509_ATTRIBUTE_push(req->req_info->attributes, attr)) goto err;
        return 1;
@@ -251,8 +251,8 @@ int X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr)
 }
 int X509_REQ_add1_attr_by_OBJ(X509_REQ *req,
-                        ASN1_OBJECT *obj, int type,
+                        const ASN1_OBJECT *obj, int type,
-                        unsigned char *bytes, int len)
+                        const unsigned char *bytes, int len)
 {
        if(X509at_add1_attr_by_OBJ(&req->req_info->attributes, obj,
                                type, bytes, len)) return 1;
@@ -261,7 +261,7 @@ int X509_REQ_add1_attr_by_OBJ(X509_REQ *req,
 int X509_REQ_add1_attr_by_NID(X509_REQ *req,
                        int nid, int type,
-                        unsigned char *bytes, int len)
+                        const unsigned char *bytes, int len)
 {
        if(X509at_add1_attr_by_NID(&req->req_info->attributes, nid,
                                type, bytes, len)) return 1;
@@ -269,8 +269,8 @@ int X509_REQ_add1_attr_by_NID(X509_REQ *req,
 }
 int X509_REQ_add1_attr_by_txt(X509_REQ *req,
-                        char *attrname, int type,
+                        const char *attrname, int type,
-                        unsigned char *bytes, int len)
+                        const unsigned char *bytes, int len)
 {
        if(X509at_add1_attr_by_txt(&req->req_info->attributes, attrname,
                                type, bytes, len)) return 1;
diff --git a/src/lib/libcrypto/x509/x509_trs.c b/src/lib/libcrypto/x509/x509_trs.c
index 86b3b79dcc..17d69ac005 100644
--- a/src/lib/libcrypto/x509/x509_trs.c
+++ b/src/lib/libcrypto/x509/x509_trs.c
@@ -66,6 +66,7 @@ static int tr_cmp(const X509_TRUST * const *a,
 static void trtable_free(X509_TRUST *p);
 static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags);
+static int trust_1oid(X509_TRUST *trust, X509 *x, int flags);
 static int trust_compat(X509_TRUST *trust, X509 *x, int flags);
 static int obj_trust(int id, X509 *x, int flags);
@@ -79,8 +80,10 @@ static int (*default_trust)(int id, X509 *x, int flags) = obj_trust;
 static X509_TRUST trstandard[] = {
 {X509_TRUST_COMPAT, 0, trust_compat, "compatible", 0, NULL},
 {X509_TRUST_SSL_CLIENT, 0, trust_1oidany, "SSL Client", NID_client_auth, NULL},
-{X509_TRUST_SSL_SERVER, 0, trust_1oidany, "SSL Client", NID_server_auth, NULL},
+{X509_TRUST_SSL_SERVER, 0, trust_1oidany, "SSL Server", NID_server_auth, NULL},
 {X509_TRUST_EMAIL, 0, trust_1oidany, "S/MIME email", NID_email_protect, NULL},
+{X509_TRUST_OCSP_SIGN, 0, trust_1oid, "OCSP responder", NID_OCSP_sign, NULL},
+{X509_TRUST_OCSP_REQUEST, 0, trust_1oid, "OCSP request", NID_ad_OCSP, NULL}
 };
 #define X509_TRUST_COUNT        (sizeof(trstandard)/sizeof(X509_TRUST))
@@ -97,10 +100,10 @@ static int tr_cmp(const X509_TRUST * const *a,
 int (*X509_TRUST_set_default(int (*trust)(int , X509 *, int)))(int, X509 *, int)
 {
-int (*oldtrust)(int , X509 *, int);
+        int (*oldtrust)(int , X509 *, int);
-oldtrust = default_trust;
+        oldtrust = default_trust;
-default_trust = trust;
+        default_trust = trust;
-return oldtrust;
+        return oldtrust;
 }
@@ -141,6 +144,16 @@ int X509_TRUST_get_by_id(int id)
        return idx + X509_TRUST_COUNT;
 }
+int X509_TRUST_set(int *t, int trust)
+{
+        if(X509_TRUST_get_by_id(trust) == -1) {
+                X509err(X509_F_X509_TRUST_SET, X509_R_INVALID_TRUST);
+                return 0;
+        }
+        *t = trust;
+        return 1;
+}
 int X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int),
                                        char *name, int arg1, void *arg2)
 {
@@ -236,6 +249,12 @@ static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags)
        return trust_compat(trust, x, flags);
 }
+static int trust_1oid(X509_TRUST *trust, X509 *x, int flags)
+{
+        if(x->aux) return obj_trust(trust->arg1, x, flags);
+        return X509_TRUST_UNTRUSTED;
+}
 static int trust_compat(X509_TRUST *trust, X509 *x, int flags)
 {
        X509_check_purpose(x, -1, 0);
diff --git a/src/lib/libcrypto/x509/x509_txt.c b/src/lib/libcrypto/x509/x509_txt.c
index cfb478d4bc..4f83db8ba2 100644
--- a/src/lib/libcrypto/x509/x509_txt.c
+++ b/src/lib/libcrypto/x509/x509_txt.c
@@ -83,7 +83,7 @@ const char *X509_verify_cert_error_string(long n)
        case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE:
                return("unable to decrypt certificate's signature");
        case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE:
-                return("unable to decrypt CRL's's signature");
+                return("unable to decrypt CRL's signature");
        case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY:
                return("unable to decode issuer public key");
        case X509_V_ERR_CERT_SIGNATURE_FAILURE:
@@ -95,7 +95,7 @@ const char *X509_verify_cert_error_string(long n)
        case X509_V_ERR_CRL_NOT_YET_VALID:
                return("CRL is not yet valid");
        case X509_V_ERR_CERT_HAS_EXPIRED:
-                return("Certificate has expired");
+                return("certificate has expired");
        case X509_V_ERR_CRL_HAS_EXPIRED:
                return("CRL has expired");
        case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
@@ -141,6 +141,12 @@ const char *X509_verify_cert_error_string(long n)
        case X509_V_ERR_KEYUSAGE_NO_CERTSIGN:
                return("key usage does not include certificate signing");
+        case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER:
+                return("unable to get CRL issuer certificate");
+        case X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION:
+                return("unhandled critical extension");
        default:
                sprintf(buf,"error number %ld",n);
                return(buf);
diff --git a/src/lib/libcrypto/x509/x509_v3.c b/src/lib/libcrypto/x509/x509_v3.c
index 52887986fe..b5f7daa2e5 100644
--- a/src/lib/libcrypto/x509/x509_v3.c
+++ b/src/lib/libcrypto/x509/x509_v3.c
@@ -115,8 +115,8 @@ int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *sk, int crit,
        for ( ; lastpos < n; lastpos++)
                {
                ex=sk_X509_EXTENSION_value(sk,lastpos);
-                if (    (ex->critical && crit) ||
+                if (    ((ex->critical > 0) && crit) ||
-                        (!ex->critical && !crit))
+                        (!(ex->critical <= 0) && !crit))
                        return(lastpos);
                }
        return(-1);
@@ -234,7 +234,7 @@ int X509_EXTENSION_set_object(X509_EXTENSION *ex, ASN1_OBJECT *obj)
 int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit)
        {
        if (ex == NULL) return(0);
-        ex->critical=(crit)?0xFF:0;
+        ex->critical=(crit)?0xFF:-1;
        return(1);
        }
@@ -263,5 +263,6 @@ ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ex)
 int X509_EXTENSION_get_critical(X509_EXTENSION *ex)
        {
        if (ex == NULL) return(0);
-        return(ex->critical);
+        if(ex->critical > 0) return 1;
+        return 0;
        }
diff --git a/src/lib/libcrypto/x509/x509_vfy.c b/src/lib/libcrypto/x509/x509_vfy.c
index 0f4110cc64..db12f7bd35 100644
--- a/src/lib/libcrypto/x509/x509_vfy.c
+++ b/src/lib/libcrypto/x509/x509_vfy.c
@@ -75,15 +75,11 @@ static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer);
 static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x);
 static int check_chain_purpose(X509_STORE_CTX *ctx);
 static int check_trust(X509_STORE_CTX *ctx);
+static int check_revocation(X509_STORE_CTX *ctx);
+static int check_cert(X509_STORE_CTX *ctx);
 static int internal_verify(X509_STORE_CTX *ctx);
 const char *X509_version="X.509" OPENSSL_VERSION_PTEXT;
-static STACK_OF(CRYPTO_EX_DATA_FUNCS) *x509_store_ctx_method=NULL;
-static int x509_store_ctx_num=0;
-#if 0
-static int x509_store_num=1;
-static STACK *x509_store_method=NULL;
-#endif
 static int null_callback(int ok, X509_STORE_CTX *e)
        {
@@ -113,7 +109,6 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
                }
        cb=ctx->verify_cb;
-        if (cb == NULL) cb=null_callback;
        /* first we make sure the chain we are going to build is
         * present and that the first entry is in place */
@@ -299,6 +294,13 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
        /* We may as well copy down any DSA parameters that are required */
        X509_get_pubkey_parameters(NULL,ctx->chain);
+        /* Check revocation status: we do this after copying parameters
+         * because they may be needed for CRL signature verification.
+         */
+        ok = ctx->check_revocation(ctx);
+        if(!ok) goto end;
        /* At this point, we have a chain and just need to verify it */
        if (ctx->verify != NULL)
                ok=ctx->verify(ctx);
@@ -346,8 +348,7 @@ static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer)
        ctx->error = ret;
        ctx->current_cert = x;
        ctx->current_issuer = issuer;
-        if (ctx->verify_cb)
+        return ctx->verify_cb(0, ctx);
-                return ctx->verify_cb(0, ctx);
        return 0;
 }
@@ -372,18 +373,26 @@ static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
 static int check_chain_purpose(X509_STORE_CTX *ctx)
 {
-#ifdef NO_CHAIN_VERIFY
+#ifdef OPENSSL_NO_CHAIN_VERIFY
        return 1;
 #else
        int i, ok=0;
        X509 *x;
        int (*cb)();
        cb=ctx->verify_cb;
-        if (cb == NULL) cb=null_callback;
        /* Check all untrusted certificates */
        for (i = 0; i < ctx->last_untrusted; i++)
                {
                x = sk_X509_value(ctx->chain, i);
+                if (!(ctx->flags & X509_V_FLAG_IGNORE_CRITICAL)
+                        && (x->ex_flags & EXFLAG_CRITICAL))
+                        {
+                        ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION;
+                        ctx->error_depth = i;
+                        ctx->current_cert = x;
+                        ok=cb(0,ctx);
+                        if (!ok) goto end;
+                        }
                if (!X509_check_purpose(x, ctx->purpose, i))
                        {
                        if (i)
@@ -414,21 +423,20 @@ static int check_chain_purpose(X509_STORE_CTX *ctx)
 static int check_trust(X509_STORE_CTX *ctx)
 {
-#ifdef NO_CHAIN_VERIFY
+#ifdef OPENSSL_NO_CHAIN_VERIFY
        return 1;
 #else
        int i, ok;
        X509 *x;
        int (*cb)();
        cb=ctx->verify_cb;
-        if (cb == NULL) cb=null_callback;
 /* For now just check the last certificate in the chain */
        i = sk_X509_num(ctx->chain) - 1;
        x = sk_X509_value(ctx->chain, i);
        ok = X509_check_trust(x, ctx->trust, 0);
        if (ok == X509_TRUST_TRUSTED)
                return 1;
-        ctx->error_depth = sk_X509_num(ctx->chain) - 1;
+        ctx->error_depth = i;
        ctx->current_cert = x;
        if (ok == X509_TRUST_REJECTED)
                ctx->error = X509_V_ERR_CERT_REJECTED;
@@ -439,6 +447,183 @@ static int check_trust(X509_STORE_CTX *ctx)
 #endif
 }
+static int check_revocation(X509_STORE_CTX *ctx)
+        {
+        int i, last, ok;
+        if (!(ctx->flags & X509_V_FLAG_CRL_CHECK))
+                return 1;
+        if (ctx->flags & X509_V_FLAG_CRL_CHECK_ALL)
+                last = 0;
+        else
+                last = sk_X509_num(ctx->chain) - 1;
+        for(i = 0; i <= last; i++)
+                {
+                ctx->error_depth = i;
+                ok = check_cert(ctx);
+                if (!ok) return ok;
+                }
+        return 1;
+        }
+static int check_cert(X509_STORE_CTX *ctx)
+        {
+        X509_CRL *crl = NULL;
+        X509 *x;
+        int ok, cnum;
+        cnum = ctx->error_depth;
+        x = sk_X509_value(ctx->chain, cnum);
+        ctx->current_cert = x;
+        /* Try to retrieve relevant CRL */
+        ok = ctx->get_crl(ctx, &crl, x);
+        /* If error looking up CRL, nothing we can do except
+         * notify callback
+         */
+        if(!ok)
+                {
+                ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL;
+                ok = ctx->verify_cb(0, ctx);
+                goto err;
+                }
+        ctx->current_crl = crl;
+        ok = ctx->check_crl(ctx, crl);
+        if (!ok) goto err;
+        ok = ctx->cert_crl(ctx, crl, x);
+        err:
+        ctx->current_crl = NULL;
+        X509_CRL_free(crl);
+        return ok;
+        }
+/* Retrieve CRL corresponding to certificate: currently just a
+ * subject lookup: maybe use AKID later...
+ * Also might look up any included CRLs too (e.g PKCS#7 signedData).
+ */
+static int get_crl(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x)
+        {
+        int ok;
+        X509_OBJECT xobj;
+        ok = X509_STORE_get_by_subject(ctx, X509_LU_CRL, X509_get_issuer_name(x), &xobj);
+        if (!ok) return 0;
+        *crl = xobj.data.crl;
+        return 1;
+        }
+/* Check CRL validity */
+static int check_crl(X509_STORE_CTX *ctx, X509_CRL *crl)
+        {
+        X509 *issuer = NULL;
+        EVP_PKEY *ikey = NULL;
+        int ok = 0, chnum, cnum, i;
+        time_t *ptime;
+        cnum = ctx->error_depth;
+        chnum = sk_X509_num(ctx->chain) - 1;
+        /* Find CRL issuer: if not last certificate then issuer
+         * is next certificate in chain.
+         */
+        if(cnum < chnum)
+                issuer = sk_X509_value(ctx->chain, cnum + 1);
+        else
+                {
+                issuer = sk_X509_value(ctx->chain, chnum);
+                /* If not self signed, can't check signature */
+                if(!ctx->check_issued(ctx, issuer, issuer))
+                        {
+                        ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER;
+                        ok = ctx->verify_cb(0, ctx);
+                        if(!ok) goto err;
+                        }
+                }
+        if(issuer)
+                {
+                /* Attempt to get issuer certificate public key */
+                ikey = X509_get_pubkey(issuer);
+                if(!ikey)
+                        {
+                        ctx->error=X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY;
+                        ok = ctx->verify_cb(0, ctx);
+                        if (!ok) goto err;
+                        }
+                else
+                        {
+                        /* Verify CRL signature */
+                        if(X509_CRL_verify(crl, ikey) <= 0)
+                                {
+                                ctx->error=X509_V_ERR_CRL_SIGNATURE_FAILURE;
+                                ok = ctx->verify_cb(0, ctx);
+                                if (!ok) goto err;
+                                }
+                        }
+                }
+        /* OK, CRL signature valid check times */
+        if (ctx->flags & X509_V_FLAG_USE_CHECK_TIME)
+                ptime = &ctx->check_time;
+        else
+                ptime = NULL;
+        i=X509_cmp_time(X509_CRL_get_lastUpdate(crl), ptime);
+        if (i == 0)
+                {
+                ctx->error=X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD;
+                ok = ctx->verify_cb(0, ctx);
+                if (!ok) goto err;
+                }
+        if (i > 0)
+                {
+                ctx->error=X509_V_ERR_CRL_NOT_YET_VALID;
+                ok = ctx->verify_cb(0, ctx);
+                if (!ok) goto err;
+                }
+        if(X509_CRL_get_nextUpdate(crl))
+                {
+                i=X509_cmp_time(X509_CRL_get_nextUpdate(crl), ptime);
+                if (i == 0)
+                        {
+                        ctx->error=X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD;
+                        ok = ctx->verify_cb(0, ctx);
+                        if (!ok) goto err;
+                        }
+                if (i < 0)
+                        {
+                        ctx->error=X509_V_ERR_CRL_HAS_EXPIRED;
+                        ok = ctx->verify_cb(0, ctx);
+                        if (!ok) goto err;
+                        }
+                }
+        ok = 1;
+        err:
+        EVP_PKEY_free(ikey);
+        return ok;
+        }
+/* Check certificate against CRL */
+static int cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x)
+        {
+        int idx, ok;
+        X509_REVOKED rtmp;
+        /* Look for serial number of certificate in CRL */
+        rtmp.serialNumber = X509_get_serialNumber(x);
+        idx = sk_X509_REVOKED_find(crl->crl->revoked, &rtmp);
+        /* Not found: OK */
+        if(idx == -1) return 1;
+        /* Otherwise revoked: want something cleverer than
+         * this to handle entry extensions in V2 CRLs.
+         */
+        ctx->error = X509_V_ERR_CERT_REVOKED;
+        ok = ctx->verify_cb(0, ctx);
+        return ok;
+        }
 static int internal_verify(X509_STORE_CTX *ctx)
        {
        int i,ok=0,n;
@@ -448,7 +633,6 @@ static int internal_verify(X509_STORE_CTX *ctx)
        int (*cb)();
        cb=ctx->verify_cb;
-        if (cb == NULL) cb=null_callback;
        n=sk_X509_num(ctx->chain);
        ctx->error_depth=n-1;
@@ -491,6 +675,13 @@ static int internal_verify(X509_STORE_CTX *ctx)
                                if (!ok) goto end;
                                }
                        if (X509_verify(xs,pkey) <= 0)
+                                /* XXX  For the final trusted self-signed cert,
+                                 * this is a waste of time.  That check should
+                                 * optional so that e.g. 'openssl x509' can be
+                                 * used to detect invalid self-signatures, but
+                                 * we don't verify again and again in SSL
+                                 * handshakes and the like once the cert has
+                                 * been declared trusted. */
                                {
                                ctx->error=X509_V_ERR_CERT_SIGNATURE_FAILURE;
                                ctx->current_cert=xs;
@@ -539,8 +730,6 @@ static int internal_verify(X509_STORE_CTX *ctx)
                        if (!ok) goto end;
                        }
-                /* CRL CHECK */
                /* The last error (if any) is still in the error value */
                ctx->current_cert=xs;
                ok=(*cb)(1,ctx);
@@ -648,14 +837,16 @@ ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj)
 ASN1_TIME *X509_time_adj(ASN1_TIME *s, long adj, time_t *in_tm)
        {
        time_t t;
+        int type = -1;
        if (in_tm) t = *in_tm;
        else time(&t);
        t+=adj;
-        if (!s) return ASN1_TIME_set(s, t);
+        if (s) type = s->type;
-        if (s->type == V_ASN1_UTCTIME) return ASN1_UTCTIME_set(s,t);
+        if (type == V_ASN1_UTCTIME) return ASN1_UTCTIME_set(s,t);
-        return ASN1_GENERALIZEDTIME_set(s, t);
+        if (type == V_ASN1_GENERALIZEDTIME) return ASN1_GENERALIZEDTIME_set(s, t);
+        return ASN1_TIME_set(s, t);
        }
 int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain)
@@ -702,12 +893,12 @@ int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain)
 int X509_STORE_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
             CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
-        {
+        {
-        x509_store_ctx_num++;
+        /* This function is (usually) called only once, by
-        return CRYPTO_get_ex_new_index(x509_store_ctx_num-1,
+         * SSL_get_ex_data_X509_STORE_CTX_idx (ssl/ssl_cert.c). */
-                &x509_store_ctx_method,
+        return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX, argl, argp,
-                argl,argp,new_func,dup_func,free_func);
+                        new_func, dup_func, free_func);
-        }
+        }
 int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx, void *data)
        {
@@ -831,8 +1022,8 @@ int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
                        }
                }
-        if (purpose) ctx->purpose = purpose;
+        if (purpose && !ctx->purpose) ctx->purpose = purpose;
-        if (trust) ctx->trust = trust;
+        if (trust && !ctx->trust) ctx->trust = trust;
        return 1;
 }
@@ -840,7 +1031,12 @@ X509_STORE_CTX *X509_STORE_CTX_new(void)
 {
        X509_STORE_CTX *ctx;
        ctx = (X509_STORE_CTX *)OPENSSL_malloc(sizeof(X509_STORE_CTX));
-        if (ctx) memset(ctx, 0, sizeof(X509_STORE_CTX));
+        if (!ctx)
+                {
+                X509err(X509_F_X509_STORE_CTX_NEW,ERR_R_MALLOC_FAILURE);
+                return NULL;
+                }
+        memset(ctx, 0, sizeof(X509_STORE_CTX));
        return ctx;
 }
@@ -850,7 +1046,7 @@ void X509_STORE_CTX_free(X509_STORE_CTX *ctx)
        OPENSSL_free(ctx);
 }
-void X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
+int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
             STACK_OF(X509) *chain)
        {
        ctx->ctx=store;
@@ -858,10 +1054,7 @@ void X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
        ctx->cert=x509;
        ctx->untrusted=chain;
        ctx->last_untrusted=0;
-        ctx->purpose=0;
-        ctx->trust=0;
        ctx->check_time=0;
-        ctx->flags=0;
        ctx->other_ctx=NULL;
        ctx->valid=0;
        ctx->chain=NULL;
@@ -870,12 +1063,80 @@ void X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
        ctx->error_depth=0;
        ctx->current_cert=NULL;
        ctx->current_issuer=NULL;
-        ctx->check_issued = check_issued;
-        ctx->get_issuer = X509_STORE_CTX_get1_issuer;
+        /* Inherit callbacks and flags from X509_STORE if not set
-        ctx->verify_cb = store->verify_cb;
+         * use defaults.
-        ctx->verify = store->verify;
+         */
-        ctx->cleanup = 0;
-        memset(&(ctx->ex_data),0,sizeof(CRYPTO_EX_DATA));
+        if (store)
+                {
+                ctx->purpose=store->purpose;
+                ctx->trust=store->trust;
+                ctx->flags = store->flags;
+                ctx->cleanup = store->cleanup;
+                }
+        else
+                {
+                ctx->purpose = 0;
+                ctx->trust = 0;
+                ctx->flags = 0;
+                ctx->cleanup = 0;
+                }
+        if (store && store->check_issued)
+                ctx->check_issued = store->check_issued;
+        else
+                ctx->check_issued = check_issued;
+        if (store && store->get_issuer)
+                ctx->get_issuer = store->get_issuer;
+        else
+                ctx->get_issuer = X509_STORE_CTX_get1_issuer;
+        if (store && store->verify_cb)
+                ctx->verify_cb = store->verify_cb;
+        else
+                ctx->verify_cb = null_callback;
+        if (store && store->verify)
+                ctx->verify = store->verify;
+        else
+                ctx->verify = internal_verify;
+        if (store && store->check_revocation)
+                ctx->check_revocation = store->check_revocation;
+        else
+                ctx->check_revocation = check_revocation;
+        if (store && store->get_crl)
+                ctx->get_crl = store->get_crl;
+        else
+                ctx->get_crl = get_crl;
+        if (store && store->check_crl)
+                ctx->check_crl = store->check_crl;
+        else
+                ctx->check_crl = check_crl;
+        if (store && store->cert_crl)
+                ctx->cert_crl = store->cert_crl;
+        else
+                ctx->cert_crl = cert_crl;
+        /* This memset() can't make any sense anyway, so it's removed. As
+         * X509_STORE_CTX_cleanup does a proper "free" on the ex_data, we put a
+         * corresponding "new" here and remove this bogus initialisation. */
+        /* memset(&(ctx->ex_data),0,sizeof(CRYPTO_EX_DATA)); */
+        if(!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx,
+                                &(ctx->ex_data)))
+                {
+                OPENSSL_free(ctx);
+                X509err(X509_F_X509_STORE_CTX_INIT,ERR_R_MALLOC_FAILURE);
+                return 0;
+                }
+        return 1;
        }
 /* Set alternative lookup method: just a STACK of trusted certificates.
@@ -896,7 +1157,7 @@ void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx)
                sk_X509_pop_free(ctx->chain,X509_free);
                ctx->chain=NULL;
                }
-        CRYPTO_free_ex_data(x509_store_ctx_method,ctx,&(ctx->ex_data));
+        CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx, &(ctx->ex_data));
        memset(&ctx->ex_data,0,sizeof(CRYPTO_EX_DATA));
        }
@@ -911,6 +1172,12 @@ void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, long flags, time_t t)
        ctx->flags |= X509_V_FLAG_USE_CHECK_TIME;
        }
+void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
+                                  int (*verify_cb)(int, X509_STORE_CTX *))
+        {
+        ctx->verify_cb=verify_cb;
+        }
 IMPLEMENT_STACK_OF(X509)
 IMPLEMENT_ASN1_SET_OF(X509)
diff --git a/src/lib/libcrypto/x509/x509_vfy.h b/src/lib/libcrypto/x509/x509_vfy.h
index e289d5309a..f0be21f452 100644
--- a/src/lib/libcrypto/x509/x509_vfy.h
+++ b/src/lib/libcrypto/x509/x509_vfy.h
@@ -65,11 +65,12 @@
 #ifndef HEADER_X509_VFY_H
 #define HEADER_X509_VFY_H
-#ifndef NO_LHASH
+#ifndef OPENSSL_NO_LHASH
 #include <openssl/lhash.h>
 #endif
 #include <openssl/bio.h>
 #include <openssl/crypto.h>
+#include <openssl/symhacks.h>
 #ifdef  __cplusplus
 extern "C" {
@@ -154,12 +155,10 @@ typedef struct x509_lookup_method_st
                            X509_OBJECT *ret);
        } X509_LOOKUP_METHOD;
-typedef struct x509_store_ctx_st X509_STORE_CTX;
 /* This is used to hold everything.  It is used for all certificate
 * validation.  Once we have a certificate chain, the 'verify'
 * function is then called to actually check the cert chain. */
-typedef struct x509_store_st
+struct x509_store_st
        {
        /* The following is a cache of trusted certs */
        int cache;      /* if true, stash any hits */
@@ -167,13 +166,29 @@ typedef struct x509_store_st
        /* These are external lookup methods */
        STACK_OF(X509_LOOKUP) *get_cert_methods;
+        /* The following fields are not used by X509_STORE but are
+         * inherited by X509_STORE_CTX when it is initialised.
+         */
+        unsigned long flags;    /* Various verify flags */
+        int purpose;
+        int trust;
+        /* Callbacks for various operations */
        int (*verify)(X509_STORE_CTX *ctx);     /* called to verify a certificate */
        int (*verify_cb)(int ok,X509_STORE_CTX *ctx);   /* error callback */
+        int (*get_issuer)(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); /* get issuers cert from ctx */
+        int (*check_issued)(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); /* check issued */
+        int (*check_revocation)(X509_STORE_CTX *ctx); /* Check revocation status of chain */
+        int (*get_crl)(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); /* retrieve CRL */
+        int (*check_crl)(X509_STORE_CTX *ctx, X509_CRL *crl); /* Check CRL validity */
+        int (*cert_crl)(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); /* Check certificate against CRL */
+        int (*cleanup)(X509_STORE_CTX *ctx);
        CRYPTO_EX_DATA ex_data;
        int references;
        int depth;              /* how deep to look (still unused -- X509_STORE_CTX's depth is used) */
-        }  X509_STORE;
+        } /* X509_STORE */;
 #define X509_STORE_set_depth(ctx,d)       ((ctx)->depth=(d))
@@ -189,7 +204,7 @@ struct x509_lookup_st
        char *method_data;              /* method data */
        X509_STORE *store_ctx;  /* who owns us */
-        };
+        } /* X509_LOOKUP */;
 /* This is a used when verifying cert chains.  Since the
 * gathering of the cert chain can take some time (and have to be
@@ -213,6 +228,10 @@ struct x509_store_ctx_st      /* X509_STORE_CTX */
        int (*verify_cb)(int ok,X509_STORE_CTX *ctx);           /* error callback */
        int (*get_issuer)(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); /* get issuers cert from ctx */
        int (*check_issued)(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); /* check issued */
+        int (*check_revocation)(X509_STORE_CTX *ctx); /* Check revocation status of chain */
+        int (*get_crl)(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); /* retrieve CRL */
+        int (*check_crl)(X509_STORE_CTX *ctx, X509_CRL *crl); /* Check CRL validity */
+        int (*cert_crl)(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); /* Check certificate against CRL */
        int (*cleanup)(X509_STORE_CTX *ctx);
        /* The following is built up */
@@ -226,9 +245,10 @@ struct x509_store_ctx_st      /* X509_STORE_CTX */
        int error;
        X509 *current_cert;
        X509 *current_issuer;   /* cert currently being tested as valid issuer */
+        X509_CRL *current_crl;  /* current CRL */
        CRYPTO_EX_DATA ex_data;
-        };
+        } /* X509_STORE_CTX */;
 #define X509_STORE_CTX_set_depth(ctx,d)       ((ctx)->depth=(d))
@@ -282,6 +302,9 @@ struct x509_store_ctx_st      /* X509_STORE_CTX */
 #define         X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH          31
 #define         X509_V_ERR_KEYUSAGE_NO_CERTSIGN                 32
+#define         X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER             33
+#define         X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION         34
 /* The application is not happy */
 #define         X509_V_ERR_APPLICATION_VERIFICATION             50
@@ -289,21 +312,9 @@ struct x509_store_ctx_st      /* X509_STORE_CTX */
 #define X509_V_FLAG_CB_ISSUER_CHECK             0x1     /* Send issuer+subject checks to verify_cb */
 #define X509_V_FLAG_USE_CHECK_TIME              0x2     /* Use check time instead of current time */
+#define X509_V_FLAG_CRL_CHECK                   0x4     /* Lookup CRLs */
-                  /* These functions are being redefined in another directory,
+#define X509_V_FLAG_CRL_CHECK_ALL               0x8     /* Lookup CRLs for whole chain */
-                     and clash when the linker is case-insensitive, so let's
+#define X509_V_FLAG_IGNORE_CRITICAL             0x10    /* Ignore unhandled critical extensions */
-                     hide them a little, by giving them an extra 'o' at the
-                     beginning of the name... */
-#ifdef VMS
-#undef X509v3_cleanup_extensions
-#define X509v3_cleanup_extensions oX509v3_cleanup_extensions
-#undef X509v3_add_extension
-#define X509v3_add_extension oX509v3_add_extension
-#undef X509v3_add_netscape_extensions
-#define X509v3_add_netscape_extensions oX509v3_add_netscape_extensions
-#undef X509v3_add_standard_extensions
-#define X509v3_add_standard_extensions oX509v3_add_standard_extensions
-#endif
 int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type,
             X509_NAME *name);
@@ -314,12 +325,16 @@ void X509_OBJECT_free_contents(X509_OBJECT *a);
 X509_STORE *X509_STORE_new(void );
 void X509_STORE_free(X509_STORE *v);
+void X509_STORE_set_flags(X509_STORE *ctx, long flags);
+int X509_STORE_set_purpose(X509_STORE *ctx, int purpose);
+int X509_STORE_set_trust(X509_STORE *ctx, int trust);
 X509_STORE_CTX *X509_STORE_CTX_new(void);
 int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
 void X509_STORE_CTX_free(X509_STORE_CTX *ctx);
-void X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store,
+int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store,
                         X509 *x509, STACK_OF(X509) *chain);
 void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
 void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
@@ -338,7 +353,7 @@ int X509_STORE_get_by_subject(X509_STORE_CTX *vs,int type,X509_NAME *name,
 int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc,
        long argl, char **ret);
-#ifndef NO_STDIO
+#ifndef OPENSSL_NO_STDIO
 int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type);
 int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type);
 int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type);
@@ -358,7 +373,7 @@ int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, char *str,
        int len, X509_OBJECT *ret);
 int X509_LOOKUP_shutdown(X509_LOOKUP *ctx);
-#ifndef NO_STDIO
+#ifndef OPENSSL_NO_STDIO
 int     X509_STORE_load_locations (X509_STORE *ctx,
                const char *file, const char *dir);
 int     X509_STORE_set_default_paths(X509_STORE *ctx);
@@ -382,6 +397,8 @@ int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
                                int purpose, int trust);
 void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, long flags);
 void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, long flags, time_t t);
+void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
+                                  int (*verify_cb)(int, X509_STORE_CTX *));
 #ifdef  __cplusplus
 }
diff --git a/src/lib/libcrypto/x509/x509cset.c b/src/lib/libcrypto/x509/x509cset.c
new file mode 100644
index 0000000000..6cac440ea9
--- /dev/null
+++ b/src/lib/libcrypto/x509/x509cset.c
@@ -0,0 +1,169 @@
+/* crypto/x509/x509cset.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+int X509_CRL_set_version(X509_CRL *x, long version)
+        {
+        if (x == NULL) return(0);
+        if (x->crl->version == NULL)
+                {
+                if ((x->crl->version=M_ASN1_INTEGER_new()) == NULL)
+                        return(0);
+                }
+        return(ASN1_INTEGER_set(x->crl->version,version));
+        }
+int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name)
+        {
+        if ((x == NULL) || (x->crl == NULL)) return(0);
+        return(X509_NAME_set(&x->crl->issuer,name));
+        }
+int X509_CRL_set_lastUpdate(X509_CRL *x, ASN1_TIME *tm)
+        {
+        ASN1_TIME *in;
+        if (x == NULL) return(0);
+        in=x->crl->lastUpdate;
+        if (in != tm)
+                {
+                in=M_ASN1_TIME_dup(tm);
+                if (in != NULL)
+                        {
+                        M_ASN1_TIME_free(x->crl->lastUpdate);
+                        x->crl->lastUpdate=in;
+                        }
+                }
+        return(in != NULL);
+        }
+int X509_CRL_set_nextUpdate(X509_CRL *x, ASN1_TIME *tm)
+        {
+        ASN1_TIME *in;
+        if (x == NULL) return(0);
+        in=x->crl->nextUpdate;
+        if (in != tm)
+                {
+                in=M_ASN1_TIME_dup(tm);
+                if (in != NULL)
+                        {
+                        M_ASN1_TIME_free(x->crl->nextUpdate);
+                        x->crl->nextUpdate=in;
+                        }
+                }
+        return(in != NULL);
+        }
+int X509_CRL_sort(X509_CRL *c)
+        {
+        int i;
+        X509_REVOKED *r;
+        /* sort the data so it will be written in serial
+         * number order */
+        sk_X509_REVOKED_sort(c->crl->revoked);
+        for (i=0; i<sk_X509_REVOKED_num(c->crl->revoked); i++)
+                {
+                r=sk_X509_REVOKED_value(c->crl->revoked,i);
+                r->sequence=i;
+                }
+        return 1;
+        }
+int X509_REVOKED_set_revocationDate(X509_REVOKED *x, ASN1_TIME *tm)
+        {
+        ASN1_TIME *in;
+        if (x == NULL) return(0);
+        in=x->revocationDate;
+        if (in != tm)
+                {
+                in=M_ASN1_TIME_dup(tm);
+                if (in != NULL)
+                        {
+                        M_ASN1_TIME_free(x->revocationDate);
+                        x->revocationDate=in;
+                        }
+                }
+        return(in != NULL);
+        }
+int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial)
+        {
+        ASN1_INTEGER *in;
+        if (x == NULL) return(0);
+        in=x->serialNumber;
+        if (in != serial)
+                {
+                in=M_ASN1_INTEGER_dup(serial);
+                if (in != NULL)
+                        {
+                        M_ASN1_INTEGER_free(x->serialNumber);
+                        x->serialNumber=in;
+                        }
+                }
+        return(in != NULL);
+        }
diff --git a/src/lib/libcrypto/x509/x509spki.c b/src/lib/libcrypto/x509/x509spki.c
index fd0a534d88..4c3af946ec 100644
--- a/src/lib/libcrypto/x509/x509spki.c
+++ b/src/lib/libcrypto/x509/x509spki.c
@@ -59,7 +59,6 @@
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/x509.h>
-#include <openssl/asn1_mac.h>
 int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey)
 {
diff --git a/src/lib/libcrypto/x509/x_all.c b/src/lib/libcrypto/x509/x_all.c
index 9bd6e2a39b..fb5015cd4d 100644
--- a/src/lib/libcrypto/x509/x_all.c
+++ b/src/lib/libcrypto/x509/x_all.c
@@ -67,224 +67,159 @@
 int X509_verify(X509 *a, EVP_PKEY *r)
        {
-        return(ASN1_verify((int (*)())i2d_X509_CINF,a->sig_alg,
+        return(ASN1_item_verify(ASN1_ITEM_rptr(X509_CINF),a->sig_alg,
-                a->signature,(char *)a->cert_info,r));
+                a->signature,a->cert_info,r));
        }
 int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r)
        {
-        return( ASN1_verify((int (*)())i2d_X509_REQ_INFO,
+        return( ASN1_item_verify(ASN1_ITEM_rptr(X509_REQ_INFO),
-                a->sig_alg,a->signature,(char *)a->req_info,r));
+                a->sig_alg,a->signature,a->req_info,r));
        }
 int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r)
        {
-        return(ASN1_verify((int (*)())i2d_X509_CRL_INFO,
+        return(ASN1_item_verify(ASN1_ITEM_rptr(X509_CRL_INFO),
-                a->sig_alg, a->signature,(char *)a->crl,r));
+                a->sig_alg, a->signature,a->crl,r));
        }
 int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r)
        {
-        return(ASN1_verify((int (*)())i2d_NETSCAPE_SPKAC,
+        return(ASN1_item_verify(ASN1_ITEM_rptr(NETSCAPE_SPKAC),
-                a->sig_algor,a->signature, (char *)a->spkac,r));
+                a->sig_algor,a->signature,a->spkac,r));
        }
 int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)
        {
-        return(ASN1_sign((int (*)())i2d_X509_CINF, x->cert_info->signature,
+        return(ASN1_item_sign(ASN1_ITEM_rptr(X509_CINF), x->cert_info->signature,
-                x->sig_alg, x->signature, (char *)x->cert_info,pkey,md));
+                x->sig_alg, x->signature, x->cert_info,pkey,md));
        }
 int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md)
        {
-        return(ASN1_sign((int (*)())i2d_X509_REQ_INFO,x->sig_alg, NULL,
+        return(ASN1_item_sign(ASN1_ITEM_rptr(X509_REQ_INFO),x->sig_alg, NULL,
-                x->signature, (char *)x->req_info,pkey,md));
+                x->signature, x->req_info,pkey,md));
        }
 int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md)
        {
-        return(ASN1_sign((int (*)())i2d_X509_CRL_INFO,x->crl->sig_alg,
+        return(ASN1_item_sign(ASN1_ITEM_rptr(X509_CRL_INFO),x->crl->sig_alg,
-                x->sig_alg, x->signature, (char *)x->crl,pkey,md));
+                x->sig_alg, x->signature, x->crl,pkey,md));
        }
 int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md)
        {
-        return(ASN1_sign((int (*)())i2d_NETSCAPE_SPKAC, x->sig_algor,NULL,
+        return(ASN1_item_sign(ASN1_ITEM_rptr(NETSCAPE_SPKAC), x->sig_algor,NULL,
-                x->signature, (char *)x->spkac,pkey,md));
+                x->signature, x->spkac,pkey,md));
        }
-X509_ATTRIBUTE *X509_ATTRIBUTE_dup(X509_ATTRIBUTE *xa)
+#ifndef OPENSSL_NO_FP_API
-        {
-        return((X509_ATTRIBUTE *)ASN1_dup((int (*)())i2d_X509_ATTRIBUTE,
-                (char *(*)())d2i_X509_ATTRIBUTE,(char *)xa));
-        }
-X509 *X509_dup(X509 *x509)
-        {
-        return((X509 *)ASN1_dup((int (*)())i2d_X509,
-                (char *(*)())d2i_X509,(char *)x509));
-        }
-X509_EXTENSION *X509_EXTENSION_dup(X509_EXTENSION *ex)
-        {
-        return((X509_EXTENSION *)ASN1_dup(
-                (int (*)())i2d_X509_EXTENSION,
-                (char *(*)())d2i_X509_EXTENSION,(char *)ex));
-        }
-#ifndef NO_FP_API
 X509 *d2i_X509_fp(FILE *fp, X509 **x509)
        {
-        return((X509 *)ASN1_d2i_fp((char *(*)())X509_new,
+        return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509), fp, x509);
-                (char *(*)())d2i_X509, (fp),(unsigned char **)(x509)));
        }
 int i2d_X509_fp(FILE *fp, X509 *x509)
        {
-        return(ASN1_i2d_fp(i2d_X509,fp,(unsigned char *)x509));
+        return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509), fp, x509);
        }
 #endif
 X509 *d2i_X509_bio(BIO *bp, X509 **x509)
        {
-        return((X509 *)ASN1_d2i_bio((char *(*)())X509_new,
+        return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509), bp, x509);
-                (char *(*)())d2i_X509, (bp),(unsigned char **)(x509)));
        }
 int i2d_X509_bio(BIO *bp, X509 *x509)
        {
-        return(ASN1_i2d_bio(i2d_X509,bp,(unsigned char *)x509));
+        return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509), bp, x509);
-        }
-X509_CRL *X509_CRL_dup(X509_CRL *crl)
-        {
-        return((X509_CRL *)ASN1_dup((int (*)())i2d_X509_CRL,
-                (char *(*)())d2i_X509_CRL,(char *)crl));
        }
-#ifndef NO_FP_API
+#ifndef OPENSSL_NO_FP_API
 X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **crl)
        {
-        return((X509_CRL *)ASN1_d2i_fp((char *(*)())
+        return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_CRL), fp, crl);
-                X509_CRL_new,(char *(*)())d2i_X509_CRL, (fp),
-                (unsigned char **)(crl)));
        }
 int i2d_X509_CRL_fp(FILE *fp, X509_CRL *crl)
        {
-        return(ASN1_i2d_fp(i2d_X509_CRL,fp,(unsigned char *)crl));
+        return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509_CRL), fp, crl);
        }
 #endif
 X509_CRL *d2i_X509_CRL_bio(BIO *bp, X509_CRL **crl)
        {
-        return((X509_CRL *)ASN1_d2i_bio((char *(*)())
+        return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_CRL), bp, crl);
-                X509_CRL_new,(char *(*)())d2i_X509_CRL, (bp),
-                (unsigned char **)(crl)));
        }
 int i2d_X509_CRL_bio(BIO *bp, X509_CRL *crl)
        {
-        return(ASN1_i2d_bio(i2d_X509_CRL,bp,(unsigned char *)crl));
+        return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509_CRL), bp, crl);
-        }
-PKCS7 *PKCS7_dup(PKCS7 *p7)
-        {
-        return((PKCS7 *)ASN1_dup((int (*)())i2d_PKCS7,
-                (char *(*)())d2i_PKCS7,(char *)p7));
        }
-#ifndef NO_FP_API
+#ifndef OPENSSL_NO_FP_API
 PKCS7 *d2i_PKCS7_fp(FILE *fp, PKCS7 **p7)
        {
-        return((PKCS7 *)ASN1_d2i_fp((char *(*)())
+        return ASN1_item_d2i_fp(ASN1_ITEM_rptr(PKCS7), fp, p7);
-                PKCS7_new,(char *(*)())d2i_PKCS7, (fp),
-                (unsigned char **)(p7)));
        }
 int i2d_PKCS7_fp(FILE *fp, PKCS7 *p7)
        {
-        return(ASN1_i2d_fp(i2d_PKCS7,fp,(unsigned char *)p7));
+        return ASN1_item_i2d_fp(ASN1_ITEM_rptr(PKCS7), fp, p7);
        }
 #endif
 PKCS7 *d2i_PKCS7_bio(BIO *bp, PKCS7 **p7)
        {
-        return((PKCS7 *)ASN1_d2i_bio((char *(*)())
+        return ASN1_item_d2i_bio(ASN1_ITEM_rptr(PKCS7), bp, p7);
-                PKCS7_new,(char *(*)())d2i_PKCS7, (bp),
-                (unsigned char **)(p7)));
        }
 int i2d_PKCS7_bio(BIO *bp, PKCS7 *p7)
        {
-        return(ASN1_i2d_bio(i2d_PKCS7,bp,(unsigned char *)p7));
+        return ASN1_item_i2d_bio(ASN1_ITEM_rptr(PKCS7), bp, p7);
        }
-X509_REQ *X509_REQ_dup(X509_REQ *req)
+#ifndef OPENSSL_NO_FP_API
-        {
-        return((X509_REQ *)ASN1_dup((int (*)())i2d_X509_REQ,
-                (char *(*)())d2i_X509_REQ,(char *)req));
-        }
-#ifndef NO_FP_API
 X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ **req)
        {
-        return((X509_REQ *)ASN1_d2i_fp((char *(*)())
+        return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_REQ), fp, req);
-                X509_REQ_new, (char *(*)())d2i_X509_REQ, (fp),
-                (unsigned char **)(req)));
        }
 int i2d_X509_REQ_fp(FILE *fp, X509_REQ *req)
        {
-        return(ASN1_i2d_fp(i2d_X509_REQ,fp,(unsigned char *)req));
+        return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509_REQ), fp, req);
        }
 #endif
 X509_REQ *d2i_X509_REQ_bio(BIO *bp, X509_REQ **req)
        {
-        return((X509_REQ *)ASN1_d2i_bio((char *(*)())
+        return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_REQ), bp, req);
-                X509_REQ_new, (char *(*)())d2i_X509_REQ, (bp),
-                (unsigned char **)(req)));
        }
 int i2d_X509_REQ_bio(BIO *bp, X509_REQ *req)
        {
-        return(ASN1_i2d_bio(i2d_X509_REQ,bp,(unsigned char *)req));
+        return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509_REQ), bp, req);
-        }
-#ifndef NO_RSA
-RSA *RSAPublicKey_dup(RSA *rsa)
-        {
-        return((RSA *)ASN1_dup((int (*)())i2d_RSAPublicKey,
-                (char *(*)())d2i_RSAPublicKey,(char *)rsa));
        }
-RSA *RSAPrivateKey_dup(RSA *rsa)
+#ifndef OPENSSL_NO_RSA
-        {
-        return((RSA *)ASN1_dup((int (*)())i2d_RSAPrivateKey,
-                (char *(*)())d2i_RSAPrivateKey,(char *)rsa));
-        }
-#ifndef NO_FP_API
+#ifndef OPENSSL_NO_FP_API
 RSA *d2i_RSAPrivateKey_fp(FILE *fp, RSA **rsa)
        {
-        return((RSA *)ASN1_d2i_fp((char *(*)())
+        return ASN1_item_d2i_fp(ASN1_ITEM_rptr(RSAPrivateKey), fp, rsa);
-                RSA_new,(char *(*)())d2i_RSAPrivateKey, (fp),
-                (unsigned char **)(rsa)));
        }
 int i2d_RSAPrivateKey_fp(FILE *fp, RSA *rsa)
        {
-        return(ASN1_i2d_fp(i2d_RSAPrivateKey,fp,(unsigned char *)rsa));
+        return ASN1_item_i2d_fp(ASN1_ITEM_rptr(RSAPrivateKey), fp, rsa);
        }
 RSA *d2i_RSAPublicKey_fp(FILE *fp, RSA **rsa)
        {
-        return((RSA *)ASN1_d2i_fp((char *(*)())
+        return ASN1_item_d2i_fp(ASN1_ITEM_rptr(RSAPublicKey), fp, rsa);
-                RSA_new,(char *(*)())d2i_RSAPublicKey, (fp),
-                (unsigned char **)(rsa)));
        }
 RSA *d2i_RSA_PUBKEY_fp(FILE *fp, RSA **rsa)
        {
        return((RSA *)ASN1_d2i_fp((char *(*)())
@@ -294,7 +229,7 @@ RSA *d2i_RSA_PUBKEY_fp(FILE *fp, RSA **rsa)
 int i2d_RSAPublicKey_fp(FILE *fp, RSA *rsa)
        {
-        return(ASN1_i2d_fp(i2d_RSAPublicKey,fp,(unsigned char *)rsa));
+        return ASN1_item_i2d_fp(ASN1_ITEM_rptr(RSAPublicKey), fp, rsa);
        }
 int i2d_RSA_PUBKEY_fp(FILE *fp, RSA *rsa)
@@ -305,23 +240,20 @@ int i2d_RSA_PUBKEY_fp(FILE *fp, RSA *rsa)
 RSA *d2i_RSAPrivateKey_bio(BIO *bp, RSA **rsa)
        {
-        return((RSA *)ASN1_d2i_bio((char *(*)())
+        return ASN1_item_d2i_bio(ASN1_ITEM_rptr(RSAPrivateKey), bp, rsa);
-                RSA_new,(char *(*)())d2i_RSAPrivateKey, (bp),
-                (unsigned char **)(rsa)));
        }
 int i2d_RSAPrivateKey_bio(BIO *bp, RSA *rsa)
        {
-        return(ASN1_i2d_bio(i2d_RSAPrivateKey,bp,(unsigned char *)rsa));
+        return ASN1_item_i2d_bio(ASN1_ITEM_rptr(RSAPrivateKey), bp, rsa);
        }
 RSA *d2i_RSAPublicKey_bio(BIO *bp, RSA **rsa)
        {
-        return((RSA *)ASN1_d2i_bio((char *(*)())
+        return ASN1_item_d2i_bio(ASN1_ITEM_rptr(RSAPublicKey), bp, rsa);
-                RSA_new,(char *(*)())d2i_RSAPublicKey, (bp),
-                (unsigned char **)(rsa)));
        }
 RSA *d2i_RSA_PUBKEY_bio(BIO *bp, RSA **rsa)
        {
        return((RSA *)ASN1_d2i_bio((char *(*)())
@@ -331,7 +263,7 @@ RSA *d2i_RSA_PUBKEY_bio(BIO *bp, RSA **rsa)
 int i2d_RSAPublicKey_bio(BIO *bp, RSA *rsa)
        {
-        return(ASN1_i2d_bio(i2d_RSAPublicKey,bp,(unsigned char *)rsa));
+        return ASN1_item_i2d_bio(ASN1_ITEM_rptr(RSAPublicKey), bp, rsa);
        }
 int i2d_RSA_PUBKEY_bio(BIO *bp, RSA *rsa)
@@ -340,8 +272,8 @@ int i2d_RSA_PUBKEY_bio(BIO *bp, RSA *rsa)
        }
 #endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
-#ifndef NO_FP_API
+#ifndef OPENSSL_NO_FP_API
 DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa)
        {
        return((DSA *)ASN1_d2i_fp((char *(*)())
@@ -393,57 +325,48 @@ int i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa)
 #endif
-X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *xn)
+int X509_pubkey_digest(const X509 *data, const EVP_MD *type, unsigned char *md,
-        {
+             unsigned int *len)
-        return((X509_ALGOR *)ASN1_dup((int (*)())i2d_X509_ALGOR,
-        (char *(*)())d2i_X509_ALGOR,(char *)xn));
-        }
-X509_NAME *X509_NAME_dup(X509_NAME *xn)
-        {
-        return((X509_NAME *)ASN1_dup((int (*)())i2d_X509_NAME,
-                (char *(*)())d2i_X509_NAME,(char *)xn));
-        }
-X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne)
        {
-        return((X509_NAME_ENTRY *)ASN1_dup((int (*)())i2d_X509_NAME_ENTRY,
+        ASN1_BIT_STRING *key;
-                (char *(*)())d2i_X509_NAME_ENTRY,(char *)ne));
+        key = X509_get0_pubkey_bitstr(data);
+        if(!key) return 0;
+        return EVP_Digest(key->data, key->length, md, len, type, NULL);
        }
 int X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md,
             unsigned int *len)
        {
-        return(ASN1_digest((int (*)())i2d_X509,type,(char *)data,md,len));
+        return(ASN1_item_digest(ASN1_ITEM_rptr(X509),type,(char *)data,md,len));
        }
 int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type, unsigned char *md,
             unsigned int *len)
        {
-        return(ASN1_digest((int (*)())i2d_X509_CRL,type,(char *)data,md,len));
+        return(ASN1_item_digest(ASN1_ITEM_rptr(X509_CRL),type,(char *)data,md,len));
        }
 int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type, unsigned char *md,
             unsigned int *len)
        {
-        return(ASN1_digest((int (*)())i2d_X509_REQ,type,(char *)data,md,len));
+        return(ASN1_item_digest(ASN1_ITEM_rptr(X509_REQ),type,(char *)data,md,len));
        }
 int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type, unsigned char *md,
             unsigned int *len)
        {
-        return(ASN1_digest((int (*)())i2d_X509_NAME,type,(char *)data,md,len));
+        return(ASN1_item_digest(ASN1_ITEM_rptr(X509_NAME),type,(char *)data,md,len));
        }
 int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data, const EVP_MD *type,
             unsigned char *md, unsigned int *len)
        {
-        return(ASN1_digest((int (*)())i2d_PKCS7_ISSUER_AND_SERIAL,type,
+        return(ASN1_item_digest(ASN1_ITEM_rptr(PKCS7_ISSUER_AND_SERIAL),type,
                (char *)data,md,len));
        }
-#ifndef NO_FP_API
+#ifndef OPENSSL_NO_FP_API
 X509_SIG *d2i_PKCS8_fp(FILE *fp, X509_SIG **p8)
        {
        return((X509_SIG *)ASN1_d2i_fp((char *(*)())X509_SIG_new,
@@ -467,7 +390,7 @@ int i2d_PKCS8_bio(BIO *bp, X509_SIG *p8)
        return(ASN1_i2d_bio(i2d_X509_SIG,bp,(unsigned char *)p8));
        }
-#ifndef NO_FP_API
+#ifndef OPENSSL_NO_FP_API
 PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,
                                                 PKCS8_PRIV_KEY_INFO **p8inf)
        {