38 files changed, 1176 insertions, 456 deletions
diff --git a/src/lib/libcrypto/x509v3/v3_akey.c b/src/lib/libcrypto/x509v3/v3_akey.c
index 2bf515cfdd..2a5c65ea39 100644
--- a/src/lib/libcrypto/x509v3/v3_akey.c
+++ b/src/lib/libcrypto/x509v3/v3_akey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: v3_akey.c,v 1.14 2015/07/29 14:58:34 jsing Exp $ */
+/* $OpenBSD: v3_akey.c,v 1.15 2015/07/29 16:13:48 jsing Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
@@ -71,14 +71,20 @@ static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
    X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values);
 const X509V3_EXT_METHOD v3_akey_id = {
-        NID_authority_key_identifier,
+        .ext_nid = NID_authority_key_identifier,
-        X509V3_EXT_MULTILINE, ASN1_ITEM_ref(AUTHORITY_KEYID),
+        .ext_flags = X509V3_EXT_MULTILINE,
-        0, 0,0, 0,
+        .it = ASN1_ITEM_ref(AUTHORITY_KEYID),
-        0, 0,
+        .ext_new = NULL,
-        (X509V3_EXT_I2V)i2v_AUTHORITY_KEYID,
+        .ext_free = NULL,
-        (X509V3_EXT_V2I)v2i_AUTHORITY_KEYID,
+        .d2i = NULL,
-        0, 0,
+        .i2d = NULL,
-        NULL
+        .i2s = NULL,
+        .s2i = NULL,
+        .i2v = (X509V3_EXT_I2V)i2v_AUTHORITY_KEYID,
+        .v2i = (X509V3_EXT_V2I)v2i_AUTHORITY_KEYID,
+        .i2r = NULL,
+        .r2i = NULL,
+        .usr_data = NULL,
 };
 static
diff --git a/src/lib/libcrypto/x509v3/v3_alt.c b/src/lib/libcrypto/x509v3/v3_alt.c
index 5b0dae2af6..4b3755e4e7 100644
--- a/src/lib/libcrypto/x509v3/v3_alt.c
+++ b/src/lib/libcrypto/x509v3/v3_alt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: v3_alt.c,v 1.23 2015/07/29 14:58:34 jsing Exp $ */
+/* $OpenBSD: v3_alt.c,v 1.24 2015/07/29 16:13:48 jsing Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project.
 */
@@ -74,27 +74,52 @@ static int do_dirname(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx);
 const X509V3_EXT_METHOD v3_alt[] = {
        {
-                NID_subject_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES),
+                .ext_nid = NID_subject_alt_name,
-                0, 0, 0, 0,
+                .ext_flags = 0,
-                0, 0,
+                .it = ASN1_ITEM_ref(GENERAL_NAMES),
-                (X509V3_EXT_I2V)i2v_GENERAL_NAMES,
+                .ext_new = NULL,
-                (X509V3_EXT_V2I)v2i_subject_alt,
+                .ext_free = NULL,
-                NULL, NULL, NULL
+                .d2i = NULL,
+                .i2d = NULL,
+                .i2s = NULL,
+                .s2i = NULL,
+                .i2v = (X509V3_EXT_I2V)i2v_GENERAL_NAMES,
+                .v2i = (X509V3_EXT_V2I)v2i_subject_alt,
+                .i2r = NULL,
+                .r2i = NULL,
+                .usr_data = NULL,
        },
        {
-                NID_issuer_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES),
+                .ext_nid = NID_issuer_alt_name,
-                0, 0, 0, 0,
+                .ext_flags = 0,
-                0, 0,
+                .it = ASN1_ITEM_ref(GENERAL_NAMES),
-                (X509V3_EXT_I2V)i2v_GENERAL_NAMES,
+                .ext_new = NULL,
-                (X509V3_EXT_V2I)v2i_issuer_alt,
+                .ext_free = NULL,
-                NULL, NULL, NULL
+                .d2i = NULL,
+                .i2d = NULL,
+                .i2s = NULL,
+                .s2i = NULL,
+                .i2v = (X509V3_EXT_I2V)i2v_GENERAL_NAMES,
+                .v2i = (X509V3_EXT_V2I)v2i_issuer_alt,
+                .i2r = NULL,
+                .r2i = NULL,
+                .usr_data = NULL,
        },
        {
-                NID_certificate_issuer, 0, ASN1_ITEM_ref(GENERAL_NAMES),
+                .ext_nid = NID_certificate_issuer,
-                0, 0, 0, 0,
+                .ext_flags = 0,
-                0, 0,
+                .it = ASN1_ITEM_ref(GENERAL_NAMES),
-                (X509V3_EXT_I2V)i2v_GENERAL_NAMES,
+                .ext_new = NULL,
-                NULL, NULL, NULL, NULL
+                .ext_free = NULL,
+                .d2i = NULL,
+                .i2d = NULL,
+                .i2s = NULL,
+                .s2i = NULL,
+                .i2v = (X509V3_EXT_I2V)i2v_GENERAL_NAMES,
+                .v2i = NULL,
+                .i2r = NULL,
+                .r2i = NULL,
+                .usr_data = NULL,
        },
 };
diff --git a/src/lib/libcrypto/x509v3/v3_bcons.c b/src/lib/libcrypto/x509v3/v3_bcons.c
index eea63b760a..292705a8d6 100644
--- a/src/lib/libcrypto/x509v3/v3_bcons.c
+++ b/src/lib/libcrypto/x509v3/v3_bcons.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: v3_bcons.c,v 1.12 2015/07/25 16:00:14 jsing Exp $ */
+/* $OpenBSD: v3_bcons.c,v 1.13 2015/07/29 16:13:48 jsing Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
@@ -71,14 +71,20 @@ static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method,
    X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values);
 const X509V3_EXT_METHOD v3_bcons = {
-        NID_basic_constraints, 0,
+        .ext_nid = NID_basic_constraints,
-        ASN1_ITEM_ref(BASIC_CONSTRAINTS),
+        .ext_flags = 0,
-        0, 0, 0, 0,
+        .it = ASN1_ITEM_ref(BASIC_CONSTRAINTS),
-        0, 0,
+        .ext_new = NULL,
-        (X509V3_EXT_I2V)i2v_BASIC_CONSTRAINTS,
+        .ext_free = NULL,
-        (X509V3_EXT_V2I)v2i_BASIC_CONSTRAINTS,
+        .d2i = NULL,
-        NULL, NULL,
+        .i2d = NULL,
-        NULL
+        .i2s = NULL,
+        .s2i = NULL,
+        .i2v = (X509V3_EXT_I2V)i2v_BASIC_CONSTRAINTS,
+        .v2i = (X509V3_EXT_V2I)v2i_BASIC_CONSTRAINTS,
+        .i2r = NULL,
+        .r2i = NULL,
+        .usr_data = NULL,
 };
 static const ASN1_TEMPLATE BASIC_CONSTRAINTS_seq_tt[] = {
diff --git a/src/lib/libcrypto/x509v3/v3_bitst.c b/src/lib/libcrypto/x509v3/v3_bitst.c
index c0c6ad3d8c..894608fadb 100644
--- a/src/lib/libcrypto/x509v3/v3_bitst.c
+++ b/src/lib/libcrypto/x509v3/v3_bitst.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: v3_bitst.c,v 1.10 2014/07/11 08:44:49 jsing Exp $ */
+/* $OpenBSD: v3_bitst.c,v 1.11 2015/07/29 16:13:48 jsing Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
@@ -88,11 +88,39 @@ static BIT_STRING_BITNAME key_usage_type_table[] = {
        {-1, NULL, NULL}
 };
+const X509V3_EXT_METHOD v3_nscert = {
+        .ext_nid = NID_netscape_cert_type,
+        .ext_flags = 0,
+        .it = ASN1_ITEM_ref(ASN1_BIT_STRING),
+        .ext_new = NULL,
+        .ext_free = NULL,
+        .d2i = NULL,
+        .i2d = NULL,
+        .i2s = NULL,
+        .s2i = NULL,
+        .i2v = (X509V3_EXT_I2V)i2v_ASN1_BIT_STRING,
+        .v2i = (X509V3_EXT_V2I)v2i_ASN1_BIT_STRING,
+        .i2r = NULL,
+        .r2i = NULL,
+        .usr_data = ns_cert_type_table,
+};
-const X509V3_EXT_METHOD v3_nscert =
+const X509V3_EXT_METHOD v3_key_usage = {
-    EXT_BITSTRING(NID_netscape_cert_type, ns_cert_type_table);
+        .ext_nid = NID_key_usage,
-const X509V3_EXT_METHOD v3_key_usage =
+        .ext_flags = 0,
-    EXT_BITSTRING(NID_key_usage, key_usage_type_table);
+        .it = ASN1_ITEM_ref(ASN1_BIT_STRING),
+        .ext_new = NULL,
+        .ext_free = NULL,
+        .d2i = NULL,
+        .i2d = NULL,
+        .i2s = NULL,
+        .s2i = NULL,
+        .i2v = (X509V3_EXT_I2V)i2v_ASN1_BIT_STRING,
+        .v2i = (X509V3_EXT_V2I)v2i_ASN1_BIT_STRING,
+        .i2r = NULL,
+        .r2i = NULL,
+        .usr_data = key_usage_type_table,
+};
 STACK_OF(CONF_VALUE) *
 i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, ASN1_BIT_STRING *bits,
diff --git a/src/lib/libcrypto/x509v3/v3_cpols.c b/src/lib/libcrypto/x509v3/v3_cpols.c
index 4244f03851..cea82afde9 100644
--- a/src/lib/libcrypto/x509v3/v3_cpols.c
+++ b/src/lib/libcrypto/x509v3/v3_cpols.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: v3_cpols.c,v 1.21 2015/07/25 16:00:14 jsing Exp $ */
+/* $OpenBSD: v3_cpols.c,v 1.22 2015/07/29 16:13:48 jsing Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
@@ -83,13 +83,20 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
 static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos);
 const X509V3_EXT_METHOD v3_cpols = {
-        NID_certificate_policies, 0, ASN1_ITEM_ref(CERTIFICATEPOLICIES),
+        .ext_nid = NID_certificate_policies,
-        0, 0, 0, 0,
+        .ext_flags = 0,
-        0, 0,
+        .it = ASN1_ITEM_ref(CERTIFICATEPOLICIES),
-        0, 0,
+        .ext_new = NULL,
-        (X509V3_EXT_I2R)i2r_certpol,
+        .ext_free = NULL,
-        (X509V3_EXT_R2I)r2i_certpol,
+        .d2i = NULL,
-        NULL
+        .i2d = NULL,
+        .i2s = NULL,
+        .s2i = NULL,
+        .i2v = NULL,
+        .v2i = NULL,
+        .i2r = (X509V3_EXT_I2R)i2r_certpol,
+        .r2i = (X509V3_EXT_R2I)r2i_certpol,
+        .usr_data = NULL,
 };
 static const ASN1_TEMPLATE CERTIFICATEPOLICIES_item_tt = {
diff --git a/src/lib/libcrypto/x509v3/v3_crld.c b/src/lib/libcrypto/x509v3/v3_crld.c
index 9055a41289..a72d0ab500 100644
--- a/src/lib/libcrypto/x509v3/v3_crld.c
+++ b/src/lib/libcrypto/x509v3/v3_crld.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: v3_crld.c,v 1.18 2015/07/25 16:14:29 jsing Exp $ */
+/* $OpenBSD: v3_crld.c,v 1.19 2015/07/29 16:13:48 jsing Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
@@ -71,23 +71,37 @@ static int i2r_crldp(const X509V3_EXT_METHOD *method, void *pcrldp, BIO *out,
    int indent);
 const X509V3_EXT_METHOD v3_crld = {
-        NID_crl_distribution_points, 0, ASN1_ITEM_ref(CRL_DIST_POINTS),
+        .ext_nid = NID_crl_distribution_points,
-        0, 0, 0, 0,
+        .ext_flags = 0,
-        0, 0,
+        .it = ASN1_ITEM_ref(CRL_DIST_POINTS),
-        0,
+        .ext_new = NULL,
-        v2i_crld,
+        .ext_free = NULL,
-        i2r_crldp, 0,
+        .d2i = NULL,
-        NULL
+        .i2d = NULL,
+        .i2s = NULL,
+        .s2i = NULL,
+        .i2v = NULL,
+        .v2i = v2i_crld,
+        .i2r = i2r_crldp,
+        .r2i = NULL,
+        .usr_data = NULL,
 };
 const X509V3_EXT_METHOD v3_freshest_crl = {
-        NID_freshest_crl, 0, ASN1_ITEM_ref(CRL_DIST_POINTS),
+        .ext_nid = NID_freshest_crl,
-        0, 0, 0, 0,
+        .ext_flags = 0,
-        0, 0,
+        .it = ASN1_ITEM_ref(CRL_DIST_POINTS),
-        0,
+        .ext_new = NULL,
-        v2i_crld,
+        .ext_free = NULL,
-        i2r_crldp, 0,
+        .d2i = NULL,
-        NULL
+        .i2d = NULL,
+        .i2s = NULL,
+        .s2i = NULL,
+        .i2v = NULL,
+        .v2i = v2i_crld,
+        .i2r = i2r_crldp,
+        .r2i = NULL,
+        .usr_data = NULL,
 };
 static
diff --git a/src/lib/libcrypto/x509v3/v3_enum.c b/src/lib/libcrypto/x509v3/v3_enum.c
index c09601edad..7f35a57012 100644
--- a/src/lib/libcrypto/x509v3/v3_enum.c
+++ b/src/lib/libcrypto/x509v3/v3_enum.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: v3_enum.c,v 1.10 2014/07/13 16:03:10 beck Exp $ */
+/* $OpenBSD: v3_enum.c,v 1.11 2015/07/29 16:13:48 jsing Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
@@ -76,12 +76,20 @@ static ENUMERATED_NAMES crl_reasons[] = {
 };
 const X509V3_EXT_METHOD v3_crl_reason = {
-        NID_crl_reason, 0, ASN1_ITEM_ref(ASN1_ENUMERATED),
+        .ext_nid = NID_crl_reason,
-        0, 0, 0, 0,
+        .ext_flags = 0,
-        (X509V3_EXT_I2S)i2s_ASN1_ENUMERATED_TABLE,
+        .it = ASN1_ITEM_ref(ASN1_ENUMERATED),
-        0,
+        .ext_new = NULL,
-        0, 0, 0, 0,
+        .ext_free = NULL,
-        crl_reasons
+        .d2i = NULL,
+        .i2d = NULL,
+        .i2s = (X509V3_EXT_I2S)i2s_ASN1_ENUMERATED_TABLE,
+        .s2i = NULL,
+        .i2v = NULL,
+        .v2i = NULL,
+        .i2r = NULL,
+        .r2i = NULL,
+        .usr_data = crl_reasons,
 };
 char *
diff --git a/src/lib/libcrypto/x509v3/v3_extku.c b/src/lib/libcrypto/x509v3/v3_extku.c
index 2ee7594fed..d502175593 100644
--- a/src/lib/libcrypto/x509v3/v3_extku.c
+++ b/src/lib/libcrypto/x509v3/v3_extku.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: v3_extku.c,v 1.12 2015/07/25 16:00:14 jsing Exp $ */
+/* $OpenBSD: v3_extku.c,v 1.13 2015/07/29 16:13:48 jsing Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
@@ -69,26 +69,38 @@ static STACK_OF(CONF_VALUE) *i2v_EXTENDED_KEY_USAGE(
    const X509V3_EXT_METHOD *method, void *eku, STACK_OF(CONF_VALUE) *extlist);
 const X509V3_EXT_METHOD v3_ext_ku = {
-        NID_ext_key_usage, 0,
+        .ext_nid = NID_ext_key_usage,
-        ASN1_ITEM_ref(EXTENDED_KEY_USAGE),
+        .ext_flags = 0,
-        0, 0, 0, 0,
+        .it = ASN1_ITEM_ref(EXTENDED_KEY_USAGE),
-        0, 0,
+        .ext_new = NULL,
-        i2v_EXTENDED_KEY_USAGE,
+        .ext_free = NULL,
-        v2i_EXTENDED_KEY_USAGE,
+        .d2i = NULL,
-        0, 0,
+        .i2d = NULL,
-        NULL
+        .i2s = NULL,
+        .s2i = NULL,
+        .i2v = i2v_EXTENDED_KEY_USAGE,
+        .v2i = v2i_EXTENDED_KEY_USAGE,
+        .i2r = NULL,
+        .r2i = NULL,
+        .usr_data = NULL,
 };
 /* NB OCSP acceptable responses also is a SEQUENCE OF OBJECT */
 const X509V3_EXT_METHOD v3_ocsp_accresp = {
-        NID_id_pkix_OCSP_acceptableResponses, 0,
+        .ext_nid = NID_id_pkix_OCSP_acceptableResponses,
-        ASN1_ITEM_ref(EXTENDED_KEY_USAGE),
+        .ext_flags = 0,
-        0, 0, 0, 0,
+        .it = ASN1_ITEM_ref(EXTENDED_KEY_USAGE),
-        0, 0,
+        .ext_new = NULL,
-        i2v_EXTENDED_KEY_USAGE,
+        .ext_free = NULL,
-        v2i_EXTENDED_KEY_USAGE,
+        .d2i = NULL,
-        0, 0,
+        .i2d = NULL,
-        NULL
+        .i2s = NULL,
+        .s2i = NULL,
+        .i2v = i2v_EXTENDED_KEY_USAGE,
+        .v2i = v2i_EXTENDED_KEY_USAGE,
+        .i2r = NULL,
+        .r2i = NULL,
+        .usr_data = NULL,
 };
 static const ASN1_TEMPLATE EXTENDED_KEY_USAGE_item_tt = {
diff --git a/src/lib/libcrypto/x509v3/v3_ia5.c b/src/lib/libcrypto/x509v3/v3_ia5.c
index a9ac7197b6..62f40aaff9 100644
--- a/src/lib/libcrypto/x509v3/v3_ia5.c
+++ b/src/lib/libcrypto/x509v3/v3_ia5.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: v3_ia5.c,v 1.13 2014/07/11 08:44:49 jsing Exp $ */
+/* $OpenBSD: v3_ia5.c,v 1.14 2015/07/29 16:13:48 jsing Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
@@ -69,14 +69,134 @@ static ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method,
    X509V3_CTX *ctx, char *str);
 const X509V3_EXT_METHOD v3_ns_ia5_list[] = {
-        EXT_IA5STRING(NID_netscape_base_url),
+        {
-        EXT_IA5STRING(NID_netscape_revocation_url),
+                .ext_nid = NID_netscape_base_url,
-        EXT_IA5STRING(NID_netscape_ca_revocation_url),
+                .ext_flags = 0,
-        EXT_IA5STRING(NID_netscape_renewal_url),
+                .it = ASN1_ITEM_ref(ASN1_IA5STRING),
-        EXT_IA5STRING(NID_netscape_ca_policy_url),
+                .ext_new = NULL,
-        EXT_IA5STRING(NID_netscape_ssl_server_name),
+                .ext_free = NULL,
-        EXT_IA5STRING(NID_netscape_comment),
+                .d2i = NULL,
-        EXT_END
+                .i2d = NULL,
+                .i2s = (X509V3_EXT_I2S)i2s_ASN1_IA5STRING,
+                .s2i = (X509V3_EXT_S2I)s2i_ASN1_IA5STRING,
+                .i2v = NULL,
+                .v2i = NULL,
+                .i2r = NULL,
+                .r2i = NULL,
+                .usr_data = NULL,
+        },
+        {
+                .ext_nid = NID_netscape_revocation_url,
+                .ext_flags = 0,
+                .it = ASN1_ITEM_ref(ASN1_IA5STRING),
+                .ext_new = NULL,
+                .ext_free = NULL,
+                .d2i = NULL,
+                .i2d = NULL,
+                .i2s = (X509V3_EXT_I2S)i2s_ASN1_IA5STRING,
+                .s2i = (X509V3_EXT_S2I)s2i_ASN1_IA5STRING,
+                .i2v = NULL,
+                .v2i = NULL,
+                .i2r = NULL,
+                .r2i = NULL,
+                .usr_data = NULL,
+        },
+        {
+                .ext_nid = NID_netscape_ca_revocation_url,
+                .ext_flags = 0,
+                .it = ASN1_ITEM_ref(ASN1_IA5STRING),
+                .ext_new = NULL,
+                .ext_free = NULL,
+                .d2i = NULL,
+                .i2d = NULL,
+                .i2s = (X509V3_EXT_I2S)i2s_ASN1_IA5STRING,
+                .s2i = (X509V3_EXT_S2I)s2i_ASN1_IA5STRING,
+                .i2v = NULL,
+                .v2i = NULL,
+                .i2r = NULL,
+                .r2i = NULL,
+                .usr_data = NULL,
+        },
+        {
+                .ext_nid = NID_netscape_renewal_url,
+                .ext_flags = 0,
+                .it = ASN1_ITEM_ref(ASN1_IA5STRING),
+                .ext_new = NULL,
+                .ext_free = NULL,
+                .d2i = NULL,
+                .i2d = NULL,
+                .i2s = (X509V3_EXT_I2S)i2s_ASN1_IA5STRING,
+                .s2i = (X509V3_EXT_S2I)s2i_ASN1_IA5STRING,
+                .i2v = NULL,
+                .v2i = NULL,
+                .i2r = NULL,
+                .r2i = NULL,
+                .usr_data = NULL,
+        },
+        {
+                .ext_nid = NID_netscape_ca_policy_url,
+                .ext_flags = 0,
+                .it = ASN1_ITEM_ref(ASN1_IA5STRING),
+                .ext_new = NULL,
+                .ext_free = NULL,
+                .d2i = NULL,
+                .i2d = NULL,
+                .i2s = (X509V3_EXT_I2S)i2s_ASN1_IA5STRING,
+                .s2i = (X509V3_EXT_S2I)s2i_ASN1_IA5STRING,
+                .i2v = NULL,
+                .v2i = NULL,
+                .i2r = NULL,
+                .r2i = NULL,
+                .usr_data = NULL,
+        },
+        {
+                .ext_nid = NID_netscape_ssl_server_name,
+                .ext_flags = 0,
+                .it = ASN1_ITEM_ref(ASN1_IA5STRING),
+                .ext_new = NULL,
+                .ext_free = NULL,
+                .d2i = NULL,
+                .i2d = NULL,
+                .i2s = (X509V3_EXT_I2S)i2s_ASN1_IA5STRING,
+                .s2i = (X509V3_EXT_S2I)s2i_ASN1_IA5STRING,
+                .i2v = NULL,
+                .v2i = NULL,
+                .i2r = NULL,
+                .r2i = NULL,
+                .usr_data = NULL,
+        },
+        {
+                .ext_nid = NID_netscape_comment,
+                .ext_flags = 0,
+                .it = ASN1_ITEM_ref(ASN1_IA5STRING),
+                .ext_new = NULL,
+                .ext_free = NULL,
+                .d2i = NULL,
+                .i2d = NULL,
+                .i2s = (X509V3_EXT_I2S)i2s_ASN1_IA5STRING,
+                .s2i = (X509V3_EXT_S2I)s2i_ASN1_IA5STRING,
+                .i2v = NULL,
+                .v2i = NULL,
+                .i2r = NULL,
+                .r2i = NULL,
+                .usr_data = NULL,
+        },
+        {
+                .ext_nid = -1,
+                .ext_flags = 0,
+                .it = NULL,
+                .ext_new = NULL,
+                .ext_free = NULL,
+                .d2i = NULL,
+                .i2d = NULL,
+                .i2s = NULL,
+                .s2i = NULL,
+                .i2v = NULL,
+                .v2i = NULL,
+                .i2r = NULL,
+                .r2i = NULL,
+                .usr_data = NULL,
+        },
 };
 static char *
diff --git a/src/lib/libcrypto/x509v3/v3_info.c b/src/lib/libcrypto/x509v3/v3_info.c
index 795a7bb6ff..3b96222187 100644
--- a/src/lib/libcrypto/x509v3/v3_info.c
+++ b/src/lib/libcrypto/x509v3/v3_info.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: v3_info.c,v 1.22 2015/07/25 16:00:14 jsing Exp $ */
+/* $OpenBSD: v3_info.c,v 1.23 2015/07/29 16:13:48 jsing Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
@@ -72,25 +72,37 @@ static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(
    X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
 const X509V3_EXT_METHOD v3_info = {
-        NID_info_access, X509V3_EXT_MULTILINE,
+        .ext_nid = NID_info_access,
-        ASN1_ITEM_ref(AUTHORITY_INFO_ACCESS),
+        .ext_flags = X509V3_EXT_MULTILINE,
-        0, 0, 0, 0,
+        .it = ASN1_ITEM_ref(AUTHORITY_INFO_ACCESS),
-        0, 0,
+        .ext_new = NULL,
-        (X509V3_EXT_I2V)i2v_AUTHORITY_INFO_ACCESS,
+        .ext_free = NULL,
-        (X509V3_EXT_V2I)v2i_AUTHORITY_INFO_ACCESS,
+        .d2i = NULL,
-        0, 0,
+        .i2d = NULL,
-        NULL
+        .i2s = NULL,
+        .s2i = NULL,
+        .i2v = (X509V3_EXT_I2V)i2v_AUTHORITY_INFO_ACCESS,
+        .v2i = (X509V3_EXT_V2I)v2i_AUTHORITY_INFO_ACCESS,
+        .i2r = NULL,
+        .r2i = NULL,
+        .usr_data = NULL,
 };
 const X509V3_EXT_METHOD v3_sinfo = {
-        NID_sinfo_access, X509V3_EXT_MULTILINE,
+        .ext_nid = NID_sinfo_access,
-        ASN1_ITEM_ref(AUTHORITY_INFO_ACCESS),
+        .ext_flags = X509V3_EXT_MULTILINE,
-        0, 0, 0, 0,
+        .it = ASN1_ITEM_ref(AUTHORITY_INFO_ACCESS),
-        0, 0,
+        .ext_new = NULL,
-        (X509V3_EXT_I2V)i2v_AUTHORITY_INFO_ACCESS,
+        .ext_free = NULL,
-        (X509V3_EXT_V2I)v2i_AUTHORITY_INFO_ACCESS,
+        .d2i = NULL,
-        0, 0,
+        .i2d = NULL,
-        NULL
+        .i2s = NULL,
+        .s2i = NULL,
+        .i2v = (X509V3_EXT_I2V)i2v_AUTHORITY_INFO_ACCESS,
+        .v2i = (X509V3_EXT_V2I)v2i_AUTHORITY_INFO_ACCESS,
+        .i2r = NULL,
+        .r2i = NULL,
+        .usr_data = NULL,
 };
 static const ASN1_TEMPLATE ACCESS_DESCRIPTION_seq_tt[] = {
diff --git a/src/lib/libcrypto/x509v3/v3_int.c b/src/lib/libcrypto/x509v3/v3_int.c
index e1f6eb1c0a..bd059b7269 100644
--- a/src/lib/libcrypto/x509v3/v3_int.c
+++ b/src/lib/libcrypto/x509v3/v3_int.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: v3_int.c,v 1.9 2014/07/11 08:44:49 jsing Exp $ */
+/* $OpenBSD: v3_int.c,v 1.10 2015/07/29 16:13:48 jsing Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
@@ -61,21 +61,37 @@
 #include <openssl/x509v3.h>
 const X509V3_EXT_METHOD v3_crl_num = {
-        NID_crl_number, 0, ASN1_ITEM_ref(ASN1_INTEGER),
+        .ext_nid = NID_crl_number,
-        0, 0, 0, 0,
+        .ext_flags = 0,
-        (X509V3_EXT_I2S)i2s_ASN1_INTEGER,
+        .it = ASN1_ITEM_ref(ASN1_INTEGER),
-        0,
+        .ext_new = NULL,
-        0, 0, 0, 0,
+        .ext_free = NULL,
-        NULL
+        .d2i = NULL,
+        .i2d = NULL,
+        .i2s = (X509V3_EXT_I2S)i2s_ASN1_INTEGER,
+        .s2i = NULL,
+        .i2v = NULL,
+        .v2i = NULL,
+        .i2r = NULL,
+        .r2i = NULL,
+        .usr_data = NULL,
 };
 const X509V3_EXT_METHOD v3_delta_crl = {
-        NID_delta_crl, 0, ASN1_ITEM_ref(ASN1_INTEGER),
+        .ext_nid = NID_delta_crl,
-        0, 0, 0, 0,
+        .ext_flags = 0,
-        (X509V3_EXT_I2S)i2s_ASN1_INTEGER,
+        .it = ASN1_ITEM_ref(ASN1_INTEGER),
-        0,
+        .ext_new = NULL,
-        0, 0, 0, 0,
+        .ext_free = NULL,
-        NULL
+        .d2i = NULL,
+        .i2d = NULL,
+        .i2s = (X509V3_EXT_I2S)i2s_ASN1_INTEGER,
+        .s2i = NULL,
+        .i2v = NULL,
+        .v2i = NULL,
+        .i2r = NULL,
+        .r2i = NULL,
+        .usr_data = NULL,
 };
 static void *
diff --git a/src/lib/libcrypto/x509v3/v3_ncons.c b/src/lib/libcrypto/x509v3/v3_ncons.c
index 22b9cfc683..2af15726a8 100644
--- a/src/lib/libcrypto/x509v3/v3_ncons.c
+++ b/src/lib/libcrypto/x509v3/v3_ncons.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: v3_ncons.c,v 1.8 2015/07/25 16:14:29 jsing Exp $ */
+/* $OpenBSD: v3_ncons.c,v 1.9 2015/07/29 16:13:48 jsing Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project.
 */
@@ -80,13 +80,20 @@ static int nc_email(ASN1_IA5STRING *sub, ASN1_IA5STRING *eml);
 static int nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base);
 const X509V3_EXT_METHOD v3_name_constraints = {
-        NID_name_constraints, 0,
+        .ext_nid = NID_name_constraints,
-        ASN1_ITEM_ref(NAME_CONSTRAINTS),
+        .ext_flags = 0,
-        0, 0, 0, 0,
+        .it = ASN1_ITEM_ref(NAME_CONSTRAINTS),
-        0, 0,
+        .ext_new = NULL,
-        0, v2i_NAME_CONSTRAINTS,
+        .ext_free = NULL,
-        i2r_NAME_CONSTRAINTS, 0,
+        .d2i = NULL,
-        NULL
+        .i2d = NULL,
+        .i2s = NULL,
+        .s2i = NULL,
+        .i2v = NULL,
+        .v2i = v2i_NAME_CONSTRAINTS,
+        .i2r = i2r_NAME_CONSTRAINTS,
+        .r2i = NULL,
+        .usr_data = NULL,
 };
 static const ASN1_TEMPLATE GENERAL_SUBTREE_seq_tt[] = {
diff --git a/src/lib/libcrypto/x509v3/v3_ocsp.c b/src/lib/libcrypto/x509v3/v3_ocsp.c
index 1d9c8a8513..9d1390a520 100644
--- a/src/lib/libcrypto/x509v3/v3_ocsp.c
+++ b/src/lib/libcrypto/x509v3/v3_ocsp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: v3_ocsp.c,v 1.11 2015/02/15 08:45:27 miod Exp $ */
+/* $OpenBSD: v3_ocsp.c,v 1.12 2015/07/29 16:13:49 jsing Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
@@ -94,69 +94,122 @@ static int i2r_ocsp_serviceloc(const X509V3_EXT_METHOD *method, void *in,
    BIO *bp, int ind);
 const X509V3_EXT_METHOD v3_ocsp_crlid = {
-        NID_id_pkix_OCSP_CrlID, 0, ASN1_ITEM_ref(OCSP_CRLID),
+        .ext_nid = NID_id_pkix_OCSP_CrlID,
-        0, 0, 0, 0,
+        .ext_flags = 0,
-        0, 0,
+        .it = ASN1_ITEM_ref(OCSP_CRLID),
-        0, 0,
+        .ext_new = NULL,
-        i2r_ocsp_crlid, 0,
+        .ext_free = NULL,
-        NULL
+        .d2i = NULL,
+        .i2d = NULL,
+        .i2s = NULL,
+        .s2i = NULL,
+        .i2v = NULL,
+        .v2i = NULL,
+        .i2r = i2r_ocsp_crlid,
+        .r2i = NULL,
+        .usr_data = NULL,
 };
 const X509V3_EXT_METHOD v3_ocsp_acutoff = {
-        NID_id_pkix_OCSP_archiveCutoff, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME),
+        .ext_nid = NID_id_pkix_OCSP_archiveCutoff,
-        0, 0, 0, 0,
+        .ext_flags = 0,
-        0, 0,
+        .it = ASN1_ITEM_ref(ASN1_GENERALIZEDTIME),
-        0, 0,
+        .ext_new = NULL,
-        i2r_ocsp_acutoff, 0,
+        .ext_free = NULL,
-        NULL
+        .d2i = NULL,
+        .i2d = NULL,
+        .i2s = NULL,
+        .s2i = NULL,
+        .i2v = NULL,
+        .v2i = NULL,
+        .i2r = i2r_ocsp_acutoff,
+        .r2i = NULL,
+        .usr_data = NULL,
 };
 const X509V3_EXT_METHOD v3_crl_invdate = {
-        NID_invalidity_date, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME),
+        .ext_nid = NID_invalidity_date,
-        0, 0, 0, 0,
+        .ext_flags = 0,
-        0, 0,
+        .it = ASN1_ITEM_ref(ASN1_GENERALIZEDTIME),
-        0, 0,
+        .ext_new = NULL,
-        i2r_ocsp_acutoff, 0,
+        .ext_free = NULL,
-        NULL
+        .d2i = NULL,
+        .i2d = NULL,
+        .i2s = NULL,
+        .s2i = NULL,
+        .i2v = NULL,
+        .v2i = NULL,
+        .i2r = i2r_ocsp_acutoff,
+        .r2i = NULL,
+        .usr_data = NULL,
 };
 const X509V3_EXT_METHOD v3_crl_hold = {
-        NID_hold_instruction_code, 0, ASN1_ITEM_ref(ASN1_OBJECT),
+        .ext_nid = NID_hold_instruction_code,
-        0, 0, 0, 0,
+        .ext_flags = 0,
-        0, 0,
+        .it = ASN1_ITEM_ref(ASN1_OBJECT),
-        0, 0,
+        .ext_new = NULL,
-        i2r_object, 0,
+        .ext_free = NULL,
-        NULL
+        .d2i = NULL,
+        .i2d = NULL,
+        .i2s = NULL,
+        .s2i = NULL,
+        .i2v = NULL,
+        .v2i = NULL,
+        .i2r = i2r_object,
+        .r2i = NULL,
+        .usr_data = NULL,
 };
 const X509V3_EXT_METHOD v3_ocsp_nonce = {
-        NID_id_pkix_OCSP_Nonce, 0, NULL,
+        .ext_nid = NID_id_pkix_OCSP_Nonce,
-        ocsp_nonce_new,
+        .ext_flags = 0,
-        ocsp_nonce_free,
+        .it = NULL,
-        d2i_ocsp_nonce,
+        .ext_new = ocsp_nonce_new,
-        i2d_ocsp_nonce,
+        .ext_free = ocsp_nonce_free,
-        0, 0,
+        .d2i = d2i_ocsp_nonce,
-        0, 0,
+        .i2d = i2d_ocsp_nonce,
-        i2r_ocsp_nonce, 0,
+        .i2s = NULL,
-        NULL
+        .s2i = NULL,
+        .i2v = NULL,
+        .v2i = NULL,
+        .i2r = i2r_ocsp_nonce,
+        .r2i = NULL,
+        .usr_data = NULL,
 };
 const X509V3_EXT_METHOD v3_ocsp_nocheck = {
-        NID_id_pkix_OCSP_noCheck, 0, ASN1_ITEM_ref(ASN1_NULL),
+        .ext_nid = NID_id_pkix_OCSP_noCheck,
-        0, 0, 0, 0,
+        .ext_flags = 0,
-        0, s2i_ocsp_nocheck,
+        .it = ASN1_ITEM_ref(ASN1_NULL),
-        0, 0,
+        .ext_new = NULL,
-        i2r_ocsp_nocheck, 0,
+        .ext_free = NULL,
-        NULL
+        .d2i = NULL,
+        .i2d = NULL,
+        .i2s = NULL,
+        .s2i = s2i_ocsp_nocheck,
+        .i2v = NULL,
+        .v2i = NULL,
+        .i2r = i2r_ocsp_nocheck,
+        .r2i = NULL,
+        .usr_data = NULL,
 };
 const X509V3_EXT_METHOD v3_ocsp_serviceloc = {
-        NID_id_pkix_OCSP_serviceLocator, 0, ASN1_ITEM_ref(OCSP_SERVICELOC),
+        .ext_nid = NID_id_pkix_OCSP_serviceLocator,
-        0, 0, 0, 0,
+        .ext_flags = 0,
-        0, 0,
+        .it = ASN1_ITEM_ref(OCSP_SERVICELOC),
-        0, 0,
+        .ext_new = NULL,
-        i2r_ocsp_serviceloc, 0,
+        .ext_free = NULL,
-        NULL
+        .d2i = NULL,
+        .i2d = NULL,
+        .i2s = NULL,
+        .s2i = NULL,
+        .i2v = NULL,
+        .v2i = NULL,
+        .i2r = i2r_ocsp_serviceloc,
+        .r2i = NULL,
+        .usr_data = NULL,
 };
 static int
diff --git a/src/lib/libcrypto/x509v3/v3_pci.c b/src/lib/libcrypto/x509v3/v3_pci.c
index d19f5a6e61..ff1d087667 100644
--- a/src/lib/libcrypto/x509v3/v3_pci.c
+++ b/src/lib/libcrypto/x509v3/v3_pci.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: v3_pci.c,v 1.9 2015/07/19 01:20:32 doug Exp $ */
+/* $OpenBSD: v3_pci.c,v 1.10 2015/07/29 16:13:49 jsing Exp $ */
 /* Contributed to the OpenSSL Project 2004
 * by Richard Levitte (richard@levitte.org)
 */
@@ -47,11 +47,20 @@ static PROXY_CERT_INFO_EXTENSION *r2i_pci(X509V3_EXT_METHOD *method,
    X509V3_CTX *ctx, char *str);
 const X509V3_EXT_METHOD v3_pci = {
-        NID_proxyCertInfo, 0, ASN1_ITEM_ref(PROXY_CERT_INFO_EXTENSION),
+        .ext_nid = NID_proxyCertInfo,
-        0, 0, 0, 0, 0, 0, NULL, NULL,
+        .ext_flags = 0,
-        (X509V3_EXT_I2R)i2r_pci,
+        .it = ASN1_ITEM_ref(PROXY_CERT_INFO_EXTENSION),
-        (X509V3_EXT_R2I)r2i_pci,
+        .ext_new = NULL,
-        NULL,
+        .ext_free = NULL,
+        .d2i = NULL,
+        .i2d = NULL,
+        .i2s = NULL,
+        .s2i = NULL,
+        .i2v = NULL,
+        .v2i = NULL,
+        .i2r = (X509V3_EXT_I2R)i2r_pci,
+        .r2i = (X509V3_EXT_R2I)r2i_pci,
+        .usr_data = NULL,
 };
 static int
diff --git a/src/lib/libcrypto/x509v3/v3_pcons.c b/src/lib/libcrypto/x509v3/v3_pcons.c
index 03193427f7..a5a8d8a025 100644
--- a/src/lib/libcrypto/x509v3/v3_pcons.c
+++ b/src/lib/libcrypto/x509v3/v3_pcons.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: v3_pcons.c,v 1.8 2015/07/25 16:14:29 jsing Exp $ */
+/* $OpenBSD: v3_pcons.c,v 1.9 2015/07/29 16:13:49 jsing Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project.
 */
@@ -72,14 +72,20 @@ static void *v2i_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD *method,
    X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values);
 const X509V3_EXT_METHOD v3_policy_constraints = {
-        NID_policy_constraints, 0,
+        .ext_nid = NID_policy_constraints,
-        ASN1_ITEM_ref(POLICY_CONSTRAINTS),
+        .ext_flags = 0,
-        0, 0, 0, 0,
+        .it = ASN1_ITEM_ref(POLICY_CONSTRAINTS),
-        0, 0,
+        .ext_new = NULL,
-        i2v_POLICY_CONSTRAINTS,
+        .ext_free = NULL,
-        v2i_POLICY_CONSTRAINTS,
+        .d2i = NULL,
-        NULL, NULL,
+        .i2d = NULL,
-        NULL
+        .i2s = NULL,
+        .s2i = NULL,
+        .i2v = i2v_POLICY_CONSTRAINTS,
+        .v2i = v2i_POLICY_CONSTRAINTS,
+        .i2r = NULL,
+        .r2i = NULL,
+        .usr_data = NULL,
 };
 static const ASN1_TEMPLATE POLICY_CONSTRAINTS_seq_tt[] = {
diff --git a/src/lib/libcrypto/x509v3/v3_pku.c b/src/lib/libcrypto/x509v3/v3_pku.c
index 360e3daa58..caa3608859 100644
--- a/src/lib/libcrypto/x509v3/v3_pku.c
+++ b/src/lib/libcrypto/x509v3/v3_pku.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: v3_pku.c,v 1.11 2015/07/25 16:00:14 jsing Exp $ */
+/* $OpenBSD: v3_pku.c,v 1.12 2015/07/29 16:13:49 jsing Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
@@ -68,11 +68,20 @@ static int i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method,
 static PKEY_USAGE_PERIOD *v2i_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values);
 */
 const X509V3_EXT_METHOD v3_pkey_usage_period = {
-        NID_private_key_usage_period, 0, ASN1_ITEM_ref(PKEY_USAGE_PERIOD),
+        .ext_nid = NID_private_key_usage_period,
-        0, 0, 0, 0,
+        .ext_flags = 0,
-        0, 0, 0, 0,
+        .it = ASN1_ITEM_ref(PKEY_USAGE_PERIOD),
-        (X509V3_EXT_I2R)i2r_PKEY_USAGE_PERIOD, NULL,
+        .ext_new = NULL,
-        NULL
+        .ext_free = NULL,
+        .d2i = NULL,
+        .i2d = NULL,
+        .i2s = NULL,
+        .s2i = NULL,
+        .i2v = NULL,
+        .v2i = NULL,
+        .i2r = (X509V3_EXT_I2R)i2r_PKEY_USAGE_PERIOD,
+        .r2i = NULL,
+        .usr_data = NULL,
 };
 static const ASN1_TEMPLATE PKEY_USAGE_PERIOD_seq_tt[] = {
diff --git a/src/lib/libcrypto/x509v3/v3_pmaps.c b/src/lib/libcrypto/x509v3/v3_pmaps.c
index 32ab04eda9..f2d9090157 100644
--- a/src/lib/libcrypto/x509v3/v3_pmaps.c
+++ b/src/lib/libcrypto/x509v3/v3_pmaps.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: v3_pmaps.c,v 1.8 2015/07/25 16:00:14 jsing Exp $ */
+/* $OpenBSD: v3_pmaps.c,v 1.9 2015/07/29 16:13:49 jsing Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project.
 */
@@ -70,14 +70,20 @@ static STACK_OF(CONF_VALUE) *i2v_POLICY_MAPPINGS(
    const X509V3_EXT_METHOD *method, void *pmps, STACK_OF(CONF_VALUE) *extlist);
 const X509V3_EXT_METHOD v3_policy_mappings = {
-        NID_policy_mappings, 0,
+        .ext_nid = NID_policy_mappings,
-        ASN1_ITEM_ref(POLICY_MAPPINGS),
+        .ext_flags = 0,
-        0, 0, 0, 0,
+        .it = ASN1_ITEM_ref(POLICY_MAPPINGS),
-        0, 0,
+        .ext_new = NULL,
-        i2v_POLICY_MAPPINGS,
+        .ext_free = NULL,
-        v2i_POLICY_MAPPINGS,
+        .d2i = NULL,
-        0, 0,
+        .i2d = NULL,
-        NULL
+        .i2s = NULL,
+        .s2i = NULL,
+        .i2v = i2v_POLICY_MAPPINGS,
+        .v2i = v2i_POLICY_MAPPINGS,
+        .i2r = NULL,
+        .r2i = NULL,
+        .usr_data = NULL,
 };
 static const ASN1_TEMPLATE POLICY_MAPPING_seq_tt[] = {
diff --git a/src/lib/libcrypto/x509v3/v3_skey.c b/src/lib/libcrypto/x509v3/v3_skey.c
index 1bcf8dacfb..252fec3b08 100644
--- a/src/lib/libcrypto/x509v3/v3_skey.c
+++ b/src/lib/libcrypto/x509v3/v3_skey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: v3_skey.c,v 1.11 2015/07/29 14:58:34 jsing Exp $ */
+/* $OpenBSD: v3_skey.c,v 1.12 2015/07/29 16:13:49 jsing Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
@@ -64,13 +64,22 @@
 static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method,
    X509V3_CTX *ctx, char *str);
 const X509V3_EXT_METHOD v3_skey_id = {
-        NID_subject_key_identifier, 0, ASN1_ITEM_ref(ASN1_OCTET_STRING),
+        .ext_nid = NID_subject_key_identifier,
-        0, 0, 0, 0,
+        .ext_flags = 0,
-        (X509V3_EXT_I2S)i2s_ASN1_OCTET_STRING,
+        .it = ASN1_ITEM_ref(ASN1_OCTET_STRING),
-        (X509V3_EXT_S2I)s2i_skey_id,
+        .ext_new = NULL,
-        0, 0, 0, 0,
+        .ext_free = NULL,
-        NULL
+        .d2i = NULL,
+        .i2d = NULL,
+        .i2s = (X509V3_EXT_I2S)i2s_ASN1_OCTET_STRING,
+        .s2i = (X509V3_EXT_S2I)s2i_skey_id,
+        .i2v = NULL,
+        .v2i = NULL,
+        .i2r = NULL,
+        .r2i = NULL,
+        .usr_data = NULL,
 };
 char *
diff --git a/src/lib/libcrypto/x509v3/v3_sxnet.c b/src/lib/libcrypto/x509v3/v3_sxnet.c
index 546b790782..c10feed0ef 100644
--- a/src/lib/libcrypto/x509v3/v3_sxnet.c
+++ b/src/lib/libcrypto/x509v3/v3_sxnet.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: v3_sxnet.c,v 1.15 2015/07/29 14:58:34 jsing Exp $ */
+/* $OpenBSD: v3_sxnet.c,v 1.16 2015/07/29 16:13:49 jsing Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
@@ -75,19 +75,26 @@ static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out,
 static SXNET * sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
    STACK_OF(CONF_VALUE) *nval);
 #endif
 const X509V3_EXT_METHOD v3_sxnet = {
-        NID_sxnet, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(SXNET),
+        .ext_nid = NID_sxnet,
-        0, 0, 0, 0,
+        .ext_flags = X509V3_EXT_MULTILINE,
-        0, 0,
+        .it = ASN1_ITEM_ref(SXNET),
-        0,
+        .ext_new = NULL,
+        .ext_free = NULL,
+        .d2i = NULL,
+        .i2d = NULL,
+        .i2s = NULL,
+        .s2i = NULL,
+        .i2v = NULL,
 #ifdef SXNET_TEST
-        (X509V3_EXT_V2I)sxnet_v2i,
+        .v2i = (X509V3_EXT_V2I)sxnet_v2i,
 #else
-        0,
+        .v2i = NULL,
 #endif
-        (X509V3_EXT_I2R)sxnet_i2r,
+        .i2r = (X509V3_EXT_I2R)sxnet_i2r,
-        0,
+        .r2i = NULL,
-        NULL
+        .usr_data = NULL,
 };
 static const ASN1_TEMPLATE SXNETID_seq_tt[] = {
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_akey.c b/src/lib/libssl/src/crypto/x509v3/v3_akey.c
index 2bf515cfdd..2a5c65ea39 100644
--- a/src/lib/libssl/src/crypto/x509v3/v3_akey.c
+++ b/src/lib/libssl/src/crypto/x509v3/v3_akey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: v3_akey.c,v 1.14 2015/07/29 14:58:34 jsing Exp $ */
+/* $OpenBSD: v3_akey.c,v 1.15 2015/07/29 16:13:48 jsing Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
@@ -71,14 +71,20 @@ static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
    X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values);
 const X509V3_EXT_METHOD v3_akey_id = {
-        NID_authority_key_identifier,
+        .ext_nid = NID_authority_key_identifier,
-        X509V3_EXT_MULTILINE, ASN1_ITEM_ref(AUTHORITY_KEYID),
+        .ext_flags = X509V3_EXT_MULTILINE,
-        0, 0,0, 0,
+        .it = ASN1_ITEM_ref(AUTHORITY_KEYID),
-        0, 0,
+        .ext_new = NULL,
-        (X509V3_EXT_I2V)i2v_AUTHORITY_KEYID,
+        .ext_free = NULL,
-        (X509V3_EXT_V2I)v2i_AUTHORITY_KEYID,
+        .d2i = NULL,
-        0, 0,
+        .i2d = NULL,
-        NULL
+        .i2s = NULL,
+        .s2i = NULL,
+        .i2v = (X509V3_EXT_I2V)i2v_AUTHORITY_KEYID,
+        .v2i = (X509V3_EXT_V2I)v2i_AUTHORITY_KEYID,
+        .i2r = NULL,
+        .r2i = NULL,
+        .usr_data = NULL,
 };
 static
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_alt.c b/src/lib/libssl/src/crypto/x509v3/v3_alt.c
index 5b0dae2af6..4b3755e4e7 100644
--- a/src/lib/libssl/src/crypto/x509v3/v3_alt.c
+++ b/src/lib/libssl/src/crypto/x509v3/v3_alt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: v3_alt.c,v 1.23 2015/07/29 14:58:34 jsing Exp $ */
+/* $OpenBSD: v3_alt.c,v 1.24 2015/07/29 16:13:48 jsing Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project.
 */
@@ -74,27 +74,52 @@ static int do_dirname(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx);
 const X509V3_EXT_METHOD v3_alt[] = {
        {
-                NID_subject_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES),
+                .ext_nid = NID_subject_alt_name,
-                0, 0, 0, 0,
+                .ext_flags = 0,
-                0, 0,
+                .it = ASN1_ITEM_ref(GENERAL_NAMES),
-                (X509V3_EXT_I2V)i2v_GENERAL_NAMES,
+                .ext_new = NULL,
-                (X509V3_EXT_V2I)v2i_subject_alt,
+                .ext_free = NULL,
-                NULL, NULL, NULL
+                .d2i = NULL,
+                .i2d = NULL,
+                .i2s = NULL,
+                .s2i = NULL,
+                .i2v = (X509V3_EXT_I2V)i2v_GENERAL_NAMES,
+                .v2i = (X509V3_EXT_V2I)v2i_subject_alt,
+                .i2r = NULL,
+                .r2i = NULL,
+                .usr_data = NULL,
        },
        {
-                NID_issuer_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES),
+                .ext_nid = NID_issuer_alt_name,
-                0, 0, 0, 0,
+                .ext_flags = 0,
-                0, 0,
+                .it = ASN1_ITEM_ref(GENERAL_NAMES),
-                (X509V3_EXT_I2V)i2v_GENERAL_NAMES,
+                .ext_new = NULL,
-                (X509V3_EXT_V2I)v2i_issuer_alt,
+                .ext_free = NULL,
-                NULL, NULL, NULL
+                .d2i = NULL,
+                .i2d = NULL,
+                .i2s = NULL,
+                .s2i = NULL,
+                .i2v = (X509V3_EXT_I2V)i2v_GENERAL_NAMES,
+                .v2i = (X509V3_EXT_V2I)v2i_issuer_alt,
+                .i2r = NULL,
+                .r2i = NULL,
+                .usr_data = NULL,
        },
        {
-                NID_certificate_issuer, 0, ASN1_ITEM_ref(GENERAL_NAMES),
+                .ext_nid = NID_certificate_issuer,
-                0, 0, 0, 0,
+                .ext_flags = 0,
-                0, 0,
+                .it = ASN1_ITEM_ref(GENERAL_NAMES),
-                (X509V3_EXT_I2V)i2v_GENERAL_NAMES,
+                .ext_new = NULL,
-                NULL, NULL, NULL, NULL
+                .ext_free = NULL,
+                .d2i = NULL,
+                .i2d = NULL,
+                .i2s = NULL,
+                .s2i = NULL,
+                .i2v = (X509V3_EXT_I2V)i2v_GENERAL_NAMES,
+                .v2i = NULL,
+                .i2r = NULL,
+                .r2i = NULL,
+                .usr_data = NULL,
        },
 };
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_bcons.c b/src/lib/libssl/src/crypto/x509v3/v3_bcons.c
index eea63b760a..292705a8d6 100644
--- a/src/lib/libssl/src/crypto/x509v3/v3_bcons.c
+++ b/src/lib/libssl/src/crypto/x509v3/v3_bcons.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: v3_bcons.c,v 1.12 2015/07/25 16:00:14 jsing Exp $ */
+/* $OpenBSD: v3_bcons.c,v 1.13 2015/07/29 16:13:48 jsing Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
@@ -71,14 +71,20 @@ static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method,
    X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values);
 const X509V3_EXT_METHOD v3_bcons = {
-        NID_basic_constraints, 0,
+        .ext_nid = NID_basic_constraints,
-        ASN1_ITEM_ref(BASIC_CONSTRAINTS),
+        .ext_flags = 0,
-        0, 0, 0, 0,
+        .it = ASN1_ITEM_ref(BASIC_CONSTRAINTS),
-        0, 0,
+        .ext_new = NULL,
-        (X509V3_EXT_I2V)i2v_BASIC_CONSTRAINTS,
+        .ext_free = NULL,
-        (X509V3_EXT_V2I)v2i_BASIC_CONSTRAINTS,
+        .d2i = NULL,
-        NULL, NULL,
+        .i2d = NULL,
-        NULL
+        .i2s = NULL,
+        .s2i = NULL,
+        .i2v = (X509V3_EXT_I2V)i2v_BASIC_CONSTRAINTS,
+        .v2i = (X509V3_EXT_V2I)v2i_BASIC_CONSTRAINTS,
+        .i2r = NULL,
+        .r2i = NULL,
+        .usr_data = NULL,
 };
 static const ASN1_TEMPLATE BASIC_CONSTRAINTS_seq_tt[] = {
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_bitst.c b/src/lib/libssl/src/crypto/x509v3/v3_bitst.c
index c0c6ad3d8c..894608fadb 100644
--- a/src/lib/libssl/src/crypto/x509v3/v3_bitst.c
+++ b/src/lib/libssl/src/crypto/x509v3/v3_bitst.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: v3_bitst.c,v 1.10 2014/07/11 08:44:49 jsing Exp $ */
+/* $OpenBSD: v3_bitst.c,v 1.11 2015/07/29 16:13:48 jsing Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
@@ -88,11 +88,39 @@ static BIT_STRING_BITNAME key_usage_type_table[] = {
        {-1, NULL, NULL}
 };
+const X509V3_EXT_METHOD v3_nscert = {
+        .ext_nid = NID_netscape_cert_type,
+        .ext_flags = 0,
+        .it = ASN1_ITEM_ref(ASN1_BIT_STRING),
+        .ext_new = NULL,
+        .ext_free = NULL,
+        .d2i = NULL,
+        .i2d = NULL,
+        .i2s = NULL,
+        .s2i = NULL,
+        .i2v = (X509V3_EXT_I2V)i2v_ASN1_BIT_STRING,
+        .v2i = (X509V3_EXT_V2I)v2i_ASN1_BIT_STRING,
+        .i2r = NULL,
+        .r2i = NULL,
+        .usr_data = ns_cert_type_table,
+};
-const X509V3_EXT_METHOD v3_nscert =
+const X509V3_EXT_METHOD v3_key_usage = {
-    EXT_BITSTRING(NID_netscape_cert_type, ns_cert_type_table);
+        .ext_nid = NID_key_usage,
-const X509V3_EXT_METHOD v3_key_usage =
+        .ext_flags = 0,
-    EXT_BITSTRING(NID_key_usage, key_usage_type_table);
+        .it = ASN1_ITEM_ref(ASN1_BIT_STRING),
+        .ext_new = NULL,
+        .ext_free = NULL,
+        .d2i = NULL,
+        .i2d = NULL,
+        .i2s = NULL,
+        .s2i = NULL,
+        .i2v = (X509V3_EXT_I2V)i2v_ASN1_BIT_STRING,
+        .v2i = (X509V3_EXT_V2I)v2i_ASN1_BIT_STRING,
+        .i2r = NULL,
+        .r2i = NULL,
+        .usr_data = key_usage_type_table,
+};
 STACK_OF(CONF_VALUE) *
 i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, ASN1_BIT_STRING *bits,
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_cpols.c b/src/lib/libssl/src/crypto/x509v3/v3_cpols.c
index 4244f03851..cea82afde9 100644
--- a/src/lib/libssl/src/crypto/x509v3/v3_cpols.c
+++ b/src/lib/libssl/src/crypto/x509v3/v3_cpols.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: v3_cpols.c,v 1.21 2015/07/25 16:00:14 jsing Exp $ */
+/* $OpenBSD: v3_cpols.c,v 1.22 2015/07/29 16:13:48 jsing Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
@@ -83,13 +83,20 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
 static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos);
 const X509V3_EXT_METHOD v3_cpols = {
-        NID_certificate_policies, 0, ASN1_ITEM_ref(CERTIFICATEPOLICIES),
+        .ext_nid = NID_certificate_policies,
-        0, 0, 0, 0,
+        .ext_flags = 0,
-        0, 0,
+        .it = ASN1_ITEM_ref(CERTIFICATEPOLICIES),
-        0, 0,
+        .ext_new = NULL,
-        (X509V3_EXT_I2R)i2r_certpol,
+        .ext_free = NULL,
-        (X509V3_EXT_R2I)r2i_certpol,
+        .d2i = NULL,
-        NULL
+        .i2d = NULL,
+        .i2s = NULL,
+        .s2i = NULL,
+        .i2v = NULL,
+        .v2i = NULL,
+        .i2r = (X509V3_EXT_I2R)i2r_certpol,
+        .r2i = (X509V3_EXT_R2I)r2i_certpol,
+        .usr_data = NULL,
 };
 static const ASN1_TEMPLATE CERTIFICATEPOLICIES_item_tt = {
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_crld.c b/src/lib/libssl/src/crypto/x509v3/v3_crld.c
index 9055a41289..a72d0ab500 100644
--- a/src/lib/libssl/src/crypto/x509v3/v3_crld.c
+++ b/src/lib/libssl/src/crypto/x509v3/v3_crld.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: v3_crld.c,v 1.18 2015/07/25 16:14:29 jsing Exp $ */
+/* $OpenBSD: v3_crld.c,v 1.19 2015/07/29 16:13:48 jsing Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
@@ -71,23 +71,37 @@ static int i2r_crldp(const X509V3_EXT_METHOD *method, void *pcrldp, BIO *out,
    int indent);
 const X509V3_EXT_METHOD v3_crld = {
-        NID_crl_distribution_points, 0, ASN1_ITEM_ref(CRL_DIST_POINTS),
+        .ext_nid = NID_crl_distribution_points,
-        0, 0, 0, 0,
+        .ext_flags = 0,
-        0, 0,
+        .it = ASN1_ITEM_ref(CRL_DIST_POINTS),
-        0,
+        .ext_new = NULL,
-        v2i_crld,
+        .ext_free = NULL,
-        i2r_crldp, 0,
+        .d2i = NULL,
-        NULL
+        .i2d = NULL,
+        .i2s = NULL,
+        .s2i = NULL,
+        .i2v = NULL,
+        .v2i = v2i_crld,
+        .i2r = i2r_crldp,
+        .r2i = NULL,
+        .usr_data = NULL,
 };
 const X509V3_EXT_METHOD v3_freshest_crl = {
-        NID_freshest_crl, 0, ASN1_ITEM_ref(CRL_DIST_POINTS),
+        .ext_nid = NID_freshest_crl,
-        0, 0, 0, 0,
+        .ext_flags = 0,
-        0, 0,
+        .it = ASN1_ITEM_ref(CRL_DIST_POINTS),
-        0,
+        .ext_new = NULL,
-        v2i_crld,
+        .ext_free = NULL,
-        i2r_crldp, 0,
+        .d2i = NULL,
-        NULL
+        .i2d = NULL,
+        .i2s = NULL,
+        .s2i = NULL,
+        .i2v = NULL,
+        .v2i = v2i_crld,
+        .i2r = i2r_crldp,
+        .r2i = NULL,
+        .usr_data = NULL,
 };
 static
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_enum.c b/src/lib/libssl/src/crypto/x509v3/v3_enum.c
index c09601edad..7f35a57012 100644
--- a/src/lib/libssl/src/crypto/x509v3/v3_enum.c
+++ b/src/lib/libssl/src/crypto/x509v3/v3_enum.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: v3_enum.c,v 1.10 2014/07/13 16:03:10 beck Exp $ */
+/* $OpenBSD: v3_enum.c,v 1.11 2015/07/29 16:13:48 jsing Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
@@ -76,12 +76,20 @@ static ENUMERATED_NAMES crl_reasons[] = {
 };
 const X509V3_EXT_METHOD v3_crl_reason = {
-        NID_crl_reason, 0, ASN1_ITEM_ref(ASN1_ENUMERATED),
+        .ext_nid = NID_crl_reason,
-        0, 0, 0, 0,
+        .ext_flags = 0,
-        (X509V3_EXT_I2S)i2s_ASN1_ENUMERATED_TABLE,
+        .it = ASN1_ITEM_ref(ASN1_ENUMERATED),
-        0,
+        .ext_new = NULL,
-        0, 0, 0, 0,
+        .ext_free = NULL,
-        crl_reasons
+        .d2i = NULL,
+        .i2d = NULL,
+        .i2s = (X509V3_EXT_I2S)i2s_ASN1_ENUMERATED_TABLE,
+        .s2i = NULL,
+        .i2v = NULL,
+        .v2i = NULL,
+        .i2r = NULL,
+        .r2i = NULL,
+        .usr_data = crl_reasons,
 };
 char *
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_extku.c b/src/lib/libssl/src/crypto/x509v3/v3_extku.c
index 2ee7594fed..d502175593 100644
--- a/src/lib/libssl/src/crypto/x509v3/v3_extku.c
+++ b/src/lib/libssl/src/crypto/x509v3/v3_extku.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: v3_extku.c,v 1.12 2015/07/25 16:00:14 jsing Exp $ */
+/* $OpenBSD: v3_extku.c,v 1.13 2015/07/29 16:13:48 jsing Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
@@ -69,26 +69,38 @@ static STACK_OF(CONF_VALUE) *i2v_EXTENDED_KEY_USAGE(
    const X509V3_EXT_METHOD *method, void *eku, STACK_OF(CONF_VALUE) *extlist);
 const X509V3_EXT_METHOD v3_ext_ku = {
-        NID_ext_key_usage, 0,
+        .ext_nid = NID_ext_key_usage,
-        ASN1_ITEM_ref(EXTENDED_KEY_USAGE),
+        .ext_flags = 0,
-        0, 0, 0, 0,
+        .it = ASN1_ITEM_ref(EXTENDED_KEY_USAGE),
-        0, 0,
+        .ext_new = NULL,
-        i2v_EXTENDED_KEY_USAGE,
+        .ext_free = NULL,
-        v2i_EXTENDED_KEY_USAGE,
+        .d2i = NULL,
-        0, 0,
+        .i2d = NULL,
-        NULL
+        .i2s = NULL,
+        .s2i = NULL,
+        .i2v = i2v_EXTENDED_KEY_USAGE,
+        .v2i = v2i_EXTENDED_KEY_USAGE,
+        .i2r = NULL,
+        .r2i = NULL,
+        .usr_data = NULL,
 };
 /* NB OCSP acceptable responses also is a SEQUENCE OF OBJECT */
 const X509V3_EXT_METHOD v3_ocsp_accresp = {
-        NID_id_pkix_OCSP_acceptableResponses, 0,
+        .ext_nid = NID_id_pkix_OCSP_acceptableResponses,
-        ASN1_ITEM_ref(EXTENDED_KEY_USAGE),
+        .ext_flags = 0,
-        0, 0, 0, 0,
+        .it = ASN1_ITEM_ref(EXTENDED_KEY_USAGE),
-        0, 0,
+        .ext_new = NULL,
-        i2v_EXTENDED_KEY_USAGE,
+        .ext_free = NULL,
-        v2i_EXTENDED_KEY_USAGE,
+        .d2i = NULL,
-        0, 0,
+        .i2d = NULL,
-        NULL
+        .i2s = NULL,
+        .s2i = NULL,
+        .i2v = i2v_EXTENDED_KEY_USAGE,
+        .v2i = v2i_EXTENDED_KEY_USAGE,
+        .i2r = NULL,
+        .r2i = NULL,
+        .usr_data = NULL,
 };
 static const ASN1_TEMPLATE EXTENDED_KEY_USAGE_item_tt = {
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_ia5.c b/src/lib/libssl/src/crypto/x509v3/v3_ia5.c
index a9ac7197b6..62f40aaff9 100644
--- a/src/lib/libssl/src/crypto/x509v3/v3_ia5.c
+++ b/src/lib/libssl/src/crypto/x509v3/v3_ia5.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: v3_ia5.c,v 1.13 2014/07/11 08:44:49 jsing Exp $ */
+/* $OpenBSD: v3_ia5.c,v 1.14 2015/07/29 16:13:48 jsing Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
@@ -69,14 +69,134 @@ static ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method,
    X509V3_CTX *ctx, char *str);
 const X509V3_EXT_METHOD v3_ns_ia5_list[] = {
-        EXT_IA5STRING(NID_netscape_base_url),
+        {
-        EXT_IA5STRING(NID_netscape_revocation_url),
+                .ext_nid = NID_netscape_base_url,
-        EXT_IA5STRING(NID_netscape_ca_revocation_url),
+                .ext_flags = 0,
-        EXT_IA5STRING(NID_netscape_renewal_url),
+                .it = ASN1_ITEM_ref(ASN1_IA5STRING),
-        EXT_IA5STRING(NID_netscape_ca_policy_url),
+                .ext_new = NULL,
-        EXT_IA5STRING(NID_netscape_ssl_server_name),
+                .ext_free = NULL,
-        EXT_IA5STRING(NID_netscape_comment),
+                .d2i = NULL,
-        EXT_END
+                .i2d = NULL,
+                .i2s = (X509V3_EXT_I2S)i2s_ASN1_IA5STRING,
+                .s2i = (X509V3_EXT_S2I)s2i_ASN1_IA5STRING,
+                .i2v = NULL,
+                .v2i = NULL,
+                .i2r = NULL,
+                .r2i = NULL,
+                .usr_data = NULL,
+        },
+        {
+                .ext_nid = NID_netscape_revocation_url,
+                .ext_flags = 0,
+                .it = ASN1_ITEM_ref(ASN1_IA5STRING),
+                .ext_new = NULL,
+                .ext_free = NULL,
+                .d2i = NULL,
+                .i2d = NULL,
+                .i2s = (X509V3_EXT_I2S)i2s_ASN1_IA5STRING,
+                .s2i = (X509V3_EXT_S2I)s2i_ASN1_IA5STRING,
+                .i2v = NULL,
+                .v2i = NULL,
+                .i2r = NULL,
+                .r2i = NULL,
+                .usr_data = NULL,
+        },
+        {
+                .ext_nid = NID_netscape_ca_revocation_url,
+                .ext_flags = 0,
+                .it = ASN1_ITEM_ref(ASN1_IA5STRING),
+                .ext_new = NULL,
+                .ext_free = NULL,
+                .d2i = NULL,
+                .i2d = NULL,
+                .i2s = (X509V3_EXT_I2S)i2s_ASN1_IA5STRING,
+                .s2i = (X509V3_EXT_S2I)s2i_ASN1_IA5STRING,
+                .i2v = NULL,
+                .v2i = NULL,
+                .i2r = NULL,
+                .r2i = NULL,
+                .usr_data = NULL,
+        },
+        {
+                .ext_nid = NID_netscape_renewal_url,
+                .ext_flags = 0,
+                .it = ASN1_ITEM_ref(ASN1_IA5STRING),
+                .ext_new = NULL,
+                .ext_free = NULL,
+                .d2i = NULL,
+                .i2d = NULL,
+                .i2s = (X509V3_EXT_I2S)i2s_ASN1_IA5STRING,
+                .s2i = (X509V3_EXT_S2I)s2i_ASN1_IA5STRING,
+                .i2v = NULL,
+                .v2i = NULL,
+                .i2r = NULL,
+                .r2i = NULL,
+                .usr_data = NULL,
+        },
+        {
+                .ext_nid = NID_netscape_ca_policy_url,
+                .ext_flags = 0,
+                .it = ASN1_ITEM_ref(ASN1_IA5STRING),
+                .ext_new = NULL,
+                .ext_free = NULL,
+                .d2i = NULL,
+                .i2d = NULL,
+                .i2s = (X509V3_EXT_I2S)i2s_ASN1_IA5STRING,
+                .s2i = (X509V3_EXT_S2I)s2i_ASN1_IA5STRING,
+                .i2v = NULL,
+                .v2i = NULL,
+                .i2r = NULL,
+                .r2i = NULL,
+                .usr_data = NULL,
+        },
+        {
+                .ext_nid = NID_netscape_ssl_server_name,
+                .ext_flags = 0,
+                .it = ASN1_ITEM_ref(ASN1_IA5STRING),
+                .ext_new = NULL,
+                .ext_free = NULL,
+                .d2i = NULL,
+                .i2d = NULL,
+                .i2s = (X509V3_EXT_I2S)i2s_ASN1_IA5STRING,
+                .s2i = (X509V3_EXT_S2I)s2i_ASN1_IA5STRING,
+                .i2v = NULL,
+                .v2i = NULL,
+                .i2r = NULL,
+                .r2i = NULL,
+                .usr_data = NULL,
+        },
+        {
+                .ext_nid = NID_netscape_comment,
+                .ext_flags = 0,
+                .it = ASN1_ITEM_ref(ASN1_IA5STRING),
+                .ext_new = NULL,
+                .ext_free = NULL,
+                .d2i = NULL,
+                .i2d = NULL,
+                .i2s = (X509V3_EXT_I2S)i2s_ASN1_IA5STRING,
+                .s2i = (X509V3_EXT_S2I)s2i_ASN1_IA5STRING,
+                .i2v = NULL,
+                .v2i = NULL,
+                .i2r = NULL,
+                .r2i = NULL,
+                .usr_data = NULL,
+        },
+        {
+                .ext_nid = -1,
+                .ext_flags = 0,
+                .it = NULL,
+                .ext_new = NULL,
+                .ext_free = NULL,
+                .d2i = NULL,
+                .i2d = NULL,
+                .i2s = NULL,
+                .s2i = NULL,
+                .i2v = NULL,
+                .v2i = NULL,
+                .i2r = NULL,
+                .r2i = NULL,
+                .usr_data = NULL,
+        },
 };
 static char *
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_info.c b/src/lib/libssl/src/crypto/x509v3/v3_info.c
index 795a7bb6ff..3b96222187 100644
--- a/src/lib/libssl/src/crypto/x509v3/v3_info.c
+++ b/src/lib/libssl/src/crypto/x509v3/v3_info.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: v3_info.c,v 1.22 2015/07/25 16:00:14 jsing Exp $ */
+/* $OpenBSD: v3_info.c,v 1.23 2015/07/29 16:13:48 jsing Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
@@ -72,25 +72,37 @@ static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(
    X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
 const X509V3_EXT_METHOD v3_info = {
-        NID_info_access, X509V3_EXT_MULTILINE,
+        .ext_nid = NID_info_access,
-        ASN1_ITEM_ref(AUTHORITY_INFO_ACCESS),
+        .ext_flags = X509V3_EXT_MULTILINE,
-        0, 0, 0, 0,
+        .it = ASN1_ITEM_ref(AUTHORITY_INFO_ACCESS),
-        0, 0,
+        .ext_new = NULL,
-        (X509V3_EXT_I2V)i2v_AUTHORITY_INFO_ACCESS,
+        .ext_free = NULL,
-        (X509V3_EXT_V2I)v2i_AUTHORITY_INFO_ACCESS,
+        .d2i = NULL,
-        0, 0,
+        .i2d = NULL,
-        NULL
+        .i2s = NULL,
+        .s2i = NULL,
+        .i2v = (X509V3_EXT_I2V)i2v_AUTHORITY_INFO_ACCESS,
+        .v2i = (X509V3_EXT_V2I)v2i_AUTHORITY_INFO_ACCESS,
+        .i2r = NULL,
+        .r2i = NULL,
+        .usr_data = NULL,
 };
 const X509V3_EXT_METHOD v3_sinfo = {
-        NID_sinfo_access, X509V3_EXT_MULTILINE,
+        .ext_nid = NID_sinfo_access,
-        ASN1_ITEM_ref(AUTHORITY_INFO_ACCESS),
+        .ext_flags = X509V3_EXT_MULTILINE,
-        0, 0, 0, 0,
+        .it = ASN1_ITEM_ref(AUTHORITY_INFO_ACCESS),
-        0, 0,
+        .ext_new = NULL,
-        (X509V3_EXT_I2V)i2v_AUTHORITY_INFO_ACCESS,
+        .ext_free = NULL,
-        (X509V3_EXT_V2I)v2i_AUTHORITY_INFO_ACCESS,
+        .d2i = NULL,
-        0, 0,
+        .i2d = NULL,
-        NULL
+        .i2s = NULL,
+        .s2i = NULL,
+        .i2v = (X509V3_EXT_I2V)i2v_AUTHORITY_INFO_ACCESS,
+        .v2i = (X509V3_EXT_V2I)v2i_AUTHORITY_INFO_ACCESS,
+        .i2r = NULL,
+        .r2i = NULL,
+        .usr_data = NULL,
 };
 static const ASN1_TEMPLATE ACCESS_DESCRIPTION_seq_tt[] = {
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_int.c b/src/lib/libssl/src/crypto/x509v3/v3_int.c
index e1f6eb1c0a..bd059b7269 100644
--- a/src/lib/libssl/src/crypto/x509v3/v3_int.c
+++ b/src/lib/libssl/src/crypto/x509v3/v3_int.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: v3_int.c,v 1.9 2014/07/11 08:44:49 jsing Exp $ */
+/* $OpenBSD: v3_int.c,v 1.10 2015/07/29 16:13:48 jsing Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
@@ -61,21 +61,37 @@
 #include <openssl/x509v3.h>
 const X509V3_EXT_METHOD v3_crl_num = {
-        NID_crl_number, 0, ASN1_ITEM_ref(ASN1_INTEGER),
+        .ext_nid = NID_crl_number,
-        0, 0, 0, 0,
+        .ext_flags = 0,
-        (X509V3_EXT_I2S)i2s_ASN1_INTEGER,
+        .it = ASN1_ITEM_ref(ASN1_INTEGER),
-        0,
+        .ext_new = NULL,
-        0, 0, 0, 0,
+        .ext_free = NULL,
-        NULL
+        .d2i = NULL,
+        .i2d = NULL,
+        .i2s = (X509V3_EXT_I2S)i2s_ASN1_INTEGER,
+        .s2i = NULL,
+        .i2v = NULL,
+        .v2i = NULL,
+        .i2r = NULL,
+        .r2i = NULL,
+        .usr_data = NULL,
 };
 const X509V3_EXT_METHOD v3_delta_crl = {
-        NID_delta_crl, 0, ASN1_ITEM_ref(ASN1_INTEGER),
+        .ext_nid = NID_delta_crl,
-        0, 0, 0, 0,
+        .ext_flags = 0,
-        (X509V3_EXT_I2S)i2s_ASN1_INTEGER,
+        .it = ASN1_ITEM_ref(ASN1_INTEGER),
-        0,
+        .ext_new = NULL,
-        0, 0, 0, 0,
+        .ext_free = NULL,
-        NULL
+        .d2i = NULL,
+        .i2d = NULL,
+        .i2s = (X509V3_EXT_I2S)i2s_ASN1_INTEGER,
+        .s2i = NULL,
+        .i2v = NULL,
+        .v2i = NULL,
+        .i2r = NULL,
+        .r2i = NULL,
+        .usr_data = NULL,
 };
 static void *
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_ncons.c b/src/lib/libssl/src/crypto/x509v3/v3_ncons.c
index 22b9cfc683..2af15726a8 100644
--- a/src/lib/libssl/src/crypto/x509v3/v3_ncons.c
+++ b/src/lib/libssl/src/crypto/x509v3/v3_ncons.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: v3_ncons.c,v 1.8 2015/07/25 16:14:29 jsing Exp $ */
+/* $OpenBSD: v3_ncons.c,v 1.9 2015/07/29 16:13:48 jsing Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project.
 */
@@ -80,13 +80,20 @@ static int nc_email(ASN1_IA5STRING *sub, ASN1_IA5STRING *eml);
 static int nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base);
 const X509V3_EXT_METHOD v3_name_constraints = {
-        NID_name_constraints, 0,
+        .ext_nid = NID_name_constraints,
-        ASN1_ITEM_ref(NAME_CONSTRAINTS),
+        .ext_flags = 0,
-        0, 0, 0, 0,
+        .it = ASN1_ITEM_ref(NAME_CONSTRAINTS),
-        0, 0,
+        .ext_new = NULL,
-        0, v2i_NAME_CONSTRAINTS,
+        .ext_free = NULL,
-        i2r_NAME_CONSTRAINTS, 0,
+        .d2i = NULL,
-        NULL
+        .i2d = NULL,
+        .i2s = NULL,
+        .s2i = NULL,
+        .i2v = NULL,
+        .v2i = v2i_NAME_CONSTRAINTS,
+        .i2r = i2r_NAME_CONSTRAINTS,
+        .r2i = NULL,
+        .usr_data = NULL,
 };
 static const ASN1_TEMPLATE GENERAL_SUBTREE_seq_tt[] = {
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_ocsp.c b/src/lib/libssl/src/crypto/x509v3/v3_ocsp.c
index 1d9c8a8513..9d1390a520 100644
--- a/src/lib/libssl/src/crypto/x509v3/v3_ocsp.c
+++ b/src/lib/libssl/src/crypto/x509v3/v3_ocsp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: v3_ocsp.c,v 1.11 2015/02/15 08:45:27 miod Exp $ */
+/* $OpenBSD: v3_ocsp.c,v 1.12 2015/07/29 16:13:49 jsing Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
@@ -94,69 +94,122 @@ static int i2r_ocsp_serviceloc(const X509V3_EXT_METHOD *method, void *in,
    BIO *bp, int ind);
 const X509V3_EXT_METHOD v3_ocsp_crlid = {
-        NID_id_pkix_OCSP_CrlID, 0, ASN1_ITEM_ref(OCSP_CRLID),
+        .ext_nid = NID_id_pkix_OCSP_CrlID,
-        0, 0, 0, 0,
+        .ext_flags = 0,
-        0, 0,
+        .it = ASN1_ITEM_ref(OCSP_CRLID),
-        0, 0,
+        .ext_new = NULL,
-        i2r_ocsp_crlid, 0,
+        .ext_free = NULL,
-        NULL
+        .d2i = NULL,
+        .i2d = NULL,
+        .i2s = NULL,
+        .s2i = NULL,
+        .i2v = NULL,
+        .v2i = NULL,
+        .i2r = i2r_ocsp_crlid,
+        .r2i = NULL,
+        .usr_data = NULL,
 };
 const X509V3_EXT_METHOD v3_ocsp_acutoff = {
-        NID_id_pkix_OCSP_archiveCutoff, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME),
+        .ext_nid = NID_id_pkix_OCSP_archiveCutoff,
-        0, 0, 0, 0,
+        .ext_flags = 0,
-        0, 0,
+        .it = ASN1_ITEM_ref(ASN1_GENERALIZEDTIME),
-        0, 0,
+        .ext_new = NULL,
-        i2r_ocsp_acutoff, 0,
+        .ext_free = NULL,
-        NULL
+        .d2i = NULL,
+        .i2d = NULL,
+        .i2s = NULL,
+        .s2i = NULL,
+        .i2v = NULL,
+        .v2i = NULL,
+        .i2r = i2r_ocsp_acutoff,
+        .r2i = NULL,
+        .usr_data = NULL,
 };
 const X509V3_EXT_METHOD v3_crl_invdate = {
-        NID_invalidity_date, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME),
+        .ext_nid = NID_invalidity_date,
-        0, 0, 0, 0,
+        .ext_flags = 0,
-        0, 0,
+        .it = ASN1_ITEM_ref(ASN1_GENERALIZEDTIME),
-        0, 0,
+        .ext_new = NULL,
-        i2r_ocsp_acutoff, 0,
+        .ext_free = NULL,
-        NULL
+        .d2i = NULL,
+        .i2d = NULL,
+        .i2s = NULL,
+        .s2i = NULL,
+        .i2v = NULL,
+        .v2i = NULL,
+        .i2r = i2r_ocsp_acutoff,
+        .r2i = NULL,
+        .usr_data = NULL,
 };
 const X509V3_EXT_METHOD v3_crl_hold = {
-        NID_hold_instruction_code, 0, ASN1_ITEM_ref(ASN1_OBJECT),
+        .ext_nid = NID_hold_instruction_code,
-        0, 0, 0, 0,
+        .ext_flags = 0,
-        0, 0,
+        .it = ASN1_ITEM_ref(ASN1_OBJECT),
-        0, 0,
+        .ext_new = NULL,
-        i2r_object, 0,
+        .ext_free = NULL,
-        NULL
+        .d2i = NULL,
+        .i2d = NULL,
+        .i2s = NULL,
+        .s2i = NULL,
+        .i2v = NULL,
+        .v2i = NULL,
+        .i2r = i2r_object,
+        .r2i = NULL,
+        .usr_data = NULL,
 };
 const X509V3_EXT_METHOD v3_ocsp_nonce = {
-        NID_id_pkix_OCSP_Nonce, 0, NULL,
+        .ext_nid = NID_id_pkix_OCSP_Nonce,
-        ocsp_nonce_new,
+        .ext_flags = 0,
-        ocsp_nonce_free,
+        .it = NULL,
-        d2i_ocsp_nonce,
+        .ext_new = ocsp_nonce_new,
-        i2d_ocsp_nonce,
+        .ext_free = ocsp_nonce_free,
-        0, 0,
+        .d2i = d2i_ocsp_nonce,
-        0, 0,
+        .i2d = i2d_ocsp_nonce,
-        i2r_ocsp_nonce, 0,
+        .i2s = NULL,
-        NULL
+        .s2i = NULL,
+        .i2v = NULL,
+        .v2i = NULL,
+        .i2r = i2r_ocsp_nonce,
+        .r2i = NULL,
+        .usr_data = NULL,
 };
 const X509V3_EXT_METHOD v3_ocsp_nocheck = {
-        NID_id_pkix_OCSP_noCheck, 0, ASN1_ITEM_ref(ASN1_NULL),
+        .ext_nid = NID_id_pkix_OCSP_noCheck,
-        0, 0, 0, 0,
+        .ext_flags = 0,
-        0, s2i_ocsp_nocheck,
+        .it = ASN1_ITEM_ref(ASN1_NULL),
-        0, 0,
+        .ext_new = NULL,
-        i2r_ocsp_nocheck, 0,
+        .ext_free = NULL,
-        NULL
+        .d2i = NULL,
+        .i2d = NULL,
+        .i2s = NULL,
+        .s2i = s2i_ocsp_nocheck,
+        .i2v = NULL,
+        .v2i = NULL,
+        .i2r = i2r_ocsp_nocheck,
+        .r2i = NULL,
+        .usr_data = NULL,
 };
 const X509V3_EXT_METHOD v3_ocsp_serviceloc = {
-        NID_id_pkix_OCSP_serviceLocator, 0, ASN1_ITEM_ref(OCSP_SERVICELOC),
+        .ext_nid = NID_id_pkix_OCSP_serviceLocator,
-        0, 0, 0, 0,
+        .ext_flags = 0,
-        0, 0,
+        .it = ASN1_ITEM_ref(OCSP_SERVICELOC),
-        0, 0,
+        .ext_new = NULL,
-        i2r_ocsp_serviceloc, 0,
+        .ext_free = NULL,
-        NULL
+        .d2i = NULL,
+        .i2d = NULL,
+        .i2s = NULL,
+        .s2i = NULL,
+        .i2v = NULL,
+        .v2i = NULL,
+        .i2r = i2r_ocsp_serviceloc,
+        .r2i = NULL,
+        .usr_data = NULL,
 };
 static int
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_pci.c b/src/lib/libssl/src/crypto/x509v3/v3_pci.c
index d19f5a6e61..ff1d087667 100644
--- a/src/lib/libssl/src/crypto/x509v3/v3_pci.c
+++ b/src/lib/libssl/src/crypto/x509v3/v3_pci.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: v3_pci.c,v 1.9 2015/07/19 01:20:32 doug Exp $ */
+/* $OpenBSD: v3_pci.c,v 1.10 2015/07/29 16:13:49 jsing Exp $ */
 /* Contributed to the OpenSSL Project 2004
 * by Richard Levitte (richard@levitte.org)
 */
@@ -47,11 +47,20 @@ static PROXY_CERT_INFO_EXTENSION *r2i_pci(X509V3_EXT_METHOD *method,
    X509V3_CTX *ctx, char *str);
 const X509V3_EXT_METHOD v3_pci = {
-        NID_proxyCertInfo, 0, ASN1_ITEM_ref(PROXY_CERT_INFO_EXTENSION),
+        .ext_nid = NID_proxyCertInfo,
-        0, 0, 0, 0, 0, 0, NULL, NULL,
+        .ext_flags = 0,
-        (X509V3_EXT_I2R)i2r_pci,
+        .it = ASN1_ITEM_ref(PROXY_CERT_INFO_EXTENSION),
-        (X509V3_EXT_R2I)r2i_pci,
+        .ext_new = NULL,
-        NULL,
+        .ext_free = NULL,
+        .d2i = NULL,
+        .i2d = NULL,
+        .i2s = NULL,
+        .s2i = NULL,
+        .i2v = NULL,
+        .v2i = NULL,
+        .i2r = (X509V3_EXT_I2R)i2r_pci,
+        .r2i = (X509V3_EXT_R2I)r2i_pci,
+        .usr_data = NULL,
 };
 static int
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_pcons.c b/src/lib/libssl/src/crypto/x509v3/v3_pcons.c
index 03193427f7..a5a8d8a025 100644
--- a/src/lib/libssl/src/crypto/x509v3/v3_pcons.c
+++ b/src/lib/libssl/src/crypto/x509v3/v3_pcons.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: v3_pcons.c,v 1.8 2015/07/25 16:14:29 jsing Exp $ */
+/* $OpenBSD: v3_pcons.c,v 1.9 2015/07/29 16:13:49 jsing Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project.
 */
@@ -72,14 +72,20 @@ static void *v2i_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD *method,
    X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values);
 const X509V3_EXT_METHOD v3_policy_constraints = {
-        NID_policy_constraints, 0,
+        .ext_nid = NID_policy_constraints,
-        ASN1_ITEM_ref(POLICY_CONSTRAINTS),
+        .ext_flags = 0,
-        0, 0, 0, 0,
+        .it = ASN1_ITEM_ref(POLICY_CONSTRAINTS),
-        0, 0,
+        .ext_new = NULL,
-        i2v_POLICY_CONSTRAINTS,
+        .ext_free = NULL,
-        v2i_POLICY_CONSTRAINTS,
+        .d2i = NULL,
-        NULL, NULL,
+        .i2d = NULL,
-        NULL
+        .i2s = NULL,
+        .s2i = NULL,
+        .i2v = i2v_POLICY_CONSTRAINTS,
+        .v2i = v2i_POLICY_CONSTRAINTS,
+        .i2r = NULL,
+        .r2i = NULL,
+        .usr_data = NULL,
 };
 static const ASN1_TEMPLATE POLICY_CONSTRAINTS_seq_tt[] = {
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_pku.c b/src/lib/libssl/src/crypto/x509v3/v3_pku.c
index 360e3daa58..caa3608859 100644
--- a/src/lib/libssl/src/crypto/x509v3/v3_pku.c
+++ b/src/lib/libssl/src/crypto/x509v3/v3_pku.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: v3_pku.c,v 1.11 2015/07/25 16:00:14 jsing Exp $ */
+/* $OpenBSD: v3_pku.c,v 1.12 2015/07/29 16:13:49 jsing Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
@@ -68,11 +68,20 @@ static int i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method,
 static PKEY_USAGE_PERIOD *v2i_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values);
 */
 const X509V3_EXT_METHOD v3_pkey_usage_period = {
-        NID_private_key_usage_period, 0, ASN1_ITEM_ref(PKEY_USAGE_PERIOD),
+        .ext_nid = NID_private_key_usage_period,
-        0, 0, 0, 0,
+        .ext_flags = 0,
-        0, 0, 0, 0,
+        .it = ASN1_ITEM_ref(PKEY_USAGE_PERIOD),
-        (X509V3_EXT_I2R)i2r_PKEY_USAGE_PERIOD, NULL,
+        .ext_new = NULL,
-        NULL
+        .ext_free = NULL,
+        .d2i = NULL,
+        .i2d = NULL,
+        .i2s = NULL,
+        .s2i = NULL,
+        .i2v = NULL,
+        .v2i = NULL,
+        .i2r = (X509V3_EXT_I2R)i2r_PKEY_USAGE_PERIOD,
+        .r2i = NULL,
+        .usr_data = NULL,
 };
 static const ASN1_TEMPLATE PKEY_USAGE_PERIOD_seq_tt[] = {
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_pmaps.c b/src/lib/libssl/src/crypto/x509v3/v3_pmaps.c
index 32ab04eda9..f2d9090157 100644
--- a/src/lib/libssl/src/crypto/x509v3/v3_pmaps.c
+++ b/src/lib/libssl/src/crypto/x509v3/v3_pmaps.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: v3_pmaps.c,v 1.8 2015/07/25 16:00:14 jsing Exp $ */
+/* $OpenBSD: v3_pmaps.c,v 1.9 2015/07/29 16:13:49 jsing Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project.
 */
@@ -70,14 +70,20 @@ static STACK_OF(CONF_VALUE) *i2v_POLICY_MAPPINGS(
    const X509V3_EXT_METHOD *method, void *pmps, STACK_OF(CONF_VALUE) *extlist);
 const X509V3_EXT_METHOD v3_policy_mappings = {
-        NID_policy_mappings, 0,
+        .ext_nid = NID_policy_mappings,
-        ASN1_ITEM_ref(POLICY_MAPPINGS),
+        .ext_flags = 0,
-        0, 0, 0, 0,
+        .it = ASN1_ITEM_ref(POLICY_MAPPINGS),
-        0, 0,
+        .ext_new = NULL,
-        i2v_POLICY_MAPPINGS,
+        .ext_free = NULL,
-        v2i_POLICY_MAPPINGS,
+        .d2i = NULL,
-        0, 0,
+        .i2d = NULL,
-        NULL
+        .i2s = NULL,
+        .s2i = NULL,
+        .i2v = i2v_POLICY_MAPPINGS,
+        .v2i = v2i_POLICY_MAPPINGS,
+        .i2r = NULL,
+        .r2i = NULL,
+        .usr_data = NULL,
 };
 static const ASN1_TEMPLATE POLICY_MAPPING_seq_tt[] = {
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_skey.c b/src/lib/libssl/src/crypto/x509v3/v3_skey.c
index 1bcf8dacfb..252fec3b08 100644
--- a/src/lib/libssl/src/crypto/x509v3/v3_skey.c
+++ b/src/lib/libssl/src/crypto/x509v3/v3_skey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: v3_skey.c,v 1.11 2015/07/29 14:58:34 jsing Exp $ */
+/* $OpenBSD: v3_skey.c,v 1.12 2015/07/29 16:13:49 jsing Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
@@ -64,13 +64,22 @@
 static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method,
    X509V3_CTX *ctx, char *str);
 const X509V3_EXT_METHOD v3_skey_id = {
-        NID_subject_key_identifier, 0, ASN1_ITEM_ref(ASN1_OCTET_STRING),
+        .ext_nid = NID_subject_key_identifier,
-        0, 0, 0, 0,
+        .ext_flags = 0,
-        (X509V3_EXT_I2S)i2s_ASN1_OCTET_STRING,
+        .it = ASN1_ITEM_ref(ASN1_OCTET_STRING),
-        (X509V3_EXT_S2I)s2i_skey_id,
+        .ext_new = NULL,
-        0, 0, 0, 0,
+        .ext_free = NULL,
-        NULL
+        .d2i = NULL,
+        .i2d = NULL,
+        .i2s = (X509V3_EXT_I2S)i2s_ASN1_OCTET_STRING,
+        .s2i = (X509V3_EXT_S2I)s2i_skey_id,
+        .i2v = NULL,
+        .v2i = NULL,
+        .i2r = NULL,
+        .r2i = NULL,
+        .usr_data = NULL,
 };
 char *
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_sxnet.c b/src/lib/libssl/src/crypto/x509v3/v3_sxnet.c
index 546b790782..c10feed0ef 100644
--- a/src/lib/libssl/src/crypto/x509v3/v3_sxnet.c
+++ b/src/lib/libssl/src/crypto/x509v3/v3_sxnet.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: v3_sxnet.c,v 1.15 2015/07/29 14:58:34 jsing Exp $ */
+/* $OpenBSD: v3_sxnet.c,v 1.16 2015/07/29 16:13:49 jsing Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
@@ -75,19 +75,26 @@ static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out,
 static SXNET * sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
    STACK_OF(CONF_VALUE) *nval);
 #endif
 const X509V3_EXT_METHOD v3_sxnet = {
-        NID_sxnet, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(SXNET),
+        .ext_nid = NID_sxnet,
-        0, 0, 0, 0,
+        .ext_flags = X509V3_EXT_MULTILINE,
-        0, 0,
+        .it = ASN1_ITEM_ref(SXNET),
-        0,
+        .ext_new = NULL,
+        .ext_free = NULL,
+        .d2i = NULL,
+        .i2d = NULL,
+        .i2s = NULL,
+        .s2i = NULL,
+        .i2v = NULL,
 #ifdef SXNET_TEST
-        (X509V3_EXT_V2I)sxnet_v2i,
+        .v2i = (X509V3_EXT_V2I)sxnet_v2i,
 #else
-        0,
+        .v2i = NULL,
 #endif
-        (X509V3_EXT_I2R)sxnet_i2r,
+        .i2r = (X509V3_EXT_I2R)sxnet_i2r,
-        0,
+        .r2i = NULL,
-        NULL
+        .usr_data = NULL,
 };
 static const ASN1_TEMPLATE SXNETID_seq_tt[] = {