Initial addition of new X509 V3 files, tidy of old files.

18 files changed, 2503 insertions, 81 deletions

diff --git a/crypto/x509v3/Makefile.ssl b/crypto/x509v3/Makefile.ssl
new file mode 100644
index 0000000000..3cc99ea296
--- /dev/null
+++ b/crypto/x509v3/Makefile.ssl
@@ -0,0 +1,88 @@
+#
+# SSLeay/crypto/x509v3/Makefile
+#
+
+DIR=	x509v3
+TOP=	../..
+CC=	cc
+INCLUDES= -I.. -I../../include
+CFLAG=-g
+INSTALLTOP=/usr/local/ssl
+MAKE=		make -f Makefile.ssl
+MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+MAKEFILE=	Makefile.ssl
+AR=		ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+ERR=x509v3
+ERRC=v3err
+GENERAL=Makefile README
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=	v3_bcons.c v3_bitstr.c v3_conf.c v3_extku.c v3_ia5.c \
+v3_lib.c v3_prn.c v3_utl.c v3err.c 
+LIBOBJ= v3_bcons.o v3_bitstr.o v3_conf.o v3_extku.o v3_ia5.o v3_lib.o \
+v3_prn.o v3_utl.o v3err.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= x509v3.h
+HEADER=	$(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:	lib
+
+lib:	$(LIBOBJ)
+	$(AR) $(LIB) $(LIBOBJ)
+	sh $(TOP)/util/ranlib.sh $(LIB)
+	@touch lib
+
+files:
+	perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+	/bin/rm -f Makefile
+	$(TOP)/util/point.sh Makefile.ssl Makefile ;
+	$(TOP)/util/mklink.sh ../../include $(EXHEADER)
+	$(TOP)/util/mklink.sh ../../test $(TEST)
+	$(TOP)/util/mklink.sh ../../apps $(APPS)
+
+install:
+	@for i in $(EXHEADER) ; \
+	do  \
+	(cp $$i $(INSTALLTOP)/include/$$i; \
+	chmod 644 $(INSTALLTOP)/include/$$i ); \
+	done;
+
+tags:
+	ctags $(SRC)
+
+tests:
+
+lint:
+	lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+
+dclean:
+	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	mv -f Makefile.new $(MAKEFILE)
+
+clean:
+	/bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+errors: $(ERRC).c
+
+$(ERRC).c: $(ERR).err
+	perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h
+	perl ../err/err_genc.pl -s $(ERR).h $(ERRC).c
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/x509v3/README b/crypto/x509v3/README
new file mode 100644
index 0000000000..3b2cc047be
--- /dev/null
+++ b/crypto/x509v3/README
@@ -0,0 +1,4 @@
+WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
+
+This is ***VERY*** new experimental code and is likely to change
+considerably or vanish altogether.
diff --git a/crypto/x509v3/format b/crypto/x509v3/old-v3/format
index 3307978121..3307978121 100644
--- a/crypto/x509v3/format
+++ b/crypto/x509v3/old-v3/format
diff --git a/crypto/x509v3/header b/crypto/x509v3/old-v3/header
index 3d791ca3dd..3d791ca3dd 100644
--- a/crypto/x509v3/header
+++ b/crypto/x509v3/old-v3/header
diff --git a/crypto/x509v3/old-v3/v3_ku.c b/crypto/x509v3/old-v3/v3_ku.c
new file mode 100644
index 0000000000..87c7402f43
--- /dev/null
+++ b/crypto/x509v3/old-v3/v3_ku.c
@@ -0,0 +1,318 @@
+/* crypto/x509v3/v3_ku.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <ctype.h>
+#include "stack.h"
+#include "cryptlib.h"
+#include "bio.h"
+#include "asn1.h"
+#include "objects.h"
+#include "x509.h"
+
+X509_EXTENSION_METHOD X509v3_key_usage_method=
+	{
+	NID_key_usage,
+	ku_clear,
+	ex_get_bool,
+	ex_set_bool,
+	NULL,
+	NULL,
+	NULL,
+	NULL,
+	ku_a2i,
+	ku_i2a,
+	};
+
+static void ku_clear(a)
+X509_EXTENSION *a;
+	{
+	}
+
+static int ku_expand(a)
+X509_EXTENSION *a;
+	{
+	ASN1_BIT_STRING *bs;
+
+	if (a->argp == NULL)
+		{
+		bs=X509v3_unpack_string(NULL,V_ASN1_BIT_STRING,value);
+		if (bs == NULL) return(0);
+		a->argp=(char *)bs;
+		a->ex_free=ASN1_STRING_free;
+		}
+	return(1);
+	}
+
+static int ku_get_bool(a,num)
+X509_EXTENSION *a;
+int num;
+	{
+	int ret;
+	ASN1_BIT_STRING *bs;
+
+	if ((a->argp == NULL) && !ku_expand(a))
+		return(-1);
+	bs=(ASN1_BIT_STRING *)a->argp;
+	ret=ASN1_BIT_STRING_get_bit(bs,num);
+	return(ret);
+	}
+
+static int ku_set_bool(a,num,value)
+X509_EXTENSION *a;
+int num;
+int value;
+	{
+	ASN1_BIT_STRING *a;
+
+	if ((a->argp == NULL) && !ku_expand(a))
+		return(0);
+	bs=(ASN1_BIT_STRING *)a->argp;
+	ret=ASN1_BIT_STRING_set_bit(bs,num,value);
+	}
+
+static int ku_a2i(bio,a,buf,len)
+BIO *bio;
+X509_EXTENSION *a;
+char *buf;
+int len;
+	{
+	get token
+	}
+
+static char ku_names[X509v3_N_KU_NUM]={
+	X509v3_S_KU_digitalSignature,
+	X509v3_S_KU_nonRepudiation,
+	X509v3_S_KU_keyEncipherment,
+	X509v3_S_KU_dataEncipherment,
+	X509v3_S_KU_keyAgreement,
+	X509v3_S_KU_keyCertSign,
+	X509v3_S_KU_cRLSign,
+	X509v3_S_KU_encipherOnly,
+	X509v3_S_KU_decipherOnly,
+	};
+
+static int ku_i2a(bio,a);
+BIO *bio;
+X509_EXTENSION *a;
+	{
+	int i,first=1;
+	char *c;
+
+	for (i=0; i<X509v3_N_KU_NUM; i++)
+		{
+		if (ku_get_bool(a,i) > 0)
+			{
+			BIO_printf(bio,"%s%s",((first)?"":" "),ku_names[i]);
+			first=0;
+			}
+		}
+	}
+
+/***********************/
+
+int X509v3_get_key_usage(x,ret)
+STACK *x;
+unsigned long *ret;
+	{
+	X509_EXTENSION *ext;
+	ASN1_STRING *st;
+	char *p;
+	int i;
+
+	i=X509_get_ext_by_NID(x,NID_key_usage,-1);
+	if (i < 0) return(X509v3_KU_UNDEF);
+	ext=X509_get_ext(x,i);
+	st=X509v3_unpack_string(NULL,V_ASN1_BIT_STRING,
+		X509_EXTENSION_get_data(X509_get_ext(x,i)));
+
+	p=ASN1_STRING_data(st);
+	if (ASN1_STRING_length(st) == 1)
+		i=p[0];
+	else if (ASN1_STRING_length(st) == 2)
+		i=p[0]|(p[1]<<8);
+	else
+		i=0;
+	return(i);
+	}
+
+static struct
+	{
+	char *name;
+	unsigned int value;
+	} key_usage_data[] ={
+	{"digitalSignature",	X509v3_KU_DIGITAL_SIGNATURE},
+	{"nonRepudiation",	X509v3_KU_NON_REPUDIATION},
+	{"keyEncipherment",	X509v3_KU_KEY_ENCIPHERMENT},
+	{"dataEncipherment",	X509v3_KU_DATA_ENCIPHERMENT},
+	{"keyAgreement",	X509v3_KU_KEY_AGREEMENT},
+	{"keyCertSign",		X509v3_KU_KEY_CERT_SIGN},
+	{"cRLSign",		X509v3_KU_CRL_SIGN},
+	{"encipherOnly",	X509v3_KU_ENCIPHER_ONLY},
+	{"decipherOnly",	X509v3_KU_DECIPHER_ONLY},
+	{NULL,0},
+	};
+
+#if 0
+static int a2i_key_usage(x,str,len)
+X509 *x;
+char *str;
+int len;
+	{
+	return(X509v3_set_key_usage(x,a2i_X509v3_key_usage(str)));
+	}
+
+static int i2a_key_usage(bp,x)
+BIO *bp;
+X509 *x;
+	{
+	return(i2a_X509v3_key_usage(bp,X509v3_get_key_usage(x)));
+	}
+#endif
+
+int i2a_X509v3_key_usage(bp,use)
+BIO *bp;
+unsigned int use;
+	{
+	int i=0,first=1;
+
+	for (;;)
+		{
+		if (use | key_usage_data[i].value)
+			{
+			BIO_printf(bp,"%s%s",((first)?"":" "),
+				key_usage_data[i].name);
+			first=0;
+			}
+		}
+	return(1);
+	}
+
+unsigned int a2i_X509v3_key_usage(p)
+char *p;
+	{
+	unsigned int ret=0;
+	char *q,*s;
+	int i,n;
+
+	q=p;
+	for (;;)
+		{
+		while ((*q != '\0') && isalnum(*q))
+			q++;
+		if (*q == '\0') break;
+		s=q++;
+		while (isalnum(*q))
+			q++;
+		n=q-s;
+		i=0;
+		for (;;)
+			{
+			if (strncmp(key_usage_data[i].name,s,n) == 0)
+				{
+				ret|=key_usage_data[i].value;
+				break;
+				}
+			i++;
+			if (key_usage_data[i].name == NULL)
+				return(X509v3_KU_UNDEF);
+			}
+		}
+	return(ret);
+	}
+
+int X509v3_set_key_usage(x,use)
+X509 *x;
+unsigned int use;
+	{
+	ASN1_OCTET_STRING *os;
+	X509_EXTENSION *ext;
+	int i;
+	unsigned char data[4];
+
+	i=X509_get_ext_by_NID(x,NID_key_usage,-1);
+	if (i < 0)
+		{
+		i=X509_get_ext_count(x)+1;
+		if ((ext=X509_EXTENSION_new()) == NULL) return(0);
+		if (!X509_add_ext(x,ext,i))
+			{
+			X509_EXTENSION_free(ext);
+			return(0);
+			}
+		}
+	else
+		ext=X509_get_ext(x,i);
+
+	/* fill in 'ext' */
+	os=X509_EXTENSION_get_data(ext);
+
+	i=0;
+	if (use > 0)
+		{
+		i=1;
+		data[0]=use&0xff;
+		}
+	if (use > 0xff)
+		{
+		i=2;
+		data[1]=(use>>8)&0xff;
+		}
+	return((X509v3_pack_string(&os,V_ASN1_BIT_STRING,data,i) == NULL)?0:1);
+	}
+
diff --git a/crypto/x509v3/old-v3/x509v3.h b/crypto/x509v3/old-v3/x509v3.h
new file mode 100644
index 0000000000..d7945bc9cd
--- /dev/null
+++ b/crypto/x509v3/old-v3/x509v3.h
@@ -0,0 +1,87 @@
+/* crypto/x509v3/x509v3.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#define X509v3_N_KU_digitalSignature	0
+#define X509v3_N_KU_nonRepudiation	1
+#define X509v3_N_KU_keyEncipherment	2
+#define X509v3_N_KU_dataEncipherment	3
+#define X509v3_N_KU_keyAgreement	4
+#define X509v3_N_KU_keyCertSign		5
+#define X509v3_N_KU_cRLSign		6
+#define X509v3_N_KU_encipherOnly	7
+#define X509v3_N_KU_decipherOnly	8
+#define X509v3_N_KU_NUM			9
+#define X509v3_S_KU_digitalSignature	"digitalSignature"
+#define X509v3_S_KU_nonRepudiation	"nonRepudiation"
+#define X509v3_S_KU_keyEncipherment	"keyEncipherment"
+#define X509v3_S_KU_dataEncipherment	"dataEncipherment"
+#define X509v3_S_KU_keyAgreement	"keyAgreement"
+#define X509v3_S_KU_keyCertSign		"keyCertSign"
+#define X509v3_S_KU_cRLSign		"cRLSign"
+#define X509v3_S_KU_encipherOnly	"encipherOnly"
+#define X509v3_S_KU_decipherOnly	"decipherOnly"
+
+
+void X509_ex_clear(X509_EXTENSION *a);
+int X509_ex_get_bool(X509_EXTENSION *a,int num);
+int X509_ex_set_bool(X509_EXTENSION *a,int num,int value);
+int X509_ex_get_str(X509_EXTENSION *a,int index,char **p,int *len);
+int X509_ex_set_str(X509_EXTENSION *a,int oid,int index,char *p,int len);
+char *X509_ex_get_struct(X509_EXTENSION *a,int oid,int index,char **p);
+int X509_ex_set_struct(X509_EXTENSION *a,int index,char *p);
+int a2i_X509_EXTENSION(BIO *bp,X509_EXTENSION *a,char *buf,int len);
+int i2a_X509_EXTENSION(BIO *bp,X509_EXTENSION *a);
diff --git a/crypto/x509v3/v3_bcons.c b/crypto/x509v3/v3_bcons.c
new file mode 100644
index 0000000000..f7ad3e884c
--- /dev/null
+++ b/crypto/x509v3/v3_bcons.c
@@ -0,0 +1,187 @@
+/* v3_bcons.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <pem.h>
+#include <asn1_mac.h>
+#include <err.h>
+#include <objects.h>
+#include <conf.h>
+#include "x509v3.h"
+
+#ifndef NOPROTO
+static STACK *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, BASIC_CONSTRAINTS *bcons);
+static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK *values);
+
+#else
+
+static STACK *i2v_BASIC_CONSTRAINTS();
+static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS();
+
+#endif
+
+X509V3_EXT_METHOD v3_bcons = {
+NID_basic_constraints, 0,
+(X509V3_EXT_NEW)BASIC_CONSTRAINTS_new,
+BASIC_CONSTRAINTS_free,
+(X509V3_EXT_D2I)d2i_BASIC_CONSTRAINTS,
+i2d_BASIC_CONSTRAINTS,
+NULL, NULL,
+(X509V3_EXT_I2V)i2v_BASIC_CONSTRAINTS,
+(X509V3_EXT_V2I)v2i_BASIC_CONSTRAINTS,
+NULL,
+NULL
+};
+
+
+/*
+ * ASN1err(ASN1_F_BASIC_CONSTRAINTS_NEW,ERR_R_MALLOC_FAILURE);
+ * ASN1err(ASN1_F_D2I_BASIC_CONSTRAINTS,ERR_R_MALLOC_FAILURE);
+ */
+
+int i2d_BASIC_CONSTRAINTS(a,pp)
+BASIC_CONSTRAINTS *a;
+unsigned char **pp;
+{
+	M_ASN1_I2D_vars(a);
+	if(a->ca) M_ASN1_I2D_len (a->ca, i2d_ASN1_BOOLEAN);
+	M_ASN1_I2D_len (a->pathlen, i2d_ASN1_INTEGER);
+
+	M_ASN1_I2D_seq_total();
+
+	if (a->ca) M_ASN1_I2D_put (a->ca, i2d_ASN1_BOOLEAN);
+	M_ASN1_I2D_put (a->pathlen, i2d_ASN1_INTEGER);
+	M_ASN1_I2D_finish();
+}
+
+BASIC_CONSTRAINTS *BASIC_CONSTRAINTS_new()
+{
+	BASIC_CONSTRAINTS *ret=NULL;
+	ASN1_CTX c;
+	M_ASN1_New_Malloc(ret, BASIC_CONSTRAINTS);
+	ret->ca = 0;
+	ret->pathlen = NULL;
+	return (ret);
+	M_ASN1_New_Error(ASN1_F_BASIC_CONSTRAINTS_NEW);
+}
+
+BASIC_CONSTRAINTS *d2i_BASIC_CONSTRAINTS(a,pp,length)
+BASIC_CONSTRAINTS **a;
+unsigned char **pp;
+long length;
+{
+	M_ASN1_D2I_vars(a,BASIC_CONSTRAINTS *,BASIC_CONSTRAINTS_new);
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	if((M_ASN1_next & (~V_ASN1_CONSTRUCTED)) ==
+		 (V_ASN1_UNIVERSAL|V_ASN1_BOOLEAN) ) {
+			M_ASN1_D2I_get_int (ret->ca, d2i_ASN1_BOOLEAN);
+	}
+	M_ASN1_D2I_get_opt (ret->pathlen, d2i_ASN1_INTEGER, V_ASN1_INTEGER);
+	M_ASN1_D2I_Finish(a, BASIC_CONSTRAINTS_free, ASN1_F_D2I_BASIC_CONSTRAINTS);
+}
+
+void BASIC_CONSTRAINTS_free(a)
+BASIC_CONSTRAINTS *a;
+{
+	if (a == NULL) return;
+	ASN1_INTEGER_free (a->pathlen);
+	Free ((char *)a);
+}
+
+static STACK *i2v_BASIC_CONSTRAINTS(method, bcons)
+X509V3_EXT_METHOD *method;
+BASIC_CONSTRAINTS *bcons;
+{
+	STACK *extlist = NULL;
+	X509V3_add_value_bool("CA", bcons->ca, &extlist);
+	X509V3_add_value_int("pathlen", bcons->pathlen, &extlist);
+	return extlist;
+}
+
+static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(method, ctx, values)
+X509V3_EXT_METHOD *method;
+X509V3_CTX *ctx;
+STACK *values;
+{
+	BASIC_CONSTRAINTS *bcons=NULL;
+	CONF_VALUE *val;
+	int i;
+	if(!(bcons = BASIC_CONSTRAINTS_new())) {
+		X509V3err(X509V3_F_V2I_BASIC_CONSTRAINTS, ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+	for(i = 0; i < sk_num(values); i++) {
+		val = (CONF_VALUE *)sk_value(values, i);
+		if(!strcmp(val->name, "CA")) {
+			if(!X509V3_get_value_bool(val, &bcons->ca)) goto err;
+		} else if(!strcmp(val->name, "pathlen")) {
+			if(!X509V3_get_value_int(val, &bcons->pathlen)) goto err;
+		} else {
+			X509V3err(X509V3_F_V2I_BASIC_CONSTRAINTS, X509V3_R_INVALID_NAME);
+			X509V3_conf_err(val);
+			goto err;
+		}
+	}
+	return bcons;
+	err:
+	BASIC_CONSTRAINTS_free(bcons);
+	return NULL;
+}
+
diff --git a/crypto/x509v3/v3_bitstr.c b/crypto/x509v3/v3_bitstr.c
new file mode 100644
index 0000000000..46d8836cd6
--- /dev/null
+++ b/crypto/x509v3/v3_bitstr.c
@@ -0,0 +1,159 @@
+/* v3_bitstr.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <pem.h>
+#include <asn1_mac.h>
+#include <err.h>
+#include <objects.h>
+#include <conf.h>
+#include "x509v3.h"
+
+#ifndef NOPROTO
+static ASN1_BIT_STRING *asn1_bit_string_new(void);
+static ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK *nval);
+static STACK *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, ASN1_BIT_STRING *bits);
+#else
+static ASN1_BIT_STRING *asn1_bit_string_new();
+static ASN1_BIT_STRING *v2i_ASN1_BIT_STRING();
+static STACK *i2v_ASN1_BIT_STRING();
+#endif
+
+static BIT_STRING_BITNAME ns_cert_type_table[] = {
+{0, "SSL Client", "client"},
+{1, "SSL Server", "server"},
+{2, "S/MIME", "email"},
+{3, "Object Signing", "objsign"},
+{4, "Unused", "reserved"},
+{5, "SSL CA", "sslCA"},
+{6, "S/MIME CA", "emailCA"},
+{7, "Object Signing CA", "objCA"},
+{-1, NULL, NULL}
+};
+
+static BIT_STRING_BITNAME key_usage_type_table[] = {
+{0, "Digital Signature", "digitalSignature"},
+{1, "Non Repudiation", "nonRepudiation"},
+{2, "Key Encipherment", "keyEncipherment"},
+{3, "Data Encipherment", "dataEncipherment"},
+{4, "Key Agreement", "keyAgreement"},
+{5, "Certificate Sign", "keyCertSign"},
+{6, "CRL Sign", "cRLCertSign"},
+{7, "Encipher Only", "encipherOnly"},
+{8, "Decipher Only", "decipherOnly"},
+{-1, NULL, NULL}
+};
+
+
+
+X509V3_EXT_METHOD v3_nscert = EXT_BITSTRING(NID_netscape_cert_type, ns_cert_type_table);
+X509V3_EXT_METHOD v3_key_usage = EXT_BITSTRING(NID_key_usage, key_usage_type_table);
+
+static ASN1_BIT_STRING *asn1_bit_string_new()
+{
+	return ASN1_BIT_STRING_new();
+}
+
+static STACK *i2v_ASN1_BIT_STRING(method, bits)
+X509V3_EXT_METHOD *method;
+ASN1_BIT_STRING *bits;
+{
+	BIT_STRING_BITNAME *bnam;
+	STACK *ret = NULL;
+	for(bnam =(BIT_STRING_BITNAME *)method->usr_data; bnam->lname; bnam++) {
+		if(ASN1_BIT_STRING_get_bit(bits, bnam->bitnum)) 
+			X509V3_add_value(bnam->lname, NULL, &ret);
+	}
+	return ret;
+}
+	
+static ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(method, ctx, nval)
+X509V3_EXT_METHOD *method;
+X509V3_CTX *ctx;
+STACK *nval;
+{
+	CONF_VALUE *val;
+	ASN1_BIT_STRING *bs;
+	int i;
+	BIT_STRING_BITNAME *bnam;
+	if(!(bs = ASN1_BIT_STRING_new())) {
+		X509V3err(X509V3_F_V2I_ASN1_BIT_STRING,ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+	for(i = 0; i < sk_num(nval); i++) {
+		val = (CONF_VALUE *)sk_value(nval, i);
+		for(bnam = (BIT_STRING_BITNAME *)method->usr_data; bnam->lname;
+								       bnam++) {
+			if(!strcmp(bnam->sname, val->name) ||
+				!strcmp(bnam->lname, val->name) ) {
+				ASN1_BIT_STRING_set_bit(bs, bnam->bitnum, 1);
+				break;
+			}
+		}
+		if(!bnam->lname) {
+			X509V3err(X509V3_F_V2I_ASN1_BIT_STRING,X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT);
+			X509V3_conf_err(val);
+			ASN1_BIT_STRING_free(bs);
+			return NULL;
+		}
+	}
+	return bs;
+}
+	
+
diff --git a/crypto/x509v3/v3_conf.c b/crypto/x509v3/v3_conf.c
new file mode 100644
index 0000000000..afe2ae249e
--- /dev/null
+++ b/crypto/x509v3/v3_conf.c
@@ -0,0 +1,165 @@
+/* v3_conf.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* config file utilities */
+
+#include <stdlib.h>
+#include <ctype.h>
+#include <string.h>
+#include <pem.h>
+#include <conf.h>
+#include <err.h>
+#include "x509v3.h"
+
+X509_EXTENSION *X509V3_EXT_conf(conf, ctx, name, value)
+LHASH *conf;	/* Config file */
+X509V3_CTX *ctx;
+char *name;	/* Name */
+char *value;	/* Value */
+{
+	return X509V3_EXT_conf_nid(conf, ctx, OBJ_sn2nid(name), value);
+}
+
+
+X509_EXTENSION *X509V3_EXT_conf_nid(conf, ctx, ext_nid, value)
+LHASH *conf;	/* Config file */
+X509V3_CTX *ctx;
+int ext_nid;
+char *value;	/* Value */
+{
+	X509_EXTENSION *ext = NULL;
+	X509V3_EXT_METHOD *method;
+	STACK *nval;
+	char *ext_struc;
+	char *ext_der, *p;
+	int ext_len;
+	int crit = 0;
+	ASN1_OCTET_STRING *ext_oct;
+	if(ext_nid == NID_undef) return NULL;
+	if(!(method = X509V3_EXT_get_nid(ext_nid))) {
+		/* Add generic extension support here */
+		return NULL;
+	}
+	/* Check for critical */
+	if((strlen(value) >= 9) && !strncmp(value, "critical,", 9)) {
+		crit = 1;
+		value+=9;
+	}
+	/* Skip over spaces */
+	while(isspace(*value)) value++;
+	/* Now get internal extension representation based on type */
+	if(method->v2i) {
+		if(*value == '@') nval = CONF_get_section(conf, value + 1);
+		else nval = X509V3_parse_list(value);
+		if(!nval) {
+			X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_INVALID_EXTENSION_STRING);
+			ERR_add_error_data(4, "name=", OBJ_nid2sn(ext_nid), ",section=", value);
+			return NULL;
+		}
+		ext_struc = method->v2i(method, ctx, nval);
+		if(*value != '@') sk_pop_free(nval, X509V3_conf_free);
+		if(!ext_struc) return NULL;
+	} else if(method->s2i) {
+		if(!(ext_struc = method->s2i(method, ctx, value))) return NULL;
+	} else {
+		X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED);
+		ERR_add_error_data(2, "name=", OBJ_nid2sn(ext_nid));
+		return NULL;
+	}
+
+	/* We've now got the internal representation: convert to DER */
+	ext_len = method->i2d(ext_struc, NULL);
+	ext_der = Malloc(ext_len);
+	p = ext_der;
+	method->i2d(ext_struc, &p);
+	method->ext_free(ext_struc);
+	ext_oct = ASN1_OCTET_STRING_new();
+	ext_oct->data = ext_der;
+	ext_oct->length = ext_len;
+	
+	ext = X509_EXTENSION_create_by_NID(NULL, ext_nid, crit, ext_oct);
+	ASN1_OCTET_STRING_free(ext_oct);
+
+	return ext;
+
+}
+
+/* This is the main function: add a bunch of extensions based on a config file
+ * section
+ */
+
+int X509V3_EXT_add_conf(conf, ctx, section, cert)
+LHASH *conf;
+X509V3_CTX *ctx;
+char *section;
+X509 *cert;
+{
+	X509_EXTENSION *ext;
+	STACK *nval;
+	CONF_VALUE *val;	
+	int i;
+	if(!(nval = CONF_get_section(conf, section))) return 0;
+	for(i = 0; i < sk_num(nval); i++) {
+		val = (CONF_VALUE *)sk_value(nval, i);
+		if(!(ext = X509V3_EXT_conf(conf, ctx, val->name, val->value)))
+								return 0;
+		if(cert) X509_add_ext(cert, ext, -1);
+		X509_EXTENSION_free(ext);
+	}
+	return 1;
+}
+
diff --git a/crypto/x509v3/v3_extku.c b/crypto/x509v3/v3_extku.c
new file mode 100644
index 0000000000..8f22385859
--- /dev/null
+++ b/crypto/x509v3/v3_extku.c
@@ -0,0 +1,165 @@
+/* v3_extku.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <pem.h>
+#include <asn1_mac.h>
+#include <err.h>
+#include <objects.h>
+#include <conf.h>
+#include "x509v3.h"
+
+#ifndef NOPROTO
+static STACK *v2i_ext_ku(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK *nval);
+static STACK *i2v_ext_ku(X509V3_EXT_METHOD *method, STACK *eku);
+#else
+static STACK *v2i_ext_ku();
+static STACK *i2v_ext_ku();
+#endif
+
+X509V3_EXT_METHOD v3_ext_ku = {
+NID_ext_key_usage, 0,
+(X509V3_EXT_NEW)ext_ku_new,
+ext_ku_free,
+(X509V3_EXT_D2I)d2i_ext_ku,
+i2d_ext_ku,
+NULL, NULL,
+(X509V3_EXT_I2V)i2v_ext_ku,
+(X509V3_EXT_V2I)v2i_ext_ku,
+NULL,
+NULL
+};
+
+STACK *ext_ku_new()
+{
+	return sk_new_null();
+}
+
+void ext_ku_free(eku)
+STACK *eku;
+{
+	sk_pop_free(eku, ASN1_OBJECT_free);
+	return;
+}
+
+int i2d_ext_ku(a,pp)
+STACK *a;
+unsigned char **pp;
+{
+	return i2d_ASN1_SET(a, pp, i2d_ASN1_OBJECT, V_ASN1_SEQUENCE,
+						 V_ASN1_UNIVERSAL, IS_SEQUENCE);
+}
+
+STACK *d2i_ext_ku(a,pp,length)
+STACK **a;
+unsigned char **pp;
+long length;
+{
+	return d2i_ASN1_SET(a, pp, length, (char *(*)())(d2i_ASN1_OBJECT),
+			 ASN1_OBJECT_free, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
+}
+
+
+
+static STACK *i2v_ext_ku(method, eku)
+X509V3_EXT_METHOD *method;
+STACK  *eku;
+{
+int i;
+ASN1_OBJECT *obj;
+char obj_tmp[80];
+STACK *ext_list = NULL;
+for(i = 0; i < sk_num(eku); i++) {
+	obj = (ASN1_OBJECT *)sk_value(eku, i);
+	i2t_ASN1_OBJECT(obj_tmp, 80, obj);
+	X509V3_add_value(NULL, obj_tmp, &ext_list);
+}
+return ext_list;
+}
+
+static STACK *v2i_ext_ku(method, ctx, nval)
+X509V3_EXT_METHOD *method;
+X509V3_CTX *ctx;
+STACK *nval;
+{
+STACK *extku;
+char *extval;
+ASN1_OBJECT *objtmp;
+CONF_VALUE *val;
+int i;
+
+if(!(extku = sk_new(NULL))) {
+	X509V3err(X509V3_F_V2I_EXT_KU,ERR_R_MALLOC_FAILURE);
+	return NULL;
+}
+
+for(i = 0; i < sk_num(nval); i++) {
+	val = (CONF_VALUE *)sk_value(nval, i);
+	if(val->value) extval = val->value;
+	else extval = val->name;
+	if(!(objtmp = OBJ_txt2obj(extval, 0))) {
+		sk_pop_free(extku, ASN1_OBJECT_free);
+		X509V3err(X509V3_F_V2I_EXT_KU,X509V3_R_INVALID_OBJECT_IDENTIFIER);
+		X509V3_conf_err(val);
+		return NULL;
+	}
+	sk_push(extku, (char *)objtmp);
+}
+return extku;
+}
diff --git a/crypto/x509v3/v3_ia5.c b/crypto/x509v3/v3_ia5.c
new file mode 100644
index 0000000000..13a1137288
--- /dev/null
+++ b/crypto/x509v3/v3_ia5.c
@@ -0,0 +1,127 @@
+/* v3_ia5.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <pem.h>
+#include <asn1_mac.h>
+#include <err.h>
+#include <objects.h>
+#include <conf.h>
+#include "x509v3.h"
+
+#ifndef NOPROTO
+static ASN1_IA5STRING *ia5string_new(void);
+static char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, ASN1_IA5STRING *ia5);
+static ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str);
+#else
+static ASN1_IA5STRING *ia5string_new();
+static char *i2s_ASN1_IA5STRING();
+static ASN1_IA5STRING *s2i_ASN1_IA5STRING();
+#endif
+
+X509V3_EXT_METHOD v3_ns_ia5_list[] = { 
+EXT_IA5STRING(NID_netscape_base_url),
+EXT_IA5STRING(NID_netscape_revocation_url),
+EXT_IA5STRING(NID_netscape_ca_revocation_url),
+EXT_IA5STRING(NID_netscape_renewal_url),
+EXT_IA5STRING(NID_netscape_ca_policy_url),
+EXT_IA5STRING(NID_netscape_ssl_server_name),
+EXT_IA5STRING(NID_netscape_comment),
+EXT_END
+};
+
+
+static ASN1_IA5STRING *ia5string_new(void)
+{
+	return ASN1_IA5STRING_new();
+}
+
+static char *i2s_ASN1_IA5STRING(method, ia5)
+X509V3_EXT_METHOD *method;
+ASN1_IA5STRING *ia5;
+{
+	char *tmp;
+	if(!ia5 || !ia5->length) return NULL;
+	tmp = Malloc(ia5->length + 1);
+	memcpy(tmp, ia5->data, ia5->length);
+	tmp[ia5->length] = 0;
+	return tmp;
+}
+
+static ASN1_IA5STRING *s2i_ASN1_IA5STRING(method, ctx, str)
+X509V3_EXT_METHOD *method;
+X509V3_CTX *ctx;
+char *str;
+{
+	ASN1_IA5STRING *ia5;
+	if(!str) {
+		X509V3err(X509V3_F_S2I_ASN1_IA5STRING,X509V3_R_INVALID_NULL_ARGUMENT);
+		return NULL;
+	}
+	if(!(ia5 = ASN1_IA5STRING_new())) goto err;
+	if(!ASN1_STRING_set((ASN1_STRING *)ia5, str, strlen(str))) {
+		ASN1_IA5STRING_free(ia5);
+		goto err;
+	}
+	return ia5;
+	err:
+	X509V3err(X509V3_F_S2I_ASN1_IA5STRING,ERR_R_MALLOC_FAILURE);
+	return NULL;
+}
+
diff --git a/crypto/x509v3/v3_lib.c b/crypto/x509v3/v3_lib.c
new file mode 100644
index 0000000000..bc159b4432
--- /dev/null
+++ b/crypto/x509v3/v3_lib.c
@@ -0,0 +1,158 @@
+/* v3_lib.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* X509 v3 extension utilities */
+
+#include <stdlib.h>
+#include <pem.h>
+#include <conf.h>
+#include <err.h>
+#include "x509v3.h"
+
+static STACK *ext_list = NULL;
+
+static ext_cmp(X509V3_EXT_METHOD **a, X509V3_EXT_METHOD **b);
+static void ext_list_free(X509V3_EXT_METHOD *ext);
+
+int X509V3_EXT_add(ext)
+X509V3_EXT_METHOD *ext;
+{
+	if(!ext_list && !(ext_list = sk_new(ext_cmp))) {
+		X509V3err(X509V3_F_X509V3_ADD_EXT,ERR_R_MALLOC_FAILURE);
+		return 0;
+	}
+	if(!sk_push(ext_list, (char *)ext)) {
+		X509V3err(X509V3_F_X509V3_ADD_EXT,ERR_R_MALLOC_FAILURE);
+		return 0;
+	}
+	return 1;
+}
+
+static int ext_cmp(a, b)
+X509V3_EXT_METHOD **a, **b;
+{
+	return ((*a)->ext_nid - (*b)->ext_nid);
+}
+
+X509V3_EXT_METHOD *X509V3_EXT_get_nid(nid)
+int nid;
+{
+	X509V3_EXT_METHOD tmp;
+	int idx;
+	tmp.ext_nid = nid;
+	if(!ext_list || (tmp.ext_nid < 0) ) return NULL;
+	idx = sk_find(ext_list, (char *)&tmp);
+	if(idx == -1) return NULL;
+	return (X509V3_EXT_METHOD *)sk_value(ext_list, idx);
+}
+
+X509V3_EXT_METHOD *X509V3_EXT_get(ext)
+X509_EXTENSION *ext;
+{
+	int nid;
+	if((nid = OBJ_obj2nid(ext->object)) == NID_undef) return NULL;
+	return X509V3_EXT_get_nid(nid);
+}
+
+extern X509V3_EXT_METHOD v3_bcons, v3_nscert, v3_key_usage, v3_ext_ku, v3_ns_ia5_list[];
+
+int X509V3_EXT_add_list(extlist)
+X509V3_EXT_METHOD *extlist;
+{
+	for(;extlist->ext_nid!=-1;extlist++) 
+			if(!X509V3_EXT_add(extlist)) return 0;
+	return 1;
+}
+
+int X509V3_EXT_add_alias(nid_to, nid_from)
+int nid_to, nid_from;
+{
+	X509V3_EXT_METHOD *ext, *tmpext;
+	if(!(ext = X509V3_EXT_get_nid(nid_from))) {
+		X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS,X509V3_R_EXTENSION_NOT_FOUND);
+		return 0;
+	}
+	if(!(tmpext = (X509V3_EXT_METHOD *)Malloc(sizeof(X509V3_EXT_METHOD)))) {
+		X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS,ERR_R_MALLOC_FAILURE);
+		return 0;
+	}
+	*tmpext = *ext;
+	tmpext->ext_nid = nid_to;
+	tmpext->ext_flags = X509V3_EXT_DYNAMIC;
+	return 1;
+}
+
+void X509V3_EXT_cleanup()
+{
+	sk_pop_free(ext_list, ext_list_free);
+}
+
+static void ext_list_free(ext)
+X509V3_EXT_METHOD *ext;
+{
+	if(ext->ext_flags & X509V3_EXT_DYNAMIC) Free(ext);
+}
+
+int X509V3_add_standard_extensions()
+{
+	X509V3_EXT_add_list(v3_ns_ia5_list);
+	X509V3_EXT_add(&v3_bcons);
+	X509V3_EXT_add(&v3_nscert);
+	X509V3_EXT_add(&v3_key_usage);
+	X509V3_EXT_add(&v3_ext_ku);
+	return 1;
+}
diff --git a/crypto/x509v3/v3_prn.c b/crypto/x509v3/v3_prn.c
new file mode 100644
index 0000000000..c9755582ae
--- /dev/null
+++ b/crypto/x509v3/v3_prn.c
@@ -0,0 +1,134 @@
+/* v3_prn.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* X509 v3 extension utilities */
+
+#include <stdlib.h>
+#include <pem.h>
+#include <conf.h>
+#include <err.h>
+#include "x509v3.h"
+
+/* Extension printing routines */
+
+/* Print out a name+value stack */
+
+void X509V3_EXT_val_prn(out, val)
+BIO *out;
+STACK *val;
+{
+	int i;
+	CONF_VALUE *nval;
+	if(!val) return;
+	for(i = 0; i < sk_num(val); i++) {
+		if(i > 0) BIO_printf(out, ", ");
+		nval = (CONF_VALUE *)sk_value(val, i);
+		if(!nval->name) BIO_printf(out, "%s", nval->value);
+		else if(!nval->value) BIO_printf(out, "%s", nval->name);
+		else BIO_printf(out, "%s:%s", nval->name, nval->value);
+	}
+}
+
+/* Main routine: print out a general extension */
+
+int X509V3_EXT_print(out, ext, flag)
+BIO *out;
+X509_EXTENSION *ext;
+int flag;
+{
+	char *ext_str = NULL, *p, *value = NULL;
+	X509V3_EXT_METHOD *method;	
+	STACK *nval = NULL;
+	int ok = 1;
+	if(!(method = X509V3_EXT_get(ext))) return 0;
+	p = ext->value->data;
+	if(!(ext_str = method->d2i(NULL, &p, ext->value->length))) return 0;
+	if(method->i2s) {
+		if(!(value = method->i2s(method, ext_str))) {
+			ok = 0;
+			goto err;
+		}
+		BIO_printf(out, value);
+	} else if(method->i2v) {
+		if(!(nval = method->i2v(method, ext_str))) {
+			ok = 0;
+			goto err;
+		}
+		X509V3_EXT_val_prn(out, nval);
+	} else if(method->i2r) {
+		if(!method->i2r(method, ext_str, out)) ok = 0;
+	} else ok = 0;
+
+	err:
+		sk_pop_free(nval, X509V3_conf_free);
+		if(value) Free(value);
+		method->ext_free(ext_str);
+		return ok;
+}
+
+int X509V3_EXT_print_fp(fp, ext, flag)
+FILE *fp;
+X509_EXTENSION *ext;
+int flag;
+{
+	BIO *bio_tmp;
+	int ret;
+	if(!(bio_tmp = BIO_new_fp(fp, BIO_NOCLOSE))) return 0;
+	ret = X509V3_EXT_print(bio_tmp, ext, flag);
+	BIO_free(bio_tmp);
+	return ret;
+}
diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c
new file mode 100644
index 0000000000..a9068a2f0d
--- /dev/null
+++ b/crypto/x509v3/v3_utl.c
@@ -0,0 +1,312 @@
+/* v3_utl.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* X509 v3 extension utilities */
+
+#include <stdlib.h>
+#include <ctype.h>
+#include <pem.h>
+#include <conf.h>
+#include <err.h>
+#include "x509v3.h"
+
+static char * str_dup(char *str);
+static char *strip_spaces(char *name);
+
+static char *str_dup(str)
+char *str;
+{
+	char *tmp;
+	if(!(tmp = Malloc(strlen(str) + 1))) return NULL;
+	strcpy(tmp, str);
+	return tmp;
+}
+
+/* Add a CONF_VALUE name value pair to stack */
+
+int X509V3_add_value(name, value, extlist)
+char *name;
+char *value;
+STACK **extlist;
+{
+	CONF_VALUE *vtmp = NULL;
+	char *tname = NULL, *tvalue = NULL;
+	if(name && !(tname = str_dup(name))) goto err;
+	if(value && !(tvalue = str_dup(value))) goto err;;
+	if(!(vtmp = (CONF_VALUE *)Malloc(sizeof(CONF_VALUE)))) goto err;
+	if(!*extlist && !(*extlist = sk_new(NULL))) goto err;
+	vtmp->section = NULL;
+	vtmp->name = tname;
+	vtmp->value = tvalue;
+	if(!sk_push(*extlist, (char *)vtmp)) goto err;
+	return 1;
+	err:
+	X509V3err(X509V3_F_X509V3_ADD_VALUE,ERR_R_MALLOC_FAILURE);
+	if(vtmp) Free(vtmp);
+	if(tname) Free(tname);
+	if(tvalue) Free(tvalue);
+	return 0;
+}
+
+/* Free function for STACK of CONF_VALUE */
+
+void X509V3_conf_free(conf)
+CONF_VALUE *conf;
+{
+	if(!conf) return;
+	if(conf->name) Free(conf->name);
+	if(conf->value) Free(conf->value);
+	if(conf->section) Free(conf->section);
+	Free((char *)conf);
+}
+
+int X509V3_add_value_bool(name, asn1_bool, extlist)
+char *name;
+int asn1_bool;
+STACK **extlist;
+{
+	if(asn1_bool) return X509V3_add_value(name, "TRUE", extlist);
+	return X509V3_add_value(name, "FALSE", extlist);
+}
+
+int X509V3_add_value_bool_nf(name, asn1_bool, extlist)
+char *name;
+int asn1_bool;
+STACK **extlist;
+{
+	if(asn1_bool) return X509V3_add_value(name, "TRUE", extlist);
+	return 1;
+}
+
+int X509V3_add_value_int(name, aint, extlist)
+char *name;
+ASN1_INTEGER *aint;
+STACK **extlist;
+{
+	BIGNUM *bntmp;
+	char *strtmp;
+	int ret;
+	if(!aint) return 1;
+	bntmp = ASN1_INTEGER_to_BN(aint, NULL);
+	strtmp = BN_bn2dec(bntmp);
+	ret = X509V3_add_value(name, strtmp, extlist);
+	BN_free(bntmp);
+	Free(strtmp);
+	return ret;
+}
+
+int X509V3_get_value_bool(value, asn1_bool)
+CONF_VALUE *value;
+int *asn1_bool;
+{
+	char *btmp;
+	if(!(btmp = value->value)) goto err;
+	if(!strcmp(btmp, "TRUE") || !strcmp(btmp, "true")
+		 || !strcmp(btmp, "Y") || !strcmp(btmp, "y")
+		|| !strcmp(btmp, "YES") || !strcmp(btmp, "yes")) {
+		*asn1_bool = 0xff;
+		return 1;
+	} else if(!strcmp(btmp, "FALSE") || !strcmp(btmp, "false")
+		 || !strcmp(btmp, "N") || !strcmp(btmp, "n")
+		|| !strcmp(btmp, "NO") || !strcmp(btmp, "no")) {
+		*asn1_bool = 0;
+		return 1;
+	}
+	err:
+	X509V3err(X509V3_F_X509V3_VALUE_GET_BOOL,X509V3_R_INVALID_BOOLEAN_STRING);
+	X509V3_conf_err(value);
+	return 0;
+}
+
+int X509V3_get_value_int(value, aint)
+CONF_VALUE *value;
+ASN1_INTEGER **aint;
+{
+	BIGNUM *bn = NULL;
+	bn = BN_new();
+	if(!value->value) {
+		X509V3err(X509V3_F_X509V3_GET_VALUE_INT,X509V3_R_INVALID_NULL_VALUE);
+		X509V3_conf_err(value);
+		return 0;
+	}
+	if(!BN_dec2bn(&bn, value->value)) {
+		X509V3err(X509V3_F_X509V3_GET_VALUE_INT,X509V3_R_BN_DEC2BN_ERROR);
+		X509V3_conf_err(value);
+		return 0;
+	}
+
+	if(!(*aint = BN_to_ASN1_INTEGER(bn, NULL))) {
+		X509V3err(X509V3_F_X509V3_GET_VALUE_INT,X509V3_R_BN_TO_ASN1_INTEGER_ERROR);
+		X509V3_conf_err(value);
+		return 0;
+	}
+	BN_free(bn);
+	return 1;
+}
+
+#define HDR_NAME	1
+#define HDR_VALUE	2
+
+/*#define DEBUG*/
+
+STACK *X509V3_parse_list(line)
+char *line;
+{
+	char *p, *q, c;
+	char *ntmp, *vtmp;
+	STACK *values = NULL;
+	char *linebuf;
+	int state;
+	/* We are going to modify the line so copy it first */
+	linebuf = str_dup(line);
+	state = HDR_NAME;
+	ntmp = NULL;
+	/* Go through all characters */
+	for(p = linebuf, q = linebuf; (c = *p) && (c!='\r') && (c!='\n'); p++) {
+
+		switch(state) {
+			case HDR_NAME:
+			if(c == ':') {
+				state = HDR_VALUE;
+				*p = 0;
+				ntmp = strip_spaces(q);
+				if(!ntmp) {
+					X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_NAME);
+					goto err;
+				}
+				q = p + 1;
+			} else if(c == ',') {
+				*p = 0;
+				ntmp = strip_spaces(q);
+				q = p + 1;
+#ifdef DEBUG
+				printf("%s\n", ntmp);
+#endif
+				if(!ntmp) {
+					X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_NAME);
+					goto err;
+				}
+				X509V3_add_value(ntmp, NULL, &values);
+			}
+			break ;
+
+			case HDR_VALUE:
+			if(c == ',') {
+				state = HDR_NAME;
+				*p = 0;
+				vtmp = strip_spaces(q);
+#ifdef DEBUG
+				printf("%s\n", ntmp);
+#endif
+				if(!vtmp) {
+					X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_VALUE);
+					goto err;
+				}
+				X509V3_add_value(ntmp, vtmp, &values);
+				ntmp = NULL;
+				q = p + 1;
+			}
+
+		}
+	}
+
+	if(state == HDR_VALUE) {
+		vtmp = strip_spaces(q);
+#ifdef DEBUG
+		printf("%s=%s\n", ntmp, vtmp);
+#endif
+		if(!vtmp) {
+			X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_VALUE);
+			goto err;
+		}
+		X509V3_add_value(ntmp, vtmp, &values);
+	} else {
+		ntmp = strip_spaces(q);
+#ifdef DEBUG
+		printf("%s\n", ntmp);
+#endif
+		if(!ntmp) {
+			X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_NAME);
+			goto err;
+		}
+		X509V3_add_value(ntmp, NULL, &values);
+	}
+Free(linebuf);
+return values;
+
+err:
+Free(linebuf);
+sk_pop_free(values, X509V3_conf_free);
+return NULL;
+
+}
+
+/* Delete leading and trailing spaces from a string */
+static char *strip_spaces(name)
+char *name;
+{
+	char *p, *q;
+	/* Skip over leading spaces */
+	p = name;
+	while(*p && isspace(*p)) p++;
+	if(!*p) return NULL;
+	q = p + strlen(p) - 1;
+	while((q != p) && isspace(*q)) q--;
+	if(p != q) q[1] = 0;
+	if(!*p) return NULL;
+	return p;
+}
diff --git a/crypto/x509v3/v3conf.c b/crypto/x509v3/v3conf.c
new file mode 100644
index 0000000000..e0b097b335
--- /dev/null
+++ b/crypto/x509v3/v3conf.c
@@ -0,0 +1,127 @@
+/* v3conf.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include <stdio.h>
+#include <pem.h>
+#include <objects.h>
+#include <conf.h>
+#include <err.h>
+#include "x509v3.h"
+
+/* Test application to add extensions from a config file */
+
+int main(argc, argv)
+int argc;
+char **argv;
+{
+	LHASH *conf;
+	X509 *cert;
+	FILE *inf;
+	char *conf_file;
+	int i;
+	int count;
+	X509_EXTENSION *ext;
+	X509V3_add_standard_extensions();
+	ERR_load_crypto_strings();
+	if(!argv[1]) {
+		fprintf(stderr, "Usage: v3conf cert.pem [file.cnf]\n");
+		exit(1);
+	}
+	conf_file = argv[2];
+	if(!conf_file) conf_file = "test.cnf";
+	conf = CONF_load(NULL, "test.cnf", NULL);
+	if(!conf) {
+		fprintf(stderr, "Error opening Config file %s\n", conf_file);
+		ERR_print_errors_fp(stderr);
+		exit(1);
+	}
+
+	inf = fopen(argv[1], "r");
+	if(!inf) {
+		fprintf(stderr, "Can't open certificate file %s\n", argv[1]);
+		exit(1);
+	}
+	cert = PEM_read_X509(inf, NULL, NULL);
+	if(!cert) {
+		fprintf(stderr, "Error reading certificate file %s\n", argv[1]);
+		exit(1);
+	}
+	fclose(inf);
+
+	sk_pop_free(cert->cert_info->extensions, X509_EXTENSION_free);
+	cert->cert_info->extensions = NULL;
+
+	if(!X509V3_EXT_add_conf(conf, NULL, "test_section", cert)) {
+		fprintf(stderr, "Error adding extensions\n");
+		ERR_print_errors_fp(stderr);
+		exit(1);
+	}
+
+	count = X509_get_ext_count(cert);
+	printf("%d extensions\n", count);
+	for(i = 0; i < count; i++) {
+		ext = X509_get_ext(cert, i);
+		printf("%s", OBJ_nid2ln(OBJ_obj2nid(ext->object)));
+		if(ext->critical) printf(",critical:\n");
+		else printf(":\n");
+		X509V3_EXT_print_fp(stdout, ext, 0);
+		printf("\n");
+		
+	}
+	return 0;
+}
+
diff --git a/crypto/x509v3/v3err.c b/crypto/x509v3/v3err.c
new file mode 100644
index 0000000000..b250953083
--- /dev/null
+++ b/crypto/x509v3/v3err.c
@@ -0,0 +1,112 @@
+/* lib/x509v3/x509v3_err.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "err.h"
+#include "x509v3.h"
+
+/* BEGIN ERROR CODES */
+#ifndef NO_ERR
+static ERR_STRING_DATA X509V3_str_functs[]=
+	{
+{ERR_PACK(0,X509V3_F_S2I_ASN1_IA5STRING,0),	"S2I_ASN1_IA5STRING"},
+{ERR_PACK(0,X509V3_F_V2I_ASN1_BIT_STRING,0),	"V2I_ASN1_BIT_STRING"},
+{ERR_PACK(0,X509V3_F_V2I_BASIC_CONSTRAINTS,0),	"V2I_BASIC_CONSTRAINTS"},
+{ERR_PACK(0,X509V3_F_V2I_EXT_KU,0),	"V2I_EXT_KU"},
+{ERR_PACK(0,X509V3_F_X509V3_ADD_EXT,0),	"X509V3_ADD_EXT"},
+{ERR_PACK(0,X509V3_F_X509V3_ADD_VALUE,0),	"X509V3_add_value"},
+{ERR_PACK(0,X509V3_F_X509V3_EXT_ADD_ALIAS,0),	"X509V3_EXT_add_alias"},
+{ERR_PACK(0,X509V3_F_X509V3_EXT_CONF,0),	"X509V3_EXT_conf"},
+{ERR_PACK(0,X509V3_F_X509V3_GET_VALUE_INT,0),	"X509V3_get_value_int"},
+{ERR_PACK(0,X509V3_F_X509V3_PARSE_LIST,0),	"X509V3_parse_list"},
+{ERR_PACK(0,X509V3_F_X509V3_VALUE_GET_BOOL,0),	"X509V3_VALUE_GET_BOOL"},
+{0,NULL},
+	};
+
+static ERR_STRING_DATA X509V3_str_reasons[]=
+	{
+{X509V3_R_BN_DEC2BN_ERROR                ,"bn dec2bn error"},
+{X509V3_R_BN_TO_ASN1_INTEGER_ERROR       ,"bn to asn1 integer error"},
+{X509V3_R_EXTENSION_NOT_FOUND            ,"extension not found"},
+{X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED,"extension setting not supported"},
+{X509V3_R_INVALID_BOOLEAN_STRING         ,"invalid boolean string"},
+{X509V3_R_INVALID_EXTENSION_STRING       ,"invalid extension string"},
+{X509V3_R_INVALID_NAME                   ,"invalid name"},
+{X509V3_R_INVALID_NULL_ARGUMENT          ,"invalid null argument"},
+{X509V3_R_INVALID_NULL_NAME              ,"invalid null name"},
+{X509V3_R_INVALID_NULL_VALUE             ,"invalid null value"},
+{X509V3_R_INVALID_OBJECT_IDENTIFIER      ,"invalid object identifier"},
+{X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT    ,"unknown bit string argument"},
+{0,NULL},
+	};
+
+#endif
+
+void ERR_load_X509V3_strings()
+	{
+	static int init=1;
+
+	if (init)
+		{
+		init=0;
+#ifndef NO_ERR
+		ERR_load_strings(ERR_LIB_X509V3,X509V3_str_functs);
+		ERR_load_strings(ERR_LIB_X509V3,X509V3_str_reasons);
+#endif
+
+		}
+	}
diff --git a/crypto/x509v3/v3prin.c b/crypto/x509v3/v3prin.c
new file mode 100644
index 0000000000..6475fb97b1
--- /dev/null
+++ b/crypto/x509v3/v3prin.c
@@ -0,0 +1,97 @@
+/* v3prin.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include <pem.h>
+#include <objects.h>
+#include <conf.h>
+#include <err.h>
+#include "x509v3.h"
+
+int main(argc, argv)
+int argc;
+char **argv;
+{
+	X509 *cert;
+	FILE *inf;
+	int i, count;
+	X509_EXTENSION *ext;
+	X509V3_add_standard_extensions();
+	if(!argv[1]) {
+		fprintf(stderr, "Usage v3prin cert.pem\n");
+		exit(1);
+	}
+	if(!(inf = fopen(argv[1], "r"))) {
+		fprintf(stderr, "Can't open %s\n", argv[1]);
+		exit(1);
+	}
+	if(!(cert = PEM_read_X509(inf, NULL, NULL))) {
+		fprintf(stderr, "Can't read certificate %s\n", argv[1]);
+		ERR_print_errors_fp(stderr);
+		exit(1);
+	}
+	fclose(inf);
+	count = X509_get_ext_count(cert);
+	printf("%d extensions\n", count);
+	for(i = 0; i < count; i++) {
+		ext = X509_get_ext(cert, i);
+		printf("%s\n", OBJ_nid2ln(OBJ_obj2nid(ext->object)));
+		X509V3_EXT_print_fp(stdout, ext, 0);
+		printf("\n");
+		
+	}
+	return 0;
+}
diff --git a/crypto/x509v3/x509v3.h b/crypto/x509v3/x509v3.h
index d7945bc9cd..79bb903ccf 100644
--- a/crypto/x509v3/x509v3.h
+++ b/crypto/x509v3/x509v3.h
@@ -1,87 +1,269 @@
-/* crypto/x509v3/x509v3.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/* x509v3.h */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
  * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
  */
-#define X509v3_N_KU_digitalSignature	0
-#define X509v3_N_KU_nonRepudiation	1
-#define X509v3_N_KU_keyEncipherment	2
-#define X509v3_N_KU_dataEncipherment	3
-#define X509v3_N_KU_keyAgreement	4
-#define X509v3_N_KU_keyCertSign		5
-#define X509v3_N_KU_cRLSign		6
-#define X509v3_N_KU_encipherOnly	7
-#define X509v3_N_KU_decipherOnly	8
-#define X509v3_N_KU_NUM			9
-#define X509v3_S_KU_digitalSignature	"digitalSignature"
-#define X509v3_S_KU_nonRepudiation	"nonRepudiation"
-#define X509v3_S_KU_keyEncipherment	"keyEncipherment"
-#define X509v3_S_KU_dataEncipherment	"dataEncipherment"
-#define X509v3_S_KU_keyAgreement	"keyAgreement"
-#define X509v3_S_KU_keyCertSign		"keyCertSign"
-#define X509v3_S_KU_cRLSign		"cRLSign"
-#define X509v3_S_KU_encipherOnly	"encipherOnly"
-#define X509v3_S_KU_decipherOnly	"decipherOnly"
-
-
-void X509_ex_clear(X509_EXTENSION *a);
-int X509_ex_get_bool(X509_EXTENSION *a,int num);
-int X509_ex_set_bool(X509_EXTENSION *a,int num,int value);
-int X509_ex_get_str(X509_EXTENSION *a,int index,char **p,int *len);
-int X509_ex_set_str(X509_EXTENSION *a,int oid,int index,char *p,int len);
-char *X509_ex_get_struct(X509_EXTENSION *a,int oid,int index,char **p);
-int X509_ex_set_struct(X509_EXTENSION *a,int index,char *p);
-int a2i_X509_EXTENSION(BIO *bp,X509_EXTENSION *a,char *buf,int len);
-int i2a_X509_EXTENSION(BIO *bp,X509_EXTENSION *a);
+#ifndef HEADER_X509V3_H
+#define HEADER_X509V3_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include "bio.h"
+#include "x509.h"
+
+/* Forward reference */
+struct v3_ext_method;
+struct v3_ext_ctx;
+
+/* Useful typedefs */
+
+typedef char * (*X509V3_EXT_NEW)();
+typedef void (*X509V3_EXT_FREE)();
+typedef char * (*X509V3_EXT_D2I)();
+typedef int (*X509V3_EXT_I2D)();
+typedef STACK * (*X509V3_EXT_I2V)(struct v3_ext_method *method, char *ext);
+typedef char * (*X509V3_EXT_V2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, STACK *values);
+typedef char * (*X509V3_EXT_I2S)(struct v3_ext_method *method, char *ext);
+typedef char * (*X509V3_EXT_S2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, char *str);
+typedef int (*X509V3_EXT_I2R)(struct v3_ext_method *method, char *ext, BIO *out);
+
+/* V3 extension structure */
+
+struct v3_ext_method {
+int ext_nid;
+int ext_flags;
+X509V3_EXT_NEW ext_new;
+X509V3_EXT_FREE ext_free;
+X509V3_EXT_D2I d2i;
+X509V3_EXT_I2D i2d;
+
+/* The following pair is used for string extensions */
+X509V3_EXT_I2S i2s;
+X509V3_EXT_S2I s2i;
+
+/* The following pair is used for multi-valued extensions */
+X509V3_EXT_I2V i2v;
+X509V3_EXT_V2I v2i;
+
+/* The following is used for raw extensions */
+X509V3_EXT_I2R i2r;
+
+char *usr_data;	/* Any extension specific data */
+};
+
+/* Context specific info */
+struct v3_ctx_struct {
+X509 *issuer_cert;
+X509 *subject_cert;
+X509_REQ *subject_req;
+/* Maybe more here */
+};
+
+typedef struct v3_ext_method X509V3_EXT_METHOD;
+typedef struct v3_ext_ctx X509V3_CTX;
+
+/* ext_flags values */
+#define X509V3_EXT_DYNAMIC 0x1
+
+typedef struct {
+int bitnum;
+char *lname;
+char *sname;
+} BIT_STRING_BITNAME;
+
+typedef struct {
+int ca;
+ASN1_INTEGER *pathlen;
+} BASIC_CONSTRAINTS;
+
+#define X509V3_conf_err(val) ERR_add_error_data(6, "section:", val->section, \
+",name:", val->name, ",value:", val->value);
+
+#define EXT_BITSTRING(nid, table) { nid, 0, \
+			(X509V3_EXT_NEW)asn1_bit_string_new, ASN1_STRING_free, \
+			(X509V3_EXT_D2I)d2i_ASN1_BIT_STRING, \
+			i2d_ASN1_BIT_STRING, \
+			NULL, NULL, \
+			(X509V3_EXT_I2V)i2v_ASN1_BIT_STRING, \
+			(X509V3_EXT_V2I)v2i_ASN1_BIT_STRING, \
+			NULL, \
+			(char *)table}
+
+#define EXT_IA5STRING(nid) { nid, 0, \
+			(X509V3_EXT_NEW)ia5string_new, ASN1_STRING_free, \
+			(X509V3_EXT_D2I)d2i_ASN1_IA5STRING, \
+			i2d_ASN1_IA5STRING, \
+			(X509V3_EXT_I2S)i2s_ASN1_IA5STRING, \
+			(X509V3_EXT_S2I)s2i_ASN1_IA5STRING, \
+			NULL, NULL, NULL, \
+			NULL}
+
+#define EXT_END { -1, 0, NULL, NULL, NULL, NULL, NULL, NULL, \
+			 NULL, NULL, NULL, \
+			 NULL}
+
+#ifndef NOPROTO
+void ERR_load_X509V3_strings(void);
+void ERR_X509V3_error(int function, int reason, char *file, int line);
+int i2d_BASIC_CONSTRAINTS(BASIC_CONSTRAINTS *a, unsigned char **pp);
+BASIC_CONSTRAINTS *d2i_BASIC_CONSTRAINTS(BASIC_CONSTRAINTS **a, unsigned char **pp, long length);
+BASIC_CONSTRAINTS *BASIC_CONSTRAINTS_new(void);
+void BASIC_CONSTRAINTS_free(BASIC_CONSTRAINTS *a);
+
+int i2d_ext_ku(STACK *a, unsigned char **pp);
+STACK *d2i_ext_ku(STACK **a, unsigned char **pp, long length);
+void ext_ku_free(STACK *a);
+STACK *ext_ku_new(void);
+
+#ifdef HEADER_CONF_H
+void X509V3_conf_free(CONF_VALUE *val);
+X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid, char *value);
+X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name, char *value);
+int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509 *cert);
+int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool);
+int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint);
+#endif
+
+int X509V3_add_value(char *name, char *value, STACK **extlist);
+int X509V3_add_value_bool(char *name, int asn1_bool, STACK **extlist);
+int X509V3_add_value_int( char *name, ASN1_INTEGER *aint, STACK **extlist);
+int X509V3_EXT_add(X509V3_EXT_METHOD *ext);
+int X509V3_EXT_add_alias(int nid_to, int nid_from);
+void X509V3_EXT_cleanup(void);
+
+X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext);
+X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid);
+int X509V3_add_standard_extensions(void);
+STACK *X509V3_parse_list(char *line);
+
+int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, int flag);
+int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag);
+
+#else
+
+void ERR_load_X509V3_strings();
+void ERR_X509V3_error();
+int i2d_BASIC_CONSTRAINTS();
+BASIC_CONSTRAINTS *d2i_BASIC_CONSTRAINTS();
+BASIC_CONSTRAINTS *BASIC_CONSTRAINTS_new();
+void BASIC_CONSTRAINTS_free();
+
+int i2d_ext_ku();
+STACK *d2i_ext_ku();
+void ext_ku_free();
+STACK *ext_ku_new();
+
+#ifdef HEADER_CONF_H
+void X509V3_conf_free();
+X509_EXTENSION *X509V3_EXT_conf_nid();
+X509_EXTENSION *X509V3_EXT_conf();
+int X509V3_EXT_add_conf();
+int X509V3_get_value_bool();
+int X509V3_get_value_int();
+#endif
+
+int X509V3_add_value();
+int X509V3_add_value_bool();
+int X509V3_add_value_int();
+int X509V3_EXT_add();
+int X509V3_EXT_add_alias();
+void X509V3_EXT_cleanup();
+
+X509V3_EXT_METHOD *X509V3_EXT_get();
+X509V3_EXT_METHOD *X509V3_EXT_get_nid();
+int X509V3_add_standard_extensions();
+STACK *X509V3_parse_list();
+
+int X509V3_EXT_print();
+int X509V3_EXT_print_fp();
+#endif
+
+/* BEGIN ERROR CODES */
+/* Error codes for the X509V3 functions. */
+
+/* Function codes. */
+#define X509V3_F_S2I_ASN1_IA5STRING			 100
+#define X509V3_F_V2I_ASN1_BIT_STRING			 101
+#define X509V3_F_V2I_BASIC_CONSTRAINTS			 102
+#define X509V3_F_V2I_EXT_KU				 103
+#define X509V3_F_X509V3_ADD_EXT				 104
+#define X509V3_F_X509V3_ADD_VALUE			 105
+#define X509V3_F_X509V3_EXT_ADD_ALIAS			 106
+#define X509V3_F_X509V3_EXT_CONF			 107
+#define X509V3_F_X509V3_GET_VALUE_INT			 108
+#define X509V3_F_X509V3_PARSE_LIST			 109
+#define X509V3_F_X509V3_VALUE_GET_BOOL			 110
+
+/* Reason codes. */
+#define X509V3_R_BN_DEC2BN_ERROR			 100
+#define X509V3_R_BN_TO_ASN1_INTEGER_ERROR		 101
+#define X509V3_R_EXTENSION_NOT_FOUND			 102
+#define X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED	 103
+#define X509V3_R_INVALID_BOOLEAN_STRING			 104
+#define X509V3_R_INVALID_EXTENSION_STRING		 105
+#define X509V3_R_INVALID_NAME				 106
+#define X509V3_R_INVALID_NULL_ARGUMENT			 107
+#define X509V3_R_INVALID_NULL_NAME			 108
+#define X509V3_R_INVALID_NULL_VALUE			 109
+#define X509V3_R_INVALID_OBJECT_IDENTIFIER		 110
+#define X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT		 111
+ 
+#ifdef  __cplusplus
+}
+#endif
+#endif
+