* Macros fixupsossl1-ossl2-branch-point

	* X509ExtFactory cleanup
	* fixed strptime warning on Linux
	* X509::Certificate#version has been changed!
	  !!! WARNING !!!
		x509.version = 2 -> defines X509v3, (0 for v1, 1 for v2, ...)
		p x509.version -> 2, means that it is X509v3
	  !!! WARNING !!!

22 files changed, 98 insertions, 98 deletions

diff --git a/ChangeLog b/ChangeLog
index e9f3389..07298c7 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -4,6 +4,16 @@ Copyright (C) 2001 Michal Rokos <m.rokos@sh.cvut.cz>
 All rights reserved.
 
 $Log$
+Revision 1.37  2002/04/07 16:35:32  majkl
+	* Macros fixups
+	* X509ExtFactory cleanup
+	* fixed strptime warning on Linux
+	* X509::Certificate#version has been changed!
+	  !!! WARNING !!!
+		x509.version = 2 -> defines X509v3, (0 for v1, 1 for v2, ...)
+		p x509.version -> 2, means that it is X509v3
+	  !!! WARNING !!!
+
 Revision 1.36  2002/03/11 21:35:39  majkl
 	* Cipher IV fixup
 
diff --git a/lib/ssl.rb b/lib/ssl.rb
index 1b0d4ca..6da79a7 100644
--- a/lib/ssl.rb
+++ b/lib/ssl.rb
@@ -57,11 +57,6 @@ module SSL
       __initialize(arg)
     end
 
-    alias builtin_version version
-    def version
-      builtin_version - 1
-    end
-
     alias __verify verify
     def verify(arg)
       case arg
diff --git a/missing/strptime.c b/missing/strptime.c
index 9178ec6..5b90259 100644
--- a/missing/strptime.c
+++ b/missing/strptime.c
@@ -36,7 +36,7 @@
 #include <ctype.h>
 #include <string.h>
 
-#ifdef WIN32
+#ifdef NT
 #define strncasecmp _strnicmp
 #else
 #ifndef HAVE_STRNCASECMP
diff --git a/ossl.c b/ossl.c
index 1711e3d..d46547f 100644
--- a/ossl.c
+++ b/ossl.c
@@ -8,18 +8,22 @@
  * This program is licenced under the same licence as Ruby.
  * (See the file 'LICENCE'.)
  */
-#include "ossl.h"
-
-#if defined(NT)
-#  define strncasecmp _strnicmp
+/*
+ * Surpress dumb warning about implicit declaration of strptime on Linux
+ */
+#if defined(__linux__) || defined(linux)
+#  define _GNU_SOURCE
 #endif
 
+#include "ossl.h"
 /*
  * On Windows platform there is no strptime function
  * implementation in strptime.c
  */
 #ifndef HAVE_STRPTIME
 #  include "./missing/strptime.c"
+#else
+#  include <time.h>
 #endif
 
 /*
@@ -69,6 +73,9 @@ asn1time_to_time(ASN1_UTCTIME *time)
 	return rb_time_new(mktime(&tm), 0); /* or this one? */
 }
 
+/*
+ * This function is not exported to ruby.h
+ */
 extern struct timeval rb_time_timeval(VALUE time);
 
 time_t
diff --git a/ossl.h b/ossl.h
index c56f26e..19b5c28 100644
--- a/ossl.h
+++ b/ossl.h
@@ -133,13 +133,13 @@ time_t time_to_time_t(VALUE);
 
 #if defined(OSSL_DEBUG)
 #  define OSSL_Raise(klass,text) \
-	rb_raise(klass, "%s%s [in '%s', file: '%s', line: %d]", \
+	rb_raise(klass, "%s%s [in '%s', ('%s':%d)]", \
 			text, OSSL_ErrMsg(), __func__, __FILE__, __LINE__)
 #  define OSSL_Warn(text) \
-	rb_warn("%s%s [in '%s', file: '%s', line: %d]", \
+	rb_warn("%s%s [in '%s', ('%s':%d)]", \
 			text, OSSL_ErrMsg(), __func__, __FILE__, __LINE__)
 #  define OSSL_Warning(text) \
-	rb_warning("%s%s [in '%s', file: '%s', line: %d]", \
+	rb_warning("%s%s [in '%s', ('%s':%d)]", \
 			text, OSSL_ErrMsg(), __func__, __FILE__, __LINE__)
 #else /*OSSL_DEBUG*/
 #  define OSSL_Raise(klass,text) \
diff --git a/ossl_cipher.c b/ossl_cipher.c
index 48053fc..f908257 100644
--- a/ossl_cipher.c
+++ b/ossl_cipher.c
@@ -10,9 +10,7 @@
  */
 #include "ossl.h"
 
-#define MakeCipher(obj, klass, ciphp) {\
-	obj = Data_Make_Struct(klass, ossl_cipher, 0, ossl_cipher_free, ciphp);\
-}
+#define MakeCipher(obj, klass, ciphp) obj = Data_Make_Struct(klass, ossl_cipher, 0, ossl_cipher_free, ciphp)
 #define GetCipher(obj, ciphp) Data_Get_Struct(obj, ossl_cipher, ciphp)
 
 /*
@@ -66,6 +64,7 @@ ossl_cipher_get_NID(VALUE obj)
 	ossl_cipher *ciphp = NULL;
 
 	OSSL_Check_Type(obj, cCipher);
+
 	GetCipher(obj, ciphp);
 
 	return ciphp->nid; /*EVP_CIPHER_CTX_nid(ciphp->ctx);*/
@@ -124,7 +123,7 @@ ossl_cipher_encrypt(int argc, VALUE *argv, VALUE self)
 		 * TODO:
 		 * random IV generation!
 		 */ 
-		memcpy(iv, "OpenSSL for Ruby rulez!", EVP_MAX_IV_LENGTH);
+		memcpy(iv, "OpenSSL for Ruby rulez!", sizeof(iv));
 		/*
 		RAND_add(data,i,0); where from take data?
 		if (RAND_pseudo_bytes(iv, 8) < 0) {
@@ -137,7 +136,7 @@ ossl_cipher_encrypt(int argc, VALUE *argv, VALUE self)
 			memset(iv, 0, EVP_MAX_IV_LENGTH);
 			memcpy(iv, RSTRING(init_v)->ptr, RSTRING(init_v)->len);
 		} else
-			memcpy(iv, RSTRING(init_v)->ptr, EVP_MAX_IV_LENGTH);
+			memcpy(iv, RSTRING(init_v)->ptr, sizeof(iv));
 	}
 	EVP_CIPHER_CTX_init(ciphp->ctx);
 
diff --git a/ossl_ns_spki.c b/ossl_ns_spki.c
index aa693af..6529365 100644
--- a/ossl_ns_spki.c
+++ b/ossl_ns_spki.c
@@ -10,7 +10,7 @@
  */
 #include "ossl.h"
 
-#define WrapSPKI(obj, spkip) obj = Data_Wrap_Struct(cSPKI, 0, NETSCAPE_SPKI_free, spki)
+#define WrapSPKI(obj, spki) obj = Data_Wrap_Struct(cSPKI, 0, NETSCAPE_SPKI_free, spki)
 #define GetSPKI(obj, spki) Data_Get_Struct(obj, NETSCAPE_SPKI, spki)
 
 /*
@@ -181,7 +181,7 @@ ossl_spki_sign(VALUE self, VALUE key, VALUE digest)
 	md = ossl_digest_get_EVP_MD(digest);
 	
 	if (rb_funcall(key, id_private_q, 0, NULL) == Qfalse) {
-		rb_raise(eSPKIError, "PRIVATE key needed to sign REQ!");
+		rb_raise(eSPKIError, "PRIVATE key needed to sign SPKI!");
 	}
 	pkey = ossl_pkey_get_EVP_PKEY(key);
 
diff --git a/ossl_pkey_dh.c b/ossl_pkey_dh.c
index 9c19ec5..82d2920 100644
--- a/ossl_pkey_dh.c
+++ b/ossl_pkey_dh.c
@@ -13,15 +13,15 @@
 #include "ossl.h"
 #include "ossl_pkey.h"
 
-#define MakeDH(obj, dhp) {\
+#define MakeDH(obj, dhp) do {\
 	obj = Data_Make_Struct(cDH, ossl_dh, 0, ossl_dh_free, dhp);\
 	dhp->pkey.get_EVP_PKEY = ossl_dh_get_EVP_PKEY;\
-}
+} while (0)
 
-#define GetDH(obj, dhp) {\
+#define GetDH(obj, dhp) do {\
 	Data_Get_Struct(obj, ossl_dh, dhp);\
 	if (!dhp->dh) rb_raise(eDHError, "not initialized!");\
-}
+} while (0)
 
 #define DH_PRIVATE(dh) ((dh)->priv_key)
 
diff --git a/ossl_pkey_dsa.c b/ossl_pkey_dsa.c
index 03e2f59..22be74b 100644
--- a/ossl_pkey_dsa.c
+++ b/ossl_pkey_dsa.c
@@ -13,15 +13,15 @@
 #include "ossl.h"
 #include "ossl_pkey.h"
 
-#define MakeDSA(obj, dsap) {\
+#define MakeDSA(obj, dsap) do {\
 	obj = Data_Make_Struct(cDSA, ossl_dsa, 0, ossl_dsa_free, dsap);\
 	dsap->pkey.get_EVP_PKEY = ossl_dsa_get_EVP_PKEY;\
-}
+} while (0)
 
-#define GetDSA(obj, dsap) {\
+#define GetDSA(obj, dsap) do {\
 	Data_Get_Struct(obj, ossl_dsa, dsap);\
 	if (!dsap->dsa) rb_raise(eDSAError, "not initialized!");\
-}
+} while (0)
 
 #define DSA_PRIVATE(dsa) ((dsa)->priv_key)
 
diff --git a/ossl_pkey_rsa.c b/ossl_pkey_rsa.c
index 01dc3a8..2f9a7cd 100644
--- a/ossl_pkey_rsa.c
+++ b/ossl_pkey_rsa.c
@@ -13,15 +13,15 @@
 #include "ossl.h"
 #include "ossl_pkey.h"
 
-#define MakeRSA(obj, rsap) {\
+#define MakeRSA(obj, rsap) do {\
 	obj = Data_Make_Struct(cRSA, ossl_rsa, 0, ossl_rsa_free, rsap);\
 	rsap->pkey.get_EVP_PKEY = ossl_rsa_get_EVP_PKEY;\
-}
+} while (0)
 
-#define GetRSA(obj, rsap) {\
+#define GetRSA(obj, rsap) do {\
 	Data_Get_Struct(obj, ossl_rsa, rsap);\
 	if (!rsap->rsa) rb_raise(eRSAError, "not initialized!");\
-}
+} while (0)
 
 #define RSA_PRIVATE(rsa) ((rsa)->p && (rsa)->q)
 
diff --git a/ossl_x509.c b/ossl_x509.c
index da1dc49..f42d376 100644
--- a/ossl_x509.c
+++ b/ossl_x509.c
@@ -215,13 +215,13 @@ static VALUE
 ossl_x509_get_version(VALUE self)
 {
 	X509 *x509 = NULL;
-	long version = 0;
+	long ver = 0;
 
 	GetX509(self, x509);
 	
-	version = X509_get_version(x509);
+	ver = X509_get_version(x509);
 
-	return INT2NUM(version+1);
+	return INT2NUM(ver);
 }
 
 static VALUE 
@@ -232,10 +232,10 @@ ossl_x509_set_version(VALUE self, VALUE version)
 
 	GetX509(self, x509);
 
-	if ((ver = FIX2LONG(version)) <= 0) {
-		rb_raise(eX509CertificateError, "version must be > 0!");
+	if ((ver = FIX2LONG(version)) < 0) {
+		rb_raise(eX509CertificateError, "version must be >= 0!");
 	}
-	if (!X509_set_version(x509, ver-1)) {
+	if (!X509_set_version(x509, ver)) {
 		OSSL_Raise(eX509CertificateError, "");
 	}
 
diff --git a/ossl_x509crl.c b/ossl_x509crl.c
index dccc021..9f982e9 100644
--- a/ossl_x509crl.c
+++ b/ossl_x509crl.c
@@ -99,13 +99,17 @@ ossl_x509crl_set_version(VALUE self, VALUE version)
 {
 	X509_CRL *crl = NULL;
 	ASN1_INTEGER *asn1int = NULL;
+	long ver = 0;
 	
 	GetX509CRL(self, crl);
 
+	if ((ver = NUM2LONG(version)) < 0) {
+		rb_raise(eX509CRLError, "version must be >= 0!");
+	}
 	if (!(asn1int = ASN1_INTEGER_new())) {
 		OSSL_Raise(eX509CRLError, "");
 	}
-	if (!ASN1_INTEGER_set(asn1int, NUM2LONG(version))) {
+	if (!ASN1_INTEGER_set(asn1int, ver)) {
 		OSSL_Raise(eX509CRLError, "");
 	}
 	
diff --git a/ossl_x509ext.c b/ossl_x509ext.c
index 05f59b9..42ebc31 100644
--- a/ossl_x509ext.c
+++ b/ossl_x509ext.c
@@ -10,11 +10,15 @@
  */
 #include "ossl.h"
 
-#define WrapX509Ext(obj, ext) obj = Data_Wrap_Struct(cX509Extension, 0, X509_EXTENSION_free, ext)
-#define GetX509Ext(obj, ext) Data_Get_Struct(obj, X509_EXTENSION, ext)
+#define WrapX509Ext(obj, ext) \
+	obj = Data_Wrap_Struct(cX509Extension, 0, X509_EXTENSION_free, ext)
+#define GetX509Ext(obj, ext) \
+	Data_Get_Struct(obj, X509_EXTENSION, ext)
 
-#define MakeX509ExtFactory(obj, extfactoryp) obj = Data_Make_Struct(cX509ExtensionFactory, ossl_x509extfactory, 0, ossl_x509extfactory_free, extfactoryp)
-#define GetX509ExtFactory(obj, extfactoryp) Data_Get_Struct(obj, ossl_x509extfactory, extfactoryp)
+#define MakeX509ExtFactory(obj, ctx) \
+	obj = Data_Make_Struct(cX509ExtensionFactory, X509V3_CTX, 0, CRYPTO_free, ctx)
+#define GetX509ExtFactory(obj, ctx) \
+	Data_Get_Struct(obj, X509V3_CTX, ctx)
 
 /*
  * Classes
@@ -24,22 +28,6 @@ VALUE cX509ExtensionFactory;
 VALUE eX509ExtensionError;
 
 /*
- * Structs
- */
-typedef struct ossl_x509extfactory_st {
-	X509V3_CTX ctx;
-} ossl_x509extfactory;
-
-
-static void 
-ossl_x509extfactory_free(ossl_x509extfactory *extfactoryp)
-{
-	if (extfactoryp) {
-		free(extfactoryp);
-	}
-}
-
-/*
  * Public
  */
 VALUE 
@@ -85,10 +73,10 @@ ossl_x509ext_get_X509_EXTENSION(VALUE obj)
 static VALUE 
 ossl_x509extfactory_s_new(int argc, VALUE *argv, VALUE klass)
 {
-	ossl_x509extfactory *extfactoryp = NULL;
+	X509V3_CTX *ctx = NULL;
 	VALUE obj;
 	
-	MakeX509ExtFactory(obj, extfactoryp);
+	MakeX509ExtFactory(obj, ctx);
 
 	rb_obj_call_init(obj, argc, argv);
 
@@ -98,12 +86,11 @@ ossl_x509extfactory_s_new(int argc, VALUE *argv, VALUE klass)
 static VALUE 
 ossl_x509extfactory_set_issuer_cert(VALUE self, VALUE cert)
 {
-	ossl_x509extfactory *extfactoryp = NULL;
+	X509V3_CTX *ctx = NULL;
 
-	GetX509ExtFactory(self, extfactoryp);
+	GetX509ExtFactory(self, ctx);
 
-	OSSL_Check_Type(cert, cX509Certificate);
-	(extfactoryp->ctx).issuer_cert = ossl_x509_get_X509(cert);
+	ctx->issuer_cert = ossl_x509_get_X509(cert);
 
 	return cert;
 }
@@ -111,12 +98,11 @@ ossl_x509extfactory_set_issuer_cert(VALUE self, VALUE cert)
 static VALUE 
 ossl_x509extfactory_set_subject_cert(VALUE self, VALUE cert)
 {
-	ossl_x509extfactory *extfactoryp = NULL;
+	X509V3_CTX *ctx = NULL;
 
-	GetX509ExtFactory(self, extfactoryp);
+	GetX509ExtFactory(self, ctx);
 
-	OSSL_Check_Type(cert, cX509Certificate);
-	(extfactoryp->ctx).subject_cert = ossl_x509_get_X509(cert);
+	ctx->subject_cert = ossl_x509_get_X509(cert);
 
 	return cert;
 }
@@ -124,12 +110,11 @@ ossl_x509extfactory_set_subject_cert(VALUE self, VALUE cert)
 static VALUE 
 ossl_x509extfactory_set_subject_req(VALUE self, VALUE req)
 {
-	ossl_x509extfactory *extfactoryp = NULL;
+	X509V3_CTX *ctx = NULL;
 
-	GetX509ExtFactory(self, extfactoryp);
+	GetX509ExtFactory(self, ctx);
 
-	OSSL_Check_Type(req, cX509Request);
-	(extfactoryp->ctx).subject_req = ossl_x509req_get_X509_REQ(req);
+	ctx->subject_req = ossl_x509req_get_X509_REQ(req);
 
 	return req;
 }
@@ -137,12 +122,11 @@ ossl_x509extfactory_set_subject_req(VALUE self, VALUE req)
 static VALUE 
 ossl_x509extfactory_set_crl(VALUE self, VALUE crl)
 {
-	ossl_x509extfactory *extfactoryp = NULL;
+	X509V3_CTX *ctx = NULL;
 
-	GetX509ExtFactory(self, extfactoryp);
+	GetX509ExtFactory(self, ctx);
 
-	OSSL_Check_Type(crl, cX509CRL);
-	(extfactoryp->ctx).crl = ossl_x509crl_get_X509_CRL(crl);
+	ctx->crl = ossl_x509crl_get_X509_CRL(crl);
 
 	return crl;
 }
@@ -150,10 +134,10 @@ ossl_x509extfactory_set_crl(VALUE self, VALUE crl)
 static VALUE 
 ossl_x509extfactory_initialize(int argc, VALUE *argv, VALUE self)
 {
-	ossl_x509extfactory *extfactoryp = NULL;
+	/*X509V3_CTX *ctx = NULL;*/
 	VALUE issuer_cert, subject_cert, subject_req, crl;
 	
-	GetX509ExtFactory(self, extfactoryp);
+	/*GetX509ExtFactory(self, ctx);*/
 
 	rb_scan_args(argc, argv, "04", &issuer_cert, &subject_cert, &subject_req, &crl);
 
@@ -184,13 +168,13 @@ ossl_x509extfactory_initialize(int argc, VALUE *argv, VALUE self)
 static VALUE 
 ossl_x509extfactory_create_ext_from_array(VALUE self, VALUE ary)
 {
-	ossl_x509extfactory *extfactoryp = NULL;
+	X509V3_CTX *ctx = NULL;
 	X509_EXTENSION *ext = NULL;
 	int nid = NID_undef;
 	char *value = NULL;
 	VALUE item, obj;
 	
-	GetX509ExtFactory(self, extfactoryp);
+	GetX509ExtFactory(self, ctx);
 	
 	Check_Type(ary, T_ARRAY);
 
@@ -220,7 +204,7 @@ ossl_x509extfactory_create_ext_from_array(VALUE self, VALUE ary)
 	} else
 		value = strdup(RSTRING(item)->ptr);
 
-	if (!(ext = X509V3_EXT_conf_nid(NULL, &(extfactoryp->ctx), nid, value))) {
+	if (!(ext = X509V3_EXT_conf_nid(NULL, ctx, nid, value))) {
 		free(value);
 		OSSL_Raise(eX509ExtensionError, "");
 	}
diff --git a/ossl_x509req.c b/ossl_x509req.c
index 2a43542..ee7e76d 100644
--- a/ossl_x509req.c
+++ b/ossl_x509req.c
@@ -181,10 +181,10 @@ ossl_x509req_set_version(VALUE self, VALUE version)
 
 	GetX509Req(self, req);
 
-	if ((ver = NUM2INT(version)) <= 0) {
-		rb_raise(eX509RequestError, "version must be > 0!");
+	if ((ver = NUM2INT(version)) < 0) {
+		rb_raise(eX509RequestError, "version must be >= 0!");
 	}
-	if (!X509_REQ_set_version(req, version)) {
+	if (!X509_REQ_set_version(req, ver)) {
 		OSSL_Raise(eX509RequestError, "");
 	}
 
diff --git a/ossl_x509store.c b/ossl_x509store.c
index a90d4b8..8dcb143 100644
--- a/ossl_x509store.c
+++ b/ossl_x509store.c
@@ -11,14 +11,12 @@
 #include "ossl.h"
 #include <rubysig.h>
 
-#define MakeX509Store(obj, storep) {\
-	obj = Data_Make_Struct(cX509Store, ossl_x509store, 0, ossl_x509store_free, storep);\
-}
+#define MakeX509Store(obj, storep) obj = Data_Make_Struct(cX509Store, ossl_x509store, 0, ossl_x509store_free, storep)
 #define GetX509Store_unsafe(obj, storep) Data_Get_Struct(obj, ossl_x509store, storep)
-#define GetX509Store(obj, storep) {\
+#define GetX509Store(obj, storep) do {\
 	GetX509Store_unsafe(obj, storep);\
 	if (!storep->store) rb_raise(eX509StoreError, "not initialized!");\
-}
+} while (0)
 
 /*
  * Classes
diff --git a/test/gen_ca_cert.rb b/test/gen_ca_cert.rb
index 0a07f0b..798a323 100755
--- a/test/gen_ca_cert.rb
+++ b/test/gen_ca_cert.rb
@@ -14,7 +14,7 @@ p new.not_before = Time.now
 p new.not_after = Time.now + (2*365*24*60*60)
 p new.public_key = key
 p new.serial = 0
-p new.version = 3
+p new.version = 2
 ef = ExtensionFactory.new
 ef.subject_certificate = new
 p ext1 = ef.create_extension("basicConstraints","CA:TRUE,pathlen:0")
diff --git a/test/gen_cert.rb b/test/gen_cert.rb
index 9d33f48..27bd2af 100755
--- a/test/gen_cert.rb
+++ b/test/gen_cert.rb
@@ -17,7 +17,7 @@ p new.not_before = Time.now
 p new.not_after = Time.now + (365*24*60*60)
 p new.public_key = key
 p new.serial = 1
-p new.version = 3
+p new.version = 2
 ef = ExtensionFactory.new
 ef.subject_certificate = new
 ef.issuer_certificate = ca
diff --git a/test/ossl_x509.rb b/test/ossl_x509.rb
index 2feb780..6d6261e 100755
--- a/test/ossl_x509.rb
+++ b/test/ossl_x509.rb
@@ -37,7 +37,7 @@ p x509 = Certificate.new(File.open("./01cert.pem").read)
 
 p key = RSA.new(1024)
 p new = Certificate.new
-name = [['C', 'CZ'],['O','Rokos'],['CN','pokusXXX']]
+name = [['O','Ruby'],['OU','Test'],['CN','test001'],['C','CZ']]
 #p n = Name.new(name)
 #p n.to_h
 #p n.to_a
@@ -49,7 +49,7 @@ p new.not_before = Time.now
 p new.not_after = Time.now + (60*60*24*365)
 p new.public_key = key #x509.public_key
 p new.serial = 999999999
-p new.version = 3
+p new.version = 2
 #p new.extensions #each_with_index {|e, i| p e.to_a}
 maker = ExtensionFactory.new(nil, new) #only subject
 p ext1 = maker.create_extension(["basicConstraints","CA:FALSE,pathlen:5"])
@@ -57,7 +57,7 @@ p ext1 = maker.create_extension(["basicConstraints","CA:FALSE,pathlen:5"])
 #p ext1.to_h
 #p ext1.to_s
 #exit
-p ext2 = maker.create_extension(["nsComment","OK, man!!!"])
+p ext2 = maker.create_extension(["nsComment","Generated by OpenSSL for Ruby."])
 ###p digest = Digest::SHA1.new(new.public_key.to_der)
 ###p ext3 = maker.create_extension(["subjectKeyIdentifier", digest.hexdigest])
 p ext3 = maker.create_extension(["subjectKeyIdentifier", "hash"])
@@ -67,6 +67,8 @@ p ext4 = maker.create_extension(["authorityKeyIdentifier", "keyid:always,issuer:
 #puts ext1.to_s
 p new.add_extension(ext4)
 p new.sign(key, Digest::MD5.new)
+puts "===TEXT==="
+puts new.to_text
 puts "===PEM==="
 puts new.to_pem
 puts "===DER==="
diff --git a/test/ossl_x509crl.rb b/test/ossl_x509crl.rb
index 01e8091..7e19ac0 100755
--- a/test/ossl_x509crl.rb
+++ b/test/ossl_x509crl.rb
@@ -8,6 +8,7 @@ include PKey
 p ca = Certificate.new(File.open("./cacert.pem").read)
 p key = ca.public_key
 p crl = CRL.new(File.open("./01crl.pem").read)
+puts crl.to_text
 p crl.issuer.to_s
 p crl.verify key
 p crl.verify RSA.new(1024)
diff --git a/test/ossl_x509req.rb b/test/ossl_x509req.rb
index 21701c5..215888e 100755
--- a/test/ossl_x509req.rb
+++ b/test/ossl_x509req.rb
@@ -20,4 +20,4 @@ p req.sign(pkey, Digest::MD5.new)
 p req.verify key
 p req.verify pkey
 p req.verify k2
-
+puts req.to_text
diff --git a/test/spki2cert.rb b/test/spki2cert.rb
index 1bec365..a59796d 100755
--- a/test/spki2cert.rb
+++ b/test/spki2cert.rb
@@ -23,7 +23,7 @@ p new.not_before = Time.now
 p new.not_after = Time.now + (365*24*60*60)
 p new.public_key = key
 p new.serial = 2
-p new.version = 3
+p new.version = 2
 ef = ExtensionFactory.new
 ef.subject_certificate = new
 ef.issuer_certificate = ca
diff --git a/test/ssl/svr.rb b/test/ssl/svr.rb
index 10a7d2d..0494342 100755
--- a/test/ssl/svr.rb
+++ b/test/ssl/svr.rb
@@ -32,7 +32,7 @@ p [ $OPT_p, $OPT_k, $OPT_c ]
       p cert = X509::Certificate.new(File.open($OPT_c).read)
     else
       cert = X509::Certificate.new
-      cert.version = 3
+      cert.version = 2
       cert.serial = 0
       name = X509::Name.new([["C","CZ"],["O","Ruby"],["CN","Test"]])
       cert.subject = name