From 9b945233b16c8be1aaa1085d0454b12cc3cbb962 Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Wed, 6 Dec 2006 13:38:59 +0000
Subject: [PATCH] Update from HEAD.

---
 crypto/asn1/x_x509.c     | 4 ++--
 crypto/stack/safestack.h | 6 ++----
 crypto/x509/x509.h       | 2 +-
 crypto/x509/x509_vfy.c   | 2 +-
 crypto/x509v3/ext_dat.h  | 4 ++--
 crypto/x509v3/v3_addr.c  | 2 +-
 crypto/x509v3/v3_asid.c  | 4 ++--
 crypto/x509v3/v3_purp.c  | 4 ++--
 crypto/x509v3/x509v3.h   | 2 +-
 9 files changed, 14 insertions(+), 16 deletions(-)

diff --git a/crypto/asn1/x_x509.c b/crypto/asn1/x_x509.c
index 0744555ee..e11869662 100644
--- a/crypto/asn1/x_x509.c
+++ b/crypto/asn1/x_x509.c
@@ -94,7 +94,7 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
 		ret->ex_pathlen = -1;
 		ret->skid = NULL;
 		ret->akid = NULL;
-#ifdef OPENSSL_RFC3779
+#ifndef OPENSSL_NO_RFC3779
 		ret->rfc3779_addr = NULL;
 		ret->rfc3779_asid = NULL;
 #endif
@@ -113,7 +113,7 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
 		ASN1_OCTET_STRING_free(ret->skid);
 		AUTHORITY_KEYID_free(ret->akid);
 		policy_cache_free(ret->policy_cache);
-#ifdef OPENSSL_RFC3779
+#ifndef OPENSSL_NO_RFC3779
 		sk_IPAddressFamily_pop_free(ret->rfc3779_addr, IPAddressFamily_free);
 		ASIdentifiers_free(ret->rfc3779_asid);
 #endif
diff --git a/crypto/stack/safestack.h b/crypto/stack/safestack.h
index 36b948df5..21a9a5145 100644
--- a/crypto/stack/safestack.h
+++ b/crypto/stack/safestack.h
@@ -234,7 +234,6 @@ STACK_OF(type) \
 #define sk_ACCESS_DESCRIPTION_sort(st) SKM_sk_sort(ACCESS_DESCRIPTION, (st))
 #define sk_ACCESS_DESCRIPTION_is_sorted(st) SKM_sk_is_sorted(ACCESS_DESCRIPTION, (st))
 
-#ifdef OPENSSL_RFC3779
 #define sk_ASIdOrRange_new(st) SKM_sk_new(ASIdOrRange, (st))
 #define sk_ASIdOrRange_new_null() SKM_sk_new_null(ASIdOrRange)
 #define sk_ASIdOrRange_free(st) SKM_sk_free(ASIdOrRange, (st))
@@ -256,7 +255,6 @@ STACK_OF(type) \
 #define sk_ASIdOrRange_pop(st) SKM_sk_pop(ASIdOrRange, (st))
 #define sk_ASIdOrRange_sort(st) SKM_sk_sort(ASIdOrRange, (st))
 #define sk_ASIdOrRange_is_sorted(st) SKM_sk_is_sorted(ASIdOrRange, (st))
-#endif /* def OPENSSL_RFC3779 */
 
 #define sk_ASN1_GENERALSTRING_new(st) SKM_sk_new(ASN1_GENERALSTRING, (st))
 #define sk_ASN1_GENERALSTRING_new_null() SKM_sk_new_null(ASN1_GENERALSTRING)
@@ -632,7 +630,7 @@ STACK_OF(type) \
 #define sk_GENERAL_SUBTREE_sort(st) SKM_sk_sort(GENERAL_SUBTREE, (st))
 #define sk_GENERAL_SUBTREE_is_sorted(st) SKM_sk_is_sorted(GENERAL_SUBTREE, (st))
 
-#ifdef OPENSSL_RFC3779
+#ifndef OPENSSL_NO_RFC3779
 #define sk_IPAddressFamily_new(st) SKM_sk_new(IPAddressFamily, (st))
 #define sk_IPAddressFamily_new_null() SKM_sk_new_null(IPAddressFamily)
 #define sk_IPAddressFamily_free(st) SKM_sk_free(IPAddressFamily, (st))
@@ -676,7 +674,7 @@ STACK_OF(type) \
 #define sk_IPAddressOrRange_pop(st) SKM_sk_pop(IPAddressOrRange, (st))
 #define sk_IPAddressOrRange_sort(st) SKM_sk_sort(IPAddressOrRange, (st))
 #define sk_IPAddressOrRange_is_sorted(st) SKM_sk_is_sorted(IPAddressOrRange, (st))
-#endif /* def OPENSSL_RFC3779 */
+#endif /* OPENSSL_NO_RFC3779 */
 
 #define sk_KRB5_APREQBODY_new(st) SKM_sk_new(KRB5_APREQBODY, (st))
 #define sk_KRB5_APREQBODY_new_null() SKM_sk_new_null(KRB5_APREQBODY)
diff --git a/crypto/x509/x509.h b/crypto/x509/x509.h
index efbc95f58..16a954f70 100644
--- a/crypto/x509/x509.h
+++ b/crypto/x509/x509.h
@@ -288,7 +288,7 @@ struct x509_st
 	ASN1_OCTET_STRING *skid;
 	struct AUTHORITY_KEYID_st *akid;
 	X509_POLICY_CACHE *policy_cache;
-#ifdef OPENSSL_RFC3779
+#ifndef OPENSSL_NO_RFC3779
 	STACK_OF(IPAddressFamily) *rfc3779_addr;
 	struct ASIdentifiers_st *rfc3779_asid;
 #endif
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 009817066..60eb6b868 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -312,7 +312,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
 		ok=internal_verify(ctx);
 	if(!ok) goto end;
 
-#ifdef OPENSSL_RFC3779
+#ifndef OPENSSL_NO_RFC3779
 	/* RFC 3779 path validation, now that CRL check has been done */
 	ok = v3_asid_validate_path(ctx);
 	if (!ok) goto end;
diff --git a/crypto/x509v3/ext_dat.h b/crypto/x509v3/ext_dat.h
index 7eab67deb..5c063ac65 100644
--- a/crypto/x509v3/ext_dat.h
+++ b/crypto/x509v3/ext_dat.h
@@ -67,7 +67,7 @@ extern X509V3_EXT_METHOD v3_ocsp_crlid, v3_ocsp_nocheck, v3_ocsp_serviceloc;
 extern X509V3_EXT_METHOD v3_crl_hold, v3_pci;
 extern X509V3_EXT_METHOD v3_policy_mappings, v3_policy_constraints;
 extern X509V3_EXT_METHOD v3_name_constraints, v3_inhibit_anyp;
-#ifdef OPENSSL_RFC3779
+#ifndef OPENSSL_NO_RFC3779
 extern X509V3_EXT_METHOD v3_addr, v3_asid;
 #endif
 
@@ -102,7 +102,7 @@ static X509V3_EXT_METHOD *standard_exts[] = {
 #endif
 &v3_sxnet,
 &v3_info,
-#ifdef OPENSSL_RFC3779
+#ifndef OPENSSL_NO_RFC3779
 &v3_addr,
 &v3_asid,
 #endif
diff --git a/crypto/x509v3/v3_addr.c b/crypto/x509v3/v3_addr.c
index 818f36d7d..0e397d444 100644
--- a/crypto/x509v3/v3_addr.c
+++ b/crypto/x509v3/v3_addr.c
@@ -1276,4 +1276,4 @@ int v3_addr_validate_resource_set(STACK_OF(X509) *chain,
   return v3_addr_validate_path_internal(NULL, chain, ext);
 }
 
-#endif /* OPENSSL_RFC3779 */
+#endif /* OPENSSL_NO_RFC3779 */
diff --git a/crypto/x509v3/v3_asid.c b/crypto/x509v3/v3_asid.c
index 3f02d8de6..e70cbf1d8 100644
--- a/crypto/x509v3/v3_asid.c
+++ b/crypto/x509v3/v3_asid.c
@@ -70,7 +70,7 @@
 #include <openssl/x509.h>
 #include <openssl/bn.h>
 
-#ifdef OPENSSL_RFC3779
+#ifndef OPENSSL_NO_RFC3779
 
 /*
  * OpenSSL ASN.1 template translation of RFC 3779 3.2.3.
@@ -839,4 +839,4 @@ int v3_asid_validate_resource_set(STACK_OF(X509) *chain,
   return v3_asid_validate_path_internal(NULL, chain, ext);
 }
 
-#endif /* OPENSSL_RFC3779 */
+#endif /* OPENSSL_NO_RFC3779 */
diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c
index 717c2f3ba..b2f5cdfa0 100644
--- a/crypto/x509v3/v3_purp.c
+++ b/crypto/x509v3/v3_purp.c
@@ -287,7 +287,7 @@ int X509_supported_extension(X509_EXTENSION *ex)
 		NID_basic_constraints,	/* 87 */
 		NID_certificate_policies, /* 89 */
         	NID_ext_key_usage,	/* 126 */
-#ifdef OPENSSL_RFC3779
+#ifndef OPENSSL_NO_RFC3779
 		NID_sbgp_ipAddrBlock,	/* 290 */
 		NID_sbgp_autonomousSysNum, /* 291 */
 #endif
@@ -415,7 +415,7 @@ static void x509v3_cache_extensions(X509 *x)
 	}
 	x->skid =X509_get_ext_d2i(x, NID_subject_key_identifier, NULL, NULL);
 	x->akid =X509_get_ext_d2i(x, NID_authority_key_identifier, NULL, NULL);
-#ifdef OPENSSL_RFC3779
+#ifndef OPENSSL_NO_RFC3779
 	x->rfc3779_addr =X509_get_ext_d2i(x, NID_sbgp_ipAddrBlock, NULL, NULL);
 	x->rfc3779_asid =X509_get_ext_d2i(x, NID_sbgp_autonomousSysNum,
 					  NULL, NULL);
diff --git a/crypto/x509v3/x509v3.h b/crypto/x509v3/x509v3.h
index db4024b3e..91d2fb5b8 100644
--- a/crypto/x509v3/x509v3.h
+++ b/crypto/x509v3/x509v3.h
@@ -773,7 +773,7 @@ int v3_addr_validate_resource_set(STACK_OF(X509) *chain,
 				  IPAddrBlocks *ext,
 				  int allow_inheritance);
 
-#endif /* OPENSSL_RFC3779 */
+#endif /* OPENSSL_NO_RFC3779 */
 
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes