Convert the CONF library to use a typesafe stack: a STACK_OF(CONF_VALUE). It

seemed like a good idea at the time... several hours later it was rather obvious that these are used all over the place making the changes rather extensive.
1999-06-20 22:18:16 +00:00 · 1999-06-20 22:18:16 +00:00 · ba404b5e86
commit ba404b5e86
parent 8623f693d9
15 changed files with 196 additions and 166 deletions
--- a/apps/ca.c
+++ b/apps/ca.c
@ -182,23 +182,23 @@ static int index_name_cmp(char **a,char **b);
 static BIGNUM *load_serial(char *serialfile);
 static int save_serial(char *serialfile, BIGNUM *serial);
 static int certify(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
-		   const EVP_MD *dgst,STACK *policy,TXT_DB *db,BIGNUM *serial,
+		   const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,TXT_DB *db,
 		   char *startdate,int days,int batch,char *ext_sect,
 		   LHASH *conf,int verbose);
 static int certify_cert(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
 			const EVP_MD *dgst,STACK *policy,TXT_DB *db,
 		   BIGNUM *serial, char *startdate,int days,int batch,
 		   char *ext_sect, LHASH *conf,int verbose);
 static int certify_cert(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
 			const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,
 			TXT_DB *db, BIGNUM *serial,char *startdate,int days,
 			int batch, char *ext_sect, LHASH *conf,int verbose);
 static int certify_spkac(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
-			 const EVP_MD *dgst,STACK *policy,TXT_DB *db,
+			 const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,
-			 BIGNUM *serial,char *startdate,int days,
+			 TXT_DB *db, BIGNUM *serial,char *startdate,int days,
 			 char *ext_sect,LHASH *conf,int verbose);
 static int fix_data(int nid, int *type);
 static void write_new_certificate(BIO *bp, X509 *x, int output_der);
 static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
-	STACK *policy, TXT_DB *db, BIGNUM *serial, char *startdate,
+	STACK_OF(CONF_VALUE) *policy, TXT_DB *db, BIGNUM *serial,
-	int days, int batch, int verbose, X509_REQ *req, char *ext_sect,
+	char *startdate, int days, int batch, int verbose, X509_REQ *req,
-	LHASH *conf);
+	char *ext_sect, LHASH *conf);
 static int do_revoke(X509 *x509, TXT_DB *db);
 static int check_time_format(char *str);
 static LHASH *conf;
@ -252,7 +252,7 @@ int MAIN(int argc, char **argv)
 	int i,j;
 	long l;
 	const EVP_MD *dgst=NULL;
-	STACK *attribs=NULL;
+	STACK_OF(CONF_VALUE) *attribs=NULL;
 	STACK *cert_sk=NULL;
 	BIO *hex=NULL;
 #undef BSIZE
@ -1324,9 +1324,9 @@ err:
 	}
 static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
-	     const EVP_MD *dgst, STACK *policy, TXT_DB *db, BIGNUM *serial,
+	     const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db,
-	     char *startdate, int days, int batch, char *ext_sect, LHASH *lconf,
+	     BIGNUM *serial, char *startdate, int days, int batch,
-		 int verbose)
+	     char *ext_sect, LHASH *lconf, int verbose)
 	{
 	X509_REQ *req=NULL;
 	BIO *in=NULL;
@ -1383,10 +1383,9 @@ err:
 	}
 static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
-	     const EVP_MD *dgst, STACK *policy, TXT_DB *db, BIGNUM *serial,
+	     const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db,
-	     char *startdate, int days, int batch, char *ext_sect, LHASH *lconf,
+	     BIGNUM *serial, char *startdate, int days, int batch,
-		 int verbose)
+	     char *ext_sect, LHASH *lconf, int verbose)
 	{
 	X509 *req=NULL;
 	X509_REQ *rreq=NULL;
@ -1447,8 +1446,9 @@ err:
 	}
 static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
-	     STACK *policy, TXT_DB *db, BIGNUM *serial, char *startdate, int days,
+	     STACK_OF(CONF_VALUE) *policy, TXT_DB *db, BIGNUM *serial,
-	     int batch, int verbose, X509_REQ *req, char *ext_sect, LHASH *lconf)
+	     char *startdate, int days, int batch, int verbose, X509_REQ *req,
 	     char *ext_sect, LHASH *lconf)
 	{
 	X509_NAME *name=NULL,*CAname=NULL,*subject=NULL;
 	ASN1_UTCTIME *tm,*tmptm;
@ -1562,9 +1562,9 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
 	if (CAname == NULL) goto err;
 	str=str2=NULL;
-	for (i=0; i<sk_num(policy); i++)
+	for (i=0; i<sk_CONF_VALUE_num(policy); i++)
 		{
-		cv=(CONF_VALUE *)sk_value(policy,i); /* get the object id */
+		cv=sk_CONF_VALUE_value(policy,i); /* get the object id */
 		if ((j=OBJ_txt2nid(cv->name)) == NID_undef)
 			{
 			BIO_printf(bio_err,"%s:unknown object type in 'policy' configuration\n",cv->name);
@ -1904,10 +1904,11 @@ static void write_new_certificate(BIO *bp, X509 *x, int output_der)
 	}
 static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
-	     const EVP_MD *dgst, STACK *policy, TXT_DB *db, BIGNUM *serial,
+	     const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db,
-	     char *startdate, int days, char *ext_sect, LHASH *lconf, int verbose)
+	     BIGNUM *serial, char *startdate, int days, char *ext_sect,
 	     LHASH *lconf, int verbose)
 	{
-	STACK *sk=NULL;
+	STACK_OF(CONF_VALUE) *sk=NULL;
 	LHASH *parms=NULL;
 	X509_REQ *req=NULL;
 	CONF_VALUE *cv=NULL;
@ -1936,7 +1937,7 @@ static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
 		}
 	sk=CONF_get_section(parms, "default");
-	if (sk_num(sk) == 0)
+	if (sk_CONF_VALUE_num(sk) == 0)
 		{
 		BIO_printf(bio_err, "no name/value pairs found in %s\n", infile);
 		CONF_free(parms);
@ -1965,9 +1966,9 @@ static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
 	for (i = 0; ; i++)
 		{
-		if ((int)sk_num(sk) <= i) break;
+		if (sk_CONF_VALUE_num(sk) <= i) break;
-		cv=(CONF_VALUE *)sk_value(sk,i);
+		cv=sk_CONF_VALUE_value(sk,i);
 		type=cv->name;
 		buf=cv->value;
@ -2089,7 +2090,7 @@ static int check_time_format(char *str)
 static int add_oid_section(LHASH *hconf)
 {	
 	char *p;
-	STACK *sktmp;
+	STACK_OF(CONF_VALUE) *sktmp;
 	CONF_VALUE *cnf;
 	int i;
 	if(!(p=CONF_get_string(hconf,NULL,"oid_section"))) return 1;
@ -2097,8 +2098,8 @@ static int add_oid_section(LHASH *hconf)
 		BIO_printf(bio_err, "problem loading oid section %s\n", p);
 		return 0;
 	}
-	for(i = 0; i < sk_num(sktmp); i++) {
+	for(i = 0; i < sk_CONF_VALUE_num(sktmp); i++) {
-		cnf = (CONF_VALUE *)sk_value(sktmp, i);
+		cnf = sk_CONF_VALUE_value(sktmp, i);
 		if(OBJ_create(cnf->value, cnf->name, cnf->name) == NID_undef) {
 			BIO_printf(bio_err, "problem creating object %s=%s\n",
 							 cnf->name, cnf->value);
--- a/apps/req.c
+++ b/apps/req.c
@ -823,7 +823,7 @@ static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, int attribs)
 	char buf[100];
 	int nid,min,max;
 	char *type,*def,*tmp,*value,*tmp_attr;
-	STACK *sk,*attr=NULL;
+	STACK_OF(CONF_VALUE) *sk, *attr=NULL;
 	CONF_VALUE *v;
 	tmp=CONF_get_string(req_conf,SECTION,DISTINGUISHED_NAME);
@ -866,15 +866,15 @@ static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, int attribs)
 	/* setup version number */
 	if (!ASN1_INTEGER_set(ri->version,0L)) goto err; /* version 1 */
-	if (sk_num(sk))
+	if (sk_CONF_VALUE_num(sk))
 		{
 		i= -1;
 start:		for (;;)
 			{
 			i++;
-			if ((int)sk_num(sk) <= i) break;
+			if (sk_CONF_VALUE_num(sk) <= i) break;
-			v=(CONF_VALUE *)sk_value(sk,i);
+			v=sk_CONF_VALUE_value(sk,i);
 			p=q=NULL;
 			type=v->name;
 			if(!check_end(type,"_min") || !check_end(type,"_max") ||
@ -918,7 +918,7 @@ start:		for (;;)
 		if (attribs)
 			{
-			if ((attr != NULL) && (sk_num(attr) > 0))
+			if ((attr != NULL) && (sk_CONF_VALUE_num(attr) > 0))
 				{
 				BIO_printf(bio_err,"\nPlease enter the following 'extra' attributes\n");
 				BIO_printf(bio_err,"to be sent with your certificate request\n");
@ -928,10 +928,11 @@ start:		for (;;)
 start2:			for (;;)
 				{
 				i++;
-				if ((attr == NULL) || ((int)sk_num(attr) <= i))
+				if ((attr == NULL) ||
 					    (sk_CONF_VALUE_num(attr) <= i))
 					break;
-				v=(CONF_VALUE *)sk_value(attr,i);
+				v=sk_CONF_VALUE_value(attr,i);
 				type=v->name;
 				if ((nid=OBJ_txt2nid(type)) == NID_undef)
 					goto start2;
@ -1176,7 +1177,7 @@ static int check_end(char *str, char *end)
 static int add_oid_section(LHASH *conf)
 {	
 	char *p;
-	STACK *sktmp;
+	STACK_OF(CONF_VALUE) *sktmp;
 	CONF_VALUE *cnf;
 	int i;
 	if(!(p=CONF_get_string(conf,NULL,"oid_section"))) return 1;
@ -1184,8 +1185,8 @@ static int add_oid_section(LHASH *conf)
 		BIO_printf(bio_err, "problem loading oid section %s\n", p);
 		return 0;
 	}
-	for(i = 0; i < sk_num(sktmp); i++) {
+	for(i = 0; i < sk_CONF_VALUE_num(sktmp); i++) {
-		cnf = (CONF_VALUE *)sk_value(sktmp, i);
+		cnf = sk_CONF_VALUE_value(sktmp, i);
 		if(OBJ_create(cnf->value, cnf->name, cnf->name) == NID_undef) {
 			BIO_printf(bio_err, "problem creating object %s=%s\n",
 							 cnf->name, cnf->value);
--- a/crypto/conf/conf.c
+++ b/crypto/conf/conf.c
@ -134,7 +134,7 @@ LHASH *CONF_load_bio(LHASH *h, BIO *in, long *line)
 	CONF_VALUE *v=NULL,*vv,*tv;
 	CONF_VALUE *sv=NULL;
 	char *section=NULL,*buf;
-	STACK *section_sk=NULL,*ts;
+	STACK_OF(CONF_VALUE) *section_sk=NULL,*ts;
 	char *start,*psection,*pname;
 	if ((buff=BUF_MEM_new()) == NULL)
@ -169,7 +169,7 @@ LHASH *CONF_load_bio(LHASH *h, BIO *in, long *line)
 					CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
 		goto err;
 		}
-	section_sk=(STACK *)sv->value;
+	section_sk=(STACK_OF(CONF_VALUE) *)sv->value;
 	bufnum=0;
 	for (;;)
@ -261,7 +261,7 @@ again:
 					CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
 				goto err;
 				}
-			section_sk=(STACK *)sv->value;
+			section_sk=(STACK_OF(CONF_VALUE) *)sv->value;
 			continue;
 			}
 		else
@ -295,7 +295,7 @@ again:
 			p++;
 			*p='\0';
-			if ((v=(CONF_VALUE *)Malloc(sizeof(CONF_VALUE))) == NULL)
+			if (!(v=(CONF_VALUE *)Malloc(sizeof(CONF_VALUE))))
 				{
 				CONFerr(CONF_F_CONF_LOAD_BIO,
 							ERR_R_MALLOC_FAILURE);
@ -324,7 +324,7 @@ again:
 					   CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
 					goto err;
 					}
-				ts=(STACK *)tv->value;
+				ts=(STACK_OF(CONF_VALUE) *)tv->value;
 				}
 			else
 				{
@ -332,7 +332,7 @@ again:
 				ts=section_sk;
 				}
 			v->section=tv->section;	
-			if (!sk_push(ts,(char *)v))
+			if (!sk_CONF_VALUE_push(ts,v))
 				{
 				CONFerr(CONF_F_CONF_LOAD_BIO,
 							ERR_R_MALLOC_FAILURE);
@ -341,7 +341,7 @@ again:
 			vv=(CONF_VALUE *)lh_insert(ret,(char *)v);
 			if (vv != NULL)
 				{
-				sk_delete_ptr(ts,(char *)vv);
+				sk_CONF_VALUE_delete_ptr(ts,vv);
 				Free(vv->name);
 				Free(vv->value);
 				Free(vv);
@ -411,13 +411,13 @@ static CONF_VALUE *get_section(LHASH *conf, char *section)
 	return(v);
 	}
-STACK *CONF_get_section(LHASH *conf, char *section)
+STACK_OF(CONF_VALUE) *CONF_get_section(LHASH *conf, char *section)
 	{
 	CONF_VALUE *v;
 	v=get_section(conf,section);
 	if (v != NULL)
-		return((STACK *)v->value);
+		return((STACK_OF(CONF_VALUE) *)v->value);
 	else
 		return(NULL);
 	}
@ -728,3 +728,5 @@ err:
 		}
 	return(v);
 	}
 IMPLEMENT_STACK_OF(CONF_VALUE)
--- a/crypto/conf/conf.h
+++ b/crypto/conf/conf.h
@ -66,6 +66,7 @@ extern "C" {
 #include <openssl/bio.h>
 #include <openssl/lhash.h>
 #include <openssl/stack.h>
 #include <openssl/safestack.h>
 typedef struct
 	{
@ -74,16 +75,18 @@ typedef struct
 	char *value;
 	} CONF_VALUE;
 DECLARE_STACK_OF(CONF_VALUE)
 LHASH *CONF_load(LHASH *conf,const char *file,long *eline);
 LHASH *CONF_load_fp(LHASH *conf, FILE *fp,long *eline);
 LHASH *CONF_load_bio(LHASH *conf, BIO *bp,long *eline);
-STACK *CONF_get_section(LHASH *conf,char *section);
+STACK_OF(CONF_VALUE) *CONF_get_section(LHASH *conf,char *section);
 char *CONF_get_string(LHASH *conf,char *group,char *name);
 long CONF_get_number(LHASH *conf,char *group,char *name);
 void CONF_free(LHASH *conf);
 void ERR_load_CONF_strings(void );
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
 * made after this point may be overwritten when the script is next run.
--- a/crypto/x509v3/v3_akey.c
+++ b/crypto/x509v3/v3_akey.c
@ -63,8 +63,10 @@
 #include <openssl/asn1_mac.h>
 #include <openssl/x509v3.h>
-static STACK *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, AUTHORITY_KEYID *akeyid, STACK *extlist);
+static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
-static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK *values);
+			AUTHORITY_KEYID *akeyid, STACK_OF(CONF_VALUE) *extlist);
 static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
 			X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values);
 X509V3_EXT_METHOD v3_akey_id = {
 NID_authority_key_identifier, X509V3_EXT_MULTILINE,
@ -133,8 +135,8 @@ void AUTHORITY_KEYID_free(AUTHORITY_KEYID *a)
 	Free ((char *)a);
 }
-static STACK *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
+static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
-	     AUTHORITY_KEYID *akeyid, STACK *extlist)
+	     AUTHORITY_KEYID *akeyid, STACK_OF(CONF_VALUE) *extlist)
 {
 	char *tmp;
 	if(akeyid->keyid) {
@ -162,7 +164,7 @@ static STACK *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
 */
 static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
-	     X509V3_CTX *ctx, STACK *values)
+	     X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values)
 {
 char keyid=0, issuer=0;
 int i;
@ -175,8 +177,8 @@ ASN1_INTEGER *serial = NULL;
 X509_EXTENSION *ext;
 X509 *cert;
 AUTHORITY_KEYID *akeyid;
-for(i = 0; i < sk_num(values); i++) {
+for(i = 0; i < sk_CONF_VALUE_num(values); i++) {
-	cnf = (CONF_VALUE *)sk_value(values, i);
+	cnf = sk_CONF_VALUE_value(values, i);
 	if(!strcmp(cnf->name, "keyid")) {
 		keyid = 1;
 		if(cnf->value && !strcmp(cnf->value, "always")) keyid = 2;
--- a/crypto/x509v3/v3_alt.c
+++ b/crypto/x509v3/v3_alt.c
@ -87,8 +87,8 @@ NULL, NULL, NULL},
 EXT_END
 };
-STACK *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method,
+STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method,
-				 STACK_OF(GENERAL_NAME) *gens, STACK *ret)
+		STACK_OF(GENERAL_NAME) *gens, STACK_OF(CONF_VALUE) *ret)
 {
 	int i;
 	GENERAL_NAME *gen;
@ -96,12 +96,12 @@ STACK *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method,
 		gen = sk_GENERAL_NAME_value(gens, i);
 		ret = i2v_GENERAL_NAME(method, gen, ret);
 	}
-	if(!ret) return sk_new_null();
+	if(!ret) return sk_CONF_VALUE_new_null();
 	return ret;
 }
-STACK *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, GENERAL_NAME *gen,
+STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method,
-								 STACK *ret)
+				GENERAL_NAME *gen, STACK_OF(CONF_VALUE) *ret)
 {
 	char oline[256];
 	unsigned char *p;
@ -299,7 +299,7 @@ static int copy_email(X509V3_CTX *ctx, STACK_OF(GENERAL_NAME) *gens)
 }
 STACK_OF(GENERAL_NAME) *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method,
-						 X509V3_CTX *ctx, STACK *nval)
+				X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
 {
 	GENERAL_NAME *gen;
 	STACK_OF(GENERAL_NAME) *gens = NULL;
@ -309,8 +309,8 @@ STACK_OF(GENERAL_NAME) *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method,
 		X509V3err(X509V3_F_V2I_GENERAL_NAMES,ERR_R_MALLOC_FAILURE);
 		return NULL;
 	}
-	for(i = 0; i < sk_num(nval); i++) {
+	for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
-		cnf = (CONF_VALUE *)sk_value(nval, i);
+		cnf = sk_CONF_VALUE_value(nval, i);
 		if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) goto err; 
 		sk_GENERAL_NAME_push(gens, gen);
 	}
--- a/crypto/x509v3/v3_bcons.c
+++ b/crypto/x509v3/v3_bcons.c
@ -64,8 +64,8 @@
 #include <openssl/conf.h>
 #include <openssl/x509v3.h>
-static STACK *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, BASIC_CONSTRAINTS *bcons, STACK *extlist);
+static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, BASIC_CONSTRAINTS *bcons, STACK_OF(CONF_VALUE) *extlist);
-static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK *values);
+static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values);
 X509V3_EXT_METHOD v3_bcons = {
 NID_basic_constraints, 0,
@ -126,8 +126,8 @@ void BASIC_CONSTRAINTS_free(BASIC_CONSTRAINTS *a)
 	Free ((char *)a);
 }
-static STACK *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method,
+static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method,
-	     BASIC_CONSTRAINTS *bcons, STACK *extlist)
+	     BASIC_CONSTRAINTS *bcons, STACK_OF(CONF_VALUE) *extlist)
 {
 	X509V3_add_value_bool("CA", bcons->ca, &extlist);
 	X509V3_add_value_int("pathlen", bcons->pathlen, &extlist);
@ -135,7 +135,7 @@ static STACK *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method,
 }
 static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method,
-	     X509V3_CTX *ctx, STACK *values)
+	     X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values)
 {
 	BASIC_CONSTRAINTS *bcons=NULL;
 	CONF_VALUE *val;
@ -144,8 +144,8 @@ static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method,
 		X509V3err(X509V3_F_V2I_BASIC_CONSTRAINTS, ERR_R_MALLOC_FAILURE);
 		return NULL;
 	}
-	for(i = 0; i < sk_num(values); i++) {
+	for(i = 0; i < sk_CONF_VALUE_num(values); i++) {
-		val = (CONF_VALUE *)sk_value(values, i);
+		val = sk_CONF_VALUE_value(values, i);
 		if(!strcmp(val->name, "CA")) {
 			if(!X509V3_get_value_bool(val, &bcons->ca)) goto err;
 		} else if(!strcmp(val->name, "pathlen")) {
--- a/crypto/x509v3/v3_bitst.c
+++ b/crypto/x509v3/v3_bitst.c
@ -62,8 +62,11 @@
 #include <openssl/x509v3.h>
 static ASN1_BIT_STRING *asn1_bit_string_new(void);
-static ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK *nval);
+static ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
-static STACK *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, ASN1_BIT_STRING *bits, STACK *extlist);
+				X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
 static STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
 				ASN1_BIT_STRING *bits,
 				STACK_OF(CONF_VALUE) *extlist);
 static BIT_STRING_BITNAME ns_cert_type_table[] = {
 {0, "SSL Client", "client"},
 {1, "SSL Server", "server"},
@ -99,8 +102,8 @@ static ASN1_BIT_STRING *asn1_bit_string_new(void)
 	return ASN1_BIT_STRING_new();
 }
-static STACK *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
+static STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
-	     ASN1_BIT_STRING *bits, STACK *ret)
+	     ASN1_BIT_STRING *bits, STACK_OF(CONF_VALUE) *ret)
 {
 	BIT_STRING_BITNAME *bnam;
 	for(bnam =method->usr_data; bnam->lname; bnam++) {
@ -111,7 +114,7 @@ static STACK *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
 }
 static ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
-	     X509V3_CTX *ctx, STACK *nval)
+	     X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
 {
 	CONF_VALUE *val;
 	ASN1_BIT_STRING *bs;
@ -121,10 +124,9 @@ static ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
 		X509V3err(X509V3_F_V2I_ASN1_BIT_STRING,ERR_R_MALLOC_FAILURE);
 		return NULL;
 	}
-	for(i = 0; i < sk_num(nval); i++) {
+	for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
-		val = (CONF_VALUE *)sk_value(nval, i);
+		val = sk_CONF_VALUE_value(nval, i);
-		for(bnam = method->usr_data; bnam->lname;
+		for(bnam = method->usr_data; bnam->lname; bnam++) {
 								       bnam++) {
 			if(!strcmp(bnam->sname, val->name) ||
 				!strcmp(bnam->lname, val->name) ) {
 				ASN1_BIT_STRING_set_bit(bs, bnam->bitnum, 1);
@ -132,7 +134,8 @@ static ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
 			}
 		}
 		if(!bnam->lname) {
-			X509V3err(X509V3_F_V2I_ASN1_BIT_STRING,X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT);
+			X509V3err(X509V3_F_V2I_ASN1_BIT_STRING,
 					X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT);
 			X509V3_conf_err(val);
 			ASN1_BIT_STRING_free(bs);
 			return NULL;
--- a/crypto/x509v3/v3_conf.c
+++ b/crypto/x509v3/v3_conf.c
@ -71,7 +71,7 @@ static int v3_check_generic(char **value);
 static X509_EXTENSION *do_ext_conf(LHASH *conf, X509V3_CTX *ctx, int ext_nid, int crit, char *value);
 static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, int crit, int type);
 static char *conf_lhash_get_string(void *db, char *section, char *value);
-static STACK *conf_lhash_get_section(void *db, char *section);
+static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section);
 static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid,
 						 int crit, void *ext_struc);
 /* LHASH *conf:  Config file    */
@ -115,7 +115,7 @@ static X509_EXTENSION *do_ext_conf(LHASH *conf, X509V3_CTX *ctx, int ext_nid,
 {
 	X509V3_EXT_METHOD *method;
 	X509_EXTENSION *ext;
-	STACK *nval;
+	STACK_OF(CONF_VALUE) *nval;
 	void *ext_struc;
 	if(ext_nid == NID_undef) {
 		X509V3err(X509V3_F_DO_EXT_CONF,X509V3_R_UNKNOWN_EXTENSION_NAME);
@ -135,7 +135,8 @@ static X509_EXTENSION *do_ext_conf(LHASH *conf, X509V3_CTX *ctx, int ext_nid,
 			return NULL;
 		}
 		ext_struc = method->v2i(method, ctx, nval);
-		if(*value != '@') sk_pop_free(nval, X509V3_conf_free);
+		if(*value != '@') sk_CONF_VALUE_pop_free(nval,
 							 X509V3_conf_free);
 		if(!ext_struc) return NULL;
 	} else if(method->s2i) {
 		if(!(ext_struc = method->s2i(method, ctx, value))) return NULL;
@ -267,12 +268,12 @@ int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
 	     X509 *cert)
 {
 	X509_EXTENSION *ext;
-	STACK *nval;
+	STACK_OF(CONF_VALUE) *nval;
 	CONF_VALUE *val;	
 	int i;
 	if(!(nval = CONF_get_section(conf, section))) return 0;
-	for(i = 0; i < sk_num(nval); i++) {
+	for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
-		val = (CONF_VALUE *)sk_value(nval, i);
+		val = sk_CONF_VALUE_value(nval, i);
 		if(!(ext = X509V3_EXT_conf(conf, ctx, val->name, val->value)))
 								return 0;
 		if(cert) X509_add_ext(cert, ext, -1);
@ -287,12 +288,12 @@ int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
 	     X509_CRL *crl)
 {
 	X509_EXTENSION *ext;
-	STACK *nval;
+	STACK_OF(CONF_VALUE) *nval;
 	CONF_VALUE *val;	
 	int i;
 	if(!(nval = CONF_get_section(conf, section))) return 0;
-	for(i = 0; i < sk_num(nval); i++) {
+	for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
-		val = (CONF_VALUE *)sk_value(nval, i);
+		val = sk_CONF_VALUE_value(nval, i);
 		if(!(ext = X509V3_EXT_conf(conf, ctx, val->name, val->value)))
 								return 0;
 		if(crl) X509_CRL_add_ext(crl, ext, -1);
@ -310,7 +311,7 @@ char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section)
 	return NULL;
 }
-STACK * X509V3_get_section(X509V3_CTX *ctx, char *section)
+STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section)
 {
 	if(ctx->db_meth->get_section)
 			return ctx->db_meth->get_section(ctx->db, section);
@ -324,7 +325,7 @@ void X509V3_string_free(X509V3_CTX *ctx, char *str)
 			ctx->db_meth->free_string(ctx->db, str);
 }
-void X509V3_section_free(X509V3_CTX *ctx, STACK *section)
+void X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section)
 {
 	if(!section) return;
 	if(ctx->db_meth->free_section)
@ -336,7 +337,7 @@ static char *conf_lhash_get_string(void *db, char *section, char *value)
 	return CONF_get_string(db, section, value);
 }
-static STACK *conf_lhash_get_section(void *db, char *section)
+static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section)
 {
 	return CONF_get_section(db, section);
 }
--- a/crypto/x509v3/v3_cpols.c
+++ b/crypto/x509v3/v3_cpols.c
@ -69,9 +69,11 @@ static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol, BIO
 static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *value);
 static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals, int indent);
 static void print_notice(BIO *out, USERNOTICE *notice, int indent);
-static POLICYINFO *policy_section(X509V3_CTX *ctx, STACK *polstrs, int ia5org);
+static POLICYINFO *policy_section(X509V3_CTX *ctx,
-static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, STACK *unot, int ia5org);
+				 STACK_OF(CONF_VALUE) *polstrs, int ia5org);
-static STACK *nref_nos(STACK *nos);
+static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
 					STACK_OF(CONF_VALUE) *unot, int ia5org);
 static STACK *nref_nos(STACK_OF(CONF_VALUE) *nos);
 X509V3_EXT_METHOD v3_cpols = {
 NID_certificate_policies, 0,
@ -94,14 +96,14 @@ static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method,
 	char *pstr;
 	POLICYINFO *pol;
 	ASN1_OBJECT *pobj;
-	STACK *vals;
+	STACK_OF(CONF_VALUE) *vals;
 	CONF_VALUE *cnf;
 	int i, ia5org;
 	pols = sk_POLICYINFO_new_null();
 	vals =  X509V3_parse_list(value);
 	ia5org = 0;
-	for(i = 0; i < sk_num(vals); i++) {
+	for(i = 0; i < sk_CONF_VALUE_num(vals); i++) {
-		cnf = (CONF_VALUE *)sk_value(vals, i);
+		cnf = sk_CONF_VALUE_value(vals, i);
 		if(cnf->value || !cnf->name ) {
 			X509V3err(X509V3_F_R2I_CERTPOL,X509V3_R_INVALID_POLICY_IDENTIFIER);
 			X509V3_conf_err(cnf);
@ -112,7 +114,7 @@ static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method,
 			ia5org = 1;
 			continue;
 		} else if(*pstr == '@') {
-			STACK *polsect;
+			STACK_OF(CONF_VALUE) *polsect;
 			polsect = X509V3_get_section(ctx, pstr + 1);
 			if(!polsect) {
 				X509V3err(X509V3_F_R2I_CERTPOL,X509V3_R_INVALID_SECTION);
@ -134,22 +136,23 @@ static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method,
 		}
 		sk_POLICYINFO_push(pols, pol);
 	}
-	sk_pop_free(vals, X509V3_conf_free);
+	sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
 	return pols;
 	err:
 	sk_POLICYINFO_pop_free(pols, POLICYINFO_free);
 	return NULL;
 }
-static POLICYINFO *policy_section(X509V3_CTX *ctx, STACK *polstrs, int ia5org)
+static POLICYINFO *policy_section(X509V3_CTX *ctx,
 				STACK_OF(CONF_VALUE) *polstrs, int ia5org)
 {
 	int i;
 	CONF_VALUE *cnf;
 	POLICYINFO *pol;
 	POLICYQUALINFO *qual;
 	if(!(pol = POLICYINFO_new())) goto merr;
-	for(i = 0; i < sk_num(polstrs); i++) {
+	for(i = 0; i < sk_CONF_VALUE_num(polstrs); i++) {
-		cnf = (CONF_VALUE *)sk_value(polstrs, i);
+		cnf = sk_CONF_VALUE_value(polstrs, i);
 		if(!strcmp(cnf->name, "policyIdentifier")) {
 			ASN1_OBJECT *pobj;
 			if(!(pobj = OBJ_txt2obj(cnf->value, 0))) {
@ -170,7 +173,7 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx, STACK *polstrs, int ia5org)
 			if(!ASN1_STRING_set(qual->d.cpsuri, cnf->value,
 						 strlen(cnf->value))) goto merr;
 		} else if(!name_cmp(cnf->name, "userNotice")) {
-			STACK *unot;
+			STACK_OF(CONF_VALUE) *unot;
 			if(*cnf->value != '@') {
 				X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_EXPECTED_A_SECTION_NAME);
 				X509V3_conf_err(cnf);
@ -212,7 +215,8 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx, STACK *polstrs, int ia5org)
 }
-static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, STACK *unot, int ia5org)
+static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
 					STACK_OF(CONF_VALUE) *unot, int ia5org)
 {
 	int i;
 	CONF_VALUE *cnf;
@ -222,8 +226,8 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, STACK *unot, int ia5org)
 	qual->pqualid = OBJ_nid2obj(NID_id_qt_unotice);
 	if(!(not = USERNOTICE_new())) goto merr;
 	qual->d.usernotice = not;
-	for(i = 0; i < sk_num(unot); i++) {
+	for(i = 0; i < sk_CONF_VALUE_num(unot); i++) {
-		cnf = (CONF_VALUE *)sk_value(unot, i);
+		cnf = sk_CONF_VALUE_value(unot, i);
 		if(!strcmp(cnf->name, "explicitText")) {
 			not->exptext = ASN1_VISIBLESTRING_new();
 			if(!ASN1_STRING_set(not->exptext, cnf->value,
@ -240,19 +244,19 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, STACK *unot, int ia5org)
 						 strlen(cnf->value))) goto merr;
 		} else if(!strcmp(cnf->name, "noticeNumbers")) {
 			NOTICEREF *nref;
-			STACK *nos;
+			STACK_OF(CONF_VALUE) *nos;
 			if(!not->noticeref) {
 				if(!(nref = NOTICEREF_new())) goto merr;
 				not->noticeref = nref;
 			} else nref = not->noticeref;
 			nos = X509V3_parse_list(cnf->value);
-			if(!nos || !sk_num(nos)) {
+			if(!nos || !sk_CONF_VALUE_num(nos)) {
 				X509V3err(X509V3_F_NOTICE_SECTION,X509V3_R_INVALID_NUMBERS);
 				X509V3_conf_err(cnf);
 				goto err;
 			}
 			nref->noticenos = nref_nos(nos);
-			sk_pop_free(nos, X509V3_conf_free);
+			sk_CONF_VALUE_pop_free(nos, X509V3_conf_free);
 			if(!nref->noticenos) goto err;
 		} else {
 			X509V3err(X509V3_F_NOTICE_SECTION,X509V3_R_INVALID_OPTION);
@ -278,15 +282,15 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, STACK *unot, int ia5org)
 	return NULL;
 }
-static STACK *nref_nos(STACK *nos)
+static STACK *nref_nos(STACK_OF(CONF_VALUE) *nos)
 {
 	STACK *nnums;
 	CONF_VALUE *cnf;
 	ASN1_INTEGER *aint;
 	int i;
 	if(!(nnums = sk_new_null())) goto merr;
-	for(i = 0; i < sk_num(nos); i++) {
+	for(i = 0; i < sk_CONF_VALUE_num(nos); i++) {
-		cnf = (CONF_VALUE *)sk_value(nos, i);
+		cnf = sk_CONF_VALUE_value(nos, i);
 		if(!(aint = s2i_ASN1_INTEGER(NULL, cnf->name))) {
 			X509V3err(X509V3_F_NREF_NOS,X509V3_R_INVALID_NUMBER);
 			goto err;
--- a/crypto/x509v3/v3_crld.c
+++ b/crypto/x509v3/v3_crld.c
@ -63,10 +63,10 @@
 #include <openssl/asn1_mac.h>
 #include <openssl/x509v3.h>
-static STACK *i2v_crld(X509V3_EXT_METHOD *method, STACK_OF(DIST_POINT) *crld,
+static STACK_OF(CONF_VALUE) *i2v_crld(X509V3_EXT_METHOD *method,
-							 STACK *extlist);
+		STACK_OF(DIST_POINT) *crld, STACK_OF(CONF_VALUE) *extlist);
 static STACK_OF(DIST_POINT) *v2i_crld(X509V3_EXT_METHOD *method,
-						 X509V3_CTX *ctx, STACK *nval);
+				X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
 X509V3_EXT_METHOD v3_crld = {
 NID_crl_distribution_points, X509V3_EXT_MULTILINE,
@ -80,8 +80,8 @@ NULL, NULL,
 NULL, NULL, NULL
 };
-static STACK *i2v_crld(X509V3_EXT_METHOD *method, STACK_OF(DIST_POINT) *crld,
+static STACK_OF(CONF_VALUE) *i2v_crld(X509V3_EXT_METHOD *method,
-								 STACK *exts)
+			STACK_OF(DIST_POINT) *crld, STACK_OF(CONF_VALUE) *exts)
 {
 	DIST_POINT *point;
 	int i;
@ -102,7 +102,7 @@ static STACK *i2v_crld(X509V3_EXT_METHOD *method, STACK_OF(DIST_POINT) *crld,
 }
 static STACK_OF(DIST_POINT) *v2i_crld(X509V3_EXT_METHOD *method,
-						 X509V3_CTX *ctx, STACK *nval)
+				X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
 {
 	STACK_OF(DIST_POINT) *crld = NULL;
 	STACK_OF(GENERAL_NAME) *gens = NULL;
@ -110,9 +110,9 @@ static STACK_OF(DIST_POINT) *v2i_crld(X509V3_EXT_METHOD *method,
 	CONF_VALUE *cnf;
 	int i;
 	if(!(crld = sk_DIST_POINT_new(NULL))) goto merr;
-	for(i = 0; i < sk_num(nval); i++) {
+	for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
 		DIST_POINT *point;
-		cnf = (CONF_VALUE *)sk_value(nval, i);
+		cnf = sk_CONF_VALUE_value(nval, i);
 		if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) goto err; 
 		if(!(gens = GENERAL_NAMES_new())) goto merr;
 		if(!sk_GENERAL_NAME_push(gens, gen)) goto merr;
--- a/crypto/x509v3/v3_extku.c
+++ b/crypto/x509v3/v3_extku.c
@ -63,8 +63,10 @@
 #include <openssl/conf.h>
 #include <openssl/x509v3.h>
-static STACK *v2i_ext_ku(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK *nval);
+static STACK *v2i_ext_ku(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
-static STACK *i2v_ext_ku(X509V3_EXT_METHOD *method, STACK *eku, STACK *extlist);
+						STACK_OF(CONF_VALUE) *nval);
 static STACK_OF(CONF_VALUE) *i2v_ext_ku(X509V3_EXT_METHOD *method,
 				STACK *eku, STACK_OF(CONF_VALUE) *extlist);
 X509V3_EXT_METHOD v3_ext_ku = {
 NID_ext_key_usage, 0,
 (X509V3_EXT_NEW)ext_ku_new,
@ -103,8 +105,8 @@ STACK *d2i_ext_ku(STACK **a, unsigned char **pp, long length)
-static STACK *i2v_ext_ku(X509V3_EXT_METHOD *method, STACK *eku,
+static STACK_OF(CONF_VALUE) *i2v_ext_ku(X509V3_EXT_METHOD *method, STACK *eku,
-	     STACK *ext_list)
+	     STACK_OF(CONF_VALUE) *ext_list)
 {
 int i;
 ASN1_OBJECT *obj;
@ -118,7 +120,7 @@ return ext_list;
 }
 static STACK *v2i_ext_ku(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
-	     STACK *nval)
+						STACK_OF(CONF_VALUE) *nval)
 {
 STACK *extku;
 char *extval;
@ -131,8 +133,8 @@ if(!(extku = sk_new(NULL))) {
 	return NULL;
 }
-for(i = 0; i < sk_num(nval); i++) {
+for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
-	val = (CONF_VALUE *)sk_value(nval, i);
+	val = sk_CONF_VALUE_value(nval, i);
 	if(val->value) extval = val->value;
 	else extval = val->name;
 	if(!(objtmp = OBJ_txt2obj(extval, 0))) {
--- a/crypto/x509v3/v3_prn.c
+++ b/crypto/x509v3/v3_prn.c
@ -66,19 +66,19 @@
 /* Print out a name+value stack */
-void X509V3_EXT_val_prn(BIO *out, STACK *val, int indent, int ml)
+void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent, int ml)
 {
 	int i;
 	CONF_VALUE *nval;
 	if(!val) return;
-	if(!ml || !sk_num(val)) {
+	if(!ml || !sk_CONF_VALUE_num(val)) {
 		BIO_printf(out, "%*s", indent, "");
-		if(!sk_num(val)) BIO_puts(out, "<EMPTY>\n");
+		if(!sk_CONF_VALUE_num(val)) BIO_puts(out, "<EMPTY>\n");
 	}
-	for(i = 0; i < sk_num(val); i++) {
+	for(i = 0; i < sk_CONF_VALUE_num(val); i++) {
 		if(ml) BIO_printf(out, "%*s", indent, "");
 		else if(i > 0) BIO_printf(out, ", ");
-		nval = (CONF_VALUE *)sk_value(val, i);
+		nval = sk_CONF_VALUE_value(val, i);
 		if(!nval->name) BIO_puts(out, nval->value);
 		else if(!nval->value) BIO_puts(out, nval->name);
 		else BIO_printf(out, "%s:%s", nval->name, nval->value);
@ -93,7 +93,7 @@ int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, int flag, int indent)
 	char *ext_str = NULL, *value = NULL;
 	unsigned char *p;
 	X509V3_EXT_METHOD *method;	
-	STACK *nval = NULL;
+	STACK_OF(CONF_VALUE) *nval = NULL;
 	int ok = 1;
 	if(!(method = X509V3_EXT_get(ext))) return 0;
 	p = ext->value->data;
@ -116,7 +116,7 @@ int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, int flag, int indent)
 	} else ok = 0;
 	err:
-		sk_pop_free(nval, X509V3_conf_free);
+		sk_CONF_VALUE_pop_free(nval, X509V3_conf_free);
 		if(value) Free(value);
 		method->ext_free(ext_str);
 		return ok;
--- a/crypto/x509v3/v3_utl.c
+++ b/crypto/x509v3/v3_utl.c
@ -68,18 +68,19 @@ static char *strip_spaces(char *name);
 /* Add a CONF_VALUE name value pair to stack */
-int X509V3_add_value(const char *name, const char *value, STACK **extlist)
+int X509V3_add_value(const char *name, const char *value,
 						STACK_OF(CONF_VALUE) **extlist)
 {
 	CONF_VALUE *vtmp = NULL;
 	char *tname = NULL, *tvalue = NULL;
 	if(name && !(tname = BUF_strdup(name))) goto err;
 	if(value && !(tvalue = BUF_strdup(value))) goto err;;
 	if(!(vtmp = (CONF_VALUE *)Malloc(sizeof(CONF_VALUE)))) goto err;
-	if(!*extlist && !(*extlist = sk_new(NULL))) goto err;
+	if(!*extlist && !(*extlist = sk_CONF_VALUE_new(NULL))) goto err;
 	vtmp->section = NULL;
 	vtmp->name = tname;
 	vtmp->value = tvalue;
-	if(!sk_push(*extlist, (char *)vtmp)) goto err;
+	if(!sk_CONF_VALUE_push(*extlist, vtmp)) goto err;
 	return 1;
 	err:
 	X509V3err(X509V3_F_X509V3_ADD_VALUE,ERR_R_MALLOC_FAILURE);
@ -90,7 +91,7 @@ int X509V3_add_value(const char *name, const char *value, STACK **extlist)
 }
 int X509V3_add_value_uchar(const char *name, const unsigned char *value,
-			   STACK **extlist)
+			   STACK_OF(CONF_VALUE) **extlist)
    {
    return X509V3_add_value(name,(const char *)value,extlist);
    }
@ -106,13 +107,15 @@ void X509V3_conf_free(CONF_VALUE *conf)
 	Free((char *)conf);
 }
-int X509V3_add_value_bool(const char *name, int asn1_bool, STACK **extlist)
+int X509V3_add_value_bool(const char *name, int asn1_bool,
 						STACK_OF(CONF_VALUE) **extlist)
 {
 	if(asn1_bool) return X509V3_add_value(name, "TRUE", extlist);
 	return X509V3_add_value(name, "FALSE", extlist);
 }
-int X509V3_add_value_bool_nf(char *name, int asn1_bool, STACK **extlist)
+int X509V3_add_value_bool_nf(char *name, int asn1_bool,
 						STACK_OF(CONF_VALUE) **extlist)
 {
 	if(asn1_bool) return X509V3_add_value(name, "TRUE", extlist);
 	return 1;
@ -166,7 +169,7 @@ ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *method, char *value)
 }
 int X509V3_add_value_int(const char *name, ASN1_INTEGER *aint,
-	     STACK **extlist)
+	     STACK_OF(CONF_VALUE) **extlist)
 {
 	char *strtmp;
 	int ret;
@ -214,11 +217,11 @@ int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint)
 /*#define DEBUG*/
-STACK *X509V3_parse_list(char *line)
+STACK_OF(CONF_VALUE) *X509V3_parse_list(char *line)
 {
 	char *p, *q, c;
 	char *ntmp, *vtmp;
-	STACK *values = NULL;
+	STACK_OF(CONF_VALUE) *values = NULL;
 	char *linebuf;
 	int state;
 	/* We are going to modify the line so copy it first */
@ -300,7 +303,7 @@ return values;
 err:
 Free(linebuf);
-sk_pop_free(values, X509V3_conf_free);
+sk_CONF_VALUE_pop_free(values, X509V3_conf_free);
 return NULL;
 }
--- a/crypto/x509v3/x509v3.h
+++ b/crypto/x509v3/x509v3.h
@ -64,6 +64,7 @@ extern "C" {
 #include <openssl/bio.h>
 #include <openssl/x509.h>
 #include <openssl/conf.h>
 /* Forward reference */
 struct v3_ext_method;
@ -75,8 +76,8 @@ typedef void * (*X509V3_EXT_NEW)();
 typedef void (*X509V3_EXT_FREE)();
 typedef char * (*X509V3_EXT_D2I)();
 typedef int (*X509V3_EXT_I2D)();
-typedef STACK * (*X509V3_EXT_I2V)(struct v3_ext_method *method, void *ext, STACK *extlist);
+typedef STACK_OF(CONF_VALUE) * (*X509V3_EXT_I2V)(struct v3_ext_method *method, void *ext, STACK_OF(CONF_VALUE) *extlist);
-typedef void * (*X509V3_EXT_V2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, STACK *values);
+typedef void * (*X509V3_EXT_V2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, STACK_OF(CONF_VALUE) *values);
 typedef char * (*X509V3_EXT_I2S)(struct v3_ext_method *method, void *ext);
 typedef void * (*X509V3_EXT_S2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, char *str);
 typedef int (*X509V3_EXT_I2R)(struct v3_ext_method *method, void *ext, BIO *out, int indent);
@ -109,9 +110,9 @@ void *usr_data;	/* Any extension specific data */
 typedef struct X509V3_CONF_METHOD_st {
 char * (*get_string)(void *db, char *section, char *value);
-STACK * (*get_section)(void *db, char *section);
+STACK_OF(CONF_VALUE) * (*get_section)(void *db, char *section);
 void (*free_string)(void *db, char * string);
-void (*free_section)(void *db, STACK *section);
+void (*free_section)(void *db, STACK_OF(CONF_VALUE) *section);
 } X509V3_CONF_METHOD;
 /* Context specific info */
@ -286,7 +287,7 @@ int i2d_GENERAL_NAME(GENERAL_NAME *a, unsigned char **pp);
 GENERAL_NAME *d2i_GENERAL_NAME(GENERAL_NAME **a, unsigned char **pp, long length);
 GENERAL_NAME *GENERAL_NAME_new(void);
 void GENERAL_NAME_free(GENERAL_NAME *a);
-STACK *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, GENERAL_NAME *gen, STACK *ret);
+STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, GENERAL_NAME *gen, STACK_OF(CONF_VALUE) *ret);
 int i2d_SXNET(SXNET *a, unsigned char **pp);
 SXNET *d2i_SXNET(SXNET **a, unsigned char **pp, long length);
@ -320,8 +321,10 @@ STACK_OF(GENERAL_NAME) *GENERAL_NAMES_new(void);
 void GENERAL_NAMES_free(STACK_OF(GENERAL_NAME) *a);
 STACK_OF(GENERAL_NAME) *d2i_GENERAL_NAMES(STACK_OF(GENERAL_NAME) **a, unsigned char **pp, long length);
 int i2d_GENERAL_NAMES(STACK_OF(GENERAL_NAME) *a, unsigned char **pp);
-STACK *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method, STACK_OF(GENERAL_NAME) *gen, STACK *extlist);
+STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method,
-STACK_OF(GENERAL_NAME) *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK *nval);
+		STACK_OF(GENERAL_NAME) *gen, STACK_OF(CONF_VALUE) *extlist);
 STACK_OF(GENERAL_NAME) *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method,
 				X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
 char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, ASN1_OCTET_STRING *ia5);
 ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str);
@ -381,24 +384,28 @@ X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid, c
 X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name, char *value);
 int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509 *cert);
 int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509_CRL *crl);
-int X509V3_add_value_bool_nf(char *name, int asn1_bool, STACK **extlist);
+int X509V3_add_value_bool_nf(char *name, int asn1_bool,
 						STACK_OF(CONF_VALUE) **extlist);
 int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool);
 int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint);
 void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH *lhash);
 #endif
 char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section);
-STACK * X509V3_get_section(X509V3_CTX *ctx, char *section);
+STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section);
 void X509V3_string_free(X509V3_CTX *ctx, char *str);
-void X509V3_section_free( X509V3_CTX *ctx, STACK *section);
+void X509V3_section_free( X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section);
 void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subject,
 				 X509_REQ *req, X509_CRL *crl, int flags);
-int X509V3_add_value(const char *name, const char *value, STACK **extlist);
+int X509V3_add_value(const char *name, const char *value,
 						STACK_OF(CONF_VALUE) **extlist);
 int X509V3_add_value_uchar(const char *name, const unsigned char *value,
-			   STACK **extlist);
+						STACK_OF(CONF_VALUE) **extlist);
-int X509V3_add_value_bool(const char *name, int asn1_bool, STACK **extlist);
+int X509V3_add_value_bool(const char *name, int asn1_bool,
-int X509V3_add_value_int(const char *name, ASN1_INTEGER *aint, STACK **extlist);
+						STACK_OF(CONF_VALUE) **extlist);
 int X509V3_add_value_int(const char *name, ASN1_INTEGER *aint,
 						STACK_OF(CONF_VALUE) **extlist);
 char * i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, ASN1_INTEGER *aint);
 ASN1_INTEGER * s2i_ASN1_INTEGER(X509V3_EXT_METHOD *meth, char *value);
 char * i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *meth, ASN1_ENUMERATED *aint);
@ -411,7 +418,7 @@ void X509V3_EXT_cleanup(void);
 X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext);
 X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid);
 int X509V3_add_standard_extensions(void);
-STACK *X509V3_parse_list(char *line);
+STACK_OF(CONF_VALUE) *X509V3_parse_list(char *line);
 void *X509V3_EXT_d2i(X509_EXTENSION *ext);
 X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc);
@ -419,7 +426,8 @@ char *hex_to_string(unsigned char *buffer, long len);
 unsigned char *string_to_hex(char *str, long *len);
 int name_cmp(const char *name, const char *cmp);
-void X509V3_EXT_val_prn(BIO *out, STACK *val, int indent, int ml);
+void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent,
 								 int ml);
 int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, int flag, int indent);
 int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent);