Change the trust and purpose code so it doesn't need init

either and has a static and dynamic mix.
1999-12-02 02:33:56 +00:00 · 1999-12-02 02:33:56 +00:00 · dd4134101f
commit dd4134101f
parent 08cba61011
18 changed files with 420 additions and 385 deletions
--- a/12
+++ b/12
@ -4,6 +4,18 @@
 Changes between 0.9.4 and 0.9.5  [xx XXX 1999]
  *) Modify X509_TRUST and X509_PURPOSE so it also uses a static and
     dynamic mix. In both cases the ids can be used as an index into the
     table. Also modified the X509_TRUST_add() and X509_PURPOSE_add()
     functions so they accept a list of the field values and the
     application doesn't need to directly manipulate the X509_TRUST
     structure.
     [Steve Henson]
  *) Modify the ASN1_STRING_TABLE stuff so it also uses bsearch and doesn't
     need initialising.
     [Steve Henson]
  *) Modify the way the V3 extension code looks up extensions. This now
     works in a similar way to the object code: we have some "standard"
     extensions in a static table which is searched with OBJ_bsearch()
--- a/apps/req.c
+++ b/apps/req.c
@ -843,7 +843,6 @@ end:
 	X509_REQ_free(req);
 	X509_free(x509ss);
 	OBJ_cleanup();
 	ASN1_STRING_TABLE_cleanup();
 #ifndef NO_DSA
 	if (dsa_params != NULL) DSA_free(dsa_params);
 #endif
--- a/apps/s_client.c
+++ b/apps/s_client.c
@ -740,7 +740,6 @@ end:
 	if (ctx != NULL) SSL_CTX_free(ctx);
 	if (cbuf != NULL) { memset(cbuf,0,BUFSIZZ); Free(cbuf); }
 	if (sbuf != NULL) { memset(sbuf,0,BUFSIZZ); Free(sbuf); }
 	X509_cleanup();
 	if (bio_c_out != NULL)
 		{
 		BIO_free(bio_c_out);
--- a/apps/s_server.c
+++ b/apps/s_server.c
@ -718,7 +718,6 @@ bad:
 	ret=0;
 end:
 	if (ctx != NULL) SSL_CTX_free(ctx);
 	X509_cleanup();
 	if (bio_s_out != NULL)
 		{
 		BIO_free(bio_s_out);
--- a/apps/verify.c
+++ b/apps/verify.c
@ -84,7 +84,6 @@ int MAIN(int argc, char **argv)
 	X509_STORE *cert_ctx=NULL;
 	X509_LOOKUP *lookup=NULL;
 	X509_init();
 	cert_ctx=X509_STORE_new();
 	if (cert_ctx == NULL) goto end;
 	X509_STORE_set_verify_cb_func(cert_ctx,cb);
@ -196,7 +195,6 @@ end:
 	}
 	if (cert_ctx != NULL) X509_STORE_free(cert_ctx);
 	sk_X509_pop_free(untrusted, X509_free);
 	X509_cleanup();
 	EXIT(ret);
 	}
--- a/apps/x509.c
+++ b/apps/x509.c
@ -384,7 +384,6 @@ bad:
 		app_RAND_load_file(NULL, bio_err, 0);
 	ERR_load_crypto_strings();
 	X509_init();
 	if (!X509_STORE_set_default_paths(ctx))
 		{
@ -870,7 +869,6 @@ end:
 	EVP_PKEY_free(Upkey);
 	EVP_PKEY_free(CApkey);
 	X509_REQ_free(rq);
 	X509_cleanup();
 	EXIT(ret);
 	}
--- a/crypto/asn1/a_strnid.c
+++ b/crypto/asn1/a_strnid.c
@ -66,6 +66,7 @@
 static STACK_OF(ASN1_STRING_TABLE) *stable = NULL;
 static void st_free(ASN1_STRING_TABLE *tbl);
 static int sk_table_cmp(ASN1_STRING_TABLE **a, ASN1_STRING_TABLE **b);
 static int table_cmp(ASN1_STRING_TABLE *a, ASN1_STRING_TABLE *b);
 /* The following function generates an ASN1_STRING based on limits in a table.
 * Frequently the types and length of an ASN1_STRING are restricted by a 
@ -79,7 +80,6 @@ ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, const unsigned char *in,
 	ASN1_STRING *str = NULL;
 	int ret;
 	if(!out) out = &str;
 	if(!stable) ASN1_STRING_TABLE_add_standard();
 	tbl = ASN1_STRING_TABLE_get(nid);
 	if(tbl) ret = ASN1_mbstring_ncopy(out, in, inlen, inform, tbl->mask,
 					tbl->minsize, tbl->maxsize);
@ -102,53 +102,45 @@ ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, const unsigned char *in,
 #define ub_title			64
 #define ub_email_address		128
 /* This table must be kept in NID order */
 static ASN1_STRING_TABLE tbl_standard[] = {
 {NID_name,			1, ub_name, 0, 0},
 {NID_surname,			1, ub_name, 0, 0},
 {NID_givenName,			1, ub_name, 0, 0},
 {NID_initials,			1, ub_name, 0, 0},
 {NID_commonName,		1, ub_common_name, 0, 0},
 {NID_countryName,		2, 2, B_ASN1_PRINTABLESTRING, 0},
 {NID_localityName,		1, ub_locality_name, 0, 0},
 {NID_stateOrProvinceName,	1, ub_state_name, 0, 0},
 {NID_organizationName,		1, ub_organization_name, 0, 0},
 {NID_organizationalUnitName,	1, ub_organization_unit_name, 0, 0},
 {NID_dnQualifier,		-1, -1, B_ASN1_PRINTABLESTRING, 0},
 {NID_countryName,		2, 2, B_ASN1_PRINTABLESTRING, 0},
 {NID_pkcs9_emailAddress,	1, ub_email_address, B_ASN1_IA5STRING, 0},
-{NID_undef, 0, 0, 0, 0}
+{NID_givenName,			1, ub_name, 0, 0},
 {NID_surname,			1, ub_name, 0, 0},
 {NID_initials,			1, ub_name, 0, 0},
 {NID_name,			1, ub_name, 0, 0},
 {NID_dnQualifier,		-1, -1, B_ASN1_PRINTABLESTRING, 0},
 };
 int ASN1_STRING_TABLE_add_standard(void)
 {
 	static int done = 0;
 	ASN1_STRING_TABLE *tmp;
 	if(done) return 1;
 	if(!stable) stable = sk_ASN1_STRING_TABLE_new(sk_table_cmp);
 	if(!stable) {
 		ASN1err(ASN1_F_ASN1_STRING_TABLE_ADD_STANDARD,
 						ERR_R_MALLOC_FAILURE);
 		return 0;
 	}
 	for(tmp = tbl_standard; tmp->nid != NID_undef; tmp++) {
 		if(!sk_ASN1_STRING_TABLE_push(stable, tmp)) {
 			ASN1err(ASN1_F_ASN1_STRING_TABLE_ADD_STANDARD,
 							ERR_R_MALLOC_FAILURE);
 			return 0;
 		}
 	}
 	return 1;
 }
 static int sk_table_cmp(ASN1_STRING_TABLE **a, ASN1_STRING_TABLE **b)
 {
 	return (*a)->nid - (*b)->nid;
 }
 static int table_cmp(ASN1_STRING_TABLE *a, ASN1_STRING_TABLE *b)
 {
 	return a->nid - b->nid;
 }
 ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid)
 {
 	int idx;
 	ASN1_STRING_TABLE *ttmp;
 	ASN1_STRING_TABLE fnd;
 	fnd.nid = nid;
 	ttmp = (ASN1_STRING_TABLE *) OBJ_bsearch((char *)&fnd,
 					(char *)tbl_standard, 
 			sizeof(tbl_standard)/sizeof(ASN1_STRING_TABLE),
 			sizeof(ASN1_STRING_TABLE), (int(*)())table_cmp);
 	if(ttmp) return ttmp;
 	if(!stable) return NULL;
 	idx = sk_ASN1_STRING_TABLE_find(stable, &fnd);
 	if(idx < 0) return NULL;
 	return sk_ASN1_STRING_TABLE_value(stable, idx);
@ -160,6 +152,7 @@ int ASN1_STRING_TABLE_add(int nid,
 {
 	ASN1_STRING_TABLE *tmp;
 	char new_nid = 0;
 	flags &= ~STABLE_FLAGS_MALLOC;
 	if(!stable) stable = sk_ASN1_STRING_TABLE_new(sk_table_cmp);
 	if(!stable) {
 		ASN1err(ASN1_F_ASN1_STRING_TABLE_ADD, ERR_R_MALLOC_FAILURE);
@ -172,14 +165,13 @@ int ASN1_STRING_TABLE_add(int nid,
 							ERR_R_MALLOC_FAILURE);
 			return 0;
 		}
-		tmp->flags = STABLE_FLAGS_MALLOC;
+		tmp->flags = flags | STABLE_FLAGS_MALLOC;
 		tmp->nid = nid;
 		new_nid = 1;
-	}
+	} else tmp->flags = (tmp->flags & STABLE_FLAGS_MALLOC) | flags;
 	if(minsize != -1) tmp->minsize = minsize;
 	if(maxsize != -1) tmp->maxsize = maxsize;
 	tmp->mask = mask;
 	tmp->flags = flags & ~STABLE_FLAGS_MALLOC;
 	if(new_nid) sk_ASN1_STRING_TABLE_push(stable, tmp);
 	return 1;
 }
--- a/crypto/asn1/asn1.h
+++ b/crypto/asn1/asn1.h
@ -773,7 +773,6 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
 ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, 
 		const unsigned char *in, int inlen, int inform, int nid);
 int ASN1_STRING_TABLE_add_standard(void);
 ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid);
 void ASN1_STRING_TABLE_cleanup(void);
@ -812,7 +811,6 @@ void ASN1_STRING_TABLE_cleanup(void);
 #define ASN1_F_ASN1_SIGN				 114
 #define ASN1_F_ASN1_STRING_NEW				 115
 #define ASN1_F_ASN1_STRING_TABLE_ADD			 283
 #define ASN1_F_ASN1_STRING_TABLE_ADD_STANDARD		 284
 #define ASN1_F_ASN1_STRING_TYPE_NEW			 116
 #define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING		 117
 #define ASN1_F_ASN1_TYPE_GET_OCTETSTRING		 118
@ -824,7 +822,7 @@ void ASN1_STRING_TABLE_cleanup(void);
 #define ASN1_F_BASIC_CONSTRAINTS_NEW			 226
 #define ASN1_F_BN_TO_ASN1_ENUMERATED			 234
 #define ASN1_F_BN_TO_ASN1_INTEGER			 122
-#define ASN1_F_D2I_ACCESS_DESCRIPTION			 292
+#define ASN1_F_D2I_ACCESS_DESCRIPTION			 284
 #define ASN1_F_D2I_ASN1_BIT_STRING			 123
 #define ASN1_F_D2I_ASN1_BMPSTRING			 124
 #define ASN1_F_D2I_ASN1_BOOLEAN				 125
--- a/crypto/asn1/asn1_err.c
+++ b/crypto/asn1/asn1_err.c
@ -92,7 +92,6 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_PACK(0,ASN1_F_ASN1_SIGN,0),	"ASN1_sign"},
 {ERR_PACK(0,ASN1_F_ASN1_STRING_NEW,0),	"ASN1_STRING_new"},
 {ERR_PACK(0,ASN1_F_ASN1_STRING_TABLE_ADD,0),	"ASN1_STRING_TABLE_ADD"},
 {ERR_PACK(0,ASN1_F_ASN1_STRING_TABLE_ADD_STANDARD,0),	"ASN1_STRING_TABLE_add_standard"},
 {ERR_PACK(0,ASN1_F_ASN1_STRING_TYPE_NEW,0),	"ASN1_STRING_type_new"},
 {ERR_PACK(0,ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING,0),	"ASN1_TYPE_get_int_octetstring"},
 {ERR_PACK(0,ASN1_F_ASN1_TYPE_GET_OCTETSTRING,0),	"ASN1_TYPE_get_octetstring"},
--- a/crypto/x509/x509.h
+++ b/crypto/x509/x509.h
@ -280,10 +280,10 @@ DECLARE_ASN1_SET_OF(X509)
 /* This is used for a table of trust checking functions */
 typedef struct x509_trust_st {
-	int trust_id;
+	int trust;
-	int trust_flags;
+	int flags;
 	int (*check_trust)(struct x509_trust_st *, X509 *, int);
-	char *trust_name;
+	char *name;
 	int arg1;
 	void *arg2;
 } X509_TRUST;
@ -298,6 +298,11 @@ DECLARE_STACK_OF(X509_TRUST)
 #define X509_TRUST_EMAIL	4
 #define X509_TRUST_OBJECT_SIGN	5
 /* Keep these up to date! */
 #define X509_TRUST_MIN		1
 #define X509_TRUST_MAX		5
 /* trust_flags values */
 #define	X509_TRUST_DYNAMIC 	1
 #define	X509_TRUST_DYNAMIC_NAME	2
@ -1015,8 +1020,6 @@ int		X509_EXTENSION_set_data(X509_EXTENSION *ex,
 ASN1_OBJECT *	X509_EXTENSION_get_object(X509_EXTENSION *ex);
 ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ne);
 int		X509_EXTENSION_get_critical(X509_EXTENSION *ex);
 void		X509_init(void);
 void		X509_cleanup(void);
 int		X509_verify_cert(X509_STORE_CTX *ctx);
@ -1059,10 +1062,10 @@ int X509_check_trust(X509 *x, int id, int flags);
 int X509_TRUST_get_count(void);
 X509_TRUST * X509_TRUST_iget(int idx);
 int X509_TRUST_get_by_id(int id);
-int X509_TRUST_add(X509_TRUST *xp);
+int X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int),
 					char *name, int arg1, void *arg2);
 void X509_TRUST_cleanup(void);
-void X509_TRUST_add_standard(void);
+int X509_TRUST_get_flags(X509_TRUST *xp);
 int X509_TRUST_get_id(X509_TRUST *xp);
 char *X509_TRUST_iget_name(X509_TRUST *xp);
 int X509_TRUST_get_trust(X509_TRUST *xp);
--- a/crypto/x509/x509_trs.c
+++ b/crypto/x509/x509_trs.c
@ -67,72 +67,110 @@ static void trtable_free(X509_TRUST *p);
 static int trust_1bit(X509_TRUST *trust, X509 *x, int flags);
 static int trust_any(X509_TRUST *trust, X509 *x, int flags);
 /* WARNING: the following table should be kept in order of trust
 * and without any gaps so we can just subtract the minimum trust
 * value to get an index into the table
 */
 static X509_TRUST trstandard[] = {
 {X509_TRUST_ANY, 0, trust_any, "Any", 0, NULL},
 {X509_TRUST_SSL_CLIENT, 0, trust_1bit, "SSL Client", X509_TRUST_BIT_SSL_CLIENT, NULL},
 {X509_TRUST_SSL_SERVER, 0, trust_1bit, "SSL Client", X509_TRUST_BIT_SSL_SERVER, NULL},
 {X509_TRUST_EMAIL, 0, trust_1bit, "S/MIME email", X509_TRUST_BIT_EMAIL, NULL},
 {X509_TRUST_OBJECT_SIGN, 0, trust_1bit, "Object Signing", X509_TRUST_BIT_OBJECT_SIGN, NULL},
 {0, 0, NULL, NULL, 0, NULL}
 };
 #define X509_TRUST_COUNT	(sizeof(trstandard)/sizeof(X509_TRUST))
 IMPLEMENT_STACK_OF(X509_TRUST)
 static STACK_OF(X509_TRUST) *trtable = NULL;
 static int tr_cmp(X509_TRUST **a, X509_TRUST **b)
 {
-	return (*a)->trust_id - (*b)->trust_id;
+	return (*a)->trust - (*b)->trust;
 }
 int X509_check_trust(X509 *x, int id, int flags)
 {
 	int idx;
 	X509_TRUST *pt;
 	int idx;
 	if(id == -1) return 1;
-	idx = X509_TRUST_get_by_id(id);
+	if(!(idx = X509_TRUST_get_by_id(id))) return 0;
-	if(idx == -1) return -1;
+	pt = X509_TRUST_iget(idx);
 	pt = sk_X509_TRUST_value(trtable, idx);
 	return pt->check_trust(pt, x, flags);
 }
 int X509_TRUST_get_count(void)
 {
-	return sk_X509_TRUST_num(trtable);
+	if(!trtable) return X509_TRUST_COUNT;
 	return sk_X509_TRUST_num(trtable) + X509_TRUST_COUNT;
 }
 X509_TRUST * X509_TRUST_iget(int idx)
 {
-	return sk_X509_TRUST_value(trtable, idx);
+	if(idx < 0) return NULL;
 	if(idx < X509_TRUST_COUNT) return trstandard + idx;
 	return sk_X509_TRUST_value(trtable, idx - X509_TRUST_COUNT);
 }
 int X509_TRUST_get_by_id(int id)
 {
 	X509_TRUST tmp;
-	tmp.trust_id = id;
+	int idx;
 	if((id >= X509_TRUST_MIN) && (id <= X509_TRUST_MAX))
 				 return id - X509_TRUST_MIN;
 	tmp.trust = id;
 	if(!trtable) return -1;
-	return sk_X509_TRUST_find(trtable, &tmp);
+	idx = sk_X509_TRUST_find(trtable, &tmp);
 	if(idx == -1) return -1;
 	return idx + X509_TRUST_COUNT;
 }
-int X509_TRUST_add(X509_TRUST *xp)
+int X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int),
 					char *name, int arg1, void *arg2)
 {
 	int idx;
-	if(!trtable)
+	X509_TRUST *trtmp;
-		{
+	/* This is set according to what we change: application can't set it */
-		trtable = sk_X509_TRUST_new(tr_cmp);
+	flags &= ~X509_TRUST_DYNAMIC;
-		if (!trtable) 
+	/* This will always be set for application modified trust entries */
-			{
+	flags |= X509_TRUST_DYNAMIC_NAME;
 	/* Get existing entry if any */
 	idx = X509_TRUST_get_by_id(id);
 	/* Need a new entry */
 	if(idx == -1) {
 		if(!(trtmp = Malloc(sizeof(X509_TRUST)))) {
 			X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE);
 			return 0;
 		}
-		}
+		trtmp->flags = X509_TRUST_DYNAMIC;
 	} else trtmp = X509_TRUST_iget(idx);
-	idx = X509_TRUST_get_by_id(xp->trust_id);
+	/* Free existing name if dynamic */
-	if(idx != -1) {
+	if(trtmp->flags & X509_TRUST_DYNAMIC_NAME) Free(trtmp->name);
-		trtable_free(sk_X509_TRUST_value(trtable, idx));
+	/* dup supplied name */
-		sk_X509_TRUST_set(trtable, idx, xp);
+	if(!(trtmp->name = BUF_strdup(name))) {
-	} else {
+		X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE);
-		if (!sk_X509_TRUST_push(trtable, xp)) {
+		return 0;
 	}
 	/* Keep the dynamic flag of existing entry */
 	trtmp->flags &= X509_TRUST_DYNAMIC;
 	/* Set all other flags */
 	trtmp->flags |= flags;
 	trtmp->trust = id;
 	trtmp->check_trust = ck;
 	trtmp->arg1 = arg1;
 	trtmp->arg2 = arg2;
 	/* If its a new entry manage the dynamic table */
 	if(idx == -1) {
 		if(!trtable && !(trtable = sk_X509_TRUST_new(tr_cmp))) {
 			X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE);
 			return 0;
 		}
 		if (!sk_X509_TRUST_push(trtable, trtmp)) {
 			X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE);
 			return 0;
 		}
@ -143,40 +181,35 @@ int X509_TRUST_add(X509_TRUST *xp)
 static void trtable_free(X509_TRUST *p)
 	{
 	if(!p) return;
-	if (p->trust_flags & X509_TRUST_DYNAMIC) 
+	if (p->flags & X509_TRUST_DYNAMIC) 
 		{
-		if (p->trust_flags & X509_TRUST_DYNAMIC_NAME)
+		if (p->flags & X509_TRUST_DYNAMIC_NAME)
-			Free(p->trust_name);
+			Free(p->name);
 		Free(p);
 		}
 	}
 void X509_TRUST_cleanup(void)
 {
 	int i;
 	for(i = 0; i < X509_TRUST_COUNT; i++) trtable_free(trstandard + i);
 	sk_X509_TRUST_pop_free(trtable, trtable_free);
 	trtable = NULL;
 }
-void X509_TRUST_add_standard(void)
+int X509_TRUST_get_flags(X509_TRUST *xp)
 {
-	X509_TRUST *xp;
+	return xp->flags;
 	for(xp = trstandard; xp->trust_name; xp++)
 		X509_TRUST_add(xp);
 }
 int X509_TRUST_get_id(X509_TRUST *xp)
 {
 	return xp->trust_id;
 }
 char *X509_TRUST_iget_name(X509_TRUST *xp)
 {
-	return xp->trust_name;
+	return xp->name;
 }
 int X509_TRUST_get_trust(X509_TRUST *xp)
 {
-	return xp->trust_id;
+	return xp->trust;
 }
 static int trust_1bit(X509_TRUST *trust, X509 *x, int flags)
--- a/crypto/x509/x509_v3.c
+++ b/crypto/x509/x509_v3.c
@ -265,24 +265,3 @@ int X509_EXTENSION_get_critical(X509_EXTENSION *ex)
 	if (ex == NULL) return(0);
 	return(ex->critical);
 	}
 /* Initialisation routine: used to initialise the X509 and X509v3 tables */
 static int init_done = 0;
 void X509_init(void)
 {
 	if(init_done) return;
 	X509V3_add_standard_extensions();
 	X509_PURPOSE_add_standard();
 	X509_TRUST_add_standard();
 	init_done = 1;
 }
 void X509_cleanup(void)
 {
 	X509V3_EXT_cleanup();
 	X509_PURPOSE_cleanup();
 	X509_TRUST_cleanup();
 	init_done = 0;
 }
--- a/crypto/x509v3/Makefile.ssl
+++ b/crypto/x509v3/Makefile.ssl
@ -339,7 +339,7 @@ v3_lib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 v3_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 v3_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 v3_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-v3_lib.o: ../../include/openssl/x509v3.h ../cryptlib.h
+v3_lib.o: ../../include/openssl/x509v3.h ../cryptlib.h ext_dat.h
 v3_pku.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
 v3_pku.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
 v3_pku.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
--- a/crypto/x509v3/ext_dat.h
+++ b/crypto/x509v3/ext_dat.h
@ -91,7 +91,7 @@ static X509V3_EXT_METHOD *standard_exts[] = {
 &v3_info,
 };
-/* Number of standard extensions: keep up to date */
+/* Number of standard extensions */
-#define STANDARD_EXTENSION_COUNT 22
+#define STANDARD_EXTENSION_COUNT (sizeof(standard_exts)/sizeof(X509V3_EXT_METHOD *))
--- a/crypto/x509v3/v3_purp.c
+++ b/crypto/x509v3/v3_purp.c
@ -82,9 +82,10 @@ static X509_PURPOSE xstandard[] = {
 	{X509_PURPOSE_SMIME_SIGN, X509_TRUST_EMAIL, 0, check_purpose_smime_sign, "S/MIME signing", "smimesign", NULL},
 	{X509_PURPOSE_SMIME_ENCRYPT, X509_TRUST_EMAIL, 0, check_purpose_smime_encrypt, "S/MIME encryption", "smimeencrypt", NULL},
 	{X509_PURPOSE_CRL_SIGN, X509_TRUST_ANY, 0, check_purpose_crl_sign, "CRL signing", "crlsign", NULL},
 	{-1, 0, 0, NULL, NULL, NULL, NULL}
 };
 #define X509_PURPOSE_COUNT (sizeof(xstandard)/sizeof(X509_PURPOSE))
 IMPLEMENT_STACK_OF(X509_PURPOSE)
 static STACK_OF(X509_PURPOSE) *xptable = NULL;
@ -100,7 +101,6 @@ int X509_check_purpose(X509 *x, int id, int ca)
 	X509_PURPOSE *pt;
 	if(!(x->ex_flags & EXFLAG_SET)) {
 		CRYPTO_w_lock(CRYPTO_LOCK_X509);
 		X509_init();
 		x509v3_cache_extensions(x);
 		CRYPTO_w_unlock(CRYPTO_LOCK_X509);
 	}
@ -113,20 +113,23 @@ int X509_check_purpose(X509 *x, int id, int ca)
 int X509_PURPOSE_get_count(void)
 {
-	return sk_X509_PURPOSE_num(xptable);
+	if(!xptable) return X509_PURPOSE_COUNT;
 	return sk_X509_PURPOSE_num(xptable) + X509_PURPOSE_COUNT;
 }
 X509_PURPOSE * X509_PURPOSE_iget(int idx)
 {
-	return sk_X509_PURPOSE_value(xptable, idx);
+	if(idx < 0) return NULL;
 	if(idx < X509_PURPOSE_COUNT) return xstandard + idx;
 	return sk_X509_PURPOSE_value(xptable, idx - X509_PURPOSE_COUNT);
 }
 int X509_PURPOSE_get_by_sname(char *sname)
 {
 	int i;
 	X509_PURPOSE *xptmp;
-	for(i = 0; i < sk_X509_PURPOSE_num(xptable); i++) {
+	for(i = 0; i < X509_PURPOSE_get_count(); i++) {
-		xptmp = sk_X509_PURPOSE_value(xptable, i);
+		xptmp = X509_PURPOSE_iget(i);
 		if(!strcmp(xptmp->sname, sname)) return i;
 	}
 	return -1;
@ -136,30 +139,66 @@ int X509_PURPOSE_get_by_sname(char *sname)
 int X509_PURPOSE_get_by_id(int purpose)
 {
 	X509_PURPOSE tmp;
 	int idx;
 	if((purpose >= X509_PURPOSE_MIN) && (purpose <= X509_PURPOSE_MAX))
 		return purpose - X509_PURPOSE_MIN;
 	tmp.purpose = purpose;
 	if(!xptable) return -1;
-	return sk_X509_PURPOSE_find(xptable, &tmp);
+	idx = sk_X509_PURPOSE_find(xptable, &tmp);
 	if(idx == -1) return -1;
 	return idx + X509_PURPOSE_COUNT;
 }
-int X509_PURPOSE_add(X509_PURPOSE *xp)
+int X509_PURPOSE_add(int id, int trust, int flags,
 			int (*ck)(X509_PURPOSE *, X509 *, int),
 					char *name, char *sname, void *arg)
 {
 	int idx;
-	if(!xptable)
+	X509_PURPOSE *ptmp;
-		{
+	/* This is set according to what we change: application can't set it */
-		xptable = sk_X509_PURPOSE_new(xp_cmp);
+	flags &= ~X509_PURPOSE_DYNAMIC;
-		if (!xptable) 
+	/* This will always be set for application modified trust entries */
-			{
+	flags |= X509_PURPOSE_DYNAMIC_NAME;
 	/* Get existing entry if any */
 	idx = X509_PURPOSE_get_by_id(id);
 	/* Need a new entry */
 	if(idx == -1) {
 		if(!(ptmp = Malloc(sizeof(X509_PURPOSE)))) {
 			X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE);
 			return 0;
 		}
-		}
+		ptmp->flags = X509_PURPOSE_DYNAMIC;
 	} else ptmp = X509_PURPOSE_iget(idx);
-	idx = X509_PURPOSE_get_by_id(xp->purpose);
+	/* Free existing name if dynamic */
-	if(idx != -1) {
+	if(ptmp->flags & X509_PURPOSE_DYNAMIC_NAME) {
-		xptable_free(sk_X509_PURPOSE_value(xptable, idx));
+		Free(ptmp->name);
-		sk_X509_PURPOSE_set(xptable, idx, xp);
+		Free(ptmp->sname);
-	} else {
+	}
-		if (!sk_X509_PURPOSE_push(xptable, xp)) {
+	/* dup supplied name */
 	ptmp->name = BUF_strdup(name);
 	ptmp->sname = BUF_strdup(sname);
 	if(!ptmp->name || !ptmp->sname) {
 		X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE);
 		return 0;
 	}
 	/* Keep the dynamic flag of existing entry */
 	ptmp->flags &= X509_PURPOSE_DYNAMIC;
 	/* Set all other flags */
 	ptmp->flags |= flags;
 	ptmp->purpose = id;
 	ptmp->trust = trust;
 	ptmp->check_purpose = ck;
 	ptmp->usr_data = arg;
 	/* If its a new entry manage the dynamic table */
 	if(idx == -1) {
 		if(!xptable && !(xptable = sk_X509_PURPOSE_new(xp_cmp))) {
 			X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE);
 			return 0;
 		}
 		if (!sk_X509_PURPOSE_push(xptable, ptmp)) {
 			X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE);
 			return 0;
 		}
@ -182,16 +221,12 @@ static void xptable_free(X509_PURPOSE *p)
 void X509_PURPOSE_cleanup(void)
 {
 	int i;
 	sk_X509_PURPOSE_pop_free(xptable, xptable_free);
 	for(i = 0; i < X509_PURPOSE_COUNT; i++) xptable_free(xstandard + i);
 	xptable = NULL;
 }
 void X509_PURPOSE_add_standard(void)
 {
 	X509_PURPOSE *xp;
 	for(xp = xstandard; xp->name; xp++) X509_PURPOSE_add(xp);
 }
 int X509_PURPOSE_get_id(X509_PURPOSE *xp)
 {
 	return xp->purpose;
--- a/crypto/x509v3/x509v3.h
+++ b/crypto/x509v3/x509v3.h
@ -345,6 +345,9 @@ typedef struct x509_purpose_st {
 #define X509_PURPOSE_SMIME_ENCRYPT	5
 #define X509_PURPOSE_CRL_SIGN		6
 #define X509_PURPOSE_MIN		1
 #define X509_PURPOSE_MAX		6
 DECLARE_STACK_OF(X509_PURPOSE)
 void ERR_load_X509V3_strings(void);
@ -532,7 +535,9 @@ int X509_PURPOSE_get_count(void);
 X509_PURPOSE * X509_PURPOSE_iget(int idx);
 int X509_PURPOSE_get_by_sname(char *sname);
 int X509_PURPOSE_get_by_id(int id);
-int X509_PURPOSE_add(X509_PURPOSE *xp);
+int X509_PURPOSE_add(int id, int trust, int flags,
 			int (*ck)(X509_PURPOSE *, X509 *, int),
 				char *name, char *sname, void *arg);
 char *X509_PURPOSE_iget_name(X509_PURPOSE *xp);
 char *X509_PURPOSE_iget_sname(X509_PURPOSE *xp);
 int X509_PURPOSE_get_trust(X509_PURPOSE *xp);
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@ -1120,12 +1120,6 @@ SSL_CTX *SSL_CTX_new(SSL_METHOD *meth)
 	ret->extra_certs=NULL;
 	ret->comp_methods=SSL_COMP_get_compression_methods();
 	/* Initialise X509 tables: otherwise some certificate operations
 	 * wont work. This is a non op if called more than once.
 	 */
 	X509_init();
 	return(ret);
 err:
 	SSLerr(SSL_F_SSL_CTX_NEW,ERR_R_MALLOC_FAILURE);
--- a/util/libeay.num
+++ b/util/libeay.num
@ -1883,241 +1883,233 @@ DISPLAYTEXT_new                         1907
 ASN1_GENERALIZEDTIME_free               1908
 X509V3_REVOKED_get_d2i                  1909
 X509_set_ex_data                        1910
-X509_PURPOSE_add_standard               1911
+X509_reject_set_bit_asc                 1911
-sk_X509_PURPOSE_value                   1912
+X509_NAME_add_entry_by_txt              1912
-sk_X509_PURPOSE_zero                    1913
+sk_X509_TRUST_pop                       1913
-ASN1_VISIBLESTRING_new                  1914
+X509_NAME_add_entry_by_NID              1914
-ASN1_PRINTABLESTRING_free               1915
+X509_PURPOSE_iget                       1915
-ASN1_BMPSTRING_new                      1916
+sk_ACCESS_DESCRIPTION_shift             1916
-ASN1_UTF8STRING_new                     1917
+PEM_read_X509_AUX                       1917
-sk_X509_PURPOSE_pop                     1918
+d2i_AUTHORITY_INFO_ACCESS               1918
-DSA_get_default_method                  1919
+sk_X509_TRUST_set_cmp_func              1919
-sk_X509_PURPOSE_push                    1920
+sk_X509_TRUST_free                      1920
-sk_X509_PURPOSE_delete                  1921
+PEM_write_PUBKEY                        1921
-sk_X509_PURPOSE_num                     1922
+sk_X509_TRUST_num                       1922
-PEM_read_DSA_PUBKEY                     1923
+sk_ACCESS_DESCRIPTION_delete            1923
-ASN1_T61STRING_free                     1924
+sk_ASN1_STRING_TABLE_value              1924
-d2i_DSA_PUBKEY_fp                       1925
+ACCESS_DESCRIPTION_new                  1925
-DSA_set_method                          1926
+X509_CERT_AUX_free                      1926
-X509_get_ex_data                        1927
+d2i_ACCESS_DESCRIPTION                  1927
-ASN1_STRING_type                        1928
+X509_PURPOSE_add_standard               1928
-sk_X509_PURPOSE_find                    1929
+sk_X509_PURPOSE_value                   1929
-ASN1_TIME_free                          1930
+sk_X509_PURPOSE_zero                    1930
-ASN1_OCTET_STRING_cmp                   1931
+X509_TRUST_add                          1931
-ASN1_BIT_STRING_new                     1932
+ASN1_VISIBLESTRING_new                  1932
-X509V3_X509_get_d2i                     1933
+X509_alias_set                          1933
-ASN1_INTEGER_cmp                        1934
+ASN1_PRINTABLESTRING_free               1934
-ASN1_TIME_new                           1935
+EVP_PKEY_rget_DSA                       1935
-d2i_DSA_PUBKEY_bio                      1936
+ASN1_BMPSTRING_new                      1936
-sk_X509_PURPOSE_new_null                1937
+ASN1_mbstring_copy                      1937
-ASN1_UTCTIME_free                       1938
+ASN1_UTF8STRING_new                     1938
-DSA_set_default_method                  1939
+sk_ACCESS_DESCRIPTION_set               1939
-sk_X509_PURPOSE_set_cmp_func            1940
+sk_X509_PURPOSE_pop                     1940
-PEM_write_bio_DSA_PUBKEY                1941
+DSA_get_default_method                  1941
-X509_PURPOSE_get_by_id                  1942
+sk_X509_PURPOSE_push                    1942
-DISPLAYTEXT_free                        1943
+sk_X509_PURPOSE_delete                  1943
-X509V3_CRL_get_d2i                      1944
+sk_X509_PURPOSE_num                     1944
-ASN1_OCTET_STRING_free                  1945
+i2d_ASN1_SET_OF_ACCESS_DESCRIPTION      1945
-X509_get_ex_new_index                   1946
+ASN1_T61STRING_free                     1946
-ASN1_STRING_length                      1947
+sk_ACCESS_DESCRIPTION_free              1947
-ASN1_PRINTABLESTRING_new                1948
+sk_ASN1_STRING_TABLE_pop                1948
-X509V3_get_d2i                          1949
+DSA_set_method                          1949
-ASN1_ENUMERATED_free                    1950
+X509_get_ex_data                        1950
-sk_X509_PURPOSE_unshift                 1951
+ASN1_STRING_type                        1951
-sk_X509_PURPOSE_set                     1952
+X509_PURPOSE_get_by_sname               1952
-sk_X509_PURPOSE_sort                    1953
+sk_X509_PURPOSE_find                    1953
-DIRECTORYSTRING_free                    1954
+ASN1_TIME_free                          1954
-ASN1_OCTET_STRING_set                   1955
+ASN1_OCTET_STRING_cmp                   1955
-ASN1_IA5STRING_new                      1956
+sk_ACCESS_DESCRIPTION_value             1956
-X509_check_purpose                      1957
+ASN1_BIT_STRING_new                     1957
-ASN1_ENUMERATED_new                     1958
+X509V3_X509_get_d2i                     1958
-PEM_write_DSA_PUBKEY                    1959
+PEM_read_bio_X509_AUX                   1959
-ASN1_BMPSTRING_free                     1960
+ASN1_STRING_set_default_mask_asc        1960
-ASN1_T61STRING_new                      1961
+PEM_write_bio_RSA_PUBKEY                1961
-ASN1_UTCTIME_new                        1962
+sk_ASN1_STRING_TABLE_num                1962
-ASN1_IA5STRING_free                     1963
+ASN1_INTEGER_cmp                        1963
-ASN1_STRING_data                        1964
+d2i_RSA_PUBKEY_fp                       1964
-X509_PURPOSE_iget_name                  1965
+sk_ACCESS_DESCRIPTION_unshift           1965
-sk_X509_PURPOSE_delete_ptr              1966
+sk_ASN1_STRING_TABLE_delete_ptr         1966
-ASN1_BIT_STRING_free                    1967
+X509_trust_set_bit_asc                  1967
-X509_PURPOSE_add                        1968
+PEM_write_bio_DSA_PUBKEY                1968
-ASN1_UTF8STRING_free                    1969
+X509_STORE_CTX_free                     1969
-X509_PURPOSE_get                        1970
+EVP_PKEY_rset_DSA                       1970
-sk_X509_PURPOSE_pop_free                1971
+i2d_DSA_PUBKEY_fp                       1971
-i2d_DSA_PUBKEY_fp                       1972
+X509_load_cert_crl_file                 1972
-sk_X509_PURPOSE_free                    1973
+ASN1_TIME_new                           1973
-sk_X509_PURPOSE_dup                     1974
+i2d_RSA_PUBKEY                          1974
-ASN1_OCTET_STRING_dup                   1975
+sk_X509_TRUST_pop_free                  1975
-ASN1_BIT_STRING_set                     1976
+X509_STORE_CTX_purpose_inherit          1976
-ASN1_INTEGER_free                       1977
+PEM_read_RSA_PUBKEY                     1977
-ASN1_INTEGER_dup                        1978
+sk_X509_TRUST_zero                      1978
-ASN1_VISIBLESTRING_free                 1979
+sk_ACCESS_DESCRIPTION_pop_free          1979
-sk_X509_PURPOSE_shift                   1980
+d2i_X509_AUX                            1980
-sk_X509_PURPOSE_new                     1981
+i2d_DSA_PUBKEY                          1981
-sk_X509_PURPOSE_insert                  1982
+X509_CERT_AUX_print                     1982
-ASN1_GENERALIZEDTIME_new                1983
+sk_X509_PURPOSE_new_null                1983
-PEM_read_bio_DSA_PUBKEY                 1984
+PEM_read_DSA_PUBKEY                     1984
-ASN1_OCTET_STRING_new                   1985
+i2d_RSA_PUBKEY_bio                      1985
-ASN1_INTEGER_new                        1986
+ASN1_BIT_STRING_num_asc                 1986
-i2d_DSA_PUBKEY_bio                      1987
+i2d_PUBKEY                              1987
-ASN1_STRING_length_set                  1988
+ASN1_UTCTIME_free                       1988
-DIRECTORYSTRING_new                     1989
+DSA_set_default_method                  1989
-ASN1_mbstring_copy                      1990
+X509_PURPOSE_get_by_id                  1990
-sk_ASN1_STRING_TABLE_value              1991
+sk_X509_TRUST_push                      1991
-sk_ASN1_STRING_TABLE_pop                1992
+sk_ASN1_STRING_TABLE_sort               1992
-sk_ASN1_STRING_TABLE_num                1993
+sk_X509_PURPOSE_set_cmp_func            1993
-sk_ASN1_STRING_TABLE_delete_ptr         1994
+ACCESS_DESCRIPTION_free                 1994
-sk_ASN1_STRING_TABLE_sort               1995
+PEM_read_bio_PUBKEY                     1995
 ASN1_STRING_set_by_NID                  1996
-sk_ASN1_STRING_TABLE_pop_free           1997
+X509_PURPOSE_get_id                     1997
-sk_ASN1_STRING_TABLE_unshift            1998
+DISPLAYTEXT_free                        1998
-ASN1_STRING_TABLE_cleanup               1999
+OTHERNAME_new                           1999
-ASN1_STRING_set_default_mask            2000
+sk_X509_TRUST_find                      2000
-sk_ASN1_STRING_TABLE_insert             2001
+X509_CERT_AUX_new                       2001
-sk_ASN1_STRING_TABLE_free               2002
+sk_ACCESS_DESCRIPTION_dup               2002
-sk_ASN1_STRING_TABLE_set                2003
+sk_ASN1_STRING_TABLE_pop_free           2003
-ASN1_STRING_TABLE_add_standard          2004
+sk_ASN1_STRING_TABLE_unshift            2004
-sk_ASN1_STRING_TABLE_set_cmp_func       2005
+sk_X509_TRUST_shift                     2005
-ASN1_STRING_get_default_mask            2006
+sk_ACCESS_DESCRIPTION_zero              2006
-ASN1_STRING_TABLE_get                   2007
+X509_TRUST_cleanup                      2007
-sk_ASN1_STRING_TABLE_delete             2008
+X509_NAME_add_entry_by_OBJ              2008
-sk_ASN1_STRING_TABLE_zero               2009
+X509V3_CRL_get_d2i                      2009
-sk_ASN1_STRING_TABLE_shift              2010
+sk_X509_TRUST_set                       2010
-sk_ASN1_STRING_TABLE_new_null           2011
+X509_PURPOSE_iget_name                  2011
-sk_ASN1_STRING_TABLE_push               2012
+PEM_read_PUBKEY                         2012
-sk_ASN1_STRING_TABLE_dup                2013
+sk_ACCESS_DESCRIPTION_new               2013
-ASN1_mbstring_ncopy                     2014
+i2d_DSA_PUBKEY_bio                      2014
-sk_ASN1_STRING_TABLE_find               2015
+i2d_OTHERNAME                           2015
-sk_ASN1_STRING_TABLE_new                2016
+ASN1_OCTET_STRING_free                  2016
-EVP_PKEY_rget_RSA                       2017
+ASN1_BIT_STRING_set_asc                 2017
-EVP_PKEY_rget_DH                        2018
+sk_ACCESS_DESCRIPTION_push              2018
-EVP_PKEY_rget_DSA                       2019
+X509_get_ex_new_index                   2019
-X509_PURPOSE_cleanup                    2020
+ASN1_STRING_TABLE_cleanup               2020
-ASN1_STRING_set_default_mask_asc        2021
+X509_TRUST_get_by_id                    2021
-X509_NAME_add_entry_by_txt              2022
+X509_PURPOSE_get_trust                  2022
-X509_NAME_add_entry_by_NID              2023
+ASN1_STRING_length                      2023
-X509_NAME_add_entry_by_OBJ              2024
+d2i_ASN1_SET_OF_ACCESS_DESCRIPTION      2024
-X509_NAME_ENTRY_create_by_txt           2025
+ASN1_PRINTABLESTRING_new                2025
-PEM_read_X509_AUX                       2026
+X509V3_get_d2i                          2026
-X509_CERT_AUX_free                      2027
+ASN1_ENUMERATED_free                    2027
-X509_alias_set                          2028
+i2d_X509_CERT_AUX                       2028
-PEM_read_bio_X509_AUX                   2029
+sk_ACCESS_DESCRIPTION_find              2029
-X509_trust_set_bit_asc                  2030
+X509_STORE_CTX_set_trust                2030
-d2i_X509_AUX                            2031
+sk_X509_PURPOSE_unshift                 2031
-X509_CERT_AUX_print                     2032
+ASN1_STRING_set_default_mask            2032
-ASN1_BIT_STRING_num_asc                 2033
+X509_STORE_CTX_new                      2033
-X509_CERT_AUX_new                       2034
+EVP_PKEY_rget_RSA                       2034
-ASN1_BIT_STRING_set_asc                 2035
+sk_X509_PURPOSE_set                     2035
-i2d_X509_CERT_AUX                       2036
+sk_ASN1_STRING_TABLE_insert             2036
-PEM_write_X509_AUX                      2037
+sk_X509_PURPOSE_sort                    2037
-X509_notrust_set_bit                    2038
+DIRECTORYSTRING_free                    2038
-X509_add_notrust_object                 2039
+PEM_write_X509_AUX                      2039
-PEM_write_bio_X509_AUX                  2040
+ASN1_OCTET_STRING_set                   2040
-X509_alias_get                          2041
+d2i_DSA_PUBKEY_fp                       2041
-X509_trust_set_bit                      2042
+sk_ASN1_STRING_TABLE_free               2042
-d2i_X509_CERT_AUX                       2043
+sk_X509_TRUST_value                     2043
-X509_notrust_set_bit_asc                2044
+d2i_RSA_PUBKEY                          2044
-i2d_X509_AUX                            2045
+sk_ASN1_STRING_TABLE_set                2045
-ASN1_BIT_STRING_name_print              2046
+X509_TRUST_iget_name                    2046
-X509_add_trust_object                   2047
+X509_TRUST_iget                         2047
-OTHERNAME_new                           2048
+AUTHORITY_INFO_ACCESS_free              2048
-i2d_OTHERNAME                           2049
+ASN1_IA5STRING_new                      2049
-CRYPTO_add_info                         2050
+d2i_DSA_PUBKEY                          2050
-d2i_OTHERNAME                           2051
+X509_check_purpose                      2051
-OTHERNAME_free                          2052
+ASN1_ENUMERATED_new                     2052
-X509_cmp                                2053
+d2i_RSA_PUBKEY_bio                      2053
-PEM_write_PUBKEY                        2054
+d2i_PUBKEY                              2054
-PEM_write_bio_RSA_PUBKEY                2055
+X509_TRUST_get_trust                    2055
-d2i_RSA_PUBKEY_fp                       2056
+X509_TRUST_get_flags                    2056
-EVP_PKEY_rset_DSA                       2057
+ASN1_BMPSTRING_free                     2057
-X509_load_cert_crl_file                 2058
+ASN1_T61STRING_new                      2058
-i2d_RSA_PUBKEY                          2059
+sk_X509_TRUST_unshift                   2059
-PEM_read_RSA_PUBKEY                     2060
+ASN1_UTCTIME_new                        2060
-i2d_DSA_PUBKEY                          2061
+sk_ACCESS_DESCRIPTION_pop               2061
-i2d_RSA_PUBKEY_bio                      2062
+i2d_AUTHORITY_INFO_ACCESS               2062
-i2d_PUBKEY                              2063
+EVP_PKEY_rset_RSA                       2063
-PEM_read_bio_PUBKEY                     2064
+X509_STORE_CTX_set_purpose              2064
-PEM_read_PUBKEY                         2065
+ASN1_IA5STRING_free                     2065
-d2i_RSA_PUBKEY                          2066
+PEM_write_bio_X509_AUX                  2066
-d2i_DSA_PUBKEY                          2067
+X509_PURPOSE_get_count                  2067
-d2i_RSA_PUBKEY_bio                      2068
+CRYPTO_add_info                         2068
-d2i_PUBKEY                              2069
+sk_ACCESS_DESCRIPTION_num               2069
-EVP_PKEY_rset_RSA                       2070
+sk_ASN1_STRING_TABLE_set_cmp_func       2070
-PEM_read_bio_RSA_PUBKEY                 2071
+X509_NAME_ENTRY_create_by_txt           2071
-PEM_write_RSA_PUBKEY                    2072
+ASN1_STRING_get_default_mask            2072
-EVP_PKEY_rset_DH                        2073
+sk_X509_TRUST_dup                       2073
-i2d_RSA_PUBKEY_fp                       2074
+X509_alias_get                          2074
-PEM_write_bio_PUBKEY                    2075
+ASN1_STRING_data                        2075
-sk_ACCESS_DESCRIPTION_shift             2076
+sk_X509_TRUST_insert                    2076
-d2i_AUTHORITY_INFO_ACCESS               2077
+i2d_ACCESS_DESCRIPTION                  2077
-sk_ACCESS_DESCRIPTION_delete            2078
+X509_trust_set_bit                      2078
-ACCESS_DESCRIPTION_new                  2079
+sk_X509_PURPOSE_delete_ptr              2079
-d2i_ACCESS_DESCRIPTION                  2080
+ASN1_BIT_STRING_free                    2080
-sk_ACCESS_DESCRIPTION_set               2081
+PEM_read_bio_RSA_PUBKEY                 2081
-i2d_ASN1_SET_OF_ACCESS_DESCRIPTION      2082
+X509_add_reject_object                  2082
-sk_ACCESS_DESCRIPTION_free              2083
+X509_check_trust                        2083
-sk_ACCESS_DESCRIPTION_value             2084
+sk_X509_TRUST_new_null                  2084
-sk_ACCESS_DESCRIPTION_unshift           2085
+sk_ACCESS_DESCRIPTION_new_null          2085
-sk_ACCESS_DESCRIPTION_pop_free          2086
+sk_ACCESS_DESCRIPTION_delete_ptr        2086
-ACCESS_DESCRIPTION_free                 2087
+sk_X509_TRUST_sort                      2087
-sk_ACCESS_DESCRIPTION_dup               2088
+PEM_read_bio_DSA_PUBKEY                 2088
-sk_ACCESS_DESCRIPTION_zero              2089
+sk_X509_TRUST_new                       2089
-sk_ACCESS_DESCRIPTION_new               2090
+X509_PURPOSE_add                        2090
-sk_ACCESS_DESCRIPTION_push              2091
+ASN1_STRING_TABLE_get                   2091
-d2i_ASN1_SET_OF_ACCESS_DESCRIPTION      2092
+ASN1_UTF8STRING_free                    2092
-sk_ACCESS_DESCRIPTION_find              2093
+d2i_DSA_PUBKEY_bio                      2093
-AUTHORITY_INFO_ACCESS_free              2094
+sk_ASN1_STRING_TABLE_delete             2094
-sk_ACCESS_DESCRIPTION_pop               2095
+PEM_write_RSA_PUBKEY                    2095
-i2d_AUTHORITY_INFO_ACCESS               2096
+d2i_OTHERNAME                           2096
-sk_ACCESS_DESCRIPTION_num               2097
+sk_ACCESS_DESCRIPTION_insert            2097
-i2d_ACCESS_DESCRIPTION                  2098
+X509_reject_set_bit                     2098
-sk_ACCESS_DESCRIPTION_new_null          2099
+sk_X509_TRUST_delete_ptr                2099
-sk_ACCESS_DESCRIPTION_delete_ptr        2100
+sk_X509_PURPOSE_pop_free                2100
-sk_ACCESS_DESCRIPTION_insert            2101
+PEM_write_DSA_PUBKEY                    2101
-sk_ACCESS_DESCRIPTION_sort              2102
+sk_X509_PURPOSE_free                    2102
-sk_ACCESS_DESCRIPTION_set_cmp_func      2103
+sk_X509_PURPOSE_dup                     2103
-sk_X509_TRUST_pop                       2104
+sk_ASN1_STRING_TABLE_zero               2104
-X509_cleanup                            2105
+X509_PURPOSE_iget_sname                 2105
-sk_X509_TRUST_set_cmp_func              2106
+sk_ASN1_STRING_TABLE_shift              2106
-X509_PURPOSE_get_by_sname               2107
+EVP_PKEY_rset_DH                        2107
-X509_STORE_CTX_free                     2108
+ASN1_OCTET_STRING_dup                   2108
-sk_X509_TRUST_pop_free                  2109
+ASN1_BIT_STRING_set                     2109
-X509_STORE_CTX_purpose_inherit          2110
+X509_TRUST_get_count                    2110
-sk_X509_TRUST_push                      2111
+ASN1_INTEGER_free                       2111
-X509_PURPOSE_get_id                     2112
+OTHERNAME_free                          2112
-sk_X509_TRUST_find                      2113
+i2d_RSA_PUBKEY_fp                       2113
-X509_TRUST_get_id                       2114
+ASN1_INTEGER_dup                        2114
-X509_TRUST_iget_name                    2115
+d2i_X509_CERT_AUX                       2115
-X509_TRUST_iget                         2116
+sk_ASN1_STRING_TABLE_new_null           2116
-sk_X509_TRUST_unshift                   2117
+PEM_write_bio_PUBKEY                    2117
-X509_PURPOSE_get_count                  2118
+ASN1_VISIBLESTRING_free                 2118
-X509_add_reject_object                  2119
+X509_PURPOSE_cleanup                    2119
-sk_X509_TRUST_new_null                  2120
+sk_ASN1_STRING_TABLE_push               2120
-sk_X509_TRUST_new                       2121
+sk_ASN1_STRING_TABLE_dup                2121
-sk_X509_TRUST_delete_ptr                2122
+sk_X509_PURPOSE_shift                   2122
-X509_PURPOSE_iget_sname                 2123
+ASN1_mbstring_ncopy                     2123
-X509_TRUST_get_count                    2124
+sk_X509_PURPOSE_new                     2124
-X509_reject_set_bit_asc                 2125
+sk_X509_PURPOSE_insert                  2125
-X509_PURPOSE_iget                       2126
+ASN1_GENERALIZEDTIME_new                2126
-sk_X509_TRUST_free                      2127
+sk_ACCESS_DESCRIPTION_sort              2127
-sk_X509_TRUST_num                       2128
+EVP_PKEY_rget_DH                        2128
-X509_init                               2129
+sk_ACCESS_DESCRIPTION_set_cmp_func      2129
-X509_TRUST_add                          2130
+ASN1_OCTET_STRING_new                   2130
-X509_TRUST_add_standard                 2131
+ASN1_INTEGER_new                        2131
-sk_X509_TRUST_zero                      2132
+i2d_X509_AUX                            2132
-sk_X509_TRUST_shift                     2133
+sk_ASN1_STRING_TABLE_find               2133
-X509_TRUST_cleanup                      2134
+ASN1_BIT_STRING_name_print              2134
-sk_X509_TRUST_set                       2135
+X509_cmp                                2135
-X509_TRUST_get_by_id                    2136
+ASN1_STRING_length_set                  2136
-X509_PURPOSE_get_trust                  2137
+DIRECTORYSTRING_new                     2137
-X509_STORE_CTX_set_trust                2138
+sk_ASN1_STRING_TABLE_new                2138
-X509_STORE_CTX_new                      2139
+sk_X509_TRUST_delete                    2139
-sk_X509_TRUST_value                     2140
+X509_add_trust_object                   2140
 X509_TRUST_get_trust                    2141
 X509_STORE_CTX_set_purpose              2142
 sk_X509_TRUST_dup                       2143
 sk_X509_TRUST_insert                    2144
 X509_check_trust                        2145
 sk_X509_TRUST_sort                      2146
 X509_reject_set_bit                     2147
 sk_X509_TRUST_delete                    2148