This commit was manufactured by cvs2svn to create tag 'rsaref'.

A few more constifications of some RSA routines that I forgot
yesterday.
2000-11-07 13:49:47 +00:00 · 2000-11-07 13:49:46 +00:00 · 2000-11-07 13:23:16 +00:00 · 2000-11-07 13:21:09 +00:00 · 2000-11-07 11:25:26 +00:00 · 2000-11-07 09:39:51 +00:00
1261 changed files with 1146 additions and 254861 deletions
--- a/.cvsignore
+++ b/.cvsignore
@@ -1 +0,0 @@
 Makefile.ssl
--- a/833
+++ b/833
@@ -1,833 +0,0 @@
 OpenSSL CHANGES
 _______________
 Changes between 0.9.1c and 0.9.2b
  *) Make SSL_get_peer_cert_chain() work in servers. Unfortunately, it still
     doesn't work when the session is reused. Coming soon!
     [Ben Laurie]
  *) Fix a security hole, that allows sessions to be reused in the wrong
     context thus bypassing client cert protection! All software that uses
     client certs and session caches in multiple contexts NEEDS PATCHING to
     allow session reuse! A fuller solution is in the works.
     [Ben Laurie, problem pointed out by Holger Reif, Bodo Moeller (and ???)]
  *) Some more source tree cleanups (removed obsolete files
     crypto/bf/asm/bf586.pl, test/test.txt and crypto/sha/asm/f.s; changed
     permission on "config" script to be executable) and a fix for the INSTALL
     document.
     [Ulf Moeller <ulf@fitug.de>]
  *) Remove some legacy and erroneous uses of malloc, free instead of
     Malloc, Free.
     [Lennart Bang <lob@netstream.se>, with minor changes by Steve]
  *) Make rsa_oaep_test return non-zero on error.
     [Ulf Moeller <ulf@fitug.de>]
  *) Add support for native Solaris shared libraries. Configure
     solaris-sparc-sc4-pic, make, then run shlib/solaris-sc4.sh. It'd be nice
     if someone would make that last step automatic.
     [Matthias Loepfe <Matthias.Loepfe@AdNovum.CH>]
  *) ctx_size was not built with the right compiler during "make links". Fixed.
     [Ben Laurie]
  *) Change the meaning of 'ALL' in the cipher list. It now means "everything
     except NULL ciphers". This means the default cipher list will no longer
     enable NULL ciphers. They need to be specifically enabled e.g. with
     the string "DEFAULT:eNULL".
     [Steve Henson]
  *) Fix to RSA private encryption routines: if p < q then it would
     occasionally produce an invalid result. This will only happen with
     externally generated keys because OpenSSL (and SSLeay) ensure p > q.
     [Steve Henson]
  *) Be less restrictive and allow also `perl util/perlpath.pl
     /path/to/bin/perl' in addition to `perl util/perlpath.pl /path/to/bin',
     because this way one can also use an interpreter named `perl5' (which is
     usually the name of Perl 5.xxx on platforms where an Perl 4.x is still
     installed as `perl').
     [Matthias Loepfe <Matthias.Loepfe@adnovum.ch>]
  *) Let util/clean-depend.pl work also with older Perl 5.00x versions.
     [Matthias Loepfe <Matthias.Loepfe@adnovum.ch>]
  *) Fix Makefile.org so CC,CFLAG etc are passed to 'make links' add
     advapi32.lib to Win32 build and change the pem test comparision
     to fc.exe (thanks to Ulrich Kroener <kroneru@yahoo.com> for the
     suggestion). Fix misplaced ASNI prototypes and declarations in evp.h
     and crypto/des/ede_cbcm_enc.c.
     [Steve Henson]
  *) DES quad checksum was broken on big-endian architectures. Fixed.
     [Ben Laurie]
  *) Comment out two functions in bio.h that aren't implemented. Fix up the
     Win32 test batch file so it (might) work again. The Win32 test batch file
     is horrible: I feel ill....
     [Steve Henson]
  *) Move various #ifdefs around so NO_SYSLOG, NO_DIRENT etc are now selected
     in e_os.h. Audit of header files to check ANSI and non ANSI
     sections: 10 functions were absent from non ANSI section and not exported
     from Windows DLLs. Fixed up libeay.num for new functions.
     [Steve Henson]
  *) Make `openssl version' output lines consistent.
     [Ralf S. Engelschall]
  *) Fix Win32 symbol export lists for BIO functions: Added
     BIO_get_ex_new_index, BIO_get_ex_num, BIO_get_ex_data and BIO_set_ex_data
     to ms/libeay{16,32}.def.
     [Ralf S. Engelschall]
  *) Second round of fixing the OpenSSL perl/ stuff. It now at least compiled
     fine under Unix and passes some trivial tests I've now added. But the
     whole stuff is horribly incomplete, so a README.1ST with a disclaimer was
     added to make sure no one expects that this stuff really works in the
     OpenSSL 0.9.2 release.  Additionally I've started to clean the XS sources
     up and fixed a few little bugs and inconsistencies in OpenSSL.{pm,xs} and
     openssl_bio.xs.
     [Ralf S. Engelschall]
  *) Fix the generation of two part addresses in perl.
     [Kenji Miyake <kenji@miyake.org>, integrated by Ben Laurie]
  *) Add config entry for Linux on MIPS.
     [John Tobey <jtobey@channel1.com>]
  *) Make links whenever Configure is run, unless we are on Windoze.
     [Ben Laurie]
  *) Permit extensions to be added to CRLs using crl_section in openssl.cnf.
     Currently only issuerAltName and AuthorityKeyIdentifier make any sense
     in CRLs.
     [Steve Henson]
  *) Add a useful kludge to allow package maintainers to specify compiler and
     other platforms details on the command line without having to patch the
     Configure script everytime: One now can use ``perl Configure
     <id>:<details>'', i.e. platform ids are allowed to have details appended
     to them (seperated by colons). This is treated as there would be a static
     pre-configured entry in Configure's %table under key <id> with value
     <details> and ``perl Configure <id>'' is called.  So, when you want to
     perform a quick test-compile under FreeBSD 3.1 with pgcc and without
     assembler stuff you can use ``perl Configure "FreeBSD-elf:pgcc:-O6:::"''
     now, which overrides the FreeBSD-elf entry on-the-fly.
     [Ralf S. Engelschall]
  *) Disable new TLS1 ciphersuites by default: they aren't official yet.
     [Ben Laurie]
  *) Allow DSO flags like -fpic, -fPIC, -KPIC etc. to be specified
     on the `perl Configure ...' command line. This way one can compile
     OpenSSL libraries with Position Independent Code (PIC) which is needed
     for linking it into DSOs.
     [Ralf S. Engelschall]
  *) Remarkably, export ciphers were totally broken and no-one had noticed!
     Fixed.
     [Ben Laurie]
  *) Cleaned up the LICENSE document: The official contact for any license
     questions now is the OpenSSL core team under openssl-core@openssl.org.
     And add a paragraph about the dual-license situation to make sure people
     recognize that _BOTH_ the OpenSSL license _AND_ the SSLeay license apply
     to the OpenSSL toolkit.
     [Ralf S. Engelschall]
  *) General source tree makefile cleanups: Made `making xxx in yyy...'
     display consistent in the source tree and replaced `/bin/rm' by `rm'.
     Additonally cleaned up the `make links' target: Remove unnecessary
     semicolons, subsequent redundant removes, inline point.sh into mklink.sh
     to speed processing and no longer clutter the display with confusing
     stuff. Instead only the actually done links are displayed.
     [Ralf S. Engelschall]
  *) Permit null encryption ciphersuites, used for authentication only. It used
     to be necessary to set the preprocessor define SSL_ALLOW_ENULL to do this.
     It is now necessary to set SSL_FORBID_ENULL to prevent the use of null
     encryption.
     [Ben Laurie]
  *) Add a bunch of fixes to the PKCS#7 stuff. It used to sometimes reorder
     signed attributes when verifying signatures (this would break them), 
     the detached data encoding was wrong and public keys obtained using
     X509_get_pubkey() weren't freed.
     [Steve Henson]
  *) Add text documentation for the BUFFER functions. Also added a work around
     to a Win95 console bug. This was triggered by the password read stuff: the
     last character typed gets carried over to the next fread(). If you were 
     generating a new cert request using 'req' for example then the last
     character of the passphrase would be CR which would then enter the first
     field as blank.
     [Steve Henson]
  *) Added the new `Includes OpenSSL Cryptography Software' button as
     doc/openssl_button.{gif,html} which is similar in style to the old SSLeay
     button and can be used by applications based on OpenSSL to show the
     relationship to the OpenSSL project.  
     [Ralf S. Engelschall]
  *) Remove confusing variables in function signatures in files
     ssl/ssl_lib.c and ssl/ssl.h.
     [Lennart Bong <lob@kulthea.stacken.kth.se>]
  *) Don't install bss_file.c under PREFIX/include/
     [Lennart Bong <lob@kulthea.stacken.kth.se>]
  *) Get the Win32 compile working again. Modify mkdef.pl so it can handle
     functions that return function pointers and has support for NT specific
     stuff. Fix mk1mf.pl and VC-32.pl to support NT differences also. Various
     #ifdef WIN32 and WINNTs sprinkled about the place and some changes from
     unsigned to signed types: this was killing the Win32 compile.
     [Steve Henson]
  *) Add new certificate file to stack functions,
     SSL_add_dir_cert_subjects_to_stack() and
     SSL_add_file_cert_subjects_to_stack().  These largely supplant
     SSL_load_client_CA_file(), and can be used to add multiple certs easily
     to a stack (usually this is then handed to SSL_CTX_set_client_CA_list()).
     This means that Apache-SSL and similar packages don't have to mess around
     to add as many CAs as they want to the preferred list.
     [Ben Laurie]
  *) Experiment with doxygen documentation. Currently only partially applied to
     ssl/ssl_lib.c.
     See http://www.stack.nl/~dimitri/doxygen/index.html, and run doxygen with
     openssl.doxy as the configuration file.
     [Ben Laurie]
  *) Get rid of remaining C++-style comments which strict C compilers hate.
     [Ralf S. Engelschall, pointed out by Carlos Amengual]
  *) Changed BN_RECURSION in bn_mont.c to BN_RECURSION_MONT so it is not
     compiled in by default: it has problems with large keys.
     [Steve Henson]
  *) Add a bunch of SSL_xxx() functions for configuring the temporary RSA and
     DH private keys and/or callback functions which directly correspond to
     their SSL_CTX_xxx() counterparts but work on a per-connection basis. This
     is needed for applications which have to configure certificates on a
     per-connection basis (e.g. Apache+mod_ssl) instead of a per-context basis
     (e.g. s_server). 
        For the RSA certificate situation is makes no difference, but
     for the DSA certificate situation this fixes the "no shared cipher"
     problem where the OpenSSL cipher selection procedure failed because the
     temporary keys were not overtaken from the context and the API provided
     no way to reconfigure them. 
        The new functions now let applications reconfigure the stuff and they
     are in detail: SSL_need_tmp_RSA, SSL_set_tmp_rsa, SSL_set_tmp_dh,
     SSL_set_tmp_rsa_callback and SSL_set_tmp_dh_callback.  Additionally a new
     non-public-API function ssl_cert_instantiate() is used as a helper
     function and also to reduce code redundancy inside ssl_rsa.c.
     [Ralf S. Engelschall]
  *) Move s_server -dcert and -dkey options out of the undocumented feature
     area because they are useful for the DSA situation and should be
     recognized by the users.
     [Ralf S. Engelschall]
  *) Fix the cipher decision scheme for export ciphers: the export bits are
     *not* within SSL_MKEY_MASK or SSL_AUTH_MASK, they are within
     SSL_EXP_MASK.  So, the original variable has to be used instead of the
     already masked variable.
     [Richard Levitte <levitte@stacken.kth.se>]
  *) Fix 'port' variable from `int' to `unsigned int' in crypto/bio/b_sock.c
     [Richard Levitte <levitte@stacken.kth.se>]
  *) Change type of another md_len variable in pk7_doit.c:PKCS7_dataFinal()
     from `int' to `unsigned int' because it's a length and initialized by
     EVP_DigestFinal() which expects an `unsigned int *'.
     [Richard Levitte <levitte@stacken.kth.se>]
  *) Don't hard-code path to Perl interpreter on shebang line of Configure
     script. Instead use the usual Shell->Perl transition trick.
     [Ralf S. Engelschall]
  *) Make `openssl x509 -noout -modulus' functional also for DSA certificates
     (in addition to RSA certificates) to match the behaviour of `openssl dsa
     -noout -modulus' as it's already the case for `openssl rsa -noout
     -modulus'.  For RSA the -modulus is the real "modulus" while for DSA
     currently the public key is printed (a decision which was already done by
     `openssl dsa -modulus' in the past) which serves a similar purpose.
     Additionally the NO_RSA no longer completely removes the whole -modulus
     option; it now only avoids using the RSA stuff. Same applies to NO_DSA
     now, too.
     [Ralf S.  Engelschall]
  *) Add Arne Ansper's reliable BIO - this is an encrypted, block-digested
     BIO. See the source (crypto/evp/bio_ok.c) for more info.
     [Arne Ansper <arne@ats.cyber.ee>]
  *) Dump the old yucky req code that tried (and failed) to allow raw OIDs
     to be added. Now both 'req' and 'ca' can use new objects defined in the
     config file.
     [Steve Henson]
  *) Add cool BIO that does syslog (or event log on NT).
     [Arne Ansper <arne@ats.cyber.ee>, integrated by Ben Laurie]
  *) Add support for new TLS ciphersuites, TLS_RSA_EXPORT56_WITH_RC4_56_MD5,
     TLS_RSA_EXPORT56_WITH_RC2_CBC_56_MD5 and
     TLS_RSA_EXPORT56_WITH_DES_CBC_SHA, as specified in "56-bit Export Cipher
     Suites For TLS", draft-ietf-tls-56-bit-ciphersuites-00.txt.
     [Ben Laurie]
  *) Add preliminary config info for new extension code.
     [Steve Henson]
  *) Make RSA_NO_PADDING really use no padding.
     [Ulf Moeller <ulf@fitug.de>]
  *) Generate errors when private/public key check is done.
     [Ben Laurie]
  *) Overhaul for 'crl' utility. New function X509_CRL_print. Partial support
     for some CRL extensions and new objects added.
     [Steve Henson]
  *) Really fix the ASN1 IMPLICIT bug this time... Partial support for private
     key usage extension and fuller support for authority key id.
     [Steve Henson]
  *) Add OAEP encryption for the OpenSSL crypto library. OAEP is the improved
     padding method for RSA, which is recommended for new applications in PKCS
     #1 v2.0 (RFC 2437, October 1998).
     OAEP (Optimal Asymmetric Encryption Padding) has better theoretical
     foundations than the ad-hoc padding used in PKCS #1 v1.5. It is secure
     against Bleichbacher's attack on RSA.
     [Ulf Moeller <ulf@fitug.de>, reformatted, corrected and integrated by
      Ben Laurie]
  *) Updates to the new SSL compression code
     [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]
  *) Fix so that the version number in the master secret, when passed
     via RSA, checks that if TLS was proposed, but we roll back to SSLv3
     (because the server will not accept higher), that the version number
     is 0x03,0x01, not 0x03,0x00
     [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]
  *) Run extensive memory leak checks on SSL apps. Fixed *lots* of memory
     leaks in ssl/ relating to new X509_get_pubkey() behaviour. Also fixes
     in apps/ and an unrelated leak in crypto/dsa/dsa_vrf.c
     [Steve Henson]
  *) Support for RAW extensions where an arbitrary extension can be
     created by including its DER encoding. See apps/openssl.cnf for
     an example.
     [Steve Henson]
  *) Make sure latest Perl versions don't interpret some generated C array
     code as Perl array code in the crypto/err/err_genc.pl script.
     [Lars Weber <3weber@informatik.uni-hamburg.de>]
  *) Modify ms/do_ms.bat to not generate assembly language makefiles since
     not many people have the assembler. Various Win32 compilation fixes and
     update to the INSTALL.W32 file with (hopefully) more accurate Win32
     build instructions.
     [Steve Henson]
  *) Modify configure script 'Configure' to automatically create crypto/date.h
     file under Win32 and also build pem.h from pem.org. New script
     util/mkfiles.pl to create the MINFO file on environments that can't do a
     'make files': perl util/mkfiles.pl >MINFO should work.
     [Steve Henson]
  *) Major rework of DES function declarations, in the pursuit of correctness
     and purity. As a result, many evil casts evaporated, and some weirdness,
     too. You may find this causes warnings in your code. Zapping your evil
     casts will probably fix them. Mostly.
     [Ben Laurie]
  *) Fix for a typo in asn1.h. Bug fix to object creation script
     obj_dat.pl. It considered a zero in an object definition to mean
     "end of object": none of the objects in objects.h have any zeros
     so it wasn't spotted.
     [Steve Henson, reported by Erwann ABALEA <eabalea@certplus.com>]
  *) Add support for Triple DES Cipher Block Chaining with Output Feedback
     Masking (CBCM). In the absence of test vectors, the best I have been able
     to do is check that the decrypt undoes the encrypt, so far. Send me test
     vectors if you have them.
     [Ben Laurie]
  *) Correct calculation of key length for export ciphers (too much space was
     allocated for null ciphers). This has not been tested!
     [Ben Laurie]
  *) Modifications to the mkdef.pl for Win32 DEF file creation. The usage
     message is now correct (it understands "crypto" and "ssl" on its
     command line). There is also now an "update" option. This will update
     the util/ssleay.num and util/libeay.num files with any new functions.
     If you do a: 
     perl util/mkdef.pl crypto ssl update
     it will update them.
     [Steve Henson]
  *) Overhauled the Perl interface (perl/*):
     - ported BN stuff to OpenSSL's different BN library
     - made the perl/ source tree CVS-aware
     - renamed the package from SSLeay to OpenSSL (the files still contain
       their history because I've copied them in the repository)
     - removed obsolete files (the test scripts will be replaced
       by better Test::Harness variants in the future)
     [Ralf S. Engelschall]
  *) First cut for a very conservative source tree cleanup:
     1. merge various obsolete readme texts into doc/ssleay.txt
     where we collect the old documents and readme texts.
     2. remove the first part of files where I'm already sure that we no
     longer need them because of three reasons: either they are just temporary
     files which were left by Eric or they are preserved original files where
     I've verified that the diff is also available in the CVS via "cvs diff
     -rSSLeay_0_8_1b" or they were renamed (as it was definitely the case for
     the crypto/md/ stuff).
     [Ralf S. Engelschall]
  *) More extension code. Incomplete support for subject and issuer alt
     name, issuer and authority key id. Change the i2v function parameters
     and add an extra 'crl' parameter in the X509V3_CTX structure: guess
     what that's for :-) Fix to ASN1 macro which messed up
     IMPLICIT tag and add f_enum.c which adds a2i, i2a for ENUMERATED.
     [Steve Henson]
  *) Preliminary support for ENUMERATED type. This is largely copied from the
     INTEGER code.
     [Steve Henson]
  *) Add new function, EVP_MD_CTX_copy() to replace frequent use of memcpy.
     [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]
  *) Make sure `make rehash' target really finds the `openssl' program.
     [Ralf S. Engelschall, Matthias Loepfe <Matthias.Loepfe@adnovum.ch>]
  *) Squeeze another 7% of speed out of MD5 assembler, at least on a P2. I'd
     like to hear about it if this slows down other processors.
     [Ben Laurie]
  *) Add CygWin32 platform information to Configure script.
     [Alan Batie <batie@aahz.jf.intel.com>]
  *) Fixed ms/32all.bat script: `no_asm' -> `no-asm'
     [Rainer W. Gerling <gerling@mpg-gv.mpg.de>]
  *) New program nseq to manipulate netscape certificate sequences
     [Steve Henson]
  *) Modify crl2pkcs7 so it supports multiple -certfile arguments. Fix a
     few typos.
     [Steve Henson]
  *) Fixes to BN code.  Previously the default was to define BN_RECURSION
     but the BN code had some problems that would cause failures when
     doing certificate verification and some other functions.
     [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]
  *) Add ASN1 and PEM code to support netscape certificate sequences.
     [Steve Henson]
  *) Add ASN1 and PEM code to support netscape certificate sequences.
     [Steve Henson]
  *) Add several PKIX and private extended key usage OIDs.
     [Steve Henson]
  *) Modify the 'ca' program to handle the new extension code. Modify
     openssl.cnf for new extension format, add comments.
     [Steve Henson]
  *) More X509 V3 changes. Fix typo in v3_bitstr.c. Add support to 'req'
     and add a sample to openssl.cnf so req -x509 now adds appropriate
     CA extensions.
     [Steve Henson]
  *) Continued X509 V3 changes. Add to other makefiles, integrate with the
     error code, add initial support to X509_print() and x509 application.
     [Steve Henson]
  *) Takes a deep breath and start addding X509 V3 extension support code. Add
     files in crypto/x509v3. Move original stuff to crypto/x509v3/old. All this
     stuff is currently isolated and isn't even compiled yet.
     [Steve Henson]
  *) Continuing patches for GeneralizedTime. Fix up certificate and CRL
     ASN1 to use ASN1_TIME and modify print routines to use ASN1_TIME_print.
     Removed the versions check from X509 routines when loading extensions:
     this allows certain broken certificates that don't set the version
     properly to be processed.
     [Steve Henson]
  *) Deal with irritating shit to do with dependencies, in YAAHW (Yet Another
     Ad Hoc Way) - Makefile.ssls now all contain local dependencies, which
     can still be regenerated with "make depend".
     [Ben Laurie]
  *) Spelling mistake in C version of CAST-128.
     [Ben Laurie, reported by Jeremy Hylton <jeremy@cnri.reston.va.us>]
  *) Changes to the error generation code. The perl script err-code.pl 
     now reads in the old error codes and retains the old numbers, only
     adding new ones if necessary. It also only changes the .err files if new
     codes are added. The makefiles have been modified to only insert errors
     when needed (to avoid needlessly modifying header files). This is done
     by only inserting errors if the .err file is newer than the auto generated
     C file. To rebuild all the error codes from scratch (the old behaviour)
     either modify crypto/Makefile.ssl to pass the -regen flag to err_code.pl
     or delete all the .err files.
     [Steve Henson]
  *) CAST-128 was incorrectly implemented for short keys. The C version has
     been fixed, but is untested. The assembler versions are also fixed, but
     new assembler HAS NOT BEEN GENERATED FOR WIN32 - the Makefile needs fixing
     to regenerate it if needed.
     [Ben Laurie, reported (with fix for C version) by Jun-ichiro itojun
      Hagino <itojun@kame.net>]
  *) File was opened incorrectly in randfile.c.
     [Ulf M<>ller <ulf@fitug.de>]
  *) Beginning of support for GeneralizedTime. d2i, i2d, check and print
     functions. Also ASN1_TIME suite which is a CHOICE of UTCTime or
     GeneralizedTime. ASN1_TIME is the proper type used in certificates et
     al: it's just almost always a UTCTime. Note this patch adds new error
     codes so do a "make errors" if there are problems.
     [Steve Henson]
  *) Correct Linux 1 recognition in config.
     [Ulf M<>ller <ulf@fitug.de>]
  *) Remove pointless MD5 hash when using DSA keys in ca.
     [Anonymous <nobody@replay.com>]
  *) Generate an error if given an empty string as a cert directory. Also
     generate an error if handed NULL (previously returned 0 to indicate an
     error, but didn't set one).
     [Ben Laurie, reported by Anonymous <nobody@replay.com>]
  *) Add prototypes to SSL methods. Make SSL_write's buffer const, at last.
     [Ben Laurie]
  *) Fix the dummy function BN_ref_mod_exp() in rsaref.c to have the correct
     parameters. This was causing a warning which killed off the Win32 compile.
     [Steve Henson]
  *) Remove C++ style comments from crypto/bn/bn_local.h.
     [Neil Costigan <neil.costigan@celocom.com>]
  *) The function OBJ_txt2nid was broken. It was supposed to return a nid
     based on a text string, looking up short and long names and finally
     "dot" format. The "dot" format stuff didn't work. Added new function
     OBJ_txt2obj to do the same but return an ASN1_OBJECT and rewrote 
     OBJ_txt2nid to use it. OBJ_txt2obj can also return objects even if the
     OID is not part of the table.
     [Steve Henson]
  *) Add prototypes to X509 lookup/verify methods, fixing a bug in
     X509_LOOKUP_by_alias().
     [Ben Laurie]
  *) Sort openssl functions by name.
     [Ben Laurie]
  *) Get the gendsa program working (hopefully) and add it to app list. Remove
     encryption from sample DSA keys (in case anyone is interested the password
     was "1234").
     [Steve Henson]
  *) Make _all_ *_free functions accept a NULL pointer.
     [Frans Heymans <fheymans@isaserver.be>]
  *) If a DH key is generated in s3_srvr.c, don't blow it by trying to use
     NULL pointers.
     [Anonymous <nobody@replay.com>]
  *) s_server should send the CAfile as acceptable CAs, not its own cert.
     [Bodo Moeller <3moeller@informatik.uni-hamburg.de>]
  *) Don't blow it for numeric -newkey arguments to apps/req.
     [Bodo Moeller <3moeller@informatik.uni-hamburg.de>]
  *) Temp key "for export" tests were wrong in s3_srvr.c.
     [Anonymous <nobody@replay.com>]
  *) Add prototype for temp key callback functions
     SSL_CTX_set_tmp_{rsa,dh}_callback().
     [Ben Laurie]
  *) Make DH_free() tolerate being passed a NULL pointer (like RSA_free() and
     DSA_free()). Make X509_PUBKEY_set() check for errors in d2i_PublicKey().
     [Steve Henson]
  *) X509_name_add_entry() freed the wrong thing after an error.
     [Arne Ansper <arne@ats.cyber.ee>]
  *) rsa_eay.c would attempt to free a NULL context.
     [Arne Ansper <arne@ats.cyber.ee>]
  *) BIO_s_socket() had a broken should_retry() on Windoze.
     [Arne Ansper <arne@ats.cyber.ee>]
  *) BIO_f_buffer() didn't pass on BIO_CTRL_FLUSH.
     [Arne Ansper <arne@ats.cyber.ee>]
  *) Make sure the already existing X509_STORE->depth variable is initialized
     in X509_STORE_new(), but document the fact that this variable is still
     unused in the certificate verification process.
     [Ralf S. Engelschall]
  *) Fix the various library and apps files to free up pkeys obtained from
     X509_PUBKEY_get() et al. Also allow x509.c to handle netscape extensions.
     [Steve Henson]
  *) Fix reference counting in X509_PUBKEY_get(). This makes
     demos/maurice/example2.c work, amongst others, probably.
     [Steve Henson and Ben Laurie]
  *) First cut of a cleanup for apps/. First the `ssleay' program is now named
     `openssl' and second, the shortcut symlinks for the `openssl <command>'
     are no longer created. This way we have a single and consistent command
     line interface `openssl <command>', similar to `cvs <command>'.
     [Ralf S. Engelschall, Paul Sutton and Ben Laurie]
  *) ca.c: move test for DSA keys inside #ifndef NO_DSA. Make pubkey
     BIT STRING wrapper always have zero unused bits.
     [Steve Henson]
  *) Add CA.pl, perl version of CA.sh, add extended key usage OID.
     [Steve Henson]
  *) Make the top-level INSTALL documentation easier to understand.
     [Paul Sutton]
  *) Makefiles updated to exit if an error occurs in a sub-directory
     make (including if user presses ^C) [Paul Sutton]
  *) Make Montgomery context stuff explicit in RSA data structure.
     [Ben Laurie]
  *) Fix build order of pem and err to allow for generated pem.h.
     [Ben Laurie]
  *) Fix renumbering bug in X509_NAME_delete_entry().
     [Ben Laurie]
  *) Enhanced the err-ins.pl script so it makes the error library number 
     global and can add a library name. This is needed for external ASN1 and
     other error libraries.
     [Steve Henson]
  *) Fixed sk_insert which never worked properly.
     [Steve Henson]
  *) Fix ASN1 macros so they can handle indefinite length construted 
     EXPLICIT tags. Some non standard certificates use these: they can now
     be read in.
     [Steve Henson]
  *) Merged the various old/obsolete SSLeay documentation files (doc/xxx.doc)
     into a single doc/ssleay.txt bundle. This way the information is still
     preserved but no longer messes up this directory. Now it's new room for
     the new set of documenation files.
     [Ralf S. Engelschall]
  *) SETs were incorrectly DER encoded. This was a major pain, because they
     shared code with SEQUENCEs, which aren't coded the same. This means that
     almost everything to do with SETs or SEQUENCEs has either changed name or
     number of arguments.
     [Ben Laurie, based on a partial fix by GP Jayan <gp@nsj.co.jp>]
  *) Fix test data to work with the above.
     [Ben Laurie]
  *) Fix the RSA header declarations that hid a bug I fixed in 0.9.0b but
     was already fixed by Eric for 0.9.1 it seems.
     [Ben Laurie - pointed out by Ulf M<>ller <ulf@fitug.de>]
  *) Autodetect FreeBSD3.
     [Ben Laurie]
  *) Fix various bugs in Configure. This affects the following platforms:
     nextstep
     ncr-scde
     unixware-2.0
     unixware-2.0-pentium
     sco5-cc.
     [Ben Laurie]
  *) Eliminate generated files from CVS. Reorder tests to regenerate files
     before they are needed.
     [Ben Laurie]
  *) Generate Makefile.ssl from Makefile.org (to keep CVS happy).
     [Ben Laurie]
 Changes between 0.9.1b and 0.9.1c
  *) Added OPENSSL_VERSION_NUMBER to crypto/crypto.h and 
     changed SSLeay to OpenSSL in version strings.
     [Ralf S. Engelschall]
  *) Some fixups to the top-level documents.
     [Paul Sutton]
  *) Fixed the nasty bug where rsaref.h was not found under compile-time
     because the symlink to include/ was missing.
     [Ralf S. Engelschall]
  *) Incorporated the popular no-RSA/DSA-only patches 
     which allow to compile a RSA-free SSLeay.
     [Andrew Cooke / Interrader Ldt., Ralf S. Engelschall]
  *) Fixed nasty rehash problem under `make -f Makefile.ssl links'
     when "ssleay" is still not found.
     [Ralf S. Engelschall]
  *) Added more platforms to Configure: Cray T3E, HPUX 11, 
     [Ralf S. Engelschall, Beckmann <beckman@acl.lanl.gov>]
  *) Updated the README file.
     [Ralf S. Engelschall]
  *) Added various .cvsignore files in the CVS repository subdirs
     to make a "cvs update" really silent.
     [Ralf S. Engelschall]
  *) Recompiled the error-definition header files and added
     missing symbols to the Win32 linker tables.
     [Ralf S. Engelschall]
  *) Cleaned up the top-level documents;
     o new files: CHANGES and LICENSE
     o merged VERSION, HISTORY* and README* files a CHANGES.SSLeay 
     o merged COPYRIGHT into LICENSE
     o removed obsolete TODO file
     o renamed MICROSOFT to INSTALL.W32
     [Ralf S. Engelschall]
  *) Removed dummy files from the 0.9.1b source tree: 
     crypto/asn1/x crypto/bio/cd crypto/bio/fg crypto/bio/grep crypto/bio/vi
     crypto/bn/asm/......add.c crypto/bn/asm/a.out crypto/dsa/f crypto/md5/f
     crypto/pem/gmon.out crypto/perlasm/f crypto/pkcs7/build crypto/rsa/f
     crypto/sha/asm/f crypto/threads/f ms/zzz ssl/f ssl/f.mak test/f
     util/f.mak util/pl/f util/pl/f.mak crypto/bf/bf_locl.old apps/f
     [Ralf S. Engelschall]
  *) Added various platform portability fixes.
     [Mark J. Cox]
  *) The Genesis of the OpenSSL rpject:
     We start with the latest (unreleased) SSLeay version 0.9.1b which Eric A.
     Young and Tim J. Hudson created while they were working for C2Net until
     summer 1998.
     [The OpenSSL Project]
 Changes between 0.9.0b and 0.9.1b
  *) Updated a few CA certificates under certs/
     [Eric A. Young]
  *) Changed some BIGNUM api stuff.
     [Eric A. Young]
  *) Various platform ports: OpenBSD, Ultrix, IRIX 64bit, NetBSD, 
     DGUX x86, Linux Alpha, etc.
     [Eric A. Young]
  *) New COMP library [crypto/comp/] for SSL Record Layer Compression: 
     RLE (dummy implemented) and ZLIB (really implemented when ZLIB is
     available).
     [Eric A. Young]
  *) Add -strparse option to asn1pars program which parses nested 
     binary structures 
     [Dr Stephen Henson <shenson@bigfoot.com>]
  *) Added "oid_file" to ssleay.cnf for "ca" and "req" programs.
     [Eric A. Young]
  *) DSA fix for "ca" program.
     [Eric A. Young]
  *) Added "-genkey" option to "dsaparam" program.
     [Eric A. Young]
  *) Added RIPE MD160 (rmd160) message digest.
     [Eric A. Young]
  *) Added -a (all) option to "ssleay version" command.
     [Eric A. Young]
  *) Added PLATFORM define which is the id given to Configure.
     [Eric A. Young]
  *) Added MemCheck_XXXX functions to crypto/mem.c for memory checking.
     [Eric A. Young]
  *) Extended the ASN.1 parser routines.
     [Eric A. Young]
  *) Extended BIO routines to support REUSEADDR, seek, tell, etc.
     [Eric A. Young]
  *) Added a BN_CTX to the BN library.
     [Eric A. Young]
  *) Fixed the weak key values in DES library
     [Eric A. Young]
  *) Changed API in EVP library for cipher aliases.
     [Eric A. Young]
  *) Added support for RC2/64bit cipher.
     [Eric A. Young]
  *) Converted the lhash library to the crypto/mem.c functions.
     [Eric A. Young]
  *) Added more recognized ASN.1 object ids.
     [Eric A. Young]
  *) Added more RSA padding checks for SSL/TLS.
     [Eric A. Young]
  *) Added BIO proxy/filter functionality.
     [Eric A. Young]
  *) Added extra_certs to SSL_CTX which can be used
     send extra CA certificates to the client in the CA cert chain sending
     process. It can be configured with SSL_CTX_add_extra_chain_cert().
     [Eric A. Young]
  *) Now Fortezza is denied in the authentication phase because
     this is key exchange mechanism is not supported by SSLeay at all.
     [Eric A. Young]
  *) Additional PKCS1 checks.
     [Eric A. Young]
  *) Support the string "TLSv1" for all TLS v1 ciphers.
     [Eric A. Young]
  *) Added function SSL_get_ex_data_X509_STORE_CTX_idx() which gives the
     ex_data index of the SSL context in the X509_STORE_CTX ex_data.
     [Eric A. Young]
  *) Fixed a few memory leaks.
     [Eric A. Young]
  *) Fixed various code and comment typos.
     [Eric A. Young]
  *) A minor bug in ssl/s3_clnt.c where there would always be 4 0 
     bytes sent in the client random.
     [Edward Bishop <ebishop@spyglass.com>]
--- a/CHANGES.SSLeay
+++ b/CHANGES.SSLeay
@@ -1,968 +0,0 @@
 This file contains the changes for the SSLeay library up to version
 0.9.0b. For later changes, see the file "CHANGES".
  SSLeay CHANGES
  ______________
 Changes between 0.8.x and 0.9.0b
 10-Apr-1998
 I said the next version would go out at easter, and so it shall.
 I expect a 0.9.1 will follow with portability fixes in the next few weeks.
 This is a quick, meet the deadline.  Look to ssl-users for comments on what
 is new etc.
 eric (about to go bushwalking for the 4 day easter break :-)
 16-Mar-98
    - Patch for Cray T90 from Wayne Schroeder <schroede@SDSC.EDU>
    - Lots and lots of changes
 29-Jan-98
    - ASN1_BIT_STRING_set_bit()/ASN1_BIT_STRING_get_bit() from
      Goetz Babin-Ebell <babinebell@trustcenter.de>.
    - SSL_version() now returns SSL2_VERSION, SSL3_VERSION or
      TLS1_VERSION.
 7-Jan-98
    - Finally reworked the cipher string to ciphers again, so it
      works correctly
    - All the app_data stuff is now ex_data with funcion calls to access.
      The index is supplied by a function and 'methods' can be setup
      for the types that are called on XXX_new/XXX_free.  This lets
      applications get notified on creation and destruction.  Some of
      the RSA methods could be implemented this way and I may do so.
    - Oh yes, SSL under perl5 is working at the basic level.
 15-Dec-97
    - Warning - the gethostbyname cache is not fully thread safe,
      but it should work well enough.
    - Major internal reworking of the app_data stuff.  More functions
      but if you were accessing ->app_data directly, things will
      stop working.
    - The perlv5 stuff is working.  Currently on message digests,
      ciphers and the bignum library.
 9-Dec-97
    - Modified re-negotiation so that server initated re-neg
      will cause a SSL_read() to return -1 should retry.
      The danger otherwise was that the server and the
      client could end up both trying to read when using non-blocking
      sockets.
 4-Dec-97
    - Lots of small changes
    - Fix for binaray mode in Windows for the FILE BIO, thanks to
      Bob Denny <rdenny@dc3.com>
 17-Nov-97
    - Quite a few internal cleanups, (removal of errno, and using macros
      defined in e_os.h).
    - A bug in ca.c, pointed out by yasuyuki-ito@d-cruise.co.jp, where
      the automactic naming out output files was being stuffed up.
 29-Oct-97
    - The Cast5 cipher has been added.  MD5 and SHA-1 are now in assember
      for x86.
 21-Oct-97
    - Fixed a bug in the BIO_gethostbyname() cache.
 15-Oct-97
    - cbc mode for blowfish/des/3des is now in assember.  Blowfish asm
      has also been improved.  At this point in time, on the pentium,
      md5 is %80 faster, the unoptimesed sha-1 is %79 faster,
      des-cbc is %28 faster, des-ede3-cbc is %9 faster and blowfish-cbc
      is %62 faster.
 12-Oct-97
    - MEM_BUF_grow() has been fixed so that it always sets the buf->length
      to the value we are 'growing' to.  Think of MEM_BUF_grow() as the
      way to set the length value correctly.
 10-Oct-97
    - I now hash for certificate lookup on the raw DER encoded RDN (md5).
      This breaks things again :-(.  This is efficent since I cache
      the DER encoding of the RDN.
    - The text DN now puts in the numeric OID instead of UNKNOWN.
    - req can now process arbitary OIDs in the config file.
    - I've been implementing md5 in x86 asm, much faster :-).
    - Started sha1 in x86 asm, needs more work.
    - Quite a few speedups in the BN stuff.  RSA public operation
      has been made faster by caching the BN_MONT_CTX structure.
      The calulating of the Ai where A*Ai === 1 mod m was rather
      expensive.  Basically a 40-50% speedup on public operations.
      The RSA speedup is now 15% on pentiums and %20 on pentium
      pro.
 30-Sep-97
    - After doing some profiling, I added x86 adm for bn_add_words(),
      which just adds 2 arrays of longs together.  A %10 speedup
      for 512 and 1024 bit RSA on the pentium pro.
 29-Sep-97
    - Converted the x86 bignum assembler to us the perl scripts
      for generation.
 23-Sep-97
    - If SSL_set_session() is passed a NULL session, it now clears the
      current session-id.
 22-Sep-97
    - Added a '-ss_cert file' to apps/ca.c.  This will sign selfsigned
      certificates.
    - Bug in crypto/evp/encode.c where by decoding of 65 base64
      encoded lines, one line at a time (via a memory BIO) would report
      EOF after the first line was decoded.
    - Fix in X509_find_by_issuer_and_serial() from
      Dr Stephen Henson <shenson@bigfoot.com>
 19-Sep-97
    - NO_FP_API and NO_STDIO added.
    - Put in sh config command.  It auto runs Configure with the correct
      parameters.
 18-Sep-97
    - Fix x509.c so if a DSA cert has different parameters to its parent,
      they are left in place.  Not tested yet.
 16-Sep-97
    - ssl_create_cipher_list() had some bugs, fixes from
      Patrick Eisenacher <eisenach@stud.uni-frankfurt.de>
    - Fixed a bug in the Base64 BIO, where it would return 1 instead
      of -1 when end of input was encountered but should retry.
      Basically a Base64/Memory BIO interaction problem.
    - Added a HMAC set of functions in preporarion for TLS work.
 15-Sep-97
    - Top level makefile tweak - Cameron Simpson <cs@zip.com.au>
    - Prime generation spead up %25 (512 bit prime, pentium pro linux)
      by using montgomery multiplication in the prime number test.
 11-Sep-97
    - Ugly bug in ssl3_write_bytes().  Basically if application land
      does a SSL_write(ssl,buf,len) where len > 16k, the SSLv3 write code
      did not check the size and tried to copy the entire buffer.
      This would tend to cause memory overwrites since SSLv3 has
      a maximum packet size of 16k.  If your program uses
      buffers <= 16k, you would probably never see this problem.
    - Fixed a new errors that were cause by malloc() not returning
      0 initialised memory..
    - SSL_OP_NETSCAPE_CA_DN_BUG was being switched on when using
      SSL_CTX_set_options(ssl_ctx,SSL_OP_ALL); which was a bad thing
      since this flags stops SSLeay being able to handle client
      cert requests correctly.
 08-Sep-97
    - SSL_SESS_CACHE_NO_INTERNAL_LOOKUP option added.  When switched
      on, the SSL server routines will not use a SSL_SESSION that is
      held in it's cache.  This in intended to be used with the session-id
      callbacks so that while the session-ids are still stored in the
      cache, the decision to use them and how to look them up can be
      done by the callbacks.  The are the 'new', 'get' and 'remove'
      callbacks.  This can be used to determine the session-id
      to use depending on information like which port/host the connection
      is coming from.  Since the are also SSL_SESSION_set_app_data() and
      SSL_SESSION_get_app_data() functions, the application can hold
      information against the session-id as well.
 03-Sep-97
    - Added lookup of CRLs to the by_dir method,
      X509_load_crl_file() also added.  Basically it means you can
      lookup CRLs via the same system used to lookup certificates.
    - Changed things so that the X509_NAME structure can contain
      ASN.1 BIT_STRINGS which is required for the unique
      identifier OID.
    - Fixed some problems with the auto flushing of the session-id
      cache.  It was not occuring on the server side.
 02-Sep-97
    - Added SSL_CTX_sess_cache_size(SSL_CTX *ctx,unsigned long size)
      which is the maximum number of entries allowed in the
      session-id cache.  This is enforced with a simple FIFO list.
      The default size is 20*1024 entries which is rather large :-).
      The Timeout code is still always operating.
 01-Sep-97
    - Added an argument to all the 'generate private key/prime`
      callbacks.  It is the last parameter so this should not
      break existing code but it is needed for C++.
    - Added the BIO_FLAGS_BASE64_NO_NL flag for the BIO_f_base64()
      BIO.  This lets the BIO read and write base64 encoded data
      without inserting or looking for '\n' characters.  The '-A'
      flag turns this on when using apps/enc.c.
    - RSA_NO_PADDING added to help BSAFE functionality.  This is a
      very dangerous thing to use, since RSA private key
      operations without random padding bytes (as PKCS#1 adds) can
      be attacked such that the private key can be revealed.
    - ASN.1 bug and rc2-40-cbc and rc4-40 added by
      Dr Stephen Henson <shenson@bigfoot.com>
 31-Aug-97 (stuff added while I was away)    
    - Linux pthreads by Tim Hudson (tjh@cryptsoft.com).
    - RSA_flags() added allowing bypass of pub/priv match check
      in ssl/ssl_rsa.c - Tim Hudson.
    - A few minor bugs.
 SSLeay 0.8.1 released.
 19-Jul-97
    - Server side initated dynamic renegotiation is broken.  I will fix
      it when I get back from holidays.
 15-Jul-97
    - Quite a few small changes.
    - INVALID_SOCKET usage cleanups from Alex Kiernan <alex@hisoft.co.uk>
 09-Jul-97
    - Added 2 new values to the SSL info callback.
      SSL_CB_START which is passed when the SSL protocol is started
      and SSL_CB_DONE when it has finished sucsessfully.
 08-Jul-97
    - Fixed a few bugs problems in apps/req.c and crypto/asn1/x_pkey.c
      that related to DSA public/private keys.
    - Added all the relevent PEM and normal IO functions to support
      reading and writing RSAPublic keys.
    - Changed makefiles to use ${AR} instead of 'ar r'
 07-Jul-97
    - Error in ERR_remove_state() that would leave a dangling reference
      to a free()ed location - thanks to Alex Kiernan <alex@hisoft.co.uk>
    - s_client now prints the X509_NAMEs passed from the server
      when requesting a client cert.
    - Added a ssl->type, which is one of SSL_ST_CONNECT or
      SSL_ST_ACCEPT.  I had to add it so I could tell if I was
      a connect or an accept after the handshake had finished.
    - SSL_get_client_CA_list(SSL *s) now returns the CA names
      passed by the server if called by a client side SSL.
 05-Jul-97
    - Bug in X509_NAME_get_text_by_OBJ(), looking starting at index
      0, not -1 :-(  Fix from Tim Hudson (tjh@cryptsoft.com).
 04-Jul-97
    - Fixed some things in X509_NAME_add_entry(), thanks to
      Matthew Donald <matthew@world.net>.
    - I had a look at the cipher section and though that it was a
      bit confused, so I've changed it.
    - I was not setting up the RC4-64-MD5 cipher correctly.  It is
      a MS special that appears in exported MS Money.
    - Error in all my DH ciphers.  Section 7.6.7.3 of the SSLv3
      spec.  I was missing the two byte length header for the
      ClientDiffieHellmanPublic value.  This is a packet sent from
      the client to the server.  The SSL_OP_SSLEAY_080_CLIENT_DH_BUG
      option will enable SSLeay server side SSLv3 accept either
      the correct or my 080 packet format.
    - Fixed a few typos in crypto/pem.org.
 02-Jul-97
    - Alias mapping for EVP_get_(digest|cipher)byname is now
      performed before a lookup for actual cipher.  This means
      that an alias can be used to 're-direct' a cipher or a
      digest.
    - ASN1_read_bio() had a bug that only showed up when using a
      memory BIO.  When EOF is reached in the memory BIO, it is
      reported as a -1 with BIO_should_retry() set to true.
 01-Jul-97
    - Fixed an error in X509_verify_cert() caused by my
      miss-understanding how 'do { contine } while(0);' works.
      Thanks to Emil Sit <sit@mit.edu> for educating me :-)
 30-Jun-97
    - Base64 decoding error.  If the last data line did not end with
      a '=', sometimes extra data would be returned.
    - Another 'cut and paste' bug in x509.c related to setting up the
      STDout BIO.
 27-Jun-97
    - apps/ciphers.c was not printing due to an editing error.
    - Alex Kiernan <alex@hisoft.co.uk> send in a nice fix for
      a library build error in util/mk1mf.pl
 26-Jun-97
    - Still did not have the auto 'experimental' code removal
      script correct.
    - A few header tweaks for Watcom 11.0 under Win32 from
      Rolf Lindemann <Lindemann@maz-hh.de>
    - 0 length OCTET_STRING bug in asn1_parse
    - A minor fix with an non-existent function in the MS .def files.
    - A few changes to the PKCS7 stuff.
 25-Jun-97
    SSLeay 0.8.0 finally it gets released.
 24-Jun-97
    Added a SSL_OP_EPHEMERAL_RSA option which causes all SSLv3 RSA keys to
    use a temporary RSA key.  This is experimental and needs some more work.
    Fixed a few Win16 build problems.
 23-Jun-97
    SSLv3 bug. I was not doing the 'lookup' of the CERT structure
    correctly. I was taking the SSL->ctx->default_cert when I should
    have been using SSL->cert. The bug was in ssl/s3_srvr.c
 20-Jun-97
    X509_ATTRIBUTES were being encoded wrongly by apps/reg.c and the
    rest of the library. Even though I had the code required to do
    it correctly, apps/req.c was doing the wrong thing.  I have fixed
    and tested everything.
    Missing a few #ifdef FIONBIO sections in crypto/bio/bss_acpt.c.
 19-Jun-97
    Fixed a bug in the SSLv2 server side first packet handling. When
    using the non-blocking test BIO, the ssl->s2->first_packet flag
    was being reset when a would-block failure occurred when reading
    the first 5 bytes of the first packet. This caused the checking
    logic to run at the wrong time and cause an error.
    Fixed a problem with specifying cipher. If RC4-MD5 were used,
    only the SSLv3 version would be picked up.  Now this will pick
    up both SSLv2 and SSLv3 versions. This required changing the
    SSL_CIPHER->mask values so that they only mask the ciphers,
    digests, authentication, export type and key-exchange algorithms.
    I found that when a SSLv23 session is established, a reused
    session, of type SSLv3 was attempting to write the SSLv2 
    ciphers, which were invalid. The SSL_METHOD->put_cipher_by_char 
    method has been modified so it will only write out cipher which
    that method knows about.  
 Changes between 0.8.0 and 0.8.1
  *) Mostly bug fixes. 
     There is an Ephemeral DH cipher problem which is fixed.
 SSLeay 0.8.0
 This version of SSLeay has quite a lot of things different from the
 previous version.
 Basically check all callback parameters, I will be producing documentation
 about how to use things in th future.  Currently I'm just getting 080 out
 the door.  Please not that there are several ways to do everything, and
 most of the applications in the apps directory are hybrids, some using old
 methods and some using new methods.
 Have a look in demos/bio for some very simple programs and
 apps/s_client.c and apps/s_server.c for some more advanced versions.
 Notes are definitly needed but they are a week or so away.
 Anyway, some quick nots from Tim Hudson (tjh@cryptsoft.com)
 ---
 Quick porting notes for moving from SSLeay-0.6.x to SSLeay-0.8.x to
 get those people that want to move to using the new code base off to
 a quick start.
 Note that Eric has tidied up a lot of the areas of the API that were
 less than desirable and renamed quite a few things (as he had to break
 the API in lots of places anyrate). There are a whole pile of additional
 functions for making dealing with (and creating) certificates a lot
 cleaner.
 01-Jul-97
 Tim Hudson
 tjh@cryptsoft.com
 ---8<---
 To maintain code that uses both SSLeay-0.6.x and SSLeay-0.8.x you could
 use something like the following (assuming you #include "crypto.h" which
 is something that you really should be doing).
 #if SSLEAY_VERSION_NUMBER >= 0x0800
 #define SSLEAY8
 #endif
 buffer.h -> splits into buffer.h and bio.h so you need to include bio.h
            too if you are working with BIO internal stuff (as distinct
        from simply using the interface in an opaque manner)
 #include "bio.h"    - required along with "buffer.h" if you write
              your own BIO routines as the buffer and bio
              stuff that was intermixed has been separated
              out 
 envelope.h -> evp.h  (which should have been done ages ago)
 Initialisation ... don't forget these or you end up with code that
 is missing the bits required to do useful things (like ciphers):
 SSLeay_add_ssl_algorithms()
 (probably also want SSL_load_error_strings() too but you should have
 already had that call in place)
 SSL_CTX_new()   - requires an extra method parameter
              SSL_CTX_new(SSLv23_method()) 
              SSL_CTX_new(SSLv2_method()) 
              SSL_CTX_new(SSLv3_method()) 
          OR to only have the server or the client code
              SSL_CTX_new(SSLv23_server_method()) 
              SSL_CTX_new(SSLv2_server_method()) 
              SSL_CTX_new(SSLv3_server_method()) 
          or  
              SSL_CTX_new(SSLv23_client_method()) 
              SSL_CTX_new(SSLv2_client_method()) 
              SSL_CTX_new(SSLv3_client_method()) 
 SSL_set_default_verify_paths() ... renamed to the more appropriate
 SSL_CTX_set_default_verify_paths()
 If you want to use client certificates then you have to add in a bit
 of extra stuff in that a SSLv3 server sends a list of those CAs that
 it will accept certificates from ... so you have to provide a list to
 SSLeay otherwise certain browsers will not send client certs.
 SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(s_cert_file));
 X509_NAME_oneline(X)    -> X509_NAME_oneline(X,NULL,0)  
               or provide a buffer and size to copy the
               result into
 X509_add_cert ->  X509_STORE_add_cert (and you might want to read the
          notes on X509_NAME structure changes too)
 VERIFICATION CODE
 =================
 The codes have all be renamed from VERIFY_ERR_* to X509_V_ERR_* to
 more accurately reflect things.
 The verification callback args are now packaged differently so that
 extra fields for verification can be added easily in future without
 having to break things by adding extra parameters each release :-)
 X509_cert_verify_error_string -> X509_verify_cert_error_string
 BIO INTERNALS
 =============
 Eric has fixed things so that extra flags can be introduced in
 the BIO layer in future without having to play with all the BIO
 modules by adding in some macros.
 The ugly stuff using 
    b->flags ~= (BIO_FLAGS_RW|BIO_FLAGS_SHOULD_RETRY)
 becomes
    BIO_clear_retry_flags(b)
    b->flags |= (BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY)
 becomes
    BIO_set_retry_read(b)
 Also ... BIO_get_retry_flags(b), BIO_set_flags(b)
 OTHER THINGS
 ============
 X509_NAME has been altered so that it isn't just a STACK ... the STACK
 is now in the "entries" field ... and there are a pile of nice functions
 for getting at the details in a much cleaner manner.
 SSL_CTX has been altered ... "cert" is no longer a direct member of this
 structure ... things are now down under "cert_store" (see x509_vfy.h) and
 things are no longer in a CERTIFICATE_CTX but instead in a X509_STORE.
 If your code "knows" about this level of detail then it will need some 
 surgery.
 If you depending on the incorrect spelling of a number of the error codes
 then you will have to change your code as these have been fixed.
 ENV_CIPHER "type" got renamed to "nid" and as that is what it actually
 has been all along so this makes things clearer.
 ify_cert_error_string(ctx->error));
 SSL_R_NO_CIPHER_WE_TRUST -> SSL_R_NO_CIPHER_LIST
            and SSL_R_REUSE_CIPHER_LIST_NOT_ZERO
 Changes between 0.7.x and 0.8.0
  *) There have been lots of changes, mostly the addition of SSLv3.
     There have been many additions from people and amongst
     others, C2Net has assisted greatly.
 Changes between 0.7.x and 0.7.x
  *) Internal development version only
 SSLeay 0.6.6 13-Jan-1997
 The main additions are
 - assember for x86 DES improvments.
  From 191,000 per second on a pentium 100, I now get 281,000.  The inner
  loop and the IP/FP modifications are from
  Svend Olaf Mikkelsen <svolaf@inet.uni-c.dk>.  Many thanks for his
  contribution.
 - The 'DES macros' introduced in 0.6.5 now have 3 types.
  DES_PTR1, DES_PTR2 and 'normal'.  As per before, des_opts reports which
  is best and there is a summery of mine in crypto/des/options.txt
 - A few bug fixes.
 - Added blowfish.  It is not used by SSL but all the other stuff that
  deals with ciphers can use it in either ecb, cbc, cfb64 or ofb64 modes.
  There are 3 options for optimising Blowfish.  BF_PTR, BF_PTR2 and 'normal'.
  BF_PTR2 is pentium/x86 specific.  The correct option is setup in
  the 'Configure' script.
 - There is now a 'get client certificate' callback which can be
  'non-blocking'.  If more details are required, let me know.  It will
  documented more in SSLv3 when I finish it.
 - Bug fixes from 0.6.5 including the infamous 'ca' bug.  The 'make test'
  now tests the ca program.
 - Lots of little things modified and tweaked.
 SSLeay 0.6.5
 After quite some time (3 months), the new release.  I have been very busy
 for the last few months and so this is mostly bug fixes and improvments.
 The main additions are
 - assember for x86 DES.  For all those gcc based systems, this is a big
  improvement.  From 117,000 DES operation a second on a pentium 100,
  I now get 191,000.  I have also reworked the C version so it
  now gives 148,000 DESs per second.  
 - As mentioned above, the inner DES macros now have some more variant that
  sometimes help, sometimes hinder performance.  There are now 3 options
  DES_PTR (ptr vs array lookup), DES_UNROLL (full vs partial loop unrolling)
  and DES_RISC (a more register intensive version of the inner macro).
  The crypto/des/des_opts.c program, when compiled and run, will give
  an indication of the correct options to use.
 - The BIO stuff has been improved.  Read doc/bio.doc.  There are now
  modules for encryption and base64 encoding and a BIO_printf() function.
 - The CA program will accept simple one line X509v3 extensions in the
  ssleay.cnf file.  Have a look at the example.  Currently this just
  puts the text into the certificate as an OCTET_STRING so currently
  the more advanced X509v3 data types are not handled but this is enough
  for the netscape extensions.
 - There is the start of a nicer higher level interface to the X509
  strucutre.
 - Quite a lot of bug fixes.
 - CRYPTO_malloc_init()  (or CRYPTO_set_mem_functions()) can be used
  to define the malloc(), free() and realloc() routines to use
  (look in crypto/crypto.h).  This is mostly needed for Windows NT/95 when
  using DLLs and mixing CRT libraries.
 In general, read the 'VERSION' file for changes and be aware that some of
 the new stuff may not have been tested quite enough yet, so don't just plonk
 in SSLeay 0.6.5 when 0.6.4 used to work and expect nothing to break.
 SSLeay 0.6.4 30/08/96 eay
 I've just finished some test builds on Windows NT, Windows 3.1, Solaris 2.3,
 Solaris 2.5, Linux, IRIX, HPUX 10 and everthing seems to work :-).
 The main changes in this release
 - Thread safe.  have a read of doc/threads.doc and play in the mt directory.
  For anyone using 0.6.3 with threads, I found 2 major errors so consider
  moving to 0.6.4.  I have a test program that builds under NT and
  solaris.
 - The get session-id callback has changed.  Have a read of doc/callback.doc.
 - The X509_cert_verify callback (the SSL_verify callback) now
  has another argument.  Have a read of doc/callback.doc
 - 'ca -preserve', sign without re-ordering the DN.  Not tested much.
 - VMS support.
 - Compile time memory leak detection can now be built into SSLeay.
  Read doc/memory.doc
 - CONF routines now understand '\', '\n', '\r' etc.  What this means is that
  the  SPKAC object mentioned in doc/ns-ca.doc can be on multiple lines.
 - 'ssleay ciphers' added, lists the default cipher list for SSLeay.
 - RC2 key setup is now compatable with Netscape.
 - Modifed server side of SSL implementation, big performance difference when
      using session-id reuse.
 0.6.3
 Bug fixes and the addition of some nice stuff to the 'ca' program.
 Have a read of doc/ns-ca.doc for how hit has been modified so
 it can be driven from a CGI script.  The CGI script is not provided,
 but that is just being left as an excersize for the reader :-).
 0.6.2
 This is most bug fixes and functionality improvements.
 Additions are
 - More thread debugging patches, the thread stuff is still being
  tested, but for those keep to play with stuff, have a look in
  crypto/cryptlib.c.  The application needs to define 1 (or optionaly
  a second) callback that is used to implement locking.  Compiling
  with LOCK_DEBUG spits out lots of locking crud :-).
  This is what I'm currently working on.
 - SSL_CTX_set_default_passwd_cb() can be used to define the callback
  function used in the SSL*_file() functions used to load keys.  I was
  always of the opinion that people should call
  PEM_read_RSAPrivateKey() and pass the callback they want to use, but
  it appears they just want to use the SSL_*_file() function() :-(.
 - 'enc' now has a -kfile so a key can be read from a file.  This is
  mostly used so that the passwd does not appear when using 'ps',
  which appears imposible to stop under solaris.
 - X509v3 certificates now work correctly.  I even have more examples
  in my tests :-).  There is now a X509_EXTENSION type that is used in
  X509v3 certificates and CRLv2.
 - Fixed that signature type error :-(
 - Fixed quite a few potential memory leaks and problems when reusing
  X509, CRL and REQ structures.
 - EVP_set_pw_prompt() now sets the library wide default password
  prompt.
 - The 'pkcs7' command will now, given the -print_certs flag, output in
  pem format, all certificates and CRL contained within.  This is more
  of a pre-emtive thing for the new verisign distribution method.  I
  should also note, that this also gives and example in code, of how
  to do this :-), or for that matter, what is involved in going the
  other way (list of certs and crl -> pkcs7).
 - Added RSA's DESX to the DES library.  It is also available via the
  EVP_desx_cbc() method and via 'enc desx'. 
 SSLeay 0.6.1
 The main functional changes since 0.6.0 are as follows
 - Bad news, the Microsoft 060 DLL's are not compatable, but the good news is
  that from now on, I'll keep the .def numbers the same so they will be.
 - RSA private key operations are about 2 times faster that 0.6.0
 - The SSL_CTX now has more fields so default values can be put against
  it.  When an SSL structure is created, these default values are used
  but can be overwritten.  There are defaults for cipher, certificate,
  private key, verify mode and callback.  This means SSL session
  creation can now be
  ssl=SSL_new()
  SSL_set_fd(ssl,sock);
  SSL_accept(ssl)
  ....
  All the other uglyness with having to keep a global copy of the
  private key and certificate/verify mode in the server is now gone.
 - ssl/ssltest.c - one process talking SSL to its self for testing.
 - Storage of Session-id's can be controled via a session_cache_mode
  flag.  There is also now an automatic default flushing of 
  old session-id's.
 - The X509_cert_verify() function now has another parameter, this
  should not effect most people but it now means that the reason for
  the failure to verify is now available via SSL_get_verify_result(ssl).
  You don't have to use a global variable.
 - SSL_get_app_data() and SSL_set_app_data() can be used to keep some
  application data against the SSL structure.  It is upto the application
  to free the data.  I don't use it, but it is available.
 - SSL_CTX_set_cert_verify_callback() can be used to specify a
  verify callback function that completly replaces my certificate
  verification code.  Xcert should be able to use this :-).
  The callback is of the form int app_verify_callback(arg,ssl,cert).
  This needs to be documented more.
 - I have started playing with shared library builds, have a look in
  the shlib directory.  It is very simple.  If you need a numbered
  list of functions, have a look at misc/crypto.num and misc/ssl.num.
 - There is some stuff to do locking to make the library thread safe.
  I have only started this stuff and have not finished.  If anyone is
  keen to do so, please send me the patches when finished.
 So I have finally made most of the additions to the SSL interface that
 I thought were needed.
 There will probably be a pause before I make any non-bug/documentation
 related changes to SSLeay since I'm feeling like a bit of a break.
 eric - 12 Jul 1996
 I saw recently a comment by some-one that we now seem to be entering
 the age of perpetual Beta software.
 Pioneered by packages like linux but refined to an art form by
 netscape.
 I too wish to join this trend with the anouncement of SSLeay 0.6.0 :-).
 There are quite a large number of sections that are 'works in
 progress' in this package.  I will also list the major changes and
 what files you should read.
 BIO - this is the new IO structure being used everywhere in SSLeay.  I
 started out developing this because of microsoft, I wanted a mechanism
 to callback to the application for all IO, so Windows 3.1 DLL
 perversion could be hidden from me and the 15 different ways to write
 to a file under NT would also not be dictated by me at library build
 time.  What the 'package' is is an API for a data structure containing
 functions.  IO interfaces can be written to conform to the
 specification.  This in not intended to hide the underlying data type
 from the application, but to hide it from SSLeay :-).
 I have only really finished testing the FILE * and socket/fd modules.
 There are also 'filter' BIO's.  Currently I have only implemented
 message digests, and it is in use in the dgst application.  This
 functionality will allow base64/encrypto/buffering modules to be
 'push' into a BIO without it affecting the semantics.  I'm also
 working on an SSL BIO which will hide the SSL_accept()/SLL_connet()
 from an event loop which uses the interface.
 It is also possible to 'attach' callbacks to a BIO so they get called
 before and after each operation, alowing extensive debug output
 to be generated (try running dgst with -d).
 Unfortunaly in the conversion from 0.5.x to 0.6.0, quite a few
 functions that used to take FILE *, now take BIO *.
 The wrappers are easy to write
 function_fp(fp,x)
 FILE *fp;
    {
    BIO *b;
    int ret;
    if ((b=BIO_new(BIO_s_file())) == NULL) error.....
    BIO_set_fp(b,fp,BIO_NOCLOSE);
    ret=function_bio(b,x);
    BIO_free(b);
    return(ret);
    }
 Remember, there are no functions that take FILE * in SSLeay when
 compiled for Windows 3.1 DLL's.
 --
 I have added a general EVP_PKEY type that can hold a public/private
 key.  This is now what is used by the EVP_ functions and is passed
 around internally.  I still have not done the PKCS#8 stuff, but
 X509_PKEY is defined and waiting :-)
 --
 For a full function name listings, have a look at ms/crypt32.def and
 ms/ssl32.def.  These are auto-generated but are complete.
 Things like ASN1_INTEGER_get() have been added and are in here if you
 look.  I have renamed a few things, again, have a look through the
 function list and you will probably find what you are after.  I intend
 to at least put a one line descrition for each one.....
 --
 Microsoft - thats what this release is about, read the MICROSOFT file.
 --
 Multi-threading support.  I have started hunting through the code and
 flaging where things need to be done.  In a state of work but high on
 the list.
 --
 For random numbers, edit e_os.h and set DEVRANDOM (it's near the top)
 be be you random data device, otherwise 'RFILE' in e_os.h
 will be used, in your home directory.  It will be updated
 periodically.  The environment variable RANDFILE will override this
 choice and read/write to that file instead.  DEVRANDOM is used in
 conjunction to the RFILE/RANDFILE.  If you wish to 'seed' the random
 number generator, pick on one of these files.
 --
 The list of things to read and do
 dgst -d
 s_client -state (this uses a callback placed in the SSL state loop and
        will be used else-where to help debug/monitor what
        is happening.)
 doc/why.doc
 doc/bio.doc <- hmmm, needs lots of work.
 doc/bss_file.doc <- one that is working :-)
 doc/session.doc <- it has changed
 doc/speed.doc
 also play with ssleay version -a.  I have now added a SSLeay()
 function that returns a version number, eg 0600 for this release
 which is primarily to be used to check DLL version against the
 application.
 util/*  Quite a few will not interest people, but some may, like
 mk1mf.pl, mkdef.pl,
 util/do_ms.sh
 try
 cc -Iinclude -Icrypto -c crypto/crypto.c
 cc -Iinclude -Issl -c ssl/ssl.c
 You have just built the SSLeay libraries as 2 object files :-)
 Have a general rummage around in the bin stall directory and look at
 what is in there, like CA.sh and c_rehash
 There are lots more things but it is 12:30am on a Friday night and I'm
 heading home :-).
 eric 22-Jun-1996
 This version has quite a few major bug fixes and improvements.  It DOES NOT
 do SSLv3 yet.
 The main things changed
 - A Few days ago I added the s_mult application to ssleay which is
  a demo of an SSL server running in an event loop type thing.
  It supports non-blocking IO, I have finally gotten it right, SSL_accept()
  can operate in non-blocking IO mode, look at the code to see how :-).
  Have a read of doc/s_mult as well.  This program leaks memory and
  file descriptors everywhere but I have not cleaned it up yet.
  This is a demo of how to do non-blocking IO.
 - The SSL session management has been 'worked over' and there is now
  quite an expansive set of functions to manipulate them.  Have a read of
  doc/session.doc for some-things I quickly whipped up about how it now works.
  This assume you know the SSLv2 protocol :-)
 - I can now read/write the netscape certificate format, use the
  -inform/-outform  'net' options to the x509 command.  I have not put support
  for this type in the other demo programs, but it would be easy to add.
 - asn1parse and 'enc' have been modified so that when reading base64
  encoded files (pem format), they do not require '-----BEGIN' header lines.
  The 'enc' program had a buffering bug fixed, it can be used as a general
  base64 -> binary -> base64 filter by doing 'enc -a -e' and 'enc -a -d'
  respecivly.  Leaving out the '-a' flag in this case makes the 'enc' command
  into a form of 'cat'.
 - The 'x509' and 'req' programs have been fixed and modified a little so
  that they generate self-signed certificates correctly.  The test
  script actually generates a 'CA' certificate and then 'signs' a
  'user' certificate.  Have a look at this shell script (test/sstest)
  to see how things work, it tests most possible combinations of what can
  be done.
 - The 'SSL_set_pref_cipher()' function has been 'fixed' and the prefered name
  of SSL_set_cipher_list() is now the correct API (stops confusion :-).
  If this function is used in the client, only the specified ciphers can
  be used, with preference given to the order the ciphers were listed.
  For the server, if this is used, only the specified ciphers will be used
  to accept connections.  If this 'option' is not used, a default set of
  ciphers will be used.  The SSL_CTX_set_cipher_list(SSL_CTX *ctx) sets this
  list for all ciphers started against the SSL_CTX.  So the order is
  SSL cipher_list, if not present, SSL_CTX cipher list, if not
  present, then the library default.
  What this means is that normally ciphers like
  NULL-MD5 will never be used.  The only way this cipher can be used
  for both ends to specify to use it.
  To enable or disable ciphers in the library at build time, modify the
  first field for the cipher in the ssl_ciphers array in ssl/ssl_lib.c.
  This file also contains the 'pref_cipher' list which is the default
  cipher preference order.
 - I'm not currently sure if the 'rsa -inform net' and the 'rsa -outform net'
  options work.  They should, and they enable loading and writing the
  netscape rsa private key format.  I will be re-working this section of
  SSLeay for the next version.  What is currently in place is a quick and
  dirty hack.
 - I've re-written parts of the bignum library.  This gives speedups
  for all platforms.  I now provide assembler for use under Windows NT.
  I have not tested the Windows 3.1 assembler but it is quite simple code.
  This gives RSAprivate_key operation encryption times of 0.047s (512bit key)
  and 0.230s (1024bit key) on a pentium 100 which I consider reasonable.
  Basically the times available under linux/solaris x86 can be achieve under
  Windows NT.  I still don't know how these times compare to RSA's BSAFE
  library but I have been emailing with people and with their help, I should
  be able to get my library's quite a bit faster still (more algorithm changes).
  The object file crypto/bn/asm/x86-32.obj should be used when linking
  under NT.
 - 'make makefile.one' in the top directory will generate a single makefile
  called 'makefile.one'  This makefile contains no perl references and
  will build the SSLeay library into the 'tmp' and 'out' directories.
  util/mk1mf.pl >makefile.one is how this makefile is
  generated.  The mk1mf.pl command take several option to generate the
  makefile for use with cc, gcc, Visual C++ and Borland C++.  This is
  still under development.  I have only build .lib's for NT and MSDOS
  I will be working on this more.  I still need to play with the
  correct compiler setups for these compilers and add some more stuff but
  basically if you just want to compile the library
  on a 'non-unix' platform, this is a very very good file to start with :-).
  Have a look in the 'microsoft' directory for my current makefiles.
  I have not yet modified things to link with sockets under Windows NT.
  You guys should be able to do this since this is actually outside of the
  SSLeay scope :-).  I will be doing it for myself soon.
  util/mk1mf.pl takes quite a few options including no-rc, rsaref  and no-sock
  to build without RC2/RC4, to require RSAref for linking, and to
  build with no socket code.
 - Oh yes, the cipher that was reported to be compatible with RSA's RC2 cipher
  that was posted to sci.crypt has been added to the library and SSL.
  I take the view that if RC2 is going to be included in a standard,
  I'll include the cipher to make my package complete.
  There are NO_RC2, NO_RC4 and NO_IDEA macros to remove these ciphers
  at compile time.  I have not tested this recently but it should all work
  and if you are in the USA and don't want RSA threatening to sue you,
  you could probably remove the RC4/RC2 code inside these sections.
  I may in the future include a perl script that does this code
  removal automatically for those in the USA :-).
 - I have removed all references to sed in the makefiles.  So basically,
  the development environment requires perl and sh.  The build environment
  does not (use the makefile.one makefile).
  The Configure script still requires perl, this will probably stay that way
  since I have perl for Windows NT :-).
 eric (03-May-1996)
 PS Have a look in the VERSION file for more details on the changes and
   bug fixes.
 I have fixed a few bugs, added alpha and x86 assembler and generally cleaned
 things up.  This version will be quite stable, mostly because I'm on
 holidays until 10-March-1996.  For any problems in the interum, send email
 to Tim Hudson <tjh@mincom.oz.au>.
 SSLeay 0.5.0
 12-12-95
 This is going out before it should really be released.
 I leave for 11 weeks holidays on the 22-12-95 and so I either sit on
 this for 11 weeks or get things out.  It is still going to change a
 lot in the next week so if you do grab this version, please test and
 give me feed back ASAP, inculuding questions on how to do things with
 the library.  This will prompt me to write documentation so I don't
 have to answer the same question again :-).
 This 'pre' release version is for people who are interested in the
 library.  The applications will have to be changed to use
 the new version of the SSL interface.  I intend to finish more
 documentation before I leave but until then, look at the programs in
 the apps directory.  As far as code goes, it is much much nicer than
 the old version.
 The current library works, has no memory leaks (as far as I can tell)
 and is far more bug free that 0.4.5d.  There are no global variable of
 consequence (I believe) and I will produce some documentation that
 tell where to look for those people that do want to do multi-threaded
 stuff.
 There should be more documentation.  Have a look in the
 doc directory.  I'll be adding more before I leave, it is a start
 by mostly documents the crypto library.  Tim Hudson will update
 the web page ASAP.  The spelling and grammar are crap but
 it is better than nothing :-)
 Reasons to start playing with version 0.5.0
 - All the programs in the apps directory build into one ssleay binary.
 - There is a new version of the 'req' program that generates certificate
  requests, there is even documentation for this one :-)
 - There is a demo certification authorithy program.  Currently it will
  look at the simple database and update it.  It will generate CRL from
  the data base.  You need to edit the database by hand to revoke a
  certificate, it is my aim to use perl5/Tk but I don't have time to do
  this right now.  It will generate the certificates but the management
  scripts still need to be written.  This is not a hard task.
 - Things have been cleaned up alot.
 - Have a look at the enc and dgst programs in the apps directory.
 - It supports v3 of x509 certiticates.
 Major things missing.
 - I have been working on (and thinging about) the distributed x509
  hierachy problem.  I have not had time to put my solution in place.
  It will have to wait until I come back.
 - I have not put in CRL checking in the certificate verification but
  it would not be hard to do.  I was waiting until I could generate my
  own CRL (which has only been in the last week) and I don't have time
  to put it in correctly.
 - Montgomery multiplication need to be implemented.  I know the
  algorithm, just ran out of time.
 - PKCS#7.  I can load and write the DER version.  I need to re-work
  things to support BER (if that means nothing, read the ASN1 spec :-).
 - Testing of the higher level digital envelope routines.  I have not
  played with the *_seal() and *_open() type functions.  They are
  written but need testing.  The *_sign() and *_verify() functions are
  rock solid. 
 - PEM.  Doing this and PKCS#7 have been dependant on the distributed
  x509 heirachy problem.  I started implementing my ideas, got
  distracted writing a CA program and then ran out of time.  I provide
  the functionality of RSAref at least.
 - Re work the asm. code for the x86.  I've changed by low level bignum
  interface again, so I really need to tweak the x86 stuff.  gcc is
  good enough for the other boxes.
--- a/710
+++ b/710
@@ -1,710 +0,0 @@
 :
 eval 'exec perl -S $0 ${1+"$@"}'
    if $running_under_some_shell;
 ##
 ##  Configure -- OpenSSL source tree configuration script
 ##
 require 5.000;
 use strict;
 #
 # see PROBLEMS for instructions on what sort of things to do when 
 # tracking a bug --tjh
 #
 # extra options
 # -DRSAref	build to use RSAref
 # -DNO_IDEA	build with no IDEA algorithm
 # -DNO_RC4	build with no RC4 algorithm
 # -DNO_RC2	build with no RC2 algorithm
 # -DNO_BF	build with no Blowfish algorithm
 # -DNO_DES	build with no DES/3DES algorithm
 # -DNO_MD2	build with no MD2 algorithm
 #
 # DES_PTR	use pointer lookup vs arrays in the DES in crypto/des/des_locl.h
 # DES_RISC1	use different DES_ENCRYPT macro that helps reduce register
 #		dependancies but needs to more registers, good for RISC CPU's
 # DES_RISC2	A different RISC variant.
 # DES_UNROLL	unroll the inner DES loop, sometimes helps, somtimes hinders.
 # DES_INT	use 'int' instead of 'long' for DES_LONG in crypto/des/des.h
 #		This is used on the DEC Alpha where long is 8 bytes
 #		and int is 4
 # BN_LLONG	use the type 'long long' in crypto/bn/bn.h
 # MD2_CHAR	use 'char' instead of 'int' for MD2_INT in crypto/md2/md2.h
 # MD2_LONG	use 'long' instead of 'int' for MD2_INT in crypto/md2/md2.h
 # IDEA_SHORT	use 'short' instead of 'int' for IDEA_INT in crypto/idea/idea.h
 # IDEA_LONG	use 'long' instead of 'int' for IDEA_INT in crypto/idea/idea.h
 # RC2_SHORT	use 'short' instead of 'int' for RC2_INT in crypto/rc2/rc2.h
 # RC2_LONG	use 'long' instead of 'int' for RC2_INT in crypto/rc2/rc2.h
 # RC4_CHAR	use 'char' instead of 'int' for RC4_INT in crypto/rc4/rc4.h
 # RC4_LONG	use 'long' instead of 'int' for RC4_INT in crypto/rc4/rc4.h
 # RC4_INDEX	define RC4_INDEX in crypto/rc4/rc4_locl.h.  This turns on
 #		array lookups instead of pointer use.
 # BF_PTR	use 'pointer arithmatic' for Blowfish (unsafe on Alpha).
 # BF_PTR2	use a pentium/intel specific version.
 # MD5_ASM	use some extra md5 assember,
 # SHA1_ASM	use some extra sha1 assember, must define L_ENDIAN for x86
 # RMD160_ASM	use some extra ripemd160 assember,
 my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL";
 # MD2_CHAR slags pentium pros
 my $x86_gcc_opts="RC4_INDEX MD2_INT BF_PTR2";
 # MODIFY THESE PARAMETERS IF YOU ARE GOING TO USE THE 'util/speed.sh SCRIPT
 # Don't worry about these normally
 my $tcc="cc";
 my $tflags="-fast -Xa";
 my $tbn_mul="";
 my $tlib="-lnsl -lsocket";
 #$bits1="SIXTEEN_BIT ";
 #$bits2="THIRTY_TWO_BIT ";
 my $bits1="THIRTY_TWO_BIT ";
 my $bits2="SIXTY_FOUR_BIT ";
 my $x86_sol_asm="asm/bn86-sol.o asm/co86-sol.o:asm/dx86-sol.o asm/yx86-sol.o:asm/bx86-sol.o:asm/mx86-sol.o:asm/sx86-sol.o:asm/cx86-sol.o:asm/rx86-sol.o:asm/rm86-sol.o:asm/r586-sol.o";
 my $x86_elf_asm="asm/bn86-elf.o asm/co86-elf.o:asm/dx86-elf.o asm/yx86-elf.o:asm/bx86-elf.o:asm/mx86-elf.o:asm/sx86-elf.o:asm/cx86-elf.o:asm/rx86-elf.o:asm/rm86-elf.o:asm/r586-elf.o";
 my $x86_out_asm="asm/bn86-out.o asm/co86-out.o:asm/dx86-out.o asm/yx86-out.o:asm/bx86-out.o:asm/mx86-out.o:asm/sx86-out.o:asm/cx86-out.o:asm/rx86-out.o:asm/rm86-out.o:asm/r586-out.o";
 my $x86_bsdi_asm="asm/bn86bsdi.o asm/co86bsdi.o:asm/dx86bsdi.o asm/yx86bsdi.o:asm/bx86bsdi.o:asm/mx86bsdi.o:asm/sx86bsdi.o:asm/cx86bsdi.o:asm/rx86bsdi.o:asm/rm86bsdi.o:asm/r586bsdi.o";
 # -DB_ENDIAN slows things down on a sparc for md5, but helps sha1.
 # So the md5_locl.h file has an undef B_ENDIAN if sun is defined
 #config-string	CC : CFLAGS : LDFLAGS : special header file mods:bn_asm \
 # des_asm:bf_asm
 my %table=(
 #"b",		"$tcc:$tflags:$tlib:$bits1:$tbn_mul::",
 #"bl-4c-2c",	"$tcc:$tflags:$tlib:${bits1}BN_LLONG RC4_CHAR MD2_CHAR:$tbn_mul::",
 #"bl-4c-ri",	"$tcc:$tflags:$tlib:${bits1}BN_LLONG RC4_CHAR RC4_INDEX:$tbn_mul::",
 #"b2-is-ri-dp",	"$tcc:$tflags:$tlib:${bits2}IDEA_SHORT RC4_INDEX DES_PTR:$tbn_mul::",
 # A few of my development configs
 "purify",	"purify gcc:-g -DPURIFY -Wall:-lsocket -lnsl::::",
 "debug",	"gcc:-DBN_DEBUG -DREF_CHECK -DCRYPTO_MDEBUG -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror:-lefence::::",
 "debug-ben",	"gcc:-DBN_DEBUG -DREF_CHECK -DCRYPTO_MDEBUG -O2 -Wall -Wshadow -Werror -pipe:::::",
 "debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
 "dist",		"cc:-O -DNOPROTO::::",
 # Basic configs that should work on any box
 "gcc",		"gcc:-O3::BN_LLONG:::",
 "cc",		"cc:-O -DNOPROTO -DNOCONST:::::",
 # My solaris setups
 "solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -m486 -Wall -DL_ENDIAN:-lsocket -lnsl:BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_sol_asm",
 "solaris-sparc-gcc","gcc:-O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN:-lsocket -lnsl:BN_LLONG RC4_CHAR DES_UNROLL BF_PTR:::",
 # DO NOT use /xO[34] on sparc with SC3.0. 
 # It is broken, and will not pass the tests
 "solaris-sparc-cc","cc:-fast -O -Xa -DB_ENDIAN:\
 	-lsocket -lnsl:BN_LLONG RC4_CHAR DES_PTR DES_UNROLL BF_PTR:asm/sparc.o::",
 # SC4.0 is ok, better than gcc, except for the bignum stuff.
 # -fast slows things like DES down quite a lot
 "solaris-sparc-sc4","cc:-xO5 -Xa -DB_ENDIAN:-lsocket -lnsl:\
 	BN_LLONG RC4_CHAR DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparc.o::",
 "solaris-usparc-sc4","cc:-xtarget=ultra -xarch=v8plus -Xa -xO5 -DB_ENDIAN:\
 	-lsocket -lnsl:\
 	BN_LLONG RC4_CHAR DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparc.o::",
 "solaris-sparc-sc4-pic","cc:-xO5 -Xa -DB_ENDIAN -KPIC:-lsocket -lnsl:\
 	BN_LLONG RC4_CHAR DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparc.o::",
 # Sunos configs, assuming sparc for the gcc one.
 "sunos-cc", "cc:-O4 -DNOPROTO -DNOCONST::DES_UNROLL:::",
 "sunos-gcc","gcc:-O3 -mv8::BN_LLONG RC4_CHAR DES_UNROLL DES_PTR DES_RISC1:::",
 # SGI configurations.  If the box is rather old (r3000 cpu), you will
 # probably have to remove the '-mips2' flag.  I've only been using
 # IRIX 5.[23].
 # I've recently done 32 and 64 bit mips assember, it make this RSA
 # 3 times faster, use if at all possible.
 #"irix-gcc","gcc:-O2 -mips2::SIXTY_FOUR_BIT BN_LLONG RC4_INDEX RC4_CHAR:::",
 "irix-gcc","gcc:-O2 -DTERMIOS -DB_ENDIAN::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR:asm/mips1.o::",
 "irix64-gcc","gcc:-mips3 -O2 -DTERMIOS -DB_ENDIAN::MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:asm/mips3.o::",
 "irix-cc", "cc:-O2 -use_readonly_const -DTERMIOS -DB_ENDIAN::BN_LLONG DES_PTR DES_RISC2 DES_UNROLL BF_PTR:asm/mips1.o::",
 "irix64-cc", "cc:-O2 -use_readonly_const -DTERMIOS -DB_ENDIAN::DES_PTR DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:asm/mips3.o::",
 "debug-irix-cc", "cc:-w2 -g -DCRYPTO_MDEBUG -DTERMIOS -DB_ENDIAN:::asm/r3000.o::",
 # This is the n64 mode build.
 "irix-n64-cc", "cc:-64 -O2 -use_readonly_const -DTERMIOS::DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT:asm/mips3_64.o::",
 # HPUX config.  I've been building on HPUX 9, so the options may be
 # different on version 10.  The pa-risc2.o assember file is 2 times
 # faster than the old asm/pa-risc.o version but it may not run on old
 # PA-RISC CPUs.  If you have problems, swap back to the old one.
 # Both were generated by gcc, so use the C version with the PA-RISC specific
 # options turned on if you are using gcc.
 "hpux-cc",	"cc:-DB_ENDIAN -D_HPUX_SOURCE -Aa -Ae +ESlit +O4 -Wl,-a,archive::DES_PTR DES_UNROLL DES_RISC1:asm/pa-risc2.o::",
 "hpux-kr-cc",	"cc:-DB_ENDIAN -DNOCONST -DNOPROTO -D_HPUX_SOURCE::DES_PTR DES_UNROLL:asm/pa-risc2.o::",
 "hpux-gcc",	"gcc:-DB_ENDIAN -O3::BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
 # HPUX from www.globus.org
 "hpux11-32bit-cc","cc:+DA2.0 -DB_ENDIAN -D_HPUX_SOURCE -Aa -Ae +ESlit::DES_PTR DES_UNROLL DES_RISC1:::",
 "hpux11-64bit-cc","cc:+DA2.0W -g -D_HPUX_SOURCE -Aa -Ae +ESlit::SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT :::",
 # Dec Alpha, OSF/1 - the alpha164-cc is the flags for a 21164A with
 # the new compiler
 # For gcc, the following gave a %50 speedup on a 164 over the 'DES_INT' version
 "alpha-gcc","gcc:-O3::SIXTY_FOUR_BIT_LONG DES_UNROLL DES_RISC1:asm/alpha.o::",
 "alpha-cc", "cc:-tune host -O4 -readonly_strings::SIXTY_FOUR_BIT_LONG:asm/alpha.o::",
 "alpha164-cc", "cc:-tune host -fast -readonly_strings::SIXTY_FOUR_BIT_LONG:asm/alpha.o::",
 # The intel boxes :-), It would be worth seeing if bsdi-gcc can use the
 # bn86-elf.o file file since it is hand tweaked assembler.
 "linux-elf",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
 "debug-linux-elf","gcc:-DREF_CHECK -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall:-lefence:BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
 "linux-aout",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_out_asm",
 "linux-mips",    "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall
 -Wuninitialized:::BN_LLONG:",
 "NetBSD-sparc",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:::",
 "NetBSD-m68",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:::",
 "NetBSD-x86",	"gcc:-DTERMIOS -D_ANSI_SOURCE -O3 -fomit-frame-pointer -m486 -Wall::BN_LLONG $x86_gcc_des $x86_gcc_opts:",
 #"FreeBSD",   "gcc:-DTERMIOS -DL_ENDIAN -D_ANSI_SOURCE -fomit-frame-pointer -O3 -m486 -Wall::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_out_asm",
 "FreeBSD",      "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_out_asm",
 "FreeBSD-elf",  "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
 "bsdi-gcc",     "gcc:-O3 -ffast-math -DL_ENDIAN -DPERL5 -m486::RSA_LLONG $x86_gcc_des $x86_gcc_opts:$x86_bsdi_asm",
 "nextstep",	"cc:-O3 -Wall::BN_LLONG $x86_gcc_des ${x86_gcc_opts}:::",
 # NCR MP-RAS UNIX ver 02.03.01
 "ncr-scde","cc:-O6 -Xa -Hoff=BEHAVED -686 -Hwide -Hiw:-lsocket -lnsl:$x86_gcc_des ${x86_gcc_opts}:::",
 # UnixWare 2.0
 "unixware-2.0","cc:-O -DFILIO_H:-lsocket -lnsl:$x86_gcc_des ${x86_gcc_opts}:::",
 "unixware-2.0-pentium","cc:-O -DFILIO_H -Kpentium -Kthread:-lsocket -lnsl:MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
 # IBM's AIX.
 "aix-cc",   "cc:-O -DAIX -DB_ENDIAN::BN_LLONG RC4_CHAR:::",
 "aix-gcc",  "gcc:-O2 -DAIX -DB_ENDIAN::BN_LLONG RC4_CHAR:::",
 #
 # Cray T90 (SDSC)
 # It's Big-endian, but the algorithms work properly when B_ENDIAN is NOT
 # defined.  The T90 ints and longs are 8 bytes long, and apparently the
 # B_ENDIAN code assumes 4 byte ints.  Fortunately, the non-B_ENDIAN and
 # non L_ENDIAN code aligns the bytes in each word correctly.
 #
 # The BIT_FIELD_LIMITS define is to avoid two fatal compiler errors:
 #'Taking the address of a bit field is not allowed. '
 #'An expression with bit field exists as the operand of "sizeof" '
 # (written by Wayne Schroeder <schroede@SDSC.EDU>)
 "cray-t90-cc", "cc: -DBIT_FIELD_LIMITS -DTERMIOS::SIXTY_FOUR_BIT_LONG DES_INT:::",
 #
 # Cray T3E (Research Center Juelich, beckman@acl.lanl.gov)
 #
 # The BIT_FIELD_LIMITS define was written for the C90 (it seems).  I added
 # another use.  Basically, the problem is that the T3E uses some bit fields
 # for some st_addr stuff, and then sizeof and address-of fails
 # I could not use the ams/alpha.o option because the Cray assembler, 'cam'
 # did not like it.
 "cray-t3e", "cc: -DBIT_FIELD_LIMITS -DTERMIOS::SIXTY_FOUR_BIT_LONG DES_INT:::",
 # DGUX, 88100.
 "dgux-R3-gcc",	"gcc:-O3 -fomit-frame-pointer::RC4_INDEX DES_UNROLL:::",
 "dgux-R4-gcc",	"gcc:-O3 -fomit-frame-pointer:-lnsl -lsocket:RC4_INDEX:RC4_INDEX DES_UNROLL:::",
 "dgux-R4-x86-gcc",	"gcc:-O3 -fomit-frame-pointer -DL_ENDIAN:-lnsl -lsocket:BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
 # SCO 5 - Ben Laurie <ben@algroup.co.uk> says the -O breaks the
 # SCO cc.
 "sco5-cc",  "cc::-lsocket:$x86_gcc_des ${x86_gcc_opts}:::", # des options?
 # Sinix RM400
 "SINIX-N","/usr/ucb/cc:-O2 -misaligned:-lucb:RC4_INDEX RC4_CHAR:::",
 # Windows NT, Microsoft Visual C++ 4.0
 "VC-NT","cl:::BN_LLONG RC4_INDEX ${x86_gcc_opts}:::",
 "VC-WIN32","cl:::BN_LLONG RC4_INDEX ${x86_gcc_opts}:::",
 "VC-WIN16","cl:::MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX THIRTY_TWO_BIT:::",
 "VC-W31-16","cl:::BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX SIXTEEN_BIT:::",
 "VC-W31-32","cl:::MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX THIRTY_TWO_BIT:::",
 "VC-MSDOS","cl:::BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX SIXTEEN_BIT:::",
 # Borland C++ 4.5
 "BC-32","bcc32:::DES_PTR RC4_INDEX:::",
 "BC-16","bcc:::BN_LLONG DES_PTR RC4_INDEX SIXTEEN_BIT:::",
 # CygWin32
 "CygWin32", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::BN_LLONG $x86_gcc_des $x86_gcc_opts:",
 # Our old Ultrix box :-). -O2 breaks some of the bignum stuff (now fixed,
 # it is a compiler bug, look in bug/ultrixcc.c for example code.
 "ultrix","cc:-O2 -DNOPROTO -DNOCONST -DL_ENDIAN:::asm/mips1.o:::",
 # Some OpenBSD from Bob Beck <beck@obtuse.com>
 "OpenBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer:SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:asm/alpha.o::",
 "OpenBSD-x86",  "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -m486::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_out_asm",
 "OpenBSD",      "gcc:-DTERMIOS -O3 -fomit-frame-pointer::BN_LLONG RC2_CHAR RC4_INDEX DES_UNROLL:::",
 "OpenBSD-mips","gcc:-O2 -DL_ENDIAN:BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR::::",
 );
 # Miscellaneous hacks: this is designed to allow environments where the "one
 # makefile" option does not auto build all files.
 # The first six fields are the hard coded versions of the stuff generated by
 # ctx_size for pem.h: that is EVP_ENCODE_CTX_SIZE, EVP_MD_SIZE EVP_MD_CTX_SIZE,
 # EVP_CIPHER_SIZE, EVP_CIPHER_CTX_SIZE and EVP_MAX_MD_SIZE respectively.
 # If the seventh field is 1 then auto generate
 # crypto/date.h
 # Need to add Win16 and others here.
 my %misc_table = (
 "VC-WIN32", 	"96:60:152:40:4212:20:1",
 "VC-NT", 	"96:60:152:40:4212:20:1"
 );
 my @WinTargets=qw(VC-NT VC-WIN32 VC-WIN16 VC-W31-16 VC-W31-32 VC-MSDOS BC-32
 	BC-16 CygWin32);
 my $no_asm=0;
 my $postfix="org";
 my $Makefile="Makefile.ssl";
 my $des_locl="crypto/des/des_locl.h";
 my $des	="crypto/des/des.h";
 my $bn	="crypto/bn/bn.h";
 my $md2	="crypto/md2/md2.h";
 my $rc4	="crypto/rc4/rc4.h";
 my $rc4_locl="crypto/rc4/rc4_locl.h";
 my $idea	="crypto/idea/idea.h";
 my $rc2	="crypto/rc2/rc2.h";
 my $bf	="crypto/bf/bf_locl.h";
 my $bn_asm	="bn_asm.o";
 my $des_enc="des_enc.o fcrypt_b.o";
 my $bf_enc	="bf_enc.o";
 my $cast_enc="c_enc.o";
 my $rc4_enc="rc4_enc.o";
 my $rc5_enc="rc5_enc.o";
 my $md5_obj="";
 my $sha1_obj="";
 my $rmd160_obj="";
 if ($#ARGV < 0)
 	{
 	&bad_target;
 	exit(1);
 	}
 my $flags="";
 my $libs="";
 my $target="";
 foreach (@ARGV)
 	{
 	if ($_ =~ /^no-asm$/)
 		{ $no_asm=1; }
 	elsif ($_ =~ /^-/)
 		{
 		if ($_ =~ /^-[lL](.*)$/)
 			{
 			$libs.=$_." ";
 			}
 		elsif ($_ =~ /^-D(.*)$/)
 			{
 			$flags.=$_." ";
 			}
 		elsif ($_ =~ /^-[fK](.*)$/)
 			{
 			$flags.=$_." ";
 			}
 		else
 			{
 			die "unknown options, only -Dxxx, -Lxxx, -lxxx, -fxxx and -Kxxx are supported\n";
 			}
 		}
 	elsif ($_ =~ /^([^:]+):(.+)$/) {
 		eval "\$table{\$1} = \"$2\""; # allow $xxx constructs in the string
 		$target=$1;
 	}
 	else
 		{
 		die "target already defined - $target\n" if ($target ne "");
 		$target=$_;
 		if (!defined($table{$target}))
 			{
 			&bad_target;
 			exit(1);
 			}
 		}
 	}
 if (!defined($table{$target}))
 	{
 	&bad_target;
 	exit(1);
 	}
 my $IsWindows=scalar grep /^$target$/,@WinTargets;
 print "IsWindows=$IsWindows\n";
 (my $cc,my $cflags,my $lflags,my $bn_ops,my $bn_obj,my $des_obj,my $bf_obj,
 $md5_obj,$sha1_obj,my $cast_obj,my $rc4_obj,$rmd160_obj,my $rc5_obj)=
 	split(/\s*:\s*/,$table{$target} . ":" x 20 , -1);
 $cflags="$flags$cflags" if ($flags ne "");
 $lflags="$libs$lflags"if ($libs ne "");
 if ($no_asm)
 	{
 	$bn_obj=$des_obj=$bf_obj=$cast_obj=$rc4_obj=$rc5_obj="";
 	$sha1_obj=$md5_obj=$rmd160_obj="";
 	}
 #my ($bn1)=split(/\s+/,$bn_obj);
 #$bn1 = "" unless defined $bn1;
 #$bn1=$bn_asm unless ($bn1 =~ /\.o$/);
 #$bn_obj="$bn1";
 $bn_obj = $bn_asm unless $bn_obj ne "";
 $des_obj=$des_enc	unless ($des_obj =~ /\.o$/);
 $bf_obj=$bf_enc		unless ($bf_obj =~ /\.o$/);
 $cast_obj=$cast_enc	unless ($cast_obj =~ /\.o$/);
 $rc4_obj=$rc4_enc	unless ($rc4_obj =~ /\.o$/);
 $rc5_obj=$rc5_enc	unless ($rc5_obj =~ /\.o$/);
 if ($sha1_obj =~ /\.o$/)
 	{
 #	$sha1_obj=$sha1_enc;
 	$cflags.=" -DSHA1_ASM";
 	}
 if ($md5_obj =~ /\.o$/)
 	{
 #	$md5_obj=$md5_enc;
 	$cflags.=" -DMD5_ASM";
 	}
 if ($rmd160_obj =~ /\.o$/)
 	{
 #	$rmd160_obj=$rmd160_enc;
 	$cflags.=" -DRMD160_ASM";
 	}
 open(IN,'<Makefile.org') || die "unable to read Makefile.org:$!\n";
 open(OUT,">$Makefile") || die "unable to create $Makefile:$!\n";
 while (<IN>)
 	{
 	chop;
 	s/^PLATFORM=.*$/PLATFORM=$target/;
 	s/^CC=.*$/CC= $cc/;
 	s/^CFLAG=.*$/CFLAG= $cflags/;
 	s/^EX_LIBS=.*$/EX_LIBS= $lflags/;
 	s/^BN_ASM=.*$/BN_ASM= $bn_obj/;
 	s/^DES_ENC=.*$/DES_ENC= $des_obj/;
 	s/^BF_ENC=.*$/BF_ENC= $bf_obj/;
 	s/^CAST_ENC=.*$/CAST_ENC= $cast_obj/;
 	s/^RC4_ENC=.*$/RC4_ENC= $rc4_obj/;
 	s/^RC5_ENC=.*$/RC5_ENC= $rc5_obj/;
 	s/^MD5_ASM_OBJ=.*$/MD5_ASM_OBJ= $md5_obj/;
 	s/^SHA1_ASM_OBJ=.*$/SHA1_ASM_OBJ= $sha1_obj/;
 	s/^RMD160_ASM_OBJ=.*$/RMD160_ASM_OBJ= $rmd160_obj/;
 	print OUT $_."\n";
 	}
 close(IN);
 close(OUT);
 print "CC            =$cc\n";
 print "CFLAG         =$cflags\n";
 print "EX_LIBS       =$lflags\n";
 print "BN_ASM        =$bn_obj\n";
 print "DES_ENC       =$des_obj\n";
 print "BF_ENC        =$bf_obj\n";
 print "CAST_ENC      =$cast_obj\n";
 print "RC4_ENC       =$rc4_obj\n";
 print "RC5_ENC       =$rc5_obj\n";
 print "MD5_OBJ_ASM   =$md5_obj\n";
 print "SHA1_OBJ_ASM  =$sha1_obj\n";
 print "RMD160_OBJ_ASM=$rmd160_obj\n";
 my $des_ptr=0;
 my $des_risc1=0;
 my $des_risc2=0;
 my $des_unroll=0;
 my $bn_ll=0;
 my $def_int=2;
 my $rc4_int=$def_int;
 my $md2_int=$def_int;
 my $idea_int=$def_int;
 my $rc2_int=$def_int;
 my $rc4_idx=0;
 my $bf_ptr=0;
 my @type=("char","short","int","long");
 my ($b64l,$b64,$b32,$b16,$b8)=(0,0,1,0,0);
 my $des_int;
 foreach (sort split(/\s+/,$bn_ops))
 	{
 	$des_ptr=1 if /DES_PTR/;
 	$des_risc1=1 if /DES_RISC1/;
 	$des_risc2=1 if /DES_RISC2/;
 	$des_unroll=1 if /DES_UNROLL/;
 	$des_int=1 if /DES_INT/;
 	$bn_ll=1 if /BN_LLONG/;
 	$rc4_int=0 if /RC4_CHAR/;
 	$rc4_int=3 if /RC4_LONG/;
 	$rc4_idx=1 if /RC4_INDEX/;
 	$md2_int=0 if /MD2_CHAR/;
 	$md2_int=3 if /MD2_LONG/;
 	$idea_int=1 if /IDEA_SHORT/;
 	$idea_int=3 if /IDEA_LONG/;
 	$rc2_int=1 if /RC2_SHORT/;
 	$rc2_int=3 if /RC2_LONG/;
 	$bf_ptr=1 if $_ eq "BF_PTR";
 	$bf_ptr=2 if $_ eq "BF_PTR2";
 	($b64l,$b64,$b32,$b16,$b8)=(0,1,0,0,0) if /SIXTY_FOUR_BIT/;
 	($b64l,$b64,$b32,$b16,$b8)=(1,0,0,0,0) if /SIXTY_FOUR_BIT_LONG/;
 	($b64l,$b64,$b32,$b16,$b8)=(0,0,1,0,0) if /THIRTY_TWO_BIT/;
 	($b64l,$b64,$b32,$b16,$b8)=(0,0,0,1,0) if /SIXTEEN_BIT/;
 	($b64l,$b64,$b32,$b16,$b8)=(0,0,0,0,1) if /EIGHT_BIT/;
 	}
 ((my $in=$bn) =~ s/\.([^.]+)/.$postfix/);
 my $n=&file_new($bn);
 open(IN,"<".$in) || die "unable to read $bn:$!\n";
 open(OUT,">$n") || die "unable to read $n:$!\n";
 while (<IN>)
 	{
 	if	(/^#((define)|(undef))\s+SIXTY_FOUR_BIT_LONG/)
 		{ printf OUT "#%s SIXTY_FOUR_BIT_LONG\n",($b64l)?"define":"undef"; }
 	elsif	(/^#((define)|(undef))\s+SIXTY_FOUR_BIT/)
 		{ printf OUT "#%s SIXTY_FOUR_BIT\n",($b64)?"define":"undef"; }
 	elsif	(/^#((define)|(undef))\s+THIRTY_TWO_BIT/)
 		{ printf OUT "#%s THIRTY_TWO_BIT\n",($b32)?"define":"undef"; }
 	elsif	(/^#((define)|(undef))\s+SIXTEEN_BIT/)
 		{ printf OUT "#%s SIXTEEN_BIT\n",($b16)?"define":"undef"; }
 	elsif	(/^#((define)|(undef))\s+EIGHT_BIT/)
 		{ printf OUT "#%s EIGHT_BIT\n",($b8)?"define":"undef"; }
 	elsif	(/^#((define)|(undef))\s+BN_LLONG\s*$/)
 		{ printf OUT "#%s BN_LLONG\n",($bn_ll)?"define":"undef"; }
 	else
 		{ print OUT $_; }
 	}
 close(IN);
 close(OUT);
 &Rename($bn,&file_old($bn));
 &Rename($n,$bn);
 (($in=$des) =~ s/\.([^.]+)/.$postfix/);
 $n=&file_new($des);
 open(IN,"<".$in) || die "unable to read $des:$!\n";
 open(OUT,">$n") || die "unable to read $n:$!\n";
 while (<IN>)
 	{
 	if	(/^\#define\s+DES_LONG\s+.*/)
 		{ printf OUT "#define DES_LONG unsigned %s\n",
 			($des_int)?'int':'long'; }
 	else
 		{ print OUT $_; }
 	}
 close(IN);
 close(OUT);
 &Rename($des,&file_old($des));
 &Rename($n,$des);
 (($in=$des_locl) =~ s/\.([^.]+)/.$postfix/);
 $n=&file_new($des_locl);
 open(IN,"<".$in) || die "unable to read $des_locl:$!\n";
 open(OUT,">$n") || die "unable to read $n:$!\n";
 while (<IN>)
 	{
 	if	(/^\#(define|undef)\s+DES_PTR/)
 		{ printf OUT "#%s DES_PTR\n",($des_ptr)?'define':'undef'; }
 	elsif	(/^\#(define|undef)\s+DES_RISC1/)
 		{ printf OUT "#%s DES_RISC1\n",($des_risc1)?'define':'undef'; }
 	elsif	(/^\#(define|undef)\s+DES_RISC2/)
 		{ printf OUT "#%s DES_RISC2\n",($des_risc2)?'define':'undef'; }
 	elsif	(/^\#(define|undef)\s+DES_UNROLL/)
 		{ printf OUT "#%s DES_UNROLL\n",($des_unroll)?'define':'undef'; }
 	else
 		{ print OUT $_; }
 	}
 close(IN);
 close(OUT);
 &Rename($des_locl,&file_old($des_locl));
 &Rename($n,$des_locl);
 (($in=$rc4) =~ s/\.([^.]+)/.$postfix/);
 $n=&file_new($rc4);
 open(IN,"<".$in) || die "unable to read $rc4:$!\n";
 open(OUT,">$n") || die "unable to read $n:$!\n";
 while (<IN>)
 	{
 	if	(/^#define\s+RC4_INT\s/)
 		{ printf OUT "#define RC4_INT unsigned %s\n",$type[$rc4_int]; }
 	else
 		{ print OUT $_; }
 	}
 close(IN);
 close(OUT);
 &Rename($rc4,&file_old($rc4));
 &Rename($n,$rc4);
 (($in=$rc4_locl) =~ s/\.([^.]+)/.$postfix/);
 $n=&file_new($rc4_locl);
 open(IN,"<".$in) || die "unable to read $rc4_locl:$!\n";
 open(OUT,">$n") || die "unable to read $n:$!\n";
 while (<IN>)
 	{
 	if	(/^#((define)|(undef))\s+RC4_INDEX/)
 		{ printf OUT "#%s RC4_INDEX\n",($rc4_idx)?"define":"undef"; }
 	else
 		{ print OUT $_; }
 	}
 close(IN);
 close(OUT);
 &Rename($rc4_locl,&file_old($rc4_locl));
 &Rename($n,$rc4_locl);
 (($in=$md2) =~ s/\.([^.]+)/.$postfix/);
 $n=&file_new($md2);
 open(IN,"<".$in) || die "unable to read $bn:$!\n";
 open(OUT,">$n") || die "unable to read $n:$!\n";
 while (<IN>)
 	{
 	if	(/^#define\s+MD2_INT\s/)
 		{ printf OUT "#define MD2_INT unsigned %s\n",$type[$md2_int]; }
 	else
 		{ print OUT $_; }
 	}
 close(IN);
 close(OUT);
 &Rename($md2,&file_old($md2));
 &Rename($n,$md2);
 (($in=$idea) =~ s/\.([^.]+)/.$postfix/);
 $n=&file_new($idea);
 open(IN,"<".$in) || die "unable to read $idea:$!\n";
 open(OUT,">$n") || die "unable to read $n:$!\n";
 while (<IN>)
 	{
 	if	(/^#define\s+IDEA_INT\s/)
 		{printf OUT "#define IDEA_INT unsigned %s\n",$type[$idea_int];}
 	else
 		{ print OUT $_; }
 	}
 close(IN);
 close(OUT);
 &Rename($idea,&file_old($idea));
 &Rename($n,$idea);
 (($in=$rc2) =~ s/\.([^.]+)/.$postfix/);
 $n=&file_new($rc2);
 open(IN,"<".$in) || die "unable to read $rc2:$!\n";
 open(OUT,">$n") || die "unable to read $n:$!\n";
 while (<IN>)
 	{
 	if	(/^#define\s+RC2_INT\s/)
 		{printf OUT "#define RC2_INT unsigned %s\n",$type[$rc2_int];}
 	else
 		{ print OUT $_; }
 	}
 close(IN);
 close(OUT);
 &Rename($rc2,&file_old($rc2));
 &Rename($n,$rc2);
 (($in=$bf) =~ s/\.([^.]+)/.$postfix/);
 $n=&file_new($bf);
 open(IN,"<".$in) || die "unable to read $bf:$!\n";
 open(OUT,">$n") || die "unable to read $n:$!\n";
 while (<IN>)
 	{
 	if (/^#(define|undef)\s+BF_PTR/)
 		{
 		printf OUT "#undef BF_PTR\n" if $bf_ptr == 0;
 		printf OUT "#define BF_PTR\n" if $bf_ptr == 1;
 		printf OUT "#define BF_PTR2\n" if $bf_ptr == 2;
 		}
 	else
 		{ print OUT $_; }
 	}
 close(IN);
 close(OUT);
 &Rename($bf,&file_old($bf));
 &Rename($n,$bf);
 # Now the miscellaneous fixups
 if(defined $misc_table{$target}) {
 	my ($enc_ctx, $md_size, $md_ctx_size, $cipher_size, $cipher_ctx_size,
 		$max_md_size, $date_fix) = 
 		split(/\s*:\s*/,$misc_table{$target} . ":", -1);
 #print "EVP_ENCODE_CTX_SIZE $enc_ctx\n";
 #print "EVP_MD_SIZE $md_size\n";
 #print "EVP_MD_CTX_SIZE $md_ctx_size\n";
 #print "EVP_CIPHER_SIZE $cipher_size\n";
 #print "EVP_CIPHER_CTX_SIZE $cipher_ctx_size\n";
 #print "EVP_MAX_MD_SIZE $max_md_size\n";
 #printf "Date fix: %s\n", $date_fix ? "Yes" : "No";
 # Fix the date
 if($date_fix) {
 	open (OUT,">crypto/date.h") || die "Can't open date.h";
 	printf OUT "#define DATE \"%s\"\n", scalar gmtime();
 	close(OUT);
 }
 open (IN, "crypto/pem/pem.org") || die "Can't open crypto/pem/pem.org";
 open (OUT, ">crypto/pem/pem.h") || die "Can't create crypto/pem/pem.h";
 # Now fix up pem.h
 while(<IN>) {
 	chop;
 	s/^(#define EVP_ENCODE_CTX_SIZE).*$/$1 $enc_ctx/;
 	s/^(#define EVP_MD_SIZE).*$/$1 $md_size/;
 	s/^(#define EVP_MD_CTX_SIZE).*$/$1 $md_ctx_size/;
 	s/^(#define EVP_CIPHER_SIZE).*$/$1 $cipher_size/;
 	s/^(#define EVP_CIPHER_CTX_SIZE).*$/$1 $cipher_ctx_size/;
 	s/^(#define EVP_MAX_MD_SIZE).*$/$1 $max_md_size/;
 	print OUT "$_\n";
 }
 close (IN);
 close (OUT);
 }
 print "SIXTY_FOUR_BIT_LONG mode\n" if $b64l;
 print "SIXTY_FOUR_BIT mode\n" if $b64;
 print "THIRTY_TWO_BIT mode\n" if $b32;
 print "SIXTEEN_BIT mode\n" if $b16;
 print "EIGHT_BIT mode\n" if $b8;
 print "DES_PTR used\n" if $des_ptr;
 print "DES_RISC1 used\n" if $des_risc1;
 print "DES_RISC2 used\n" if $des_risc2;
 print "DES_UNROLL used\n" if $des_unroll;
 print "DES_INT used\n" if $des_int;
 print "BN_LLONG mode\n" if $bn_ll;
 print "RC4 uses u$type[$rc4_int]\n" if $rc4_int != $def_int;
 print "RC4_INDEX mode\n" if $rc4_idx;
 print "MD2 uses u$type[$md2_int]\n" if $md2_int != $def_int;
 print "IDEA uses u$type[$idea_int]\n" if $idea_int != $def_int;
 print "RC2 uses u$type[$rc2_int]\n" if $rc2_int != $def_int;
 print "BF_PTR used\n" if $bf_ptr == 1; 
 print "BF_PTR2 used\n" if $bf_ptr == 2; 
 system 'make -f Makefile.ssl links' if !$IsWindows;
 exit(0);
 sub bad_target
 	{
 	print STDERR "Usage: Configure [-Dxxx] [-Lxxx] [-lxxx] os/compiler\n";
 	print STDERR "pick os/compiler from:";
 	my $j=0;
 	my $i;
 	foreach $i (sort keys %table)
 		{
 		print STDERR "\n" if ($j++ % 4) == 0;
 		printf(STDERR "%-18s ",$i);
 		}
 	print STDERR "\n";
 	}
 sub Rename
 	{
 	my($from,$to)=@_;
 	unlink($to);
 	if(!rename($from,$to))
 	    {
 	     -e $from && die "unable to rename $from to $to:$!\n";
 	    }
 	}
 sub file_new { my($a)=@_; $a =~ s/(\.[^.]+$|$)/.new/; $a; }
 sub file_old { my($a)=@_; $a =~ s/(\.[^.]+$|$)/.old/; $a; }
--- a/262
+++ b/262
@@ -1,262 +0,0 @@
 INSTALLATION ON THE UNIX PLATFORM
 ---------------------------------
 [For instructions for compiling OpenSSL on Windows systems, see INSTALL.W32].
 To install OpenSSL, you will need:
  * Perl
  * C compiler
  * A supported Unix operating system
 Quick Start
 -----------
 If you want to just get on with it, do:
  $ ./config                  [if this fails, go to step 1b below]
  $ make
  $ make rehash
  $ make test
  $ make install
 This will build and install OpenSSL in the default location, which is (for
 historical reasons) /usr/local/ssl. If you want to install it anywhere else,
 do this after running `sh config':
  $ perl util/ssldir.pl /new/install/path
 If anything goes wrong, follow the detailed instructions below. If your
 operating system is not (yet) supported by OpenSSL, see the section on
 porting to a new system.
 Installation in Detail
 ----------------------
 1a. Configure OpenSSL for your operation system automatically:
       $ ./config
     This guesses at your operating system (and compiler, if necessary) and
     configures OpenSSL based on this guess. Check the first line of output to
     see if it guessed correctly. If it did not get it correct or you want to
     use a different compiler then go to step 1b. Otherwise go to step 2.
 1b. Configure OpenSSL for your operating system manually
     OpenSSL knows about a range of different operating system, hardware and
     compiler combinations. To see the ones it knows about, run
       $ ./Configure
     Pick a suitable name from the list that matches your system. For most
     operating systems there is a choice between using "cc" or "gcc".  When
     you have identified your system (and if necessary compiler) use this name
     as the argument to ./Configure. For example, a "linux-elf" user would
     run:
       $ ./Configure linux-elf
     If your system is not available, you will have to edit the Configure
     program and add the correct configuration for your system.
     Configure configures various files by converting an existing .org file
     into the real file. If you edit any files, remember that if a
     corresponding .org file exists them the next time you run ./Configure
     your changes will be lost when the file gets re-created from the .org
     file. The files that are created from .org files are:
       Makefile.ssl
       crypto/des/des.h
       crypto/des/des_locl.h
       crypto/md2/md2.h
       crypto/rc4/rc4.h
       crypto/rc4/rc4_enc.c
       crypto/rc2/rc2.h
       crypto/bf/bf_locl.h
       crypto/idea/idea.h
       crypto/bn/bn.h
  2. Set the install directory
     If the install directory will be the default of /usr/local/ssl, skip to
     the next stage. Otherwise, run
        $ perl util/ssldir.pl /new/install/path
     This configures the installation location into the "install" target of
     the top-level Makefile, and also updates some defines in an include file
     so that the default certificate directory is under the proper
     installation directory. It also updates a few utility files used in the
     build process.
  3. Build OpenSSL by running:
       $ make
     This will build the OpenSSL libraries (libcrypto.a and libssl.a) and the
     OpenSSL binary ("openssl"). The libraries will be built in the top-level
     directory, and the binary will be in the "apps" directory.
  4. After a successful build, the libraries should be tested. Run:
       $ make rehash
       $ make test
     (The first line makes the test certificates in the "certs" directory
     accessable via an hash name, which is required for some of the tests).
  5. If everything tests ok, install OpenSSL with
       $ make install
     This will create the installation directory (if it does not exist) and
     then create the following subdirectories:
       bin            Contains the openssl binary and a few other 
                      utility programs. 
       include        Contains the header files needed if you want to
                      compile programs with libcrypto or libssl.
       lib            Contains the library files themselves and the
                      OpenSSL configuration file "openssl.cnf".
       certs          Initially empty, this is the default location
                      for certificate files.
       private        Initially empty, this is the default location
                      for private key files.
 --------------------------------------------------------------------------------
 The orignal Unix build instructions from SSLeay follow. 
 Note: some of this may be out of date and no longer applicable
 --------------------------------------------------------------------------------
 # When bringing the SSLeay distribution back from the evil intel world
 # of Windows NT, do the following to make it nice again under unix :-)
 # You don't normally need to run this.
 sh util/fixNT.sh	# This only works for NT now - eay - 21-Jun-1996
 # If you have perl, and it is not in /usr/local/bin, you can run
 perl util/perlpath.pl /new/path
 # and this will fix the paths in all the scripts.  DO NOT put
 # /new/path/perl, just /new/path. The build
 # environment always run scripts as 'perl perlscript.pl' but some of the
 # 'applications' are easier to usr with the path fixed.
 # Edit crypto/cryptlib.h, tools/c_rehash, and Makefile.ssl
 # to set the install locations if you don't like
 # the default location of /usr/local/ssl
 # Do this by running
 perl util/ssldir.pl /new/ssl/home
 # if you have perl, or by hand if not.
 # If things have been stuffed up with the sym links, run
 make -f Makefile.ssl links
 # This will re-populate lib/include with symlinks and for each
 # directory, link Makefile to Makefile.ssl
 # Setup the machine dependent stuff for the top level makefile
 # and some select .h files
 # If you don't have perl, this will bomb, in which case just edit the
 # top level Makefile.ssl
 ./Configure 'system type'
 # The 'Configure' command contains default configuration parameters
 # for lots of machines.  Configure edits 5 lines in the top level Makefile
 # It modifies the following values in the following files
 Makefile.ssl		CC CFLAG EX_LIBS BN_MULW
 crypto/des/des.h	DES_LONG
 crypto/des/des_locl.h	DES_PTR
 crypto/md2/md2.h	MD2_INT
 crypto/rc4/rc4.h	RC4_INT
 crypto/rc4/rc4_enc.c	RC4_INDEX
 crypto/rc2/rc2.h	RC2_INT
 crypto/bf/bf_locl.h	BF_INT
 crypto/idea/idea.h	IDEA_INT
 crypto/bn/bn.h		BN_LLONG (and defines one of SIXTY_FOUR_BIT,
 				  SIXTY_FOUR_BIT_LONG, THIRTY_TWO_BIT,
 				  SIXTEEN_BIT or EIGHT_BIT)
 Please remember that all these files are actually copies of the file with
 a .org extention.  So if you change crypto/des/des.h, the next time
 you run Configure, it will be runover by a 'configured' version of
 crypto/des/des.org.  So to make the changer the default, change the .org
 files.  The reason these files have to be edited is because most of
 these modifications change the size of fundamental data types.
 While in theory this stuff is optional, it often makes a big
 difference in performance and when using assember, it is importaint
 for the 'Bignum bits' match those required by the assember code.
 A warning for people using gcc with sparc cpu's.  Gcc needs the -mv8
 flag to use the hardware multiply instruction which was not present in
 earlier versions of the sparc CPU.  I define it by default.  If you
 have an old sparc, and it crashes, try rebuilding with this flag
 removed.  I am leaving this flag on by default because it makes
 things run 4 times faster :-)
 # clean out all the old stuff
 make clean
 # Do a make depend only if you have the makedepend command installed
 # This is not needed but it does make things nice when developing.
 make depend
 # make should build everything
 make
 # fix up the demo certificate hash directory if it has been stuffed up.
 make rehash
 # test everything
 make test
 # install the lot
 make install
 # It is worth noting that all the applications are built into the one
 # program, ssleay, which is then has links from the other programs
 # names to it.
 # The applicatons can be built by themselves, just don't define the
 # 'MONOLITH' flag.  So to build the 'enc' program stand alone,
 gcc -O2 -Iinclude apps/enc.c apps/apps.c libcrypto.a
 # Other useful make options are
 make makefile.one
 # which generate a 'makefile.one' file which will build the complete
 # SSLeay distribution with temp. files in './tmp' and 'installable' files
 # in './out'
 # Have a look at running
 perl util/mk1mf.pl help
 # this can be used to generate a single makefile and is about the only
 # way to generate makefiles for windows.
 # There is actually a final way of building SSLeay.
 gcc -O2 -c -Icrypto -Iinclude crypto/crypto.c
 gcc -O2 -c -Issl -Iinclude ssl/ssl.c
 # and you now have the 2 libraries as single object files :-).
 # If you want to use the assember code for your particular platform
 # (DEC alpha/x86 are the main ones, the other assember is just the
 # output from gcc) you will need to link the assember with the above generated
 # object file and also do the above compile as
 gcc -O2 -DBN_ASM -c -Icrypto -Iinclude crypto/crypto.c
 This last option is probably the best way to go when porting to another
 platform or building shared libraries.  It is not good for development so
 I don't normally use it.
 To build shared libararies under unix, have a look in shlib, basically 
 you are on your own, but it is quite easy and all you have to do
 is compile 2 (or 3) files.
 For mult-threading, have a read of doc/threads.doc.  Again it is quite
 easy and normally only requires some extra callbacks to be defined
 by the application.
 The examples for solaris and windows NT/95 are in the mt directory.
 have fun
 eric 25-Jun-1997
 IRIX 5.x will build as a 32 bit system with mips1 assember.
 IRIX 6.x will build as a 64 bit system with mips3 assember.  It conforms
 to n32 standards. In theory you can compile the 64 bit assember under
 IRIX 5.x but you will have to have the correct system software installed.
--- a/INSTALL.W32
+++ b/INSTALL.W32
@@ -1,249 +0,0 @@
 INSTALLATION ON THE WIN32 PLATFORM
 ----------------------------------
 Heres a few comments about building OpenSSL in Windows environments. Most of
 this is tested on Win32 but it may also work in Win 3.1 with some
 modification.  See the end of this file for Eric's original comments.
 Note: the default Win32 environment is to leave out any Windows NT specific
 features: (currently only BIO_s_log()) if you want NT specific features see
 the "Tweaks" section later.
 You will need perl for Win32 (which can be got from various sources) and
 Visual C++. 
 If you are compiling from a tarball or a CVS snapshot then the Win32 files
 may well be not up to date. This may mean that some "tweaking" is required to
 get it all to work. See the trouble shooting section later on for if (when?)
 it goes wrong.
 Firstly you should run Configure:
 > perl Configure VC-WIN32
 Then rebuild the Win32 Makefiles and friends:
 > ms\do_ms
 If you get errors about things not having numbers assigned then check the
 troubleshooting section: you probably wont be able to compile it as it
 stands.
 Then from the VC++ environment at a prompt do:
 > nmake -f ms\ntdll.mak
 If all is well it should compile and you will have some DLLs and executables
 in out32dll. If you want to try the tests then do:
 > cd out32dll
 > ..\ms\test
 Troubleshooting
 ---------------
 Since the Win32 build is only occasionally tested it may not always compile
 cleanly.  If you get an error about functions not having numbers assigned
 when you run ms\do_ms then this means the Win32 ordinal files are not up to
 date. You can do:
 > perl util\mkdef.pl crypto ssl update
 then ms\do_ms should not give a warning any more. However the numbers that
 get assigned by this technique may not match those that eventually get
 assigned in the CVS tree: so anything linked against this version of the
 library may need to be recompiled.
 If you get errors about unresolved externals then this means that either you
 didn't read the note above about functions not having numbers assigned or
 someone forgot to add a function to the header file.
 In this latter case check out the header file to see if the function is
 defined in the header file: it should be defined twice: once with ANSI
 prototypes and once without. If its missing from the non ASNI section then
 add an entry for it: check that ms\do_ms now reports missing numbers and
 update the numbers as above.
 If you get warnings in the code then the compilation will halt.
 The default Makefile for Win32 halts whenever any warnings occur. Since VC++
 has its own ideas about warnings which don't always match up to other
 environments this can happen. The best fix is to edit the file with the
 warning in and fix it. Alternatively you can turn off the halt on warnings by
 editing the CFLAG line in the Makefile and deleting the /WX option.
 You might get compilation errors. Again you will have to fix these or report
 them.
 One final comment about compiling applications linked to the OpenSSL library.
 If you don't use the multithreaded DLL runtime library (/MD option) your
 program will almost certainly crash: see the original SSLeay description
 below for more details.
 Tweaks
 ------
 There are various changes you can make to the Win32 compile environment. If
 you have the MASM assembler 'ml' then you can try the assembly language code.
 To do this remove the 'no-asm' part from do_ms.bat. You can also add 'debug'
 here to make a debugging version of the library.
 If you want to enable the NT specific features of OpenSSL (currently only the
 logging BIO) follow the instructions above but call the batch file do_nt.bat
 instead of do_ms.bat.
 You can also build a static version of the library using the Makefile
 ms\nt.mak
 --------------------------------------------------------------------------------
 The orignal Windows build instructions from SSLeay follow. 
 Note: some of this may be out of date and no longer applicable
 --------------------------------------------------------------------------------
 The Microsoft World.
 The good news, to build SSLeay for the Microsft World
 Windows 3.1 DLL's
 perl Configure VC-WIN16
 nmake -f ms\w31dll.mak
 Windows NT/95 DLL's
 perl Configure VC-WIN32
 nmake -f ms\ntdll.mak
 Now the bad news
 All builds were done using Microsofts Visual C++ 1.52c and [45].x.
 If you are a borland person, you are probably going to have to help me
 finish the stuff in util/pl/BC*pl
 All builds were made under Windows NT - this means long filenames, so
 you may have problems under Windows 3.1 but probably not under 95.
 Because file pointers don't work in DLL's under Windows 3.1 (well at
 least stdin/stdout don't and I don't like having to differentiate
 between these and other file pointers), I now use the BIO file-pointer
 module, which needs to be linked into your application.  You can either
 use the memory buffer BIO for IO, or compile bss_file.c into your
 application, it is in the apps directory and is just a copy of
 crypto/buffer/bss_file.c with #define APPS_WIN16 added.
 I have not yet automated the makefile to automatically copy it into 'out'
 for a win 3.1 build....
 All callbacks passed into SSLeay for Windows 3.1 need to be of type
 _far _loadds.
 I don't support building with the pascal calling convention.
 The DLL and static builds are large memory model.
 To build static libraries for NT/95 or win 3.1
 perl util/mk1mf.pl VC-WIN32 > mf-stat.nt
 perl util/mk1mf.pl VC-WIN16 > mf-stat.w31
 for DLL's
 perl util/mk1mf.pl dll VC-WIN32	> mf-dll.nt
 perl util/mk1mf.pl dll VC-WIN16 > mf-dll.w31
 Again you will notice that if you dont have perl, you cannot do this.
 Now the next importaint issue.  Running Configure!
 I have small assember code files for critical big number library operation
 in crypto/bn/asm.  There is, asm code, object files and uuencode
 object files.  They are
 x86nt32.asm	- 32bit flat memory model assember - suitable Win32
 x86w16.asm	- 16bit assember - used in the msdos build.
 x86w32.asm	- 32bit assember, win 3.1 segments, used for win16 build.
 If you feel compelled to build the 16bit maths routines in the windows 3.1
 build,
 perl Configure VC-W31-16
 perl util/mk1mf.pl dll VC-W31-16 > mf-dll.w31
 If you hate assember and don't want anything to do with it,
 perl util/mk1mf.pl no-asm VC-WIN16 > mf-dll.w31
 will work for any of the makefile generations.
 There are more options to mk1mf.pl but these all leave the temporary
 files in 'tmp' and the output files in 'out' by default.
 The NT build is done for console mode.
 The Windows 3.1 version of SSLeay uses quickwin, the interface is ugly
 but it is better than nothing.  If you want ugly, try doing anything
 that involves getting a password.  I decided to be ugly instead of
 echoing characters.  For Windows 3.1 I would just sugest using the
 msdos version of the ssleay application for command line work.
 The QuickWin build is primarily for testing.
 For both NT and Windows 3.1, I have not written the code so that
 s_client, s_server can take input from the keyboard.  You can happily
 start applications up in separate windows, watch them handshake, and then sit
 there for-ever.  I have not had the time to get this working, and I've
 been able to test things from a unix box to the NT box :-).
 Try running ssleay s_server on the windows box
 (with either -cert ../apps/server.pem -www)
 and run ssleay s_time from another window.
 This often stuffs up on Windows 3.1, but I'm not worried since this is
 probably a problem with my demo applications, not the libraries.
 After a build of one of the version of microsoft SSLeay,
 'cd ms' and then run 'test'.  This should check everything out and
 even does a trial run of generating certificates.
 'test.bat' requires that perl be install, you be in the ms directory
 (not the test directory, thats for unix so stay out :-) and that the
 build output directory be ../out 
 On a last note, you will probably get division by zero errors and
 stuff after a build.  This is due to your own inability to follow
 instructions :-).
 The reasons for the problem is probably one of the following.
 1)	You did not run Configure.  This is critical for windows 3.1 when
 	using assember.  The values in crypto/bn/bn.h must match the
 	ones requred for the assember code.  (remember that if you
 	edit crypto/bn/bn.h by hand, it will be clobered the next time
 	you run Configure by the contents of crypto/bn/bn.org).
 	SSLeay version -o will list the compile options.
 	For VC-WIN32 you need bn(64,32) or bn(32,32)
 	For VC-W31-32/VC-WIN16 you need bn(32,32)
 	For VC-W31-16 you need bn(32,16) or bn(16,16)
 	For VC-MSDOS you need bn(32,16) or bn(16,16).
 	The first number will be 2 times bigger than the second if
 	BN_LLONG is defined in bn.h and the size of the second number
 	depends on the 'bits' defined at the start of bn.h.  Have a
 	look, it's all reasonably clear.
 	If you want to start messing with 8 bit builds and things like
 	that, build without the assember by re-generating a makefile
 	via 'perl util/mk1mf.pl no-asm'.
 2)	You tried to build under MS-DOS or Windows 3.1 using the /G3
 	option.  Don't.  It is buggy (thats why you just got that
 	error) and unless you want to work out which optimising flag
 	to turn off, I'm not going to help you :-).  I also noticed
 	that code often ran slower when compiled with /G3.
 3)	Under NT/95, malloc goes stupid.  You are probably linking with
 	the wrong library, there are problems if you mix the threaded
 	and non-threaded libraries (due to the DLL being staticly
 	linked with one and the applicaion using another.
 Well hopefully thats most of the MS issues handled, see you in ssl-users :-).
 eric 30-Aug-1996
 SSLeay 0.6.5
 For Windows 95/NT, add CRYPTO_malloc_init() to your program before any
 calls to the SSLeay libraries.  This function will insert callbacks so that
 the SSLeay libraries will use the same malloc(), free() and realloc() as
 your application so 'problem 3)' mentioned above will go away.
 There is now DES assember for Windows NT/95.  The file is
 crypto/des/asm/win32.asm and replaces crypto/des/des_enc.c in the build.
 There is also Blowfish assember for Windows NT/95.  The file is
 crypto/bf/asm/win32.asm and replaces crypto/bf/bf_enc.c in the build.
 eric 25-Jun-1997
--- a/127
+++ b/127
@@ -1,127 +0,0 @@
  LICENSE ISSUES
  ==============
  The OpenSSL toolkit stays under a dual license, i.e. both the conditions of
  the OpenSSL License and the original SSLeay license apply to the toolkit.
  See below for the actual license texts. Actually both licenses are BSD-style
  Open Source licenses. In case of any license issues related to OpenSSL
  please contact openssl-core@openssl.org.
  OpenSSL License
  ---------------
 /* ====================================================================
 * Copyright (c) 1998-1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer. 
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    openssl-core@openssl.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */
 Original SSLeay License
 -----------------------
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
 * 
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
 * 
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *    "This product includes cryptographic software written by
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
 * 4. If you include any Windows specific code (or a derivative thereof) from 
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
 * 
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 * 
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */
--- a/1018
+++ b/1018
--- a/Makefile.org
+++ b/Makefile.org
@@ -1,304 +0,0 @@
 ##
 ## Makefile for OpenSSL
 ##
 VERSION = 0.9.2b
 PLATFORM=dist
 # NOCONST - Define for C compilers that don't like the const key word.
 # NOPROTO - Define in if your compiler does not support prototypes.
 # RSAref  - Define if we are to link with RSAref.
 # NO_IDEA - Define to build without the IDEA algorithm
 # NO_RC4  - Define to build without the RC4 algorithm
 # NO_RC2  - Define to build without the RC2 algorithm
 # THREADS - Define when building with threads, you will probably also need any
 #           system defines as well, i.e. _REENTERANT for Solaris 2.[34]
 # TERMIO  - Define the termio terminal subsystem, needed if sgtty is missing.
 # TERMIOS - Define the termios terminal subsystem, Silicon Graphics.
 # LONGCRYPT - Define to use HPUX 10.x's long password modification to crypt(3).
 # DEVRANDOM - Give this the value of the 'random device' if your OS supports
 #           one.  32 bytes will be read from this when the random
 #           number generator is initalised.
 # SSL_ALLOW_ADH - define if you want the server to be able to use the
 #           SSLv3 anon-DH ciphers.
 # SSL_ALLOW_ENULL - define if you want the server to be able to use the
 #           NULL encryption ciphers.
 #
 # LOCK_DEBUG - turns on lots of lock debug output :-)
 # REF_CHECK - turn on some xyz_free() assertions.
 # REF_PRINT - prints some stuff on structure free.
 # CRYPTO_MDEBUG - turns on my 'memory leak' detecting stuff
 # MFUNC - Make all Malloc/Free/Realloc calls call
 #       CRYPTO_malloc/CRYPTO_free/CRYPTO_realloc which can be setup to
 #       call application defined callbacks via CRYPTO_set_mem_functions()
 # MD5_ASM needs to be defined to use the x86 assembler for MD5
 # SHA1_ASM needs to be defined to use the x86 assembler for SHA1
 # RMD160_ASM needs to be defined to use the x86 assembler for RIPEMD160
 # Do not define B_ENDIAN or L_ENDIAN if 'unsigned long' == 8.  It must
 # equal 4.
 # PKCS1_CHECK - pkcs1 tests.
 CC= gcc
 #CFLAG= -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized -DSHA1_ASM -DMD5_ASM -DRMD160_ASM
 CFLAG= -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall -DSHA1_ASM -DMD5_ASM -DRMD160_ASM
 PEX_LIBS= -L. -L.. -L../.. -L../../..
 EX_LIBS= 
 AR=ar r
 # Set BN_ASM to bn_asm.o if you want to use the C version
 BN_ASM= bn_asm.o
 #BN_ASM= bn_asm.o
 #BN_ASM= asm/bn86-elf.o	# elf, linux-elf
 #BN_ASM= asm/bn86-sol.o # solaris
 #BN_ASM= asm/bn86-out.o # a.out, FreeBSD
 #BN_ASM= asm/bn86bsdi.o # bsdi
 #BN_ASM= asm/alpha.o    # DEC Alpha
 #BN_ASM= asm/pa-risc2.o # HP-UX PA-RISC
 #BN_ASM= asm/r3000.o    # SGI MIPS cpu
 #BN_ASM= asm/sparc.o    # Sun solaris/SunOS
 #BN_ASM= asm/bn-win32.o # Windows 95/NT
 #BN_ASM= asm/x86w16.o   # 16 bit code for Windows 3.1/DOS
 #BN_ASM= asm/x86w32.o   # 32 bit code for Windows 3.1
 # Set DES_ENC to des_enc.o if you want to use the C version
 #There are 4 x86 assember options.
 DES_ENC= asm/dx86-out.o asm/yx86-out.o
 #DES_ENC= des_enc.o fcrypt_b.o          # C
 #DES_ENC= asm/dx86-elf.o asm/yx86-elf.o # elf
 #DES_ENC= asm/dx86-sol.o asm/yx86-sol.o # solaris
 #DES_ENC= asm/dx86-out.o asm/yx86-out.o # a.out, FreeBSD
 #DES_ENC= asm/dx86bsdi.o asm/yx86bsdi.o # bsdi
 # Set BF_ENC to bf_enc.o if you want to use the C version
 #There are 4 x86 assember options.
 BF_ENC= asm/bx86-out.o
 #BF_ENC= bf_enc.o
 #BF_ENC= asm/bx86-elf.o # elf
 #BF_ENC= asm/bx86-sol.o # solaris
 #BF_ENC= asm/bx86-out.o # a.out, FreeBSD
 #BF_ENC= asm/bx86bsdi.o # bsdi
 # Set CAST_ENC to c_enc.o if you want to use the C version
 #There are 4 x86 assember options.
 CAST_ENC= asm/cx86-out.o
 #CAST_ENC= c_enc.o
 #CAST_ENC= asm/cx86-elf.o # elf
 #CAST_ENC= asm/cx86-sol.o # solaris
 #CAST_ENC= asm/cx86-out.o # a.out, FreeBSD
 #CAST_ENC= asm/cx86bsdi.o # bsdi
 # Set RC4_ENC to rc4_enc.o if you want to use the C version
 #There are 4 x86 assember options.
 RC4_ENC= asm/rx86-out.o
 #RC4_ENC= rc4_enc.o
 #RC4_ENC= asm/rx86-elf.o # elf
 #RC4_ENC= asm/rx86-sol.o # solaris
 #RC4_ENC= asm/rx86-out.o # a.out, FreeBSD
 #RC4_ENC= asm/rx86bsdi.o # bsdi
 # Set RC5_ENC to rc5_enc.o if you want to use the C version
 #There are 4 x86 assember options.
 RC5_ENC= asm/r586-out.o
 #RC5_ENC= rc5_enc.o
 #RC5_ENC= asm/r586-elf.o # elf
 #RC5_ENC= asm/r586-sol.o # solaris
 #RC5_ENC= asm/r586-out.o # a.out, FreeBSD
 #RC5_ENC= asm/r586bsdi.o # bsdi
 # Also need MD5_ASM defined
 MD5_ASM_OBJ= asm/mx86-out.o
 #MD5_ASM_OBJ= asm/mx86-elf.o        # elf
 #MD5_ASM_OBJ= asm/mx86-sol.o        # solaris
 #MD5_ASM_OBJ= asm/mx86-out.o        # a.out, FreeBSD
 #MD5_ASM_OBJ= asm/mx86bsdi.o        # bsdi
 # Also need SHA1_ASM defined
 SHA1_ASM_OBJ= asm/sx86-out.o
 #SHA1_ASM_OBJ= asm/sx86-elf.o       # elf
 #SHA1_ASM_OBJ= asm/sx86-sol.o       # solaris
 #SHA1_ASM_OBJ= asm/sx86-out.o       # a.out, FreeBSD
 #SHA1_ASM_OBJ= asm/sx86bsdi.o       # bsdi
 # Also need RMD160_ASM defined
 RMD160_ASM_OBJ= asm/rm86-out.o
 #RMD160_ASM_OBJ= asm/rm86-elf.o       # elf
 #RMD160_ASM_OBJ= asm/rm86-sol.o       # solaris
 #RMD160_ASM_OBJ= asm/rm86-out.o       # a.out, FreeBSD
 #RMD160_ASM_OBJ= asm/rm86bsdi.o       # bsdi
 DIRS=   crypto ssl rsaref apps test tools
 # dirs in crypto to build
 SDIRS=  \
 	md2 md5 sha mdc2 hmac ripemd \
 	des rc2 rc4 rc5 idea bf cast \
 	bn rsa dsa dh \
 	buffer bio stack lhash rand err objects \
 	evp asn1 pem x509 x509v3 conf txt_db pkcs7 comp
 # Do not edit this manually. Use util/ssldir.pl do change this!
 INSTALLTOP=/usr/local/ssl
 MAKEFILE= Makefile.ssl
 MAKE=     make -f Makefile.ssl
 MAN1=1
 MAN3=3
 SHELL=/bin/sh
 TOP=    .
 ONEDIRS=out tmp
 EDIRS=  times doc bugs util include certs ms shlib mt demos perl sf dep
 WDIRS=  windows
 LIBS=   libcrypto.a libssl.a 
 GENERAL=        Makefile
 BASENAME=       openssl
 NAME=           $(BASENAME)-$(VERSION)
 TARFILE=        $(NAME).tar
 WTARFILE=       $(NAME)-win.tar
 EXHEADER=       e_os.h
 HEADER=         e_os.h
 all: Makefile.ssl
 	@for i in $(DIRS) ;\
 	do \
 	(cd $$i && echo "making all in $$i..." && \
 	$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' SDIRS='${SDIRS}' AR='${AR}' all ) || exit 1; \
 	done;
 sub_all:
 	@for i in $(DIRS) ;\
 	do \
 	(cd $$i && echo "making all in $$i..." && \
 	$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' all ) || exit 1; \
 	done;
 Makefile.ssl: Makefile.org
 	@echo "Makefile.ssl is older than Makefile.org."
 	@echo "Reconfigure the source tree (via 'perl Configure' or 'sh config')"
 	@echo "and update the error lists (via 'make errors'), please."
 	@false
 libclean:
 	rm -f *.a */lib */*/lib
 clean:
 	rm -f shlib/*.o *.o core a.out fluff *.map
 	@for i in $(DIRS) ;\
 	do \
 	(cd $$i && echo "making clean in $$i..." && \
 	$(MAKE) SDIRS='${SDIRS}' clean ) || exit 1; \
 	rm -f $(LIBS); \
 	done;
 	rm -f *.a *.o speed.* *.map *.so .pure core
 	rm -f $(TARFILE)
 	@for i in $(ONEDIRS) ;\
 	do \
 	rm -fr $$i/*; \
 	done
 makefile.one: files
 	perl util/mk1mf.pl >makefile.one; \
 	sh util/do_ms.sh
 files:  MINFO
 	perl $(TOP)/util/files.pl Makefile.ssl > $(TOP)/MINFO
 	@for i in $(DIRS) ;\
 	do \
 	(cd $$i && echo "making 'files' in $$i..." && \
 	$(MAKE) SDIRS='${SDIRS}' files ) || exit 1; \
 	done;
 links:
 	@$(TOP)/util/point.sh Makefile.ssl Makefile
 	@$(TOP)/util/mklink.sh include $(EXHEADER)
 	@for i in $(DIRS); do \
 	(cd $$i && echo "making links in $$i..." && \
 	$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' links ) || exit 1; \
 	done;
 	@(OPENSSL="`pwd`/apps/openssl"; export OPENSSL; sh tools/c_rehash certs)
 dclean:
 	rm -f *.bak
 	@for i in $(DIRS) ;\
 	do \
 	(cd $$i && echo "making dclean in $$i..." && \
 	$(MAKE) SDIRS='${SDIRS}' dclean ) || exit 1; \
 	done;
 rehash:
 	@(OPENSSL="`pwd`/apps/openssl"; export OPENSSL; sh tools/c_rehash certs)
 test:   tests
 tests:
 	@(cd test && echo "testing..." && \
 	$(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SDIRS='${SDIRS}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' tests );
 	@apps/openssl version -a
 depend:
 	@for i in $(DIRS) ;\
 	do \
 	(cd $$i && echo "making dependancies $$i..." && \
 	$(MAKE) SDIRS='${SDIRS}' depend ) || exit 1; \
 	done;
 lint:
 	@for i in $(DIRS) ;\
 	do \
 	(cd $$i && echo "making lint $$i..." && \
 	$(MAKE) SDIRS='${SDIRS}' lint ) || exit 1; \
 	done;
 tags:
 	@for i in $(DIRS) ;\
 	do \
 	(cd $$i && echo "making tags $$i..." && \
 	$(MAKE) SDIRS='${SDIRS}' tags ) || exit 1; \
 	done;
 errors:
 	@for i in $(DIRS) ;\
 	do \
 	(cd $$i && echo "making errors in $$i..." && \
 	$(MAKE) SDIRS='${SDIRS}' errors ) || exit 1; \
 	done;
 tar:
 	@gtar --no-recursion -cvf - \
 		`find * -depth -print | grep -v CVS | grep -v .cvsignore | grep -v STATUS | sort` |\
 	tardy --user_number=0  --user_name=openssl \
 	      --group_number=0 --group_name=openssl \
 	      --prefix=openssl-$(VERSION) - |\
 	gzip --best >../$(TARFILE).gz; \
 	ls -l ../$(TARFILE).gz
 dist:   
 	perl Configure dist
 	@$(MAKE) dist_pem_h
 	@$(MAKE) SDIRS='${SDIRS}' clean
 	@$(MAKE) tar
 dist_pem_h:
 	(cd crypto/pem; $(MAKE) SDIRS='${SDIRS}' CFLAG='${CFLAG}' pem.h; $(MAKE) clean)
 install: all
 	@-mkdir -p $(INSTALLTOP)/bin 2>/dev/null
 	@-mkdir -p $(INSTALLTOP)/lib 2>/dev/null
 	@-mkdir -p $(INSTALLTOP)/include 2>/dev/null
 	@-mkdir -p $(INSTALLTOP)/certs 2>/dev/null
 	@-mkdir -p $(INSTALLTOP)/private 2>/dev/null
 	@for i in $(DIRS) ;\
 	do \
 	(cd $$i; echo "installing $$i..."; \
 	$(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' EX_LIBS='${EX_LIBS}' SDIRS='${SDIRS}' install ); \
 	done
 	@for i in $(LIBS) ;\
 	do \
 	(       echo installing $$i; \
 		cp $$i $(INSTALLTOP)/lib; \
 		sh util/ranlib.sh $(INSTALLTOP)/lib/$$i; \
 		chmod 644 $(INSTALLTOP)/lib/$$i ); \
 	done
 # DO NOT DELETE THIS LINE -- make depend depends on it.
--- a/40
+++ b/40
@@ -1,40 +0,0 @@
  NEWS
  ====
  This file gives a brief overview of the major changes between each OpenSSL
  release. For more details please read the CHANGES file.
  Major changes between SSLeay 0.9.1c and OpenSSL 0.9.2b:
      o Fixed a security hole related to session resumption
      o Fixed RSA encryption routines for the p < q case
      o "ALL" in cipher lists now means "everything except NULL ciphers"
      o Support for Triple-DES CBCM cipher
      o Support of Optimal Asymmetric Encryption Padding (OAEP) for RSA
      o First support for new TLSv1 ciphers
      o Added a few new BIOs (syslog BIO, reliable BIO)
      o Extended support for DSA certificate/keys.
      o Extended support for Certificate Signing Requests (CSR)
      o Initial support for X.509v3 extensions
      o Extended support for compression inside the SSL record layer
      o Overhauled Win32 builds
      o Cleanups and fixes to the Big Number (BN) library
      o Support for ASN.1 GeneralizedTime
      o Splitted ASN.1 SETs from SEQUENCEs
      o ASN1 and PEM support for Netscape Certificate Sequences
      o Overhauled Perl interface
      o Lots of source tree cleanups.
      o Lots of memory leak fixes.
      o Lots of bug fixes.
  Major changes between SSLeay 0.9.0b and OpenSSL 0.9.1c:
      o Integration of the popular NO_RSA/NO_DSA patches
      o Initial support for compression inside the SSL record layer
      o Added BIO proxy and filtering functionality
      o Extended Big Number (BN) library
      o Added RIPE MD160 message digest
      o Addeed support for RC2/64bit cipher
      o Extended ASN.1 parser routines
      o Adjustations of the source tree for CVS
      o Support for various new platforms
--- a/188
+++ b/188
@@ -1,188 +0,0 @@
 OpenSSL 0.9.2b 22-Mar-1999
 Copyright (c) 1998-1999 The OpenSSL Project
 Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
 All rights reserved.
 DESCRIPTION
 -----------
 The OpenSSL Project is a collaborative effort to develop a robust,
 commercial-grade, fully featured, and Open Source toolkit implementing the
 Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)
 protocols with full-strength cryptography world-wide. The project is managed
 by a worldwide community of volunteers that use the Internet to communicate,
 plan, and develop the OpenSSL tookit and its related documentation. 
 OpenSSL is based on the excellent SSLeay library developed from Eric A. Young
 and Tim J. Hudson.  The OpenSSL toolkit is licensed under a dual-license (the
 OpenSSL license plus the SSLeay license) situation, which basically means
 that you are free to get and use it for commercial and non-commercial
 purposes as long as you fullfill the conditions of both licenses. 
 OVERVIEW
 --------
 The OpenSSL toolkit includes:
 libssl.a:
     Implementation of SSLv2, SSLv3, TLSv1 and the required code to support
     both SSLv2, SSLv3 and TLSv1 in the one server and client.
 libcrypto.a:
     General encryption and X.509 v1/v3 stuff needed by SSL/TLS but not
     actually logically part of it. It includes routines for the following:
     Ciphers
        libdes - EAY's libdes DES encryption package which has been floating
                 around the net for a few years.  It includes 15
                 'modes/variations' of DES (1, 2 and 3 key versions of ecb,
                 cbc, cfb and ofb; pcbc and a more general form of cfb and
                 ofb) including desx in cbc mode, a fast crypt(3), and
                 routines to read passwords from the keyboard.
        RC4 encryption,
        RC2 encryption      - 4 different modes, ecb, cbc, cfb and ofb.
        Blowfish encryption - 4 different modes, ecb, cbc, cfb and ofb.
        IDEA encryption     - 4 different modes, ecb, cbc, cfb and ofb.
     Digests
        MD5 and MD2 message digest algorithms, fast implementations,
        SHA (SHA-0) and SHA-1 message digest algorithms,
        MDC2 message digest. A DES based hash that is polular on smart cards.
     Public Key
        RSA encryption/decryption/generation.  
            There is no limit on the number of bits.
        DSA encryption/decryption/generation.   
            There is no limit on the number of bits.
        Diffie-Hellman key-exchange/key generation.  
            There is no limit on the number of bits.
     X.509v3 certificates
        X509 encoding/decoding into/from binary ASN1 and a PEM
             based ascii-binary encoding which supports encryption with a
             private key.  Program to generate RSA and DSA certificate
             requests and to generate RSA and DSA certificates.
     Systems
        The normal digital envelope routines and base64 encoding.  Higher
        level access to ciphers and digests by name.  New ciphers can be
        loaded at run time.  The BIO io system which is a simple non-blocking
        IO abstraction.  Current methods supported are file descriptors,
        sockets, socket accept, socket connect, memory buffer, buffering, SSL
        client/server, file pointer, encryption, digest, non-blocking testing
        and null.
     Data structures
        A dynamically growing hashing system
        A simple stack.
        A Configuration loader that uses a format similar to MS .ini files.
 openssl: 
     A command line tool which provides the following functions:
     enc     - a general encryption program that can encrypt/decrypt using
               one of 17 different cipher/mode combinations.  The
               input/output can also be converted to/from base64
               ascii encoding.
     dgst    - a generate message digesting program that will generate
               message digests for any of md2, md5, sha (sha-0 or sha-1)
               or mdc2.
     asn1parse - parse and display the structure of an asn1 encoded
               binary file.
     rsa     - Manipulate RSA private keys.
     dsa     - Manipulate DSA private keys.
     dh      - Manipulate Diffie-Hellman parameter files.
     dsaparam- Manipulate and generate DSA parameter files.
     crl     - Manipulate certificate revocation lists.
     crt2pkcs7- Generate a pkcs7 object containing a crl and a certificate.
     x509    - Manipulate x509 certificates, self-sign certificates.
     req     - Manipulate PKCS#10 certificate requests and also
               generate certificate requests.
     genrsa  - Generates an arbitrary sized RSA private key.
     gendsa  - Generates DSA parameters.
     gendh   - Generates a set of Diffie-Hellman parameters, the prime
               will be a strong prime.
     ca      - Create certificates from PKCS#10 certificate requests.
               This program also maintains a database of certificates
               issued.
     verify  - Check x509 certificate signatures.
     speed   - Benchmark OpenSSL's ciphers.
     s_server- A test SSL server.
     s_client- A test SSL client.
     s_time  - Benchmark SSL performance of SSL server programs.
     errstr  - Convert from OpenSSL hex error codes to a readable form.
     nseq    - Netscape certificate sequence utility
 PATENTS
 -------
 Various companies hold various patents for various algorithms in various
 locations around the world. _YOU_ are responsible for ensuring that your use
 of any algorithms is legel by checking if there are any patents in your
 country.  The file contains some of the patents that we know about or are
 rumoured to exist. This is not a definitive list.
 RSA Data Security holds software patents on the RSA and RC5 algorithms.  If
 their ciphers are used used inside the USA (and Japan?), you must contact RSA
 Data Security for licencing conditions. Their web page is
 http://www.rsa.com/.
 RC4 is a trademark of RSA Data Security, so use of this label should perhaps
 only be used with RSA Data Security's permission. 
 The IDEA algorithm is patented by Ascom in Austria, France, Germany, Italy,
 Japan, Netherlands, Spain, Sweden, Switzerland, UK and the USA.  They should
 be contacted if that algorithm is to be used, their web page is
 http://www.ascom.ch/.
 INSTALLATION
 ------------
 To install this package under a Unix derivative, read the INSTALL file.  For
 a Win32 platform, read the INSTALL.W32 file.
 For people in the USA, it is possible to compile OpenSSL to use RSA Inc.'s
 public key library, RSAref. Read doc/ssleay.txt under 'rsaref.doc' on how to
 build with RSAref.
 Read the documentation in the doc/ directory.  It is quite rough, but it
 lists the functions, you will probably have to look at the code to work out
 how to used them. Look at the example programs.
 SUPPORT 
 -------
 If you have any problems with OpenSSL then please take the following steps
 first:
    - Remove ASM versions of libraries
    - Remove compiler optimisation flags 
    - Add compiler debug flags (if using gcc then remove -fomit-frame-pointer
      before you try to debug things)
 If you wish to report a bug then please include the following information in
 any bug report:
    OpenSSL Details
    - Version, most of these details can be got from the
      'openssl version -a' command.
    Operating System Details
    - OS Name
    - OS Version
    - Hardware platform
    Compiler Details
    - Name
    - Version
    Application Details 
    - Name 
    - Version 
    Problem Description
    - include steps that will reproduce the problem (if known)
    Stack Traceback (if the application dumps core)
 Report the bug to the OpenSSL project at:
    openssl-users@openssl.org
--- a/179
+++ b/179
@@ -1,179 +0,0 @@
  OpenSSL STATUS                           Last modified at
  ______________                           $Date: 1999/03/14 01:16:42 $
  DEVELOPMENT STATE
    o  OpenSSL 0.9.2: Freezed!
       - No more feature commits, please. 
       - Commit bugfixes and cleanups only, please.
       - Already successfully tested platform:
         o  FreeBSD 2.2.7    Ben Laurie            OK
         o  FreeBSD 3.1      Ralf S. Engelschall   OK
         o  Solaris 2.6      Ralf S. Engelschall   OK except for ctype warns
         o  Linux RH 5.1     Steve Henson          OK
         o  Linux 2.0 RH 5.2 Ralf S. Engelschall   OK
         o  Linux 2.2 RH 5.2 Peter 'Luna' Altberg  OK
         o  WinNT,95 VC++ 5  Steve Henson          OK
       Proposed release time: Monday, March 15th 1999
    o  OpenSSL 0.9.1c: Released on December 23th, 1998
  RELEASE SHOWSTOPPERS
    o Compilation warnings: ctype-related int vs. char
    o Compilation error: "unsigned long*" and "int*" under AIX
    o Why are NULL ciphers in front of the cipher spec?
      (see my posting "Bug?!: Cipher Suite and NULL Ciphers" in openssl-dev)
    o A Linux alpha user reported: "alpha.s does not have bn_div_word()"
      (see posting "ALPHA error" in openssl-dev)
    o Undefined BN symbols in assembler stuff on Solaris
      (see posting "openssl-SNAP-19990308-2130 on Solaris-2.6 SC4" in openssl-dev)
  AVAILABLE PATCHES
    o Solaris AS error (kenji@miyake.org)
    o getenv in ca.c and x509_def.c (jaltman@watsun.cc.columbia.edu)
    o s3_lib.c - export clients (levitte@stacken.kth.se)
    o linux dynamic libs (colin@field.medicine.adelaide.edu.au)
    o MingW support (niklas@canit.se)
    o crypto/des/enc_read.c bugfix (mike@cs.mun.ca)
  IN PROGRESS
    o Steve is currently working on:
        X509 V3 extension code including:
        1. Support for the more common PKIX extensions.
        2. Proper (or at least usable) certificate chain verification.
        3. Support in standard applications (req, x509, ca).
        4. Documentation on how all the above works.
        Next on the list is probably PKCS#12 integration.
    o Mark is currently working on:
        Folding in any changes that are in the C2Net code base that were
        not in the original SSLeay-0.9.1.b release.  Plus other minor
        tidying.
    o Ralf is currently working on:
        1. Support for SSL_set_default_verify_paths(),
           SSL_load_verify_locations(), SSL_get_cert_store() and
           SSL_set_cert_store() functions which work like their existing
           SSL_CTX_xxx() variants but on a per connection basis. That's needed
           to let us provide full-featured per-URL client verification in
           mod_ssl or Apache-SSL.
           => It still dumps core, so I suspend this and investigate
              again for OpenSSL 0.9.3.
        2. The perl/ stuff to make it really work the first time ;-)
           => I'll investigate a few more hours for OpenSSL 0.9.2
        3. The new documentation set in POD format under doc/
           => I'll investigate a few more hours for OpenSSL 0.9.2
        4. More cleanups to get rid of obsolete/old/ugly files in the
           source tree which are not really needed.
           => Done all which were possible with my personal knowledge
    o Ben is currently working on:
 	1. Function Prototype Thought Police issues.
 	2. Integrated documentation.
 	3. New TLS Ciphersuites.
 	4. Anything else that takes his fancy.
  NEEDS PATCH
  OPEN ISSUES
    o  The Makefile hierarchy and build mechanism is still not a round thing:
       1. The config vs. Configure scripts
          It's the same nasty situation as for Apache with APACI vs.
          src/Configure. It confuses.
          Suggestion: Merge Configure and config into a single configure
                      script with a Autoconf style interface ;-) and remove
                      Configure and config. Or even let us use GNU Autoconf
                      itself. Then we can avoid a lot of those platform checks
                      which are currently in Configure.
       2. The xxx.org -> xxx.h generation:
          It's not obvious for which file xxx.org is the source.
          Suggestion: Rename xxx.org to xxx.h.in (Autoconf style), this way
                      one sees that xxx.h.in is the input for xxx.h
          Status: Mark +1
    o  The installation under "make install" produces a very
       installation layout: $prefix/certs and $prefix/private dirs.  That's
       not nice. Ralf suggests to move the two certs and private dirs either
       to $prefix/etc/, $prefix/lib/ or $prefix/share. Alternatively
       we could also not install the certs at all.
       Status: Ralf +1 for both not installing the certs at all and
                       moving it to $prefix/etc/. +0 for $prefix/lib/
                       and $prefix/share.
               Paul: why is it not nice?
               Ralf: because it messes up the install dir when
                     $prefix is not a dedicated area like /usr/local/ssl.
                     When we move them to a standard subdir like
                     etc/ lib/ or share/ we don't mess up things
                     when $prefix is /usr or /usr/local, etc.
                     Additionally it makes package vendors life
                     easier....
    o  Support for Shared Libraries has to be added at least
       for the major Unix platforms. The details we can rip from the stuff
       Ralf has done for the Apache src/Configure script. Ben wants the
       solution to be really simple.
       Status: Ralf will look how we can easily incorporate the
               compiler PIC and linker DSO flags from Apache
               into the OpenSSL Configure script.
    o  The perl/ stuff needs a major overhaul. Currently it's
       totally obsolete. Either we clean it up and enhance it to be up-to-date
       with the C code or we also could replace it with the really nice
       Net::SSLeay package we can find under
       http://www.neuronio.pt/SSLeay.pm.html.  Ralf uses this package for a
       longer time and it works fine and is a nice Perl module. Best would be
       to convince the author to work for the OpenSSL project and create a
       Net::OpenSSL or Crypt::OpenSSL package out of it and maintains it for
       us.
       Status: Ralf thinks we should both contact the author of Net::SSLeay
               and look how much effort it is to bring Eric's perl/ stuff up
               to date.
               Paul +1
    o The EVP and ASN1 stuff is a mess. Currently you have one EVP_CIPHER
      structure for each cipher. This may make sense for things like DES but
      for variable length ciphers like RC2 and RC4 it is NBG. Need a way to
      use the EVP interface and set up the cipher parameters. The ASN1 stuff
      is also foo wrt ciphers whose AlgorithmIdentifier has more than just
      an IV in it (e.g. RC2, RC5). This also means that EVP_Seal and EVP_Open
      don't work unless the key length matches the fixed value (some vendors
      use a key length decided by the size of the RSA encrypted key and expect
      RC2 to adapt).
    o Properly initialize the PRNG in the absence of /dev/random.
    o > NO_RSA (ejs@bfd.com)
      > ./Configure -DNO_IDEA -DNO_RC5 -DNO_RC4 -DNO_RC2 -DNO_RSA -DNO_ERR linux-elf
      > I tried for a whole day to do this and could not get it to work.  Linux
      > machine, kernel 2.0.36 and 2.2.1, redhat 5.2 latest, gcc and egcs , no
      > go.  I also noticed the even with -DNO_IDEA, _DNO_RC2, etc. the make
      > still goes into those subdirectories and 'makes'.
  WISHES
    o  Damien Miller:
       "How about making the each of the locations compile-time defined. I
       would like to (for example) put binaries in /usr/bin, configuration
       data, certs and keys in /etc/openssl/certs and /etc/openssl/keys, etc.
       This would also be a great boon to binary package makers.  The
       SSLeay-0.9.1b RPM already includes some patches which do some of this.
       I can forward them if you wish."
    o  Mats Nilsson <mats.nilsson@xware.se>:
       "Add reference counting to all substructures of X509 etc. For instance,
       X509_NAME lacks a reference counter, while EVP_PKEY has one.  I'm
       making COM-wrappers for selected parts of SSLeay for a project of ours,
       and has found this inconsistency in copy semantics annoying."
--- a/apps/.cvsignore
+++ b/apps/.cvsignore
@@ -1 +0,0 @@
 openssl
--- a/apps/CA.pl
+++ b/apps/CA.pl
@@ -1,153 +0,0 @@
 #!/usr/local/bin/perl
 #
 # CA - wrapper around ca to make it easier to use ... basically ca requires
 #      some setup stuff to be done before you can use it and this makes
 #      things easier between now and when Eric is convinced to fix it :-)
 #
 # CA -newca ... will setup the right stuff
 # CA -newreq ... will generate a certificate request 
 # CA -sign ... will sign the generated request and output 
 #
 # At the end of that grab newreq.pem and newcert.pem (one has the key 
 # and the other the certificate) and cat them together and that is what
 # you want/need ... I'll make even this a little cleaner later.
 #
 #
 # 12-Jan-96 tjh    Added more things ... including CA -signcert which
 #                  converts a certificate to a request and then signs it.
 # 10-Jan-96 eay    Fixed a few more bugs and added the SSLEAY_CONFIG
 #		   environment variable so this can be driven from
 #		   a script.
 # 25-Jul-96 eay    Cleaned up filenames some more.
 # 11-Jun-96 eay    Fixed a few filename missmatches.
 # 03-May-96 eay    Modified to use 'ssleay cmd' instead of 'cmd'.
 # 18-Apr-96 tjh    Original hacking
 #
 # Tim Hudson
 # tjh@cryptsoft.com
 #
 # 27-Apr-98 snh    Translation into perl, fix existing CA bug.
 #
 #
 # Steve Henson
 # shenson@bigfoot.com
 # default openssl.cnf file has setup as per the following
 # demoCA ... where everything is stored
 $DAYS="-days 365";
 $REQ="openssl req $SSLEAY_CONFIG";
 $CA="openssl ca $SSLEAY_CONFIG";
 $VERIFY="openssl verify";
 $X509="openssl x509";
 $CATOP="./demoCA";
 $CAKEY="cakey.pem";
 $CACERT="cacert.pem";
 $DIRMODE = 0777;
 $RET = 0;
 foreach (@ARGV) {
 	if ( /^(-\?|-h|-help)$/ ) {
 	    print STDERR "usage: CA -newcert|-newreq|-newca|-sign|-verify\n";
 	    exit 0;
 	} elsif (/^-newcert$/) {
 	    # create a certificate
 	    system ("$REQ -new -x509 -keyout newreq.pem -out newreq.pem $DAYS");
 	    $RET=$?;
 	    print "Certificate (and private key) is in newreq.pem\n"
 	} elsif (/^-newreq$/) {
 	    # create a certificate request
 	    system ("$REQ -new -keyout newreq.pem -out newreq.pem $DAYS");
 	    $RET=$?;
 	    print "Request (and private key) is in newreq.pem\n";
 	} elsif (/^-newca$/) {
 		# if explictly asked for or it doesn't exist then setup the
 		# directory structure that Eric likes to manage things 
 	    $NEW="1";
 	    if ( "$NEW" || ! -f ${CATOP}/serial ) {
 		# create the directory hierarchy
 		mkdir $CATOP, $DIRMODE;
 		mkdir "${CATOP}/certs", $DIRMODE;
 		mkdir "${CATOP}/crl", $DIRMODE ;
 		mkdir "${CATOP}/newcerts", $DIRMODE;
 		mkdir "${CATOP}/private", $DIRMODE;
 		open OUT, ">${CATOP}/serial";
 		print OUT "01\n";
 		close OUT;
 		open OUT, ">${CATOP}/index.txt";
 		close OUT;
 	    }
 	    if ( ! -f "${CATOP}/private/$CAKEY" ) {
 		print "CA certificate filename (or enter to create)\n";
 		$FILE = <STDIN>;
 		chop $FILE;
 		# ask user for existing CA certificate
 		if ($FILE) {
 		    cp_pem($FILE,"${CATOP}/private/$CAKEY", "PRIVATE");
 		    cp_pem($FILE,"${CATOP}/$CACERT", "CERTIFICATE");
 		    $RET=$?;
 		} else {
 		    print "Making CA certificate ...\n";
 		    system ("$REQ -new -x509 -keyout " .
 			"${CATOP}/private/$CAKEY -out ${CATOP}/$CACERT $DAYS");
 		    $RET=$?;
 		}
 	    }
 	} elsif (/^-xsign$/) {
 	    system ("$CA -policy policy_anything -infiles newreq.pem");
 	    $RET=$?;
 	} elsif (/^(-sign|-signreq)$/) {
 	    system ("$CA -policy policy_anything -out newcert.pem " .
 							"-infiles newreq.pem");
 	    $RET=$?;
 	    print "Signed certificate is in newcert.pem\n";
 	} elsif (/^-signcert$/) {
 	    system ("$X509 -x509toreq -in newreq.pem -signkey newreq.pem " .
 								"-out tmp.pem");
 	    system ("$CA -policy policy_anything -out newcert.pem " .
 							"-infiles tmp.pem");
 	    $RET = $?;
 	    print "Signed certificate is in newcert.pem\n";
 	} elsif (/^-verify$/) {
 	    if (shift) {
 		foreach $j (@ARGV) {
 		    system ("$VERIFY -CAfile $CATOP/$CACERT $j");
 		    $RET=$? if ($? != 0);
 		}
 		exit $RET;
 	    } else {
 		    system ("$VERIFY -CAfile $CATOP/$CACERT newcert.pem");
 		    $RET=$?;
 	    	    exit 0;
 	    }
 	} else {
 	    print STDERR "Unknown arg $_\n";
 	    print STDERR "usage: CA -newcert|-newreq|-newca|-sign|-verify\n";
 	    exit 1;
 	}
 }
 exit $RET;
 sub cp_pem {
 my ($infile, $outfile, $bound) = @_;
 open IN, $infile;
 open OUT, ">$outfile";
 my $flag = 0;
 while (<IN>) {
 	$flag = 1 if (/^-----BEGIN.*$bound/) ;
 	print OUT $_ if ($flag);
 	if (/^-----END.*$bound/) {
 		close IN;
 		close OUT;
 		return;
 	}
 }
 }
--- a/apps/CA.sh
+++ b/apps/CA.sh
@@ -1,132 +0,0 @@
 #!/bin/sh
 #
 # CA - wrapper around ca to make it easier to use ... basically ca requires
 #      some setup stuff to be done before you can use it and this makes
 #      things easier between now and when Eric is convinced to fix it :-)
 #
 # CA -newca ... will setup the right stuff
 # CA -newreq ... will generate a certificate request 
 # CA -sign ... will sign the generated request and output 
 #
 # At the end of that grab newreq.pem and newcert.pem (one has the key 
 # and the other the certificate) and cat them together and that is what
 # you want/need ... I'll make even this a little cleaner later.
 #
 #
 # 12-Jan-96 tjh    Added more things ... including CA -signcert which
 #                  converts a certificate to a request and then signs it.
 # 10-Jan-96 eay    Fixed a few more bugs and added the SSLEAY_CONFIG
 #		   environment variable so this can be driven from
 #		   a script.
 # 25-Jul-96 eay    Cleaned up filenames some more.
 # 11-Jun-96 eay    Fixed a few filename missmatches.
 # 03-May-96 eay    Modified to use 'ssleay cmd' instead of 'cmd'.
 # 18-Apr-96 tjh    Original hacking
 #
 # Tim Hudson
 # tjh@cryptsoft.com
 #
 # default openssl.cnf file has setup as per the following
 # demoCA ... where everything is stored
 DAYS="-days 365"
 REQ="openssl req $SSLEAY_CONFIG"
 CA="openssl ca $SSLEAY_CONFIG"
 VERIFY="openssl verify"
 X509="openssl x509"
 CATOP=./demoCA
 CAKEY=./cakey.pem
 CACERT=./cacert.pem
 for i
 do
 case $i in
 -\?|-h|-help)
    echo "usage: CA -newcert|-newreq|-newca|-sign|-verify" >&2
    exit 0
    ;;
 -newcert) 
    # create a certificate
    $REQ -new -x509 -keyout newreq.pem -out newreq.pem $DAYS
    RET=$?
    echo "Certificate (and private key) is in newreq.pem"
    ;;
 -newreq) 
    # create a certificate request
    $REQ -new -keyout newreq.pem -out newreq.pem $DAYS
    RET=$?
    echo "Request (and private key) is in newreq.pem"
    ;;
 -newca)     
    # if explictly asked for or it doesn't exist then setup the directory
    # structure that Eric likes to manage things 
    NEW="1"
    if [ "$NEW" -o ! -f ${CATOP}/serial ]; then
 	# create the directory hierarchy
 	mkdir ${CATOP} 
 	mkdir ${CATOP}/certs 
 	mkdir ${CATOP}/crl 
 	mkdir ${CATOP}/newcerts
 	mkdir ${CATOP}/private
 	echo "01" > ${CATOP}/serial
 	touch ${CATOP}/index.txt
    fi
    if [ ! -f ${CATOP}/private/$CAKEY ]; then
 	echo "CA certificate filename (or enter to create)"
 	read FILE
 	# ask user for existing CA certificate
 	if [ "$FILE" ]; then
 	    cp $FILE ${CATOP}/private/$CAKEY
 	    RET=$?
 	else
 	    echo "Making CA certificate ..."
 	    $REQ -new -x509 -keyout ${CATOP}/private/$CAKEY \
 			   -out ${CATOP}/$CACERT $DAYS
 	    RET=$?
 	fi
    fi
    ;;
 -xsign)
    $CA -policy policy_anything -infiles newreq.pem 
    RET=$?
    ;;
 -sign|-signreq) 
    $CA -policy policy_anything -out newcert.pem -infiles newreq.pem
    RET=$?
    cat newcert.pem
    echo "Signed certificate is in newcert.pem"
    ;;
 -signcert) 
    echo "Cert passphrase will be requested twice - bug?"
    $X509 -x509toreq -in newreq.pem -signkey newreq.pem -out tmp.pem
    $CA -policy policy_anything -out newcert.pem -infiles tmp.pem
    cat newcert.pem
    echo "Signed certificate is in newcert.pem"
    ;;
 -verify) 
    shift
    if [ -z "$1" ]; then
 	    $VERIFY -CAfile $CATOP/$CACERT newcert.pem
 	    RET=$?
    else
 	for j
 	do
 	    $VERIFY -CAfile $CATOP/$CACERT $j
 	    if [ $? != 0 ]; then
 		    RET=$?
 	    fi
 	done
    fi
    exit 0
    ;;
 *)
    echo "Unknown arg $i";
    exit 1
    ;;
 esac
 done
 exit $RET
--- a/apps/Makefile.ssl
+++ b/apps/Makefile.ssl
@@ -1,451 +0,0 @@
 #
 #  apps/Makefile.ssl
 #
 DIR=		apps
 TOP=		..
 CC=		cc
 INCLUDES=	-I../include
 CFLAG=		-g -static
 INSTALLTOP=	/usr/local/ssl
 MAKE=		make -f Makefile.ssl
 MAKEDEPEND=	$(TOP)/util/domd $(TOP)
 MAKEFILE=	Makefile.ssl
 RM=		rm -f
 PEX_LIBS=
 EX_LIBS= 
 CFLAGS= -DMONOLITH $(INCLUDES) $(CFLAG)
 GENERAL=Makefile
 DLIBCRYPTO=../libcrypto.a
 DLIBSSL=../libssl.a
 LIBCRYPTO=-L.. -lcrypto
 LIBSSL=-L.. -lssl
 PROGRAM= openssl
 SCRIPTS=CA.sh CA.pl der_chop
 EXE= $(PROGRAM)
 E_EXE=	verify asn1pars req dgst dh enc gendh errstr ca crl \
 	rsa dsa dsaparam \
 	x509 genrsa gendsa s_server s_client speed \
 	s_time version pkcs7 crl2pkcs7 sess_id ciphers nseq
 PROGS= $(PROGRAM).c
 A_OBJ=apps.o
 A_SRC=apps.c
 S_OBJ=	s_cb.o s_socket.o
 S_SRC=	s_cb.c s_socket.c
 E_OBJ=	verify.o asn1pars.o req.o dgst.o dh.o enc.o gendh.o errstr.o ca.o \
 	pkcs7.o crl2p7.o crl.o \
 	rsa.o dsa.o dsaparam.o \
 	x509.o genrsa.o gendsa.o s_server.o s_client.o speed.o \
 	s_time.o $(A_OBJ) $(S_OBJ) version.o sess_id.o \
 	ciphers.o nseq.o
 #	pem_mail.o
 E_SRC=	verify.c asn1pars.c req.c dgst.c dh.c enc.c gendh.c errstr.c ca.c \
 	pkcs7.c crl2p7.c crl.c \
 	rsa.c dsa.c dsaparam.c \
 	x509.c genrsa.c gendsa.c s_server.c s_client.c speed.c \
 	s_time.c $(A_SRC) $(S_SRC) version.c sess_id.c \
 	ciphers.c nseq.c
 #	pem_mail.c
 SRC=$(E_SRC)
 EXHEADER=
 HEADER=	apps.h progs.h s_apps.h \
 	testdsa.h testrsa.h \
 	$(EXHEADER)
 ALL=    $(GENERAL) $(SRC) $(HEADER)
 top:
 	@(cd ..; $(MAKE) DIRS=$(DIR) all)
 all:	exe
 exe:	$(EXE)
 req: sreq.o $(A_OBJ) $(DLIBCRYPTO)
 	$(CC) -o req $(CFLAG) sreq.o $(A_OBJ) $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
 sreq.o: req.c 
 	$(CC) -c $(INCLUDES) $(CFLAG) -o sreq.o req.c
 files:
 	perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
 install:
 	@for i in $(EXE) $(SCRIPTS); \
 	do  \
 	(echo installing $$i; \
 	 cp $$i $(INSTALLTOP)/bin/$$i; \
 	 chmod 755 $(INSTALLTOP)/bin/$$i ); \
 	 done; \
 	cp openssl.cnf $(INSTALLTOP)/lib; \
 	chmod 644 $(INSTALLTOP)/lib/openssl.cnf
 tags:
 	ctags $(SRC)
 tests:
 links:
 	@$(TOP)/util/point.sh Makefile.ssl Makefile
 lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 depend:
 	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(SRC)
 dclean:
 	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
 	mv -f Makefile.new $(MAKEFILE)
 errors:
 clean:
 	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff $(EXE)
 	rm -f req
 $(DLIBSSL):
 	(cd ../ssl; $(MAKE))
 $(DLIBCRYPTO):
 	(cd ../crypto; $(MAKE))
 $(PROGRAM): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL)
 	$(RM) $(PROGRAM)
 	$(CC) -o $(PROGRAM) $(CFLAGS) $(PROGRAM).o $(E_OBJ) $(PEX_LIBS) $(LIBSSL) $(LIBCRYPTO) $(EX_LIBS)
 	@(cd ..; OPENSSL="`pwd`/apps/openssl"; export OPENSSL; sh tools/c_rehash certs)
 progs.h:
 	perl ./progs.pl $(E_EXE) >progs.h
 	$(RM) $(PROGRAM).o
 # DO NOT DELETE THIS LINE -- make depend depends on it.
 apps.o: ../include/bio.h ../include/buffer.h ../include/crypto.h
 apps.o: ../include/e_os.h ../include/opensslv.h ../include/stack.h apps.h
 apps.o: progs.h
 asn1pars.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h
 asn1pars.o: ../include/bn.h ../include/buffer.h ../include/cast.h
 asn1pars.o: ../include/crypto.h ../include/des.h ../include/dh.h
 asn1pars.o: ../include/dsa.h ../include/e_os.h ../include/err.h
 asn1pars.o: ../include/evp.h ../include/idea.h ../include/md2.h
 asn1pars.o: ../include/md5.h ../include/mdc2.h ../include/objects.h
 asn1pars.o: ../include/opensslv.h ../include/pem.h ../include/pem2.h
 asn1pars.o: ../include/pkcs7.h ../include/rc2.h ../include/rc4.h
 asn1pars.o: ../include/rc5.h ../include/ripemd.h ../include/rsa.h
 asn1pars.o: ../include/sha.h ../include/stack.h ../include/x509.h
 asn1pars.o: ../include/x509_vfy.h apps.h progs.h
 ca.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h ../include/bn.h
 ca.o: ../include/buffer.h ../include/cast.h ../include/conf.h
 ca.o: ../include/crypto.h ../include/des.h ../include/dh.h ../include/dsa.h
 ca.o: ../include/e_os.h ../include/err.h ../include/evp.h ../include/idea.h
 ca.o: ../include/lhash.h ../include/md2.h ../include/md5.h ../include/mdc2.h
 ca.o: ../include/objects.h ../include/opensslv.h ../include/pem.h
 ca.o: ../include/pem2.h ../include/pkcs7.h ../include/rc2.h ../include/rc4.h
 ca.o: ../include/rc5.h ../include/ripemd.h ../include/rsa.h ../include/sha.h
 ca.o: ../include/stack.h ../include/txt_db.h ../include/x509.h
 ca.o: ../include/x509_vfy.h ../include/x509v3.h apps.h progs.h
 ciphers.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h
 ciphers.o: ../include/bn.h ../include/buffer.h ../include/cast.h
 ciphers.o: ../include/crypto.h ../include/des.h ../include/dh.h
 ciphers.o: ../include/dsa.h ../include/e_os.h ../include/err.h ../include/evp.h
 ciphers.o: ../include/idea.h ../include/lhash.h ../include/md2.h
 ciphers.o: ../include/md5.h ../include/mdc2.h ../include/objects.h
 ciphers.o: ../include/opensslv.h ../include/pkcs7.h ../include/rc2.h
 ciphers.o: ../include/rc4.h ../include/rc5.h ../include/ripemd.h
 ciphers.o: ../include/rsa.h ../include/sha.h ../include/ssl.h ../include/ssl2.h
 ciphers.o: ../include/ssl23.h ../include/ssl3.h ../include/stack.h
 ciphers.o: ../include/tls1.h ../include/x509.h ../include/x509_vfy.h apps.h
 ciphers.o: progs.h
 crl.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h ../include/bn.h
 crl.o: ../include/buffer.h ../include/cast.h ../include/crypto.h
 crl.o: ../include/des.h ../include/dh.h ../include/dsa.h ../include/e_os.h
 crl.o: ../include/err.h ../include/evp.h ../include/idea.h ../include/md2.h
 crl.o: ../include/md5.h ../include/mdc2.h ../include/objects.h
 crl.o: ../include/opensslv.h ../include/pem.h ../include/pem2.h
 crl.o: ../include/pkcs7.h ../include/rc2.h ../include/rc4.h ../include/rc5.h
 crl.o: ../include/ripemd.h ../include/rsa.h ../include/sha.h ../include/stack.h
 crl.o: ../include/x509.h ../include/x509_vfy.h ../include/x509v3.h apps.h
 crl.o: progs.h
 crl2p7.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h
 crl2p7.o: ../include/bn.h ../include/buffer.h ../include/cast.h
 crl2p7.o: ../include/crypto.h ../include/des.h ../include/dh.h ../include/dsa.h
 crl2p7.o: ../include/e_os.h ../include/err.h ../include/evp.h ../include/idea.h
 crl2p7.o: ../include/md2.h ../include/md5.h ../include/mdc2.h
 crl2p7.o: ../include/objects.h ../include/opensslv.h ../include/pem.h
 crl2p7.o: ../include/pem2.h ../include/pkcs7.h ../include/rc2.h
 crl2p7.o: ../include/rc4.h ../include/rc5.h ../include/ripemd.h
 crl2p7.o: ../include/rsa.h ../include/sha.h ../include/stack.h
 crl2p7.o: ../include/x509.h ../include/x509_vfy.h apps.h progs.h
 dgst.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h
 dgst.o: ../include/bn.h ../include/buffer.h ../include/cast.h
 dgst.o: ../include/crypto.h ../include/des.h ../include/dh.h ../include/dsa.h
 dgst.o: ../include/e_os.h ../include/err.h ../include/evp.h ../include/idea.h
 dgst.o: ../include/md2.h ../include/md5.h ../include/mdc2.h
 dgst.o: ../include/objects.h ../include/opensslv.h ../include/pem.h
 dgst.o: ../include/pem2.h ../include/pkcs7.h ../include/rc2.h ../include/rc4.h
 dgst.o: ../include/rc5.h ../include/ripemd.h ../include/rsa.h ../include/sha.h
 dgst.o: ../include/stack.h ../include/x509.h ../include/x509_vfy.h apps.h
 dgst.o: progs.h
 dh.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h ../include/bn.h
 dh.o: ../include/buffer.h ../include/cast.h ../include/crypto.h
 dh.o: ../include/des.h ../include/dh.h ../include/dsa.h ../include/e_os.h
 dh.o: ../include/err.h ../include/evp.h ../include/idea.h ../include/md2.h
 dh.o: ../include/md5.h ../include/mdc2.h ../include/objects.h
 dh.o: ../include/opensslv.h ../include/pem.h ../include/pem2.h
 dh.o: ../include/pkcs7.h ../include/rc2.h ../include/rc4.h ../include/rc5.h
 dh.o: ../include/ripemd.h ../include/rsa.h ../include/sha.h ../include/stack.h
 dh.o: ../include/x509.h ../include/x509_vfy.h apps.h progs.h
 dsa.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h ../include/bn.h
 dsa.o: ../include/buffer.h ../include/cast.h ../include/crypto.h
 dsa.o: ../include/des.h ../include/dh.h ../include/dsa.h ../include/e_os.h
 dsa.o: ../include/err.h ../include/evp.h ../include/idea.h ../include/md2.h
 dsa.o: ../include/md5.h ../include/mdc2.h ../include/objects.h
 dsa.o: ../include/opensslv.h ../include/pem.h ../include/pem2.h
 dsa.o: ../include/pkcs7.h ../include/rc2.h ../include/rc4.h ../include/rc5.h
 dsa.o: ../include/ripemd.h ../include/rsa.h ../include/sha.h ../include/stack.h
 dsa.o: ../include/x509.h ../include/x509_vfy.h apps.h progs.h
 dsaparam.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h
 dsaparam.o: ../include/bn.h ../include/buffer.h ../include/cast.h
 dsaparam.o: ../include/crypto.h ../include/des.h ../include/dh.h
 dsaparam.o: ../include/dsa.h ../include/e_os.h ../include/err.h
 dsaparam.o: ../include/evp.h ../include/idea.h ../include/md2.h
 dsaparam.o: ../include/md5.h ../include/mdc2.h ../include/objects.h
 dsaparam.o: ../include/opensslv.h ../include/pem.h ../include/pem2.h
 dsaparam.o: ../include/pkcs7.h ../include/rand.h ../include/rc2.h
 dsaparam.o: ../include/rc4.h ../include/rc5.h ../include/ripemd.h
 dsaparam.o: ../include/rsa.h ../include/sha.h ../include/stack.h
 dsaparam.o: ../include/x509.h ../include/x509_vfy.h apps.h progs.h
 enc.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h ../include/bn.h
 enc.o: ../include/buffer.h ../include/cast.h ../include/crypto.h
 enc.o: ../include/des.h ../include/dh.h ../include/dsa.h ../include/e_os.h
 enc.o: ../include/err.h ../include/evp.h ../include/idea.h ../include/md2.h
 enc.o: ../include/md5.h ../include/mdc2.h ../include/objects.h
 enc.o: ../include/opensslv.h ../include/pem.h ../include/pem2.h
 enc.o: ../include/pkcs7.h ../include/rc2.h ../include/rc4.h ../include/rc5.h
 enc.o: ../include/ripemd.h ../include/rsa.h ../include/sha.h ../include/stack.h
 enc.o: ../include/x509.h ../include/x509_vfy.h apps.h progs.h
 errstr.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h
 errstr.o: ../include/bn.h ../include/buffer.h ../include/cast.h
 errstr.o: ../include/crypto.h ../include/des.h ../include/dh.h ../include/dsa.h
 errstr.o: ../include/e_os.h ../include/err.h ../include/evp.h ../include/idea.h
 errstr.o: ../include/lhash.h ../include/md2.h ../include/md5.h
 errstr.o: ../include/mdc2.h ../include/objects.h ../include/opensslv.h
 errstr.o: ../include/pkcs7.h ../include/rc2.h ../include/rc4.h ../include/rc5.h
 errstr.o: ../include/ripemd.h ../include/rsa.h ../include/sha.h
 errstr.o: ../include/ssl.h ../include/ssl2.h ../include/ssl23.h
 errstr.o: ../include/ssl3.h ../include/stack.h ../include/tls1.h
 errstr.o: ../include/x509.h ../include/x509_vfy.h apps.h progs.h
 gendh.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h
 gendh.o: ../include/bn.h ../include/buffer.h ../include/cast.h
 gendh.o: ../include/crypto.h ../include/des.h ../include/dh.h ../include/dsa.h
 gendh.o: ../include/e_os.h ../include/err.h ../include/evp.h ../include/idea.h
 gendh.o: ../include/md2.h ../include/md5.h ../include/mdc2.h
 gendh.o: ../include/objects.h ../include/opensslv.h ../include/pem.h
 gendh.o: ../include/pem2.h ../include/pkcs7.h ../include/rand.h
 gendh.o: ../include/rc2.h ../include/rc4.h ../include/rc5.h ../include/ripemd.h
 gendh.o: ../include/rsa.h ../include/sha.h ../include/stack.h ../include/x509.h
 gendh.o: ../include/x509_vfy.h apps.h progs.h
 gendsa.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h
 gendsa.o: ../include/bn.h ../include/buffer.h ../include/cast.h
 gendsa.o: ../include/crypto.h ../include/des.h ../include/dh.h ../include/dsa.h
 gendsa.o: ../include/e_os.h ../include/err.h ../include/evp.h ../include/idea.h
 gendsa.o: ../include/md2.h ../include/md5.h ../include/mdc2.h
 gendsa.o: ../include/objects.h ../include/opensslv.h ../include/pem.h
 gendsa.o: ../include/pem2.h ../include/pkcs7.h ../include/rand.h
 gendsa.o: ../include/rc2.h ../include/rc4.h ../include/rc5.h
 gendsa.o: ../include/ripemd.h ../include/rsa.h ../include/sha.h
 gendsa.o: ../include/stack.h ../include/x509.h ../include/x509_vfy.h apps.h
 gendsa.o: progs.h
 genrsa.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h
 genrsa.o: ../include/bn.h ../include/buffer.h ../include/cast.h
 genrsa.o: ../include/crypto.h ../include/des.h ../include/dh.h ../include/dsa.h
 genrsa.o: ../include/e_os.h ../include/err.h ../include/evp.h ../include/idea.h
 genrsa.o: ../include/md2.h ../include/md5.h ../include/mdc2.h
 genrsa.o: ../include/objects.h ../include/opensslv.h ../include/pem.h
 genrsa.o: ../include/pem2.h ../include/pkcs7.h ../include/rand.h
 genrsa.o: ../include/rc2.h ../include/rc4.h ../include/rc5.h
 genrsa.o: ../include/ripemd.h ../include/rsa.h ../include/sha.h
 genrsa.o: ../include/stack.h ../include/x509.h ../include/x509_vfy.h apps.h
 genrsa.o: progs.h
 nseq.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h
 nseq.o: ../include/bn.h ../include/buffer.h ../include/cast.h
 nseq.o: ../include/crypto.h ../include/des.h ../include/dh.h ../include/dsa.h
 nseq.o: ../include/e_os.h ../include/err.h ../include/evp.h ../include/idea.h
 nseq.o: ../include/md2.h ../include/md5.h ../include/mdc2.h
 nseq.o: ../include/objects.h ../include/opensslv.h ../include/pem.h
 nseq.o: ../include/pem2.h ../include/pkcs7.h ../include/rc2.h ../include/rc4.h
 nseq.o: ../include/rc5.h ../include/ripemd.h ../include/rsa.h ../include/sha.h
 nseq.o: ../include/stack.h ../include/x509.h ../include/x509_vfy.h apps.h
 nseq.o: progs.h
 openssl.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h
 openssl.o: ../include/bn.h ../include/buffer.h ../include/cast.h
 openssl.o: ../include/conf.h ../include/crypto.h ../include/des.h
 openssl.o: ../include/dh.h ../include/dsa.h ../include/e_os.h ../include/err.h
 openssl.o: ../include/evp.h ../include/idea.h ../include/lhash.h
 openssl.o: ../include/md2.h ../include/md5.h ../include/mdc2.h
 openssl.o: ../include/objects.h ../include/opensslv.h ../include/pem.h
 openssl.o: ../include/pem2.h ../include/pkcs7.h ../include/rc2.h
 openssl.o: ../include/rc4.h ../include/rc5.h ../include/ripemd.h
 openssl.o: ../include/rsa.h ../include/sha.h ../include/ssl.h ../include/ssl2.h
 openssl.o: ../include/ssl23.h ../include/ssl3.h ../include/stack.h
 openssl.o: ../include/tls1.h ../include/x509.h ../include/x509_vfy.h apps.h
 openssl.o: progs.h s_apps.h
 pkcs7.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h
 pkcs7.o: ../include/bn.h ../include/buffer.h ../include/cast.h
 pkcs7.o: ../include/crypto.h ../include/des.h ../include/dh.h ../include/dsa.h
 pkcs7.o: ../include/e_os.h ../include/err.h ../include/evp.h ../include/idea.h
 pkcs7.o: ../include/md2.h ../include/md5.h ../include/mdc2.h
 pkcs7.o: ../include/objects.h ../include/opensslv.h ../include/pem.h
 pkcs7.o: ../include/pem2.h ../include/pkcs7.h ../include/rc2.h ../include/rc4.h
 pkcs7.o: ../include/rc5.h ../include/ripemd.h ../include/rsa.h ../include/sha.h
 pkcs7.o: ../include/stack.h ../include/x509.h ../include/x509_vfy.h apps.h
 pkcs7.o: progs.h
 req.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h ../include/bn.h
 req.o: ../include/buffer.h ../include/cast.h ../include/conf.h
 req.o: ../include/crypto.h ../include/des.h ../include/dh.h ../include/dsa.h
 req.o: ../include/e_os.h ../include/err.h ../include/evp.h ../include/idea.h
 req.o: ../include/lhash.h ../include/md2.h ../include/md5.h ../include/mdc2.h
 req.o: ../include/objects.h ../include/opensslv.h ../include/pem.h
 req.o: ../include/pem2.h ../include/pkcs7.h ../include/rand.h ../include/rc2.h
 req.o: ../include/rc4.h ../include/rc5.h ../include/ripemd.h ../include/rsa.h
 req.o: ../include/sha.h ../include/stack.h ../include/x509.h
 req.o: ../include/x509_vfy.h ../include/x509v3.h apps.h progs.h
 rsa.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h ../include/bn.h
 rsa.o: ../include/buffer.h ../include/cast.h ../include/crypto.h
 rsa.o: ../include/des.h ../include/dh.h ../include/dsa.h ../include/e_os.h
 rsa.o: ../include/err.h ../include/evp.h ../include/idea.h ../include/md2.h
 rsa.o: ../include/md5.h ../include/mdc2.h ../include/objects.h
 rsa.o: ../include/opensslv.h ../include/pem.h ../include/pem2.h
 rsa.o: ../include/pkcs7.h ../include/rc2.h ../include/rc4.h ../include/rc5.h
 rsa.o: ../include/ripemd.h ../include/rsa.h ../include/sha.h ../include/stack.h
 rsa.o: ../include/x509.h ../include/x509_vfy.h apps.h progs.h
 s_cb.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h
 s_cb.o: ../include/bn.h ../include/buffer.h ../include/cast.h
 s_cb.o: ../include/crypto.h ../include/des.h ../include/dh.h ../include/dsa.h
 s_cb.o: ../include/e_os.h ../include/err.h ../include/evp.h ../include/idea.h
 s_cb.o: ../include/lhash.h ../include/md2.h ../include/md5.h ../include/mdc2.h
 s_cb.o: ../include/objects.h ../include/opensslv.h ../include/pkcs7.h
 s_cb.o: ../include/rc2.h ../include/rc4.h ../include/rc5.h ../include/ripemd.h
 s_cb.o: ../include/rsa.h ../include/sha.h ../include/ssl.h ../include/ssl2.h
 s_cb.o: ../include/ssl23.h ../include/ssl3.h ../include/stack.h
 s_cb.o: ../include/tls1.h ../include/x509.h ../include/x509_vfy.h apps.h
 s_cb.o: progs.h s_apps.h
 s_client.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h
 s_client.o: ../include/bn.h ../include/buffer.h ../include/cast.h
 s_client.o: ../include/crypto.h ../include/des.h ../include/dh.h
 s_client.o: ../include/dsa.h ../include/e_os.h ../include/err.h
 s_client.o: ../include/evp.h ../include/idea.h ../include/lhash.h
 s_client.o: ../include/md2.h ../include/md5.h ../include/mdc2.h
 s_client.o: ../include/objects.h ../include/opensslv.h ../include/pem.h
 s_client.o: ../include/pem2.h ../include/pkcs7.h ../include/rc2.h
 s_client.o: ../include/rc4.h ../include/rc5.h ../include/ripemd.h
 s_client.o: ../include/rsa.h ../include/sha.h ../include/ssl.h
 s_client.o: ../include/ssl2.h ../include/ssl23.h ../include/ssl3.h
 s_client.o: ../include/stack.h ../include/tls1.h ../include/x509.h
 s_client.o: ../include/x509_vfy.h apps.h progs.h s_apps.h
 s_server.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h
 s_server.o: ../include/bn.h ../include/buffer.h ../include/cast.h
 s_server.o: ../include/crypto.h ../include/des.h ../include/dh.h
 s_server.o: ../include/dsa.h ../include/e_os.h ../include/err.h
 s_server.o: ../include/evp.h ../include/idea.h ../include/lhash.h
 s_server.o: ../include/md2.h ../include/md5.h ../include/mdc2.h
 s_server.o: ../include/objects.h ../include/opensslv.h ../include/pem.h
 s_server.o: ../include/pem2.h ../include/pkcs7.h ../include/rc2.h
 s_server.o: ../include/rc4.h ../include/rc5.h ../include/ripemd.h
 s_server.o: ../include/rsa.h ../include/sha.h ../include/ssl.h
 s_server.o: ../include/ssl2.h ../include/ssl23.h ../include/ssl3.h
 s_server.o: ../include/stack.h ../include/tls1.h ../include/x509.h
 s_server.o: ../include/x509_vfy.h apps.h progs.h s_apps.h
 s_socket.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h
 s_socket.o: ../include/bn.h ../include/buffer.h ../include/cast.h
 s_socket.o: ../include/crypto.h ../include/des.h ../include/dh.h
 s_socket.o: ../include/dsa.h ../include/e_os.h ../include/evp.h
 s_socket.o: ../include/idea.h ../include/lhash.h ../include/md2.h
 s_socket.o: ../include/md5.h ../include/mdc2.h ../include/objects.h
 s_socket.o: ../include/opensslv.h ../include/pkcs7.h ../include/rc2.h
 s_socket.o: ../include/rc4.h ../include/rc5.h ../include/ripemd.h
 s_socket.o: ../include/rsa.h ../include/sha.h ../include/ssl.h
 s_socket.o: ../include/ssl2.h ../include/ssl23.h ../include/ssl3.h
 s_socket.o: ../include/stack.h ../include/tls1.h ../include/x509.h
 s_socket.o: ../include/x509_vfy.h apps.h progs.h s_apps.h
 s_time.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h
 s_time.o: ../include/bn.h ../include/buffer.h ../include/cast.h
 s_time.o: ../include/crypto.h ../include/des.h ../include/dh.h ../include/dsa.h
 s_time.o: ../include/e_os.h ../include/err.h ../include/evp.h ../include/idea.h
 s_time.o: ../include/lhash.h ../include/md2.h ../include/md5.h
 s_time.o: ../include/mdc2.h ../include/objects.h ../include/opensslv.h
 s_time.o: ../include/pem.h ../include/pem2.h ../include/pkcs7.h
 s_time.o: ../include/rc2.h ../include/rc4.h ../include/rc5.h
 s_time.o: ../include/ripemd.h ../include/rsa.h ../include/sha.h
 s_time.o: ../include/ssl.h ../include/ssl2.h ../include/ssl23.h
 s_time.o: ../include/ssl3.h ../include/stack.h ../include/tls1.h
 s_time.o: ../include/x509.h ../include/x509_vfy.h apps.h progs.h s_apps.h
 sess_id.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h
 sess_id.o: ../include/bn.h ../include/buffer.h ../include/cast.h
 sess_id.o: ../include/crypto.h ../include/des.h ../include/dh.h
 sess_id.o: ../include/dsa.h ../include/e_os.h ../include/err.h ../include/evp.h
 sess_id.o: ../include/idea.h ../include/lhash.h ../include/md2.h
 sess_id.o: ../include/md5.h ../include/mdc2.h ../include/objects.h
 sess_id.o: ../include/opensslv.h ../include/pem.h ../include/pem2.h
 sess_id.o: ../include/pkcs7.h ../include/rc2.h ../include/rc4.h
 sess_id.o: ../include/rc5.h ../include/ripemd.h ../include/rsa.h
 sess_id.o: ../include/sha.h ../include/ssl.h ../include/ssl2.h
 sess_id.o: ../include/ssl23.h ../include/ssl3.h ../include/stack.h
 sess_id.o: ../include/tls1.h ../include/x509.h ../include/x509_vfy.h apps.h
 sess_id.o: progs.h
 speed.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h
 speed.o: ../include/bn.h ../include/buffer.h ../include/cast.h
 speed.o: ../include/crypto.h ../include/des.h ../include/dh.h ../include/dsa.h
 speed.o: ../include/e_os.h ../include/err.h ../include/evp.h ../include/hmac.h
 speed.o: ../include/idea.h ../include/md2.h ../include/md5.h ../include/mdc2.h
 speed.o: ../include/objects.h ../include/opensslv.h ../include/pkcs7.h
 speed.o: ../include/rand.h ../include/rc2.h ../include/rc4.h ../include/rc5.h
 speed.o: ../include/ripemd.h ../include/rsa.h ../include/sha.h
 speed.o: ../include/stack.h ../include/x509.h ../include/x509_vfy.h ./testdsa.h
 speed.o: ./testrsa.h apps.h progs.h
 verify.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h
 verify.o: ../include/bn.h ../include/buffer.h ../include/cast.h
 verify.o: ../include/crypto.h ../include/des.h ../include/dh.h ../include/dsa.h
 verify.o: ../include/e_os.h ../include/err.h ../include/evp.h ../include/idea.h
 verify.o: ../include/md2.h ../include/md5.h ../include/mdc2.h
 verify.o: ../include/objects.h ../include/opensslv.h ../include/pem.h
 verify.o: ../include/pem2.h ../include/pkcs7.h ../include/rc2.h
 verify.o: ../include/rc4.h ../include/rc5.h ../include/ripemd.h
 verify.o: ../include/rsa.h ../include/sha.h ../include/stack.h
 verify.o: ../include/x509.h ../include/x509_vfy.h apps.h progs.h
 version.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h
 version.o: ../include/bn.h ../include/buffer.h ../include/cast.h
 version.o: ../include/crypto.h ../include/des.h ../include/dh.h
 version.o: ../include/dsa.h ../include/e_os.h ../include/evp.h
 version.o: ../include/idea.h ../include/md2.h ../include/md5.h
 version.o: ../include/mdc2.h ../include/objects.h ../include/opensslv.h
 version.o: ../include/rc2.h ../include/rc4.h ../include/rc5.h
 version.o: ../include/ripemd.h ../include/rsa.h ../include/sha.h
 version.o: ../include/stack.h apps.h progs.h
 x509.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h
 x509.o: ../include/bn.h ../include/buffer.h ../include/cast.h
 x509.o: ../include/crypto.h ../include/des.h ../include/dh.h ../include/dsa.h
 x509.o: ../include/e_os.h ../include/err.h ../include/evp.h ../include/idea.h
 x509.o: ../include/md2.h ../include/md5.h ../include/mdc2.h
 x509.o: ../include/objects.h ../include/opensslv.h ../include/pem.h
 x509.o: ../include/pem2.h ../include/pkcs7.h ../include/rc2.h ../include/rc4.h
 x509.o: ../include/rc5.h ../include/ripemd.h ../include/rsa.h ../include/sha.h
 x509.o: ../include/stack.h ../include/x509.h ../include/x509_vfy.h
 x509.o: ../include/x509v3.h apps.h progs.h
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -1,320 +0,0 @@
 /* apps/apps.c */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
 * 
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
 * 
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *    "This product includes cryptographic software written by
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
 * 4. If you include any Windows specific code (or a derivative thereof) from 
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
 * 
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 * 
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include <sys/types.h>
 #include <sys/stat.h>
 #define NON_MAIN
 #include "apps.h"
 #undef NON_MAIN
 #ifdef WINDOWS
 #  include "bss_file.c"
 #endif
 #ifndef NOPROTO
 int app_init(long mesgwin);
 #else
 int app_init();
 #endif
 #ifdef undef /* never finished - probably never will be :-) */
 int args_from_file(file,argc,argv)
 char *file;
 int *argc;
 char **argv[];
 	{
 	FILE *fp;
 	int num,i;
 	unsigned int len;
 	static char *buf=NULL;
 	static char **arg=NULL;
 	char *p;
 	struct stat stbuf;
 	if (stat(file,&stbuf) < 0) return(0);
 	fp=fopen(file,"r");
 	if (fp == NULL)
 		return(0);
 	*argc=0;
 	*argv=NULL;
 	len=(unsigned int)stbuf.st_size;
 	if (buf != NULL) Free(buf);
 	buf=(char *)Malloc(len+1);
 	if (buf == NULL) return(0);
 	len=fread(buf,1,len,fp);
 	if (len <= 1) return(0);
 	buf[len]='\0';
 	i=0;
 	for (p=buf; *p; p++)
 		if (*p == '\n') i++;
 	if (arg != NULL) Free(arg);
 	arg=(char **)Malloc(sizeof(char *)*(i*2));
 	*argv=arg;
 	num=0;
 	p=buf;
 	for (;;)
 		{
 		if (!*p) break;
 		if (*p == '#') /* comment line */
 			{
 			while (*p && (*p != '\n')) p++;
 			continue;
 			}
 		/* else we have a line */
 		*(arg++)=p;
 		num++;
 		while (*p && ((*p != ' ') && (*p != '\t') && (*p != '\n')))
 			p++;
 		if (!*p) break;
 		if (*p == '\n')
 			{
 			*(p++)='\0';
 			continue;
 			}
 		/* else it is a tab or space */
 		p++;
 		while (*p && ((*p == ' ') || (*p == '\t') || (*p == '\n')))
 			p++;
 		if (!*p) break;
 		if (*p == '\n')
 			{
 			p++;
 			continue;
 			}
 		*(arg++)=p++;
 		num++;
 		while (*p && (*p != '\n')) p++;
 		if (!*p) break;
 		/* else *p == '\n' */
 		*(p++)='\0';
 		}
 	*argc=num;
 	return(1);
 	}
 #endif
 int str2fmt(s)
 char *s;
 	{
 	if 	((*s == 'D') || (*s == 'd'))
 		return(FORMAT_ASN1);
 	else if ((*s == 'T') || (*s == 't'))
 		return(FORMAT_TEXT);
 	else if ((*s == 'P') || (*s == 'p'))
 		return(FORMAT_PEM);
 	else if ((*s == 'N') || (*s == 'n'))
 		return(FORMAT_NETSCAPE);
 	else
 		return(FORMAT_UNDEF);
 	}
 #if defined(MSDOS) || defined(WIN32) || defined(WIN16)
 void program_name(in,out,size)
 char *in;
 char *out;
 int size;
 	{
 	int i,n;
 	char *p=NULL;
 	n=strlen(in);
 	/* find the last '/', '\' or ':' */
 	for (i=n-1; i>0; i--)
 		{
 		if ((in[i] == '/') || (in[i] == '\\') || (in[i] == ':'))
 			{
 			p= &(in[i+1]);
 			break;
 			}
 		}
 	if (p == NULL)
 		p=in;
 	n=strlen(p);
 	/* strip off trailing .exe if present. */
 	if ((n > 4) && (p[n-4] == '.') &&
 		((p[n-3] == 'e') || (p[n-3] == 'E')) &&
 		((p[n-2] == 'x') || (p[n-2] == 'X')) &&
 		((p[n-1] == 'e') || (p[n-1] == 'E')))
 		n-=4;
 	if (n > size-1)
 		n=size-1;
 	for (i=0; i<n; i++)
 		{
 		if ((p[i] >= 'A') && (p[i] <= 'Z'))
 			out[i]=p[i]-'A'+'a';
 		else
 			out[i]=p[i];
 		}
 	out[n]='\0';
 	}
 #else
 void program_name(in,out,size)
 char *in;
 char *out;
 int size;
 	{
 	char *p;
 	p=strrchr(in,'/');
 	if (p != NULL)
 		p++;
 	else
 		p=in;
 	strncpy(out,p,size-1);
 	out[size-1]='\0';
 	}
 #endif
 #ifdef WIN32
 int WIN32_rename(from,to)
 char *from;
 char *to;
 	{
 	int ret;
 	ret=MoveFileEx(from,to,MOVEFILE_REPLACE_EXISTING|MOVEFILE_COPY_ALLOWED);
 	return(ret?0:-1);
 	}
 #endif
 int chopup_args(arg,buf,argc,argv)
 ARGS *arg;
 char *buf;
 int *argc;
 char **argv[];
 	{
 	int num,len,i;
 	char *p;
 	*argc=0;
 	*argv=NULL;
 	len=strlen(buf);
 	i=0;
 	if (arg->count == 0)
 		{
 		arg->count=20;
 		arg->data=(char **)Malloc(sizeof(char *)*arg->count);
 		}
 	for (i=0; i<arg->count; i++)
 		arg->data[i]=NULL;
 	num=0;
 	p=buf;
 	for (;;)
 		{
 		/* first scan over white space */
 		if (!*p) break;
 		while (*p && ((*p == ' ') || (*p == '\t') || (*p == '\n')))
 			p++;
 		if (!*p) break;
 		/* The start of something good :-) */
 		if (num >= arg->count)
 			{
 			arg->count+=20;
 			arg->data=(char **)Realloc(arg->data,
 				sizeof(char *)*arg->count);
 			if (argc == 0) return(0);
 			}
 		arg->data[num++]=p;
 		/* now look for the end of this */
 		if ((*p == '\'') || (*p == '\"')) /* scan for closing quote */
 			{
 			i= *(p++);
 			arg->data[num-1]++; /* jump over quote */
 			while (*p && (*p != i))
 				p++;
 			*p='\0';
 			}
 		else
 			{
 			while (*p && ((*p != ' ') &&
 				(*p != '\t') && (*p != '\n')))
 				p++;
 			if (*p == '\0')
 				p--;
 			else
 				*p='\0';
 			}
 		p++;
 		}
 	*argc=num;
 	*argv=arg->data;
 	return(1);
 	}
 #ifndef APP_INIT
 int app_init(mesgwin)
 long mesgwin;
 	{
 	return(1);
 	}
 #endif
--- a/apps/apps.h
+++ b/apps/apps.h
@@ -1,150 +0,0 @@
 /* apps/apps.h */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
 * 
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
 * 
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *    "This product includes cryptographic software written by
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
 * 4. If you include any Windows specific code (or a derivative thereof) from 
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
 * 
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 * 
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */
 #ifndef HEADER_APPS_H
 #define HEADER_APPS_H
 #include "e_os.h"
 #include "buffer.h"
 #include "bio.h"
 #include "crypto.h"
 #include "progs.h"
 #ifdef NO_STDIO
 BIO_METHOD *BIO_s_file();
 #endif
 #ifdef WIN32
 #define rename(from,to) WIN32_rename((from),(to))
 int WIN32_rename(char *oldname,char *newname);
 #endif
 #ifndef MONOLITH
 #define MAIN(a,v)	main(a,v)
 #ifndef NON_MAIN
 BIO *bio_err=NULL;
 #else
 extern BIO *bio_err;
 #endif
 #else
 #define MAIN(a,v)	PROG(a,v)
 #include "conf.h"
 extern LHASH *config;
 extern char *default_config_file;
 extern BIO *bio_err;
 #endif
 #include <signal.h>
 #ifdef SIGPIPE
 #define do_pipe_sig()	signal(SIGPIPE,SIG_IGN)
 #else
 #define do_pipe_sig()
 #endif
 #if defined(MONOLITH) && !defined(SSLEAY)
 #  define apps_startup()	do_pipe_sig()
 #else
 #  if defined(MSDOS) || defined(WIN16) || defined(WIN32)
 #    ifdef _O_BINARY
 #      define apps_startup() \
 		_fmode=_O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \
 		SSLeay_add_all_algorithms()
 #    else
 #      define apps_startup() \
 		_fmode=O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \
 		SSLeay_add_all_algorithms()
 #    endif
 #  else
 #    define apps_startup()	do_pipe_sig(); SSLeay_add_all_algorithms();
 #  endif
 #endif
 typedef struct args_st
        {
        char **data;
 	int count;
        } ARGS;
 #ifndef NOPROTO
 int should_retry(int i);
 int args_from_file(char *file, int *argc, char **argv[]);
 int str2fmt(char *s);
 void program_name(char *in,char *out,int size);
 int chopup_args(ARGS *arg,char *buf, int *argc, char **argv[]);
 #else
 int should_retry();
 int args_from_file();
 int str2fmt();
 void program_name();
 int chopup_args();
 #endif
 #define FORMAT_UNDEF    0
 #define FORMAT_ASN1     1
 #define FORMAT_TEXT     2
 #define FORMAT_PEM      3
 #define FORMAT_NETSCAPE 4
 #endif
--- a/apps/asn1pars.c
+++ b/apps/asn1pars.c
@@ -1,285 +0,0 @@
 /* apps/asn1pars.c */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
 * 
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
 * 
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *    "This product includes cryptographic software written by
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
 * 4. If you include any Windows specific code (or a derivative thereof) from 
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
 * 
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 * 
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */
 /* A nice addition from Dr Stephen Henson <shenson@bigfoot.com> to 
 * add the -strparse option which parses nested binary structures
 */
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include "apps.h"
 #include "err.h"
 #include "evp.h"
 #include "x509.h"
 #include "pem.h"
 /* -inform arg	- input format - default PEM (DER or PEM)
 * -in arg	- input file - default stdin
 * -i		- indent the details by depth
 * -offset	- where in the file to start
 * -length	- how many bytes to use
 * -oid file	- extra oid decription file
 */
 #undef PROG
 #define PROG	asn1parse_main
 int MAIN(argc, argv)
 int argc;
 char **argv;
 	{
 	int i,badops=0,offset=0,ret=1,j;
 	unsigned int length=0;
 	long num,tmplen;
 	BIO *in=NULL,*out=NULL,*b64=NULL;
 	int informat,indent=0;
 	char *infile=NULL,*str=NULL,*prog,*oidfile=NULL;
 	unsigned char *tmpbuf;
 	BUF_MEM *buf=NULL;
 	STACK *osk=NULL;
 	ASN1_TYPE *at=NULL;
 	informat=FORMAT_PEM;
 	apps_startup();
 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 	prog=argv[0];
 	argc--;
 	argv++;
 	if ((osk=sk_new_null()) == NULL)
 		{
 		BIO_printf(bio_err,"Malloc failure\n");
 		goto end;
 		}
 	while (argc >= 1)
 		{
 		if 	(strcmp(*argv,"-inform") == 0)
 			{
 			if (--argc < 1) goto bad;
 			informat=str2fmt(*(++argv));
 			}
 		else if (strcmp(*argv,"-in") == 0)
 			{
 			if (--argc < 1) goto bad;
 			infile= *(++argv);
 			}
 		else if (strcmp(*argv,"-i") == 0)
 			{
 			indent=1;
 			}
 		else if (strcmp(*argv,"-oid") == 0)
 			{
 			if (--argc < 1) goto bad;
 			oidfile= *(++argv);
 			}
 		else if (strcmp(*argv,"-offset") == 0)
 			{
 			if (--argc < 1) goto bad;
 			offset= atoi(*(++argv));
 			}
 		else if (strcmp(*argv,"-length") == 0)
 			{
 			if (--argc < 1) goto bad;
 			length= atoi(*(++argv));
 			if (length == 0) goto bad;
 			}
 		else if (strcmp(*argv,"-strparse") == 0)
 			{
 			if (--argc < 1) goto bad;
 			sk_push(osk,*(++argv));
 			}
 		else
 			{
 			BIO_printf(bio_err,"unknown option %s\n",*argv);
 			badops=1;
 			break;
 			}
 		argc--;
 		argv++;
 		}
 	if (badops)
 		{
 bad:
 		BIO_printf(bio_err,"%s [options] <infile\n",prog);
 		BIO_printf(bio_err,"where options are\n");
 		BIO_printf(bio_err," -inform arg   input format - one of DER TXT PEM\n");
 		BIO_printf(bio_err," -in arg       input file\n");
 		BIO_printf(bio_err," -offset arg   offset into file\n");
 		BIO_printf(bio_err," -length arg   lenth of section in file\n");
 		BIO_printf(bio_err," -i            indent entries\n");
 		BIO_printf(bio_err," -oid file     file of extra oid definitions\n");
 		BIO_printf(bio_err," -strparse offset\n");
 		BIO_printf(bio_err,"               a series of these can be used to 'dig' into multiple\n");
 		BIO_printf(bio_err,"               ASN1 blob wrappings\n");
 		goto end;
 		}
 	ERR_load_crypto_strings();
 	in=BIO_new(BIO_s_file());
 	out=BIO_new(BIO_s_file());
 	if ((in == NULL) || (out == NULL))
 		{
 		ERR_print_errors(bio_err);
 		goto end;
 		}
 	BIO_set_fp(out,stdout,BIO_NOCLOSE|BIO_FP_TEXT);
 	if (oidfile != NULL)
 		{
 		if (BIO_read_filename(in,oidfile) <= 0)
 			{
 			BIO_printf(bio_err,"problems opening %s\n",oidfile);
 			ERR_print_errors(bio_err);
 			goto end;
 			}
 		OBJ_create_objects(in);
 		}
 	if (infile == NULL)
 		BIO_set_fp(in,stdin,BIO_NOCLOSE);
 	else
 		{
 		if (BIO_read_filename(in,infile) <= 0)
 			{
 			perror(infile);
 			goto end;
 			}
 		}
 	if ((buf=BUF_MEM_new()) == NULL) goto end;
 	if (!BUF_MEM_grow(buf,BUFSIZ*8)) goto end; /* Pre-allocate :-) */
 	if (informat == FORMAT_PEM)
 		{
 		BIO *tmp;
 		if ((b64=BIO_new(BIO_f_base64())) == NULL)
 			goto end;
 		BIO_push(b64,in);
 		tmp=in;
 		in=b64;
 		b64=tmp;
 		}
 	num=0;
 	for (;;)
 		{
 		if (!BUF_MEM_grow(buf,(int)num+BUFSIZ)) goto end;
 		i=BIO_read(in,&(buf->data[num]),BUFSIZ);
 		if (i <= 0) break;
 		num+=i;
 		}
 	str=buf->data;
 	/* If any structs to parse go through in sequence */
 	if (sk_num(osk))
 		{
 		tmpbuf=(unsigned char *)str;
 		tmplen=num;
 		for (i=0; i<sk_num(osk); i++)
 			{
 			j=atoi(sk_value(osk,i));
 			if (j == 0)
 				{
 				BIO_printf(bio_err,"'%s' is an invalid number\n",sk_value(osk,i));
 				continue;
 				}
 			tmpbuf+=j;
 			tmplen-=j;
 			if (d2i_ASN1_TYPE(&at,&tmpbuf,tmplen) == NULL)
 				{
 				BIO_printf(bio_err,"Error parsing structure\n");
 				ERR_print_errors(bio_err);
 				goto end;
 				}
 			/* hmm... this is a little evil but it works */
 			tmpbuf=at->value.asn1_string->data;
 			tmplen=at->value.asn1_string->length;
 			}
 		str=(char *)tmpbuf;
 		num=tmplen;
 		}
 	if (length == 0) length=(unsigned int)num;
 	if (!ASN1_parse(out,(unsigned char *)&(str[offset]),length,indent))
 		{
 		ERR_print_errors(bio_err);
 		goto end;
 		}
 	ret=0;
 end:
 	if (in != NULL) BIO_free(in);
 	if (out != NULL) BIO_free(out);
 	if (b64 != NULL) BIO_free(b64);
 	if (ret != 0)
 		ERR_print_errors(bio_err);
 	if (buf != NULL) BUF_MEM_free(buf);
 	if (at != NULL) ASN1_TYPE_free(at);
 	if (osk != NULL) sk_free(osk);
 	OBJ_cleanup();
 	EXIT(ret);
 	}
--- a/apps/bss_file.c
+++ b/apps/bss_file.c
@@ -1,324 +0,0 @@
 /* crypto/bio/bss_file.c */
 /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
 * 
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
 * 
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *    "This product includes cryptographic software written by
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
 * 4. If you include any Windows specific code (or a derivative thereof) from 
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
 * 
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 * 
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */
 #define APPS_WIN16
 #include <stdio.h>
 #include <errno.h>
 #include "cryptlib.h"
 #include "bio.h"
 #include "err.h"
 #ifndef NOPROTO
 static int MS_CALLBACK file_write(BIO *h,char *buf,int num);
 static int MS_CALLBACK file_read(BIO *h,char *buf,int size);
 static int MS_CALLBACK file_puts(BIO *h,char *str);
 static int MS_CALLBACK file_gets(BIO *h,char *str,int size);
 static long MS_CALLBACK file_ctrl(BIO *h,int cmd,long arg1,char *arg2);
 static int MS_CALLBACK file_new(BIO *h);
 static int MS_CALLBACK file_free(BIO *data);
 #else
 static int MS_CALLBACK file_write();
 static int MS_CALLBACK file_read();
 static int MS_CALLBACK file_puts();
 static int MS_CALLBACK file_gets();
 static long MS_CALLBACK file_ctrl();
 static int MS_CALLBACK file_new();
 static int MS_CALLBACK file_free();
 #endif
 static BIO_METHOD methods_filep=
 	{
 	BIO_TYPE_FILE,"FILE pointer",
 	file_write,
 	file_read,
 	file_puts,
 	file_gets,
 	file_ctrl,
 	file_new,
 	file_free,
 	};
 BIO *BIO_new_file(filename,mode)
 char *filename;
 char *mode;
 	{
 	BIO *ret;
 	FILE *file;
 	if ((file=fopen(filename,mode)) == NULL)
 		{
 		SYSerr(SYS_F_FOPEN,errno);
 		BIOerr(BIO_F_BIO_NEW_FILE,ERR_R_SYS_LIB);
 		return(NULL);
 		}
 	if ((ret=BIO_new_fp(file,BIO_CLOSE)) == NULL)
 		{
 		fclose(file);
 		return(NULL);
 		}
 	return(ret);
 	}
 BIO *BIO_new_fp(stream,close_flag)
 FILE *stream;
 int close_flag;
 	{
 	BIO *ret;
 	if ((ret=BIO_new(BIO_s_file())) == NULL)
 		return(NULL);
 	BIO_set_fp(ret,stream,close_flag);
 	return(ret);
 	}
 #if !defined(WIN16) || defined(APPS_WIN16)
 BIO_METHOD *BIO_s_file()
 	{
 	return(&methods_filep);
 	}
 #else
 BIO_METHOD *BIO_s_file_internal_w16()
 	{
 	return(&methods_filep);
 	}
 #endif
 static int MS_CALLBACK file_new(bi)
 BIO *bi;
 	{
 	bi->init=0;
 	bi->num=0;
 	bi->ptr=NULL;
 	return(1);
 	}
 static int MS_CALLBACK file_free(a)
 BIO *a;
 	{
 	if (a == NULL) return(0);
 	if (a->shutdown)
 		{
 		if ((a->init) && (a->ptr != NULL))
 			{
 			fclose((FILE *)a->ptr);
 			a->ptr=NULL;
 			}
 		a->init=0;
 		}
 	return(1);
 	}
 static int MS_CALLBACK file_read(b,out,outl)
 BIO *b;
 char *out;
 int outl;
 	{
 	int ret=0;
 	if (b->init && (out != NULL))
 		{
 		ret=fread(out,1,(int)outl,(FILE *)b->ptr);
 		}
 	return(ret);
 	}
 static int MS_CALLBACK file_write(b,in,inl)
 BIO *b;
 char *in;
 int inl;
 	{
 	int ret=0;
 	if (b->init && (in != NULL))
 		{
 		if (fwrite(in,(int)inl,1,(FILE *)b->ptr))
 			ret=inl;
 		/* ret=fwrite(in,1,(int)inl,(FILE *)b->ptr); */
 		/* acording to Tim Hudson <tjh@cryptsoft.com>, the commented
 		 * out version above can cause 'inl' write calls under
 		 * some stupid stdio implementations (VMS) */
 		}
 	return(ret);
 	}
 static long MS_CALLBACK file_ctrl(b,cmd,num,ptr)
 BIO *b;
 int cmd;
 long num;
 char *ptr;
 	{
 	long ret=1;
 	FILE *fp=(FILE *)b->ptr;
 	FILE **fpp;
 	char p[4];
 	switch (cmd)
 		{
 	case BIO_CTRL_RESET:
 		ret=(long)fseek(fp,num,0);
 		break;
 	case BIO_CTRL_EOF:
 		ret=(long)feof(fp);
 		break;
 	case BIO_CTRL_INFO:
 		ret=ftell(fp);
 		break;
 	case BIO_C_SET_FILE_PTR:
 		file_free(b);
 		b->shutdown=(int)num;
 		b->ptr=(char *)ptr;
 		b->init=1;
 		break;
 	case BIO_C_SET_FILENAME:
 		file_free(b);
 		b->shutdown=(int)num&BIO_CLOSE;
 		if (num & BIO_FP_APPEND)
 			{
 			if (num & BIO_FP_READ)
 				strcpy(p,"a+");
 			else	strcpy(p,"a");
 			}
 		else if ((num & BIO_FP_READ) && (num & BIO_FP_WRITE))
 			strcpy(p,"r+");
 		else if (num & BIO_FP_WRITE)
 			strcpy(p,"w");
 		else if (num & BIO_FP_READ)
 			strcpy(p,"r");
 		else
 			{
 			BIOerr(BIO_F_FILE_CTRL,BIO_R_BAD_FOPEN_MODE);
 			ret=0;
 			break;
 			}
 #if defined(MSDOS) || defined(WINDOWS)
 		if (!(num & BIO_FP_TEXT))
 			strcat(p,"b");
 		else
 			strcat(p,"t");
 #endif
 		fp=fopen(ptr,p);
 		if (fp == NULL)
 			{
 			SYSerr(SYS_F_FOPEN,errno);
 			BIOerr(BIO_F_FILE_CTRL,ERR_R_SYS_LIB);
 			ret=0;
 			break;
 			}
 		b->ptr=(char *)fp;
 		b->init=1;
 		break;
 	case BIO_C_GET_FILE_PTR:
 		/* the ptr parameter is actually a FILE ** in this case. */
 		if (ptr != NULL)
 			{
 			fpp=(FILE **)ptr;
 			*fpp=(FILE *)b->ptr;
 			}
 		break;
 	case BIO_CTRL_GET_CLOSE:
 		ret=(long)b->shutdown;
 		break;
 	case BIO_CTRL_SET_CLOSE:
 		b->shutdown=(int)num;
 		break;
 	case BIO_CTRL_FLUSH:
 		fflush((FILE *)b->ptr);
 		break;
 	case BIO_CTRL_DUP:
 		ret=1;
 		break;
 	case BIO_CTRL_PENDING:
 	case BIO_CTRL_PUSH:
 	case BIO_CTRL_POP:
 	default:
 		ret=0;
 		break;
 		}
 	return(ret);
 	}
 static int MS_CALLBACK file_gets(bp,buf,size)
 BIO *bp;
 char *buf;
 int size;
 	{
 	int ret=0;
 	buf[0]='\0';
 	fgets(buf,size,(FILE *)bp->ptr);
 	if (buf[0] != '\0')
 		ret=strlen(buf);
 	return(ret);
 	}
 static int MS_CALLBACK file_puts(bp,str)
 BIO *bp;
 char *str;
 	{
 	int n,ret;
 	n=strlen(str);
 	ret=file_write(bp,str,n);
 	return(ret);
 	}
--- a/apps/c512-key.pem
+++ b/apps/c512-key.pem
@@ -1,9 +0,0 @@
 -----BEGIN RSA PRIVATE KEY-----
 MIIBOwIBAAJBALtv55QyzG6i2PlwZ1pah7++Gv8L5j6Hnyr/uTZE1NLG0ABDDexm
 q/R4KedLjFEIYjocDui+IXs62NNtXrT8odkCAwEAAQJAbwXq0vJ/+uyEvsNgxLko
 /V86mGXQ/KrSkeKlL0r4ENxjcyeMAGoKu6J9yMY7+X9+Zm4nxShNfTsf/+Freoe1
 HQIhAPOSm5Q1YI+KIsII2GeVJx1U69+wnd71OasIPakS1L1XAiEAxQAW+J3/JWE0
 ftEYakbhUOKL8tD1OaFZS71/5GdG7E8CIQCefUMmySSvwd6kC0VlATSWbW+d+jp/
 nWmM1KvqnAo5uQIhALqEADu5U1Wvt8UN8UDGBRPQulHWNycuNV45d3nnskWPAiAw
 ueTyr6WsZ5+SD8g/Hy3xuvF3nPmJRH+rwvVihlcFOg==
 -----END RSA PRIVATE KEY-----
--- a/apps/c512-req.pem
+++ b/apps/c512-req.pem
@@ -1,8 +0,0 @@
 -----BEGIN CERTIFICATE REQUEST-----
 MIIBGzCBxgIBADBjMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEa
 MBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxIzAhBgNVBAMTGkNsaWVudCB0ZXN0
 IGNlcnQgKDUxMiBiaXQpMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALtv55QyzG6i
 2PlwZ1pah7++Gv8L5j6Hnyr/uTZE1NLG0ABDDexmq/R4KedLjFEIYjocDui+IXs6
 2NNtXrT8odkCAwEAATANBgkqhkiG9w0BAQQFAANBAC5JBTeji7RosqMaUIDzIW13
 oO6+kPhx9fXSpMFHIsY3aH92Milkov/2A4SuZTcnv/P6+8klmS0EaiUKcRzak4E=
 -----END CERTIFICATE REQUEST-----
--- a/apps/ca-cert.srl
+++ b/apps/ca-cert.srl
@@ -1 +0,0 @@
 05
--- a/apps/ca-key.pem
+++ b/apps/ca-key.pem
@@ -1,15 +0,0 @@
 -----BEGIN RSA PRIVATE KEY-----
 MIICXQIBAAKBgQCju6PLddelT+nIMm07GQwmYa/eZ2JWbsmt2gotSCqM7asFp425
 gxSK4jqhhT62UPpqDBEwvQ+fYkVv3RV0r9ReuZGv12NoS4fXsQgqO17lHA7Od0Kd
 2yNwJjKh44MxPKDt2o8iQMyZE0zlHnEFNpsP4COLTDNC6ljEEu5bk8uPsQIDAQAB
 AoGAVZmpFZsDZfr0l2S9tLLwpjRWNOlKATQkno6q2WesT0eGLQufTciY+c8ypfU6
 hyio8r5iUl/VhhdjhAtKx1mRpiotftHo/eYf8rtsrnprOnWG0bWjLjtIoMbcxGn2
 J3bN6LJmbJMjDs0eJ3KnTu646F3nDUw2oGAwmpzKXA1KAP0CQQDRvQhxk2D3Pehs
 HvG665u2pB5ipYQngEFlZO7RHJZzJOZEWSLuuMqaF/7pTfA5jiBvWqCgJeCRRInL
 21ru4dlPAkEAx9jj7BgKn5TYnMoBSSe0afjsV9oApVpN1Nacb1YDtCwy+scp3++s
 nFxlv98wxIlSdpwMUn+AUWfjiWR7Tu/G/wJBAJ/KjwZIrFVxewP0x2ILYsTRYLzz
 MS4PDsO7FB+I0i7DbBOifXS2oNSpd3I0CNMwrxFnUHzynpbOStVfN3ZL5w0CQQCa
 pwFahxBRhkJKsxhjoFJBX9yl75JoY4Wvm5Tbo9ih6UJaRx3kqfkN14L2BKYcsZgb
 KY9vmDOYy6iNfjDeWTfJAkBkfPUb8oTJ/nSP5zN6sqGxSY4krc4xLxpRmxoJ8HL2
 XfhqXkTzbU13RX9JJ/NZ8vQN9Vm2NhxRGJocQkmcdVtJ
 -----END RSA PRIVATE KEY-----
--- a/apps/ca-req.pem
+++ b/apps/ca-req.pem
@@ -1,11 +0,0 @@
 -----BEGIN CERTIFICATE REQUEST-----
 MIIBmTCCAQICAQAwWzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQx
 GjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYDVQQDExJUZXN0IENBICgx
 MDI0IGJpdCkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKO7o8t116VP6cgy
 bTsZDCZhr95nYlZuya3aCi1IKoztqwWnjbmDFIriOqGFPrZQ+moMETC9D59iRW/d
 FXSv1F65ka/XY2hLh9exCCo7XuUcDs53Qp3bI3AmMqHjgzE8oO3ajyJAzJkTTOUe
 cQU2mw/gI4tMM0LqWMQS7luTy4+xAgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAKlk7
 cxu9gCJN3/iQFyJXQ6YphaiQAT5VBXTx9ftRrQIjA3vxlDzPWGDy+V5Tqa7h8PtR
 5Bn00JShII2zf0hjyjKils6x/UkWmjEiwSiFp4hR70iE8XwSNEHY2P6j6nQEIpgW
 kbfgmmUqk7dl2V+ossTJ80B8SBpEhrn81V/cHxA=
 -----END CERTIFICATE REQUEST-----
--- a/apps/ca.c
+++ b/apps/ca.c
--- a/apps/cert.pem
+++ b/apps/cert.pem
@@ -1,11 +0,0 @@
 -----BEGIN CERTIFICATE-----
 MIIBoDCCAUoCAQAwDQYJKoZIhvcNAQEEBQAwYzELMAkGA1UEBhMCQVUxEzARBgNV
 BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMSMwIQYD
 VQQDExpTZXJ2ZXIgdGVzdCBjZXJ0ICg1MTIgYml0KTAeFw05NzA5MDkwMzQxMjZa
 Fw05NzEwMDkwMzQxMjZaMF4xCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0
 YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxFzAVBgNVBAMT
 DkVyaWMgdGhlIFlvdW5nMFEwCQYFKw4DAgwFAANEAAJBALVEqPODnpI4rShlY8S7
 tB713JNvabvn6Gned7zylwLLiXQAo/PAT6mfdWPTyCX9RlId/Aroh1ou893BA32Q
 sggwDQYJKoZIhvcNAQEEBQADQQCU5SSgapJSdRXJoX+CpCvFy+JVh9HpSjCpSNKO
 19raHv98hKAUJuP9HyM+SUsffO6mAIgitUaqW8/wDMePhEC3
 -----END CERTIFICATE-----
--- a/apps/ciphers.c
+++ b/apps/ciphers.c
@@ -1,191 +0,0 @@
 /* apps/ciphers.c */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
 * 
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
 * 
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *    "This product includes cryptographic software written by
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
 * 4. If you include any Windows specific code (or a derivative thereof) from 
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
 * 
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 * 
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #ifdef NO_STDIO
 #define APPS_WIN16
 #endif
 #include "apps.h"
 #include "err.h"
 #include "ssl.h"
 #undef PROG
 #define PROG	ciphers_main
 static char *ciphers_usage[]={
 "usage: ciphers args\n",
 " -v          - verbose mode, a textual listing of the ciphers in SSLeay\n",
 " -ssl2       - SSL2 mode\n",
 " -ssl3       - SSL3 mode\n",
 NULL
 };
 int MAIN(argc, argv)
 int argc;
 char **argv;
 	{
 	int ret=1,i;
 	int verbose=0;
 	char **pp,*p;
 	int badops=0;
 	SSL_CTX *ctx=NULL;
 	SSL *ssl=NULL;
 	char *ciphers=NULL;
 	SSL_METHOD *meth=NULL;
 	STACK *sk;
 	char buf[512];
 	BIO *STDout=NULL;
 #if !defined(NO_SSL2) && !defined(NO_SSL3)
 	meth=SSLv23_server_method();
 #elif !defined(NO_SSL3)
 	meth=SSLv3_server_method();
 #elif !defined(NO_SSL2)
 	meth=SSLv2_server_method();
 #endif
 	apps_startup();
 	if (bio_err == NULL)
 		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
 	STDout=BIO_new_fp(stdout,BIO_NOCLOSE);
 	argc--;
 	argv++;
 	while (argc >= 1)
 		{
 		if (strcmp(*argv,"-v") == 0)
 			verbose=1;
 #ifndef NO_SSL2
 		else if (strcmp(*argv,"-ssl2") == 0)
 			meth=SSLv2_client_method();
 #endif
 #ifndef NO_SSL3
 		else if (strcmp(*argv,"-ssl3") == 0)
 			meth=SSLv3_client_method();
 #endif
 		else if ((strncmp(*argv,"-h",2) == 0) ||
 			 (strcmp(*argv,"-?") == 0))
 			{
 			badops=1;
 			break;
 			}
 		else
 			{
 			ciphers= *argv;
 			}
 		argc--;
 		argv++;
 		}
 	if (badops)
 		{
 		for (pp=ciphers_usage; (*pp != NULL); pp++)
 			BIO_printf(bio_err,*pp);
 		goto end;
 		}
 	SSLeay_add_ssl_algorithms();
 	ctx=SSL_CTX_new(meth);
 	if (ctx == NULL) goto err;
 	if (ciphers != NULL)
 		SSL_CTX_set_cipher_list(ctx,ciphers);
 	ssl=SSL_new(ctx);
 	if (ssl == NULL) goto err;
 	if (!verbose)
 		{
 		for (i=0; ; i++)
 			{
 			p=SSL_get_cipher_list(ssl,i);
 			if (p == NULL) break;
 			if (i != 0) BIO_printf(STDout,":");
 			BIO_printf(STDout,"%s",p);
 			}
 		BIO_printf(STDout,"\n");
 		}
 	else
 		{
 		sk=SSL_get_ciphers(ssl);
 		for (i=0; i<sk_num(sk); i++)
 			{
 			BIO_puts(STDout,SSL_CIPHER_description(
 				(SSL_CIPHER *)sk_value(sk,i),
 				buf,512));
 			}
 		}
 	ret=0;
 	if (0)
 		{
 err:
 		SSL_load_error_strings();
 		ERR_print_errors(bio_err);
 		}
 end:
 	if (ctx != NULL) SSL_CTX_free(ctx);
 	if (ssl != NULL) SSL_free(ssl);
 	if (STDout != NULL) BIO_free(STDout);
 	EXIT(ret);
 	}
--- a/apps/client.pem
+++ b/apps/client.pem
@@ -1,24 +0,0 @@
 issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
 subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Client test cert (512 bit)
 -----BEGIN CERTIFICATE-----
 MIIB6TCCAVICAQIwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCQVUxEzARBgNV
 BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYD
 VQQDExJUZXN0IENBICgxMDI0IGJpdCkwHhcNOTcwNjA5MTM1NzU2WhcNOTgwNjA5
 MTM1NzU2WjBjMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEaMBgG
 A1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxIzAhBgNVBAMTGkNsaWVudCB0ZXN0IGNl
 cnQgKDUxMiBiaXQpMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALtv55QyzG6i2Plw
 Z1pah7++Gv8L5j6Hnyr/uTZE1NLG0ABDDexmq/R4KedLjFEIYjocDui+IXs62NNt
 XrT8odkCAwEAATANBgkqhkiG9w0BAQQFAAOBgQBwtMmI7oGUG8nKmftQssATViH5
 NRRtoEw07DxJp/LfatHdrhqQB73eGdL5WILZJXk46Xz2e9WMSUjVCSYhdKxtflU3
 UR2Ajv1Oo0sTNdfz0wDqJNirLNtzyhhsaq8qMTrLwXrCP31VxBiigFSQSUFnZyTE
 9TKwhS4GlwbtCfxSKQ==
 -----END CERTIFICATE-----
 -----BEGIN RSA PRIVATE KEY-----
 MIIBOwIBAAJBALtv55QyzG6i2PlwZ1pah7++Gv8L5j6Hnyr/uTZE1NLG0ABDDexm
 q/R4KedLjFEIYjocDui+IXs62NNtXrT8odkCAwEAAQJAbwXq0vJ/+uyEvsNgxLko
 /V86mGXQ/KrSkeKlL0r4ENxjcyeMAGoKu6J9yMY7+X9+Zm4nxShNfTsf/+Freoe1
 HQIhAPOSm5Q1YI+KIsII2GeVJx1U69+wnd71OasIPakS1L1XAiEAxQAW+J3/JWE0
 ftEYakbhUOKL8tD1OaFZS71/5GdG7E8CIQCefUMmySSvwd6kC0VlATSWbW+d+jp/
 nWmM1KvqnAo5uQIhALqEADu5U1Wvt8UN8UDGBRPQulHWNycuNV45d3nnskWPAiAw
 ueTyr6WsZ5+SD8g/Hy3xuvF3nPmJRH+rwvVihlcFOg==
 -----END RSA PRIVATE KEY-----
--- a/apps/crl.c
+++ b/apps/crl.c
@@ -1,307 +0,0 @@
 /* apps/crl.c */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
 * 
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
 * 
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *    "This product includes cryptographic software written by
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
 * 4. If you include any Windows specific code (or a derivative thereof) from 
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
 * 
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 * 
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include "apps.h"
 #include "bio.h"
 #include "err.h"
 #include "x509.h"
 #include "x509v3.h"
 #include "pem.h"
 #undef PROG
 #define PROG	crl_main
 #undef POSTFIX
 #define	POSTFIX	".rvk"
 static char *crl_usage[]={
 "usage: crl args\n",
 "\n",
 " -inform arg     - input format - default PEM (one of DER, TXT or PEM)\n",
 " -outform arg    - output format - default PEM\n",
 " -text           - print out a text format version\n",
 " -in arg         - input file - default stdin\n",
 " -out arg        - output file - default stdout\n",
 " -hash           - print hash value\n",
 " -issuer         - print issuer DN\n",
 " -lastupdate     - lastUpdate field\n",
 " -nextupdate     - nextUpdate field\n",
 " -noout          - no CRL output\n",
 NULL
 };
 #ifndef NOPROTO
 static X509_CRL *load_crl(char *file, int format);
 #else
 static X509_CRL *load_crl();
 #endif
 static BIO *bio_out=NULL;
 int MAIN(argc, argv)
 int argc;
 char **argv;
 	{
 	X509_CRL *x=NULL;
 	int ret=1,i,num,badops=0;
 	BIO *out=NULL;
 	int informat,outformat;
 	char *infile=NULL,*outfile=NULL;
 	int hash=0,issuer=0,lastupdate=0,nextupdate=0,noout=0,text=0;
 	char **pp,buf[256];
 	apps_startup();
 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 	if (bio_out == NULL)
 		if ((bio_out=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_out,stdout,BIO_NOCLOSE);
 	informat=FORMAT_PEM;
 	outformat=FORMAT_PEM;
 	argc--;
 	argv++;
 	num=0;
 	while (argc >= 1)
 		{
 #ifdef undef
 		if	(strcmp(*argv,"-p") == 0)
 			{
 			if (--argc < 1) goto bad;
 			if (!args_from_file(++argv,Nargc,Nargv)) { goto end; }*/
 			}
 #endif
 		if 	(strcmp(*argv,"-inform") == 0)
 			{
 			if (--argc < 1) goto bad;
 			informat=str2fmt(*(++argv));
 			}
 		else if (strcmp(*argv,"-outform") == 0)
 			{
 			if (--argc < 1) goto bad;
 			outformat=str2fmt(*(++argv));
 			}
 		else if (strcmp(*argv,"-in") == 0)
 			{
 			if (--argc < 1) goto bad;
 			infile= *(++argv);
 			}
 		else if (strcmp(*argv,"-out") == 0)
 			{
 			if (--argc < 1) goto bad;
 			outfile= *(++argv);
 			}
 		else if (strcmp(*argv,"-text") == 0)
 			text = 1;
 		else if (strcmp(*argv,"-hash") == 0)
 			hash= ++num;
 		else if (strcmp(*argv,"-issuer") == 0)
 			issuer= ++num;
 		else if (strcmp(*argv,"-lastupdate") == 0)
 			lastupdate= ++num;
 		else if (strcmp(*argv,"-nextupdate") == 0)
 			nextupdate= ++num;
 		else if (strcmp(*argv,"-noout") == 0)
 			noout= ++num;
 		else
 			{
 			BIO_printf(bio_err,"unknown option %s\n",*argv);
 			badops=1;
 			break;
 			}
 		argc--;
 		argv++;
 		}
 	if (badops)
 		{
 bad:
 		for (pp=crl_usage; (*pp != NULL); pp++)
 			BIO_printf(bio_err,*pp);
 		goto end;
 		}
 	ERR_load_crypto_strings();
 	X509V3_add_standard_extensions();
 	x=load_crl(infile,informat);
 	if (x == NULL) { goto end; }
 	if (num)
 		{
 		for (i=1; i<=num; i++)
 			{
 			if (issuer == i)
 				{
 				X509_NAME_oneline(x->crl->issuer,buf,256);
 				BIO_printf(bio_out,"issuer= %s\n",buf);
 				}
 			if (hash == i)
 				{
 				BIO_printf(bio_out,"%08lx\n",
 					X509_NAME_hash(x->crl->issuer));
 				}
 			if (lastupdate == i)
 				{
 				BIO_printf(bio_out,"lastUpdate=");
 				ASN1_TIME_print(bio_out,x->crl->lastUpdate);
 				BIO_printf(bio_out,"\n");
 				}
 			if (nextupdate == i)
 				{
 				BIO_printf(bio_out,"nextUpdate=");
 				if (x->crl->nextUpdate != NULL)
 					ASN1_TIME_print(bio_out,x->crl->nextUpdate);
 				else
 					BIO_printf(bio_out,"NONE");
 				BIO_printf(bio_out,"\n");
 				}
 			}
 		}
 	if (noout) goto end;
 	out=BIO_new(BIO_s_file());
 	if (out == NULL)
 		{
 		ERR_print_errors(bio_err);
 		goto end;
 		}
 	if (outfile == NULL)
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
 	else
 		{
 		if (BIO_write_filename(out,outfile) <= 0)
 			{
 			perror(outfile);
 			goto end;
 			}
 		}
 	if (text) X509_CRL_print(out, x);
 	if 	(outformat == FORMAT_ASN1)
 		i=(int)i2d_X509_CRL_bio(out,x);
 	else if (outformat == FORMAT_PEM)
 		i=PEM_write_bio_X509_CRL(out,x);
 	else	
 		{
 		BIO_printf(bio_err,"bad output format specified for outfile\n");
 		goto end;
 		}
 	if (!i) { BIO_printf(bio_err,"unable to write CRL\n"); goto end; }
 	ret=0;
 end:
 	BIO_free(out);
 	BIO_free(bio_out);
 	X509_CRL_free(x);
 	X509V3_EXT_cleanup();
 	EXIT(ret);
 	}
 static X509_CRL *load_crl(infile, format)
 char *infile;
 int format;
 	{
 	X509_CRL *x=NULL;
 	BIO *in=NULL;
 	in=BIO_new(BIO_s_file());
 	if (in == NULL)
 		{
 		ERR_print_errors(bio_err);
 		goto end;
 		}
 	if (infile == NULL)
 		BIO_set_fp(in,stdin,BIO_NOCLOSE);
 	else
 		{
 		if (BIO_read_filename(in,infile) <= 0)
 			{
 			perror(infile);
 			goto end;
 			}
 		}
 	if 	(format == FORMAT_ASN1)
 		x=d2i_X509_CRL_bio(in,NULL);
 	else if (format == FORMAT_PEM)
 		x=PEM_read_bio_X509_CRL(in,NULL,NULL);
 	else	{
 		BIO_printf(bio_err,"bad input format specified for input crl\n");
 		goto end;
 		}
 	if (x == NULL)
 		{
 		BIO_printf(bio_err,"unable to load CRL\n");
 		ERR_print_errors(bio_err);
 		goto end;
 		}
 end:
 	BIO_free(in);
 	return(x);
 	}
--- a/apps/crl.out
+++ b/apps/crl.out
@@ -1,8 +0,0 @@
 -----BEGIN X509 CRL-----
 MIIBDjCBuTANBgkqhkiG9w0BAQQFADBgMQswCQYDVQQGEwJBVTEMMAoGA1UECBMD
 UUxEMRkwFwYDVQQKExBNaW5jb20gUHR5LiBMdGQuMQswCQYDVQQLEwJDUzEbMBkG
 A1UEAxMSU1NMZWF5IGRlbW8gc2VydmVyFw05NzA3MDkwMDAwMjJaFw05NzA4MDgw
 MDAwMjJaMCgwEgIBARcNOTUxMDA5MjMzMjA1WjASAgEDFw05NTEyMDEwMTAwMDBa
 MA0GCSqGSIb3DQEBBAUAA0EAcEBIWVZPXxSlLMPPLfBi4s0N3lzTgskZkgO6pjZi
 oQRwh5vi5zFqDNQteGx7RTHpUYntgyoAZ87FZE0GOJgBaQ==
 -----END X509 CRL-----
--- a/apps/crl2p7.c
+++ b/apps/crl2p7.c
@@ -1,342 +0,0 @@
 /* apps/crl2p7.c */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
 * 
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
 * 
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *    "This product includes cryptographic software written by
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
 * 4. If you include any Windows specific code (or a derivative thereof) from 
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
 * 
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 * 
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */
 /* This was written by Gordon Chaffee <chaffee@plateau.cs.berkeley.edu>
 * and donated 'to the cause' along with lots and lots of other fixes to
 * the library. */
 #include <stdio.h>
 #include <string.h>
 #include <sys/types.h>
 #include <sys/stat.h>
 #include "apps.h"
 #include "err.h"
 #include "evp.h"
 #include "x509.h"
 #include "pkcs7.h"
 #include "pem.h"
 #include "objects.h"
 #ifndef NOPROTO
 static int add_certs_from_file(STACK *stack, char *certfile);
 #else
 static int add_certs_from_file();
 #endif
 #undef PROG
 #define PROG	crl2pkcs7_main
 /* -inform arg	- input format - default PEM (one of DER, TXT or PEM)
 * -outform arg - output format - default PEM
 * -in arg	- input file - default stdin
 * -out arg	- output file - default stdout
 */
 int MAIN(argc, argv)
 int argc;
 char **argv;
 	{
 	int i,badops=0;
 	BIO *in=NULL,*out=NULL;
 	int informat,outformat;
 	char *infile,*outfile,*prog,*certfile;
 	PKCS7 *p7 = NULL;
 	PKCS7_SIGNED *p7s = NULL;
 	X509_CRL *crl=NULL;
 	STACK *certflst=NULL;
 	STACK *crl_stack=NULL;
 	STACK *cert_stack=NULL;
 	int ret=1,nocrl=0;
 	apps_startup();
 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 	infile=NULL;
 	outfile=NULL;
 	informat=FORMAT_PEM;
 	outformat=FORMAT_PEM;
 	prog=argv[0];
 	argc--;
 	argv++;
 	while (argc >= 1)
 		{
 		if 	(strcmp(*argv,"-inform") == 0)
 			{
 			if (--argc < 1) goto bad;
 			informat=str2fmt(*(++argv));
 			}
 		else if (strcmp(*argv,"-outform") == 0)
 			{
 			if (--argc < 1) goto bad;
 			outformat=str2fmt(*(++argv));
 			}
 		else if (strcmp(*argv,"-in") == 0)
 			{
 			if (--argc < 1) goto bad;
 			infile= *(++argv);
 			}
 		else if (strcmp(*argv,"-nocrl") == 0)
 			{
 			nocrl=1;
 			}
 		else if (strcmp(*argv,"-out") == 0)
 			{
 			if (--argc < 1) goto bad;
 			outfile= *(++argv);
 			}
 		else if (strcmp(*argv,"-certfile") == 0)
 			{
 			if (--argc < 1) goto bad;
 			if(!certflst) certflst = sk_new(NULL);
 			sk_push(certflst,*(++argv));
 			}
 		else
 			{
 			BIO_printf(bio_err,"unknown option %s\n",*argv);
 			badops=1;
 			break;
 			}
 		argc--;
 		argv++;
 		}
 	if (badops)
 		{
 bad:
 		BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
 		BIO_printf(bio_err,"where options are\n");
 		BIO_printf(bio_err," -inform arg    input format - one of DER TXT PEM\n");
 		BIO_printf(bio_err," -outform arg   output format - one of DER TXT PEM\n");
 		BIO_printf(bio_err," -in arg        input file\n");
 		BIO_printf(bio_err," -out arg       output file\n");
 		BIO_printf(bio_err," -certfile arg  certificates file of chain to a trusted CA\n");
 		BIO_printf(bio_err,"                (can be used more than once)\n");
 		BIO_printf(bio_err," -nocrl         no crl to load, just certs from '-certfile'\n");
 		EXIT(1);
 		}
 	ERR_load_crypto_strings();
 	in=BIO_new(BIO_s_file());
 	out=BIO_new(BIO_s_file());
 	if ((in == NULL) || (out == NULL))
 		{
 		ERR_print_errors(bio_err);
 		goto end;
 		}
 	if (!nocrl)
 		{
 		if (infile == NULL)
 			BIO_set_fp(in,stdin,BIO_NOCLOSE);
 		else
 			{
 			if (BIO_read_filename(in,infile) <= 0)
 				{
 				perror(infile);
 				goto end;
 				}
 			}
 		if 	(informat == FORMAT_ASN1)
 			crl=d2i_X509_CRL_bio(in,NULL);
 		else if (informat == FORMAT_PEM)
 			crl=PEM_read_bio_X509_CRL(in,NULL,NULL);
 		else	{
 			BIO_printf(bio_err,"bad input format specified for input crl\n");
 			goto end;
 			}
 		if (crl == NULL)
 			{
 			BIO_printf(bio_err,"unable to load CRL\n");
 			ERR_print_errors(bio_err);
 			goto end;
 			}
 		}
 	if ((p7=PKCS7_new()) == NULL) goto end;
 	if ((p7s=PKCS7_SIGNED_new()) == NULL) goto end;
 	p7->type=OBJ_nid2obj(NID_pkcs7_signed);
 	p7->d.sign=p7s;
 	p7s->contents->type=OBJ_nid2obj(NID_pkcs7_data);
 	if (!ASN1_INTEGER_set(p7s->version,1)) goto end;
 	if ((crl_stack=sk_new(NULL)) == NULL) goto end;
 	p7s->crl=crl_stack;
 	if (crl != NULL)
 		{
 		sk_push(crl_stack,(char *)crl);
 		crl=NULL; /* now part of p7 for Freeing */
 		}
 	if ((cert_stack=sk_new(NULL)) == NULL) goto end;
 	p7s->cert=cert_stack;
 	if(certflst) for(i = 0; i < sk_num(certflst); i++) {
 		certfile = sk_value(certflst, i);
 		if (add_certs_from_file(cert_stack,certfile) < 0)
 			{
 			BIO_printf(bio_err, "error loading certificates\n");
 			ERR_print_errors(bio_err);
 			goto end;
 			}
 	}
 	sk_free(certflst);
 	if (outfile == NULL)
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
 	else
 		{
 		if (BIO_write_filename(out,outfile) <= 0)
 			{
 			perror(outfile);
 			goto end;
 			}
 		}
 	if 	(outformat == FORMAT_ASN1)
 		i=i2d_PKCS7_bio(out,p7);
 	else if (outformat == FORMAT_PEM)
 		i=PEM_write_bio_PKCS7(out,p7);
 	else	{
 		BIO_printf(bio_err,"bad output format specified for outfile\n");
 		goto end;
 		}
 	if (!i)
 		{
 		BIO_printf(bio_err,"unable to write pkcs7 object\n");
 		ERR_print_errors(bio_err);
 		goto end;
 		}
 	ret=0;
 end:
 	if (in != NULL) BIO_free(in);
 	if (out != NULL) BIO_free(out);
 	if (p7 != NULL) PKCS7_free(p7);
 	if (crl != NULL) X509_CRL_free(crl);
 	EXIT(ret);
 	}
 /*
 *----------------------------------------------------------------------
 * int add_certs_from_file
 *
 *	Read a list of certificates to be checked from a file.
 *
 * Results:
 *	number of certs added if successful, -1 if not.
 *----------------------------------------------------------------------
 */
 static int add_certs_from_file(stack,certfile)
 STACK *stack;
 char *certfile;
 	{
 	struct stat st;
 	BIO *in=NULL;
 	int count=0;
 	int ret= -1;
 	STACK *sk=NULL;
 	X509_INFO *xi;
 	if ((stat(certfile,&st) != 0))
 		{
 		BIO_printf(bio_err,"unable to load the file, %s\n",certfile);
 		goto end;
 		}
 	in=BIO_new(BIO_s_file());
 	if ((in == NULL) || (BIO_read_filename(in,certfile) <= 0))
 		{
 		BIO_printf(bio_err,"error opening the file, %s\n",certfile);
 		goto end;
 		}
 	/* This loads from a file, a stack of x509/crl/pkey sets */
 	sk=PEM_X509_INFO_read_bio(in,NULL,NULL);
 	if (sk == NULL) {
 		BIO_printf(bio_err,"error reading the file, %s\n",certfile);
 		goto end;
 	}
 	/* scan over it and pull out the CRL's */
 	while (sk_num(sk))
 		{
 		xi=(X509_INFO *)sk_shift(sk);
 		if (xi->x509 != NULL)
 			{
 			sk_push(stack,(char *)xi->x509);
 			xi->x509=NULL;
 			count++;
 			}
 		X509_INFO_free(xi);
 		}
 	ret=count;
 end:
 	/* never need to Free x */
 	if (in != NULL) BIO_free(in);
 	if (sk != NULL) sk_free(sk);
 	return(ret);
 	}
--- a/apps/demoCA/cacert.pem
+++ b/apps/demoCA/cacert.pem
@@ -1,14 +0,0 @@
 subject=/C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server
 issuer= /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA
 -----BEGIN X509 CERTIFICATE-----
 MIIBgjCCASwCAQQwDQYJKoZIhvcNAQEEBQAwODELMAkGA1UEBhMCQVUxDDAKBgNV
 BAgTA1FMRDEbMBkGA1UEAxMSU1NMZWF5L3JzYSB0ZXN0IENBMB4XDTk1MTAwOTIz
 MzIwNVoXDTk4MDcwNTIzMzIwNVowYDELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA1FM
 RDEZMBcGA1UEChMQTWluY29tIFB0eS4gTHRkLjELMAkGA1UECxMCQ1MxGzAZBgNV
 BAMTElNTTGVheSBkZW1vIHNlcnZlcjBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQC3
 LCXcScWua0PFLkHBLm2VejqpA1F4RQ8q0VjRiPafjx/Z/aWH3ipdMVvuJGa/wFXb
 /nDFLDlfWp+oCPwhBtVPAgMBAAEwDQYJKoZIhvcNAQEEBQADQQArNFsihWIjBzb0
 DCsU0BvL2bvSwJrPEqFlkDq3F4M6EGutL9axEcANWgbbEdAvNJD1dmEmoWny27Pn
 IMs6ZOZB
 -----END X509 CERTIFICATE-----
--- a/apps/demoCA/index.txt
+++ b/apps/demoCA/index.txt
@@ -1,39 +0,0 @@
 R	980705233205Z	951009233205Z	01	certs/00000001	/CN=Eric Young
 E	951009233205Z		02	certs/00000002	/CN=Duncan Young
 R	980705233205Z	951201010000Z	03	certs/00000003	/CN=Tim Hudson
 V	980705233205Z		04	certs/00000004	/CN=Eric Young4
 V	980705233205Z		05	certs/00000004	/CN=Eric Young5
 V	980705233205Z		06	certs/00000004	/CN=Eric Young6
 V	980705233205Z		07	certs/00000004	/CN=Eric Young7
 V	980705233205Z		08	certs/00000004	/CN=Eric Young8
 V	980705233205Z		09	certs/00000004	/CN=Eric Young9
 V	980705233205Z		0A	certs/00000004	/CN=Eric YoungA
 V	980705233205Z		0B	certs/00000004	/CN=Eric YoungB
 V	980705233205Z		0C	certs/00000004	/CN=Eric YoungC
 V	980705233205Z		0D	certs/00000004	/CN=Eric YoungD
 V	980705233205Z		0E	certs/00000004	/CN=Eric YoungE
 V	980705233205Z		0F	certs/00000004	/CN=Eric YoungF
 V	980705233205Z		10	certs/00000004	/CN=Eric Young10
 V	980705233205Z		11	certs/00000004	/CN=Eric Young11
 V	980705233205Z		12	certs/00000004	/CN=Eric Young12
 V	980705233205Z		13	certs/00000004	/CN=Eric Young13
 V	980705233205Z		14	certs/00000004	/CN=Eric Young14
 V	980705233205Z		15	certs/00000004	/CN=Eric Young15
 V	980705233205Z		16	certs/00000004	/CN=Eric Young16
 V	980705233205Z		17	certs/00000004	/CN=Eric Young17
 V	961206150305Z		010C	unknown	/C=AU/SP=QLD/O=Mincom Pty. Ltd./OU=MTR/CN=Eric Young/Email=eay@mincom.oz.au
 V	961206153245Z		010D	unknown	/C=AU/SP=Queensland/O=Mincom Pty Ltd/OU=MTR/CN=Eric Young/Email=eay@mincom.oz.au
 V	970322074816Z		010E	unknown	/CN=Eric Young/Email=eay@mincom.oz.au
 V	970322075152Z		010F	unknown	/CN=Eric Young
 V	970322075906Z		0110	unknown	/CN=Eric Youngg
 V	970324092238Z		0111	unknown	/C=AU/SP=Queensland/CN=Eric Young
 V	970324221931Z		0112	unknown	/CN=Fred
 V	970324224934Z		0113	unknown	/C=AU/CN=eay
 V	971001005237Z		0114	unknown	/C=AU/SP=QLD/O=Mincom Pty Ltd/OU=MTR/CN=x509v3 test
 V	971001010331Z		0115	unknown	/C=AU/SP=Queensland/O=Mincom Pty Ltd/OU=MTR/CN=test again - x509v3
 V	971001013945Z		0117	unknown	/C=AU/SP=Queensland/O=Mincom Pty Ltd/OU=MTR/CN=x509v3 test
 V	971014225415Z		0118	unknown	/C=AU/SP=Queensland/CN=test
 V	971015004448Z		0119	unknown	/C=AU/SP=Queensland/O=Mincom Pty Ltd/OU=MTR/CN=test2
 V	971016035001Z		011A	unknown	/C=AU/SP=Queensland/O=Mincom Pty Ltd/OU=MTR/CN=test64
 V	971016080129Z		011B	unknown	/C=FR/O=ALCATEL/OU=Alcatel Mobile Phones/CN=bourque/Email=bourque@art.alcatel.fr
 V	971016224000Z		011D	unknown	/L=Bedford/O=Cranfield University/OU=Computer Centre/CN=Peter R Lister/Email=P.Lister@cranfield.ac.uk
--- a/apps/demoCA/private/cakey.pem
+++ b/apps/demoCA/private/cakey.pem
@@ -1,24 +0,0 @@
 issuer= /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA
 subject=/C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server
 -----BEGIN X509 CERTIFICATE-----
 MIIBgjCCASwCAQQwDQYJKoZIhvcNAQEEBQAwODELMAkGA1UEBhMCQVUxDDAKBgNV
 BAgTA1FMRDEbMBkGA1UEAxMSU1NMZWF5L3JzYSB0ZXN0IENBMB4XDTk1MTAwOTIz
 MzIwNVoXDTk4MDcwNTIzMzIwNVowYDELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA1FM
 RDEZMBcGA1UEChMQTWluY29tIFB0eS4gTHRkLjELMAkGA1UECxMCQ1MxGzAZBgNV
 BAMTElNTTGVheSBkZW1vIHNlcnZlcjBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQC3
 LCXcScWua0PFLkHBLm2VejqpA1F4RQ8q0VjRiPafjx/Z/aWH3ipdMVvuJGa/wFXb
 /nDFLDlfWp+oCPwhBtVPAgMBAAEwDQYJKoZIhvcNAQEEBQADQQArNFsihWIjBzb0
 DCsU0BvL2bvSwJrPEqFlkDq3F4M6EGutL9axEcANWgbbEdAvNJD1dmEmoWny27Pn
 IMs6ZOZB
 -----END X509 CERTIFICATE-----
 -----BEGIN RSA PRIVATE KEY-----
 MIIBPAIBAAJBALcsJdxJxa5rQ8UuQcEubZV6OqkDUXhFDyrRWNGI9p+PH9n9pYfe
 Kl0xW+4kZr/AVdv+cMUsOV9an6gI/CEG1U8CAwEAAQJAXJMBZ34ZXHd1vtgL/3hZ
 hexKbVTx/djZO4imXO/dxPGRzG2ylYZpHmG32/T1kaHpZlCHoEPgHoSzmxYXfxjG
 sQIhAPmZ/bQOjmRUHM/VM2X5zrjjM6z18R1P6l3ObFwt9FGdAiEAu943Yh9SqMRw
 tL0xHGxKmM/YJueUw1gB6sLkETN71NsCIQCeT3RhoqXfrpXDoEcEU+gwzjI1bpxq
 agiNTOLfqGoA5QIhAIQFYjgzONxex7FLrsKBm16N2SFl5pXsN9SpRqqL2n63AiEA
 g9VNIQ3xwpw7og3IbONifeku+J9qGMGQJMKwSTwrFtI=
 -----END RSA PRIVATE KEY-----
--- a/apps/demoCA/serial
+++ b/apps/demoCA/serial
@@ -1 +0,0 @@
 011E
--- a/apps/der_chop
+++ b/apps/der_chop
@@ -1,305 +0,0 @@
 #!/usr/local/bin/perl
 #
 # der_chop ... this is one total hack that Eric is really not proud of
 #              so don't look at it and don't ask for support
 #
 # The "documentation" for this (i.e. all the comments) are my fault --tjh
 #
 # This program takes the "raw" output of derparse/asn1parse and 
 # converts it into tokens and then runs regular expression matches
 # to try to figure out what to grab to get the things that are needed
 # and it is possible that this will do the wrong thing as it is a *hack*
 #
 # SSLeay 0.5.2+ should have direct read support for x509 (via -inform NET)
 # [I know ... promises promises :-)]
 #
 # To convert a Netscape Certificate:
 #    der_chop < ServerCert.der > cert.pem
 # To convert a Netscape Key (and encrypt it again to protect it)
 #    rsa -inform NET -in ServerKey.der -des > key.pem
 #
 # 23-Apr-96 eay    Added the extra ASN.1 string types, I still think this
 #		   is an evil hack.  If nothing else the parsing should
 #		   be relative, not absolute.
 # 19-Apr-96 tjh    hacked (with eay) into 0.5.x format
 #
 # Tim Hudson
 # tjh@cryptsoft.com
 #
 require 'getopts.pl';
 $debug=0;
 # this was the 0.4.x way of doing things ...
 $cmd="derparse";
 $x509_cmd="x509";
 $crl_cmd="crl";
 $rc4_cmd="rc4";
 $md2_cmd="md2";
 $md4_cmd="md4";
 $rsa_cmd="rsa -des -inform der ";
 # this was the 0.5.x way of doing things ...
 $cmd="openssl asn1parse";
 $x509_cmd="openssl x509";
 $crl_cmd="openssl crl";
 $rc4_cmd="openssl rc4";
 $md2_cmd="openssl md2";
 $md4_cmd="openssl md4";
 $rsa_cmd="openssl rsa -des -inform der ";
 &Getopts('vd:') || die "usage:$0 [-v] [-d num] file";
 $depth=($opt_d =~ /^\d+$/)?$opt_d:0;
 &init_der();
 if ($#ARGV != -1)
 	{
 	foreach $file (@ARGV)
 		{
 		print STDERR "doing $file\n";
 		&dofile($file);
 		}
 	}
 else
 	{
 	$file="/tmp/a$$.DER";
 	open(OUT,">$file") || die "unable to open $file:$!\n";
 	for (;;)
 		{
 		$i=sysread(STDIN,$b,1024*10);
 		last if ($i <= 0);
 		$i=syswrite(OUT,$b,$i);
 		}
 	&dofile($file);
 	unlink($file);
 	}
 sub dofile
 	{
 	local($file)=@_;
 	local(@p);
 	$b=&load_file($file);
 	@p=&load_file_parse($file);
 	foreach $_ (@p)
 		{
 		($off,$d,$hl,$len)=&parse_line($_);
 		$d-=$depth;
 		next if ($d != 0);
 		next if ($len == 0);
 		$o=substr($b,$off,$len+$hl);
 		($str,@data)=&der_str($o);
 		print "$str\n" if ($opt_v);
 		if ($str =~ /^$crl/)
 			{
 			open(OUT,"|$crl_cmd -inform d -hash -issuer") ||
 				die "unable to run $crl_cmd:$!\n";
 			print OUT $o;
 			close(OUT);
 			}
 		elsif ($str =~ /^$x509/)
 			{
 			open(OUT,"|$x509_cmd -inform d -hash -subject -issuer")
 				|| die "unable to run $x509_cmd:$!\n";
 			print OUT $o;
 			close(OUT);
 			}
 		elsif ($str =~ /^$rsa/)
 			{
 			($type)=($data[3] =~ /OBJECT_IDENTIFIER :(.*)\s*$/);
 			next unless ($type eq "rsaEncryption");
 			($off,$d,$hl,$len)=&parse_line($data[5]);
 			$os=substr($o,$off+$hl,$len);
 			open(OUT,"|$rsa_cmd")
 				|| die "unable to run $rsa_cmd:$!\n";
 			print OUT $os;
 			close(OUT);
 			}
 		elsif ($str =~ /^0G-1D-1G/)
 			{
 			($off,$d,$hl,$len)=&parse_line($data[1]);
 			$os=substr($o,$off+$hl,$len);
 			print STDERR "<$os>\n" if $opt_v;
 			&do_certificate($o,@data)
 				if (($os eq "certificate") &&
 				    ($str =! /^0G-1D-1G-2G-3F-3E-2D/));
 			&do_private_key($o,@data)
 				if (($os eq "private-key") &&
 				    ($str =! /^0G-1D-1G-2G-3F-3E-2D/));
 			}
 		}
 	}
 sub der_str
 	{
 	local($str)=@_;
 	local(*OUT,*IN,@a,$t,$d,$ret);
 	local($file)="/tmp/b$$.DER";
 	local(@ret);
 	open(OUT,">$file");
 	print OUT $str;
 	close(OUT);
 	open(IN,"$cmd -inform 'd' -in $file |") ||
 		die "unable to run $cmd:$!\n";
 	$ret="";
 	while (<IN>)
 		{
 		chop;
 		push(@ret,$_);
 		print STDERR "$_\n" if ($debug);
 		@a=split(/\s*:\s*/);
 		($d)=($a[1] =~ /d=\s*(\d+)/);
 		$a[2] =~ s/\s+$//;
 		$t=$DER_s2i{$a[2]};
 		$ret.="$d$t-";
 		}
 	close(IN);
 	unlink($file);
 	chop $ret;
 	$ret =~ s/(-3H(-4G-5F-5[IJKMQRS])+)+/-NAME/g;
 	$ret =~ s/(-3G-4B-4L)+/-RCERT/g;
 	return($ret,@ret);
 	}
 sub init_der
 	{
 	$crl= "0G-1G-2G-3F-3E-2G-NAME-2L-2L-2G-RCERT-1G-2F-2E-1C";
 	$x509="0G-1G-2B-2G-3F-3E-2G-NAME-2G-3L-3L-2G-NAME-2G-3G-4F-4E-3C-1G-2F-2E-1C";
 	$rsa= "0G-1B-1G-2F-2E-1D";
 	%DER_i2s=(
 		# SSLeay 0.4.x has this list
 		"A","EOC",
 		"B","INTEGER",
 		"C","BIT STRING",
 		"D","OCTET STRING",
 		"E","NULL",
 		"F","OBJECT",
 		"G","SEQUENCE",
 		"H","SET",
 		"I","PRINTABLESTRING",
 		"J","T61STRING",
 		"K","IA5STRING",
 		"L","UTCTIME",
 		"M","NUMERICSTRING",
 		"N","VIDEOTEXSTRING",
 		"O","GENERALIZEDTIME",
 		"P","GRAPHICSTRING",
 		"Q","ISO64STRING",
 		"R","GENERALSTRING",
 		"S","UNIVERSALSTRING",
 		# SSLeay 0.5.x changed some things ... and I'm
 		# leaving in the old stuff but adding in these
 		# to handle the new as well --tjh
 		# - Well I've just taken them out and added the extra new
 		# ones :-) - eay
 		);
 	foreach (keys %DER_i2s)
 		{ $DER_s2i{$DER_i2s{$_}}=$_; }
 	}
 sub parse_line
 	{
 	local($_)=@_;
 	return(/\s*(\d+):d=\s*(\d+)\s+hl=\s*(\d+)\s+l=\s*(\d+|inf)\s/);
 	}
 #  0:d=0 hl=4 l=377 cons: univ: SEQUENCE          
 #  4:d=1 hl=2 l= 11 prim: univ: OCTET_STRING      
 # 17:d=1 hl=4 l=360 cons: univ: SEQUENCE          
 # 21:d=2 hl=2 l= 12 cons: univ: SEQUENCE          
 # 23:d=3 hl=2 l=  8 prim: univ: OBJECT_IDENTIFIER :rc4
 # 33:d=3 hl=2 l=  0 prim: univ: NULL              
 # 35:d=2 hl=4 l=342 prim: univ: OCTET_STRING
 sub do_private_key
 	{
 	local($data,@struct)=@_;
 	local($file)="/tmp/b$$.DER";
 	local($off,$d,$hl,$len,$_,$b,@p,$s);
 	($type)=($struct[4] =~ /OBJECT_IDENTIFIER :(.*)\s*$/);
 	if ($type eq "rc4")
 		{
 		($off,$d,$hl,$len)=&parse_line($struct[6]);
 		open(OUT,"|$rc4_cmd >$file") ||
 			die "unable to run $rc4_cmd:$!\n";
 		print OUT substr($data,$off+$hl,$len);
 		close(OUT);
 		$b=&load_file($file);
 		unlink($file);
 		($s,@p)=&der_str($b);
 		die "unknown rsa key type\n$s\n"
 			if ($s ne '0G-1B-1G-2F-2E-1D');
 		local($off,$d,$hl,$len)=&parse_line($p[5]);
 		$b=substr($b,$off+$hl,$len);
 		($s,@p)=&der_str($b);
 		open(OUT,"|$rsa_cmd") || die "unable to run $rsa_cmd:$!\n";
 		print OUT $b;
 		close(OUT);
 		}
 	else
 		{
 		print "'$type' is unknown\n";
 		exit(1);
 		}
 	}
 sub do_certificate
 	{
 	local($data,@struct)=@_;
 	local($file)="/tmp/b$$.DER";
 	local($off,$d,$hl,$len,$_,$b,@p,$s);
 	($off,$d,$hl,$len)=&parse_line($struct[2]);
 	$b=substr($data,$off,$len+$hl);
 	open(OUT,"|$x509_cmd -inform d") || die "unable to run $x509_cmd:$!\n";
 	print OUT $b;
 	close(OUT);
 	}
 sub load_file
 	{
 	local($file)=@_;
 	local(*IN,$r,$b,$i);
 	$r="";
 	open(IN,"<$file") || die "unable to open $file:$!\n";
 	for (;;)
 		{
 		$i=sysread(IN,$b,10240);
 		last if ($i <= 0);
 		$r.=$b;
 		}
 	close(IN);
 	return($r);
 	}
 sub load_file_parse
 	{
 	local($file)=@_;
 	local(*IN,$r,@ret,$_,$i,$n,$b);
 	open(IN,"$cmd -inform d -in $file|")
 		|| die "unable to run der_parse\n";
 	while (<IN>)
 		{
 		chop;
 		push(@ret,$_);
 		}
 	return($r,@ret);
 	}
--- a/apps/dgst.c
+++ b/apps/dgst.c
@@ -1,229 +0,0 @@
 /* apps/dgst.c */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
 * 
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
 * 
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *    "This product includes cryptographic software written by
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
 * 4. If you include any Windows specific code (or a derivative thereof) from 
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
 * 
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 * 
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */
 #include <stdio.h>
 #include <string.h>
 #include <stdlib.h>
 #include "apps.h"
 #include "bio.h"
 #include "err.h"
 #include "evp.h"
 #include "objects.h"
 #include "x509.h"
 #include "pem.h"
 #undef BUFSIZE
 #define BUFSIZE	1024*8
 #undef PROG
 #define PROG	dgst_main
 #ifndef NOPROTO
 void do_fp(unsigned char *buf,BIO *f,int sep);
 #else
 void do_fp();
 #endif
 int MAIN(argc,argv)
 int argc;
 char **argv;
 	{
 	unsigned char *buf=NULL;
 	int i,err=0;
 	EVP_MD *md=NULL,*m;
 	BIO *in=NULL,*inp;
 	BIO *bmd=NULL;
 	char *name;
 #define PROG_NAME_SIZE  16
        char pname[PROG_NAME_SIZE];
 	int separator=0;
 	int debug=0;
 	apps_startup();
 	if ((buf=(unsigned char *)Malloc(BUFSIZE)) == NULL)
 		{
 		BIO_printf(bio_err,"out of memory\n");
 		goto end;
 		}
 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 	/* first check the program name */
        program_name(argv[0],pname,PROG_NAME_SIZE);
 	md=EVP_get_digestbyname(pname);
 	argc--;
 	argv++;
 	for (i=0; i<argc; i++)
 		{
 		if ((*argv)[0] != '-') break;
 		if (strcmp(*argv,"-c") == 0)
 			separator=1;
 		else if (strcmp(*argv,"-d") == 0)
 			debug=1;
 		else if ((m=EVP_get_digestbyname(&((*argv)[1]))) != NULL)
 			md=m;
 		else
 			break;
 		argc--;
 		argv++;
 		}
 	if (md == NULL)
 		md=EVP_md5();
 	if ((argc > 0) && (argv[0][0] == '-')) /* bad option */
 		{
 		BIO_printf(bio_err,"unknown option '%s'\n",*argv);
 		BIO_printf(bio_err,"options are\n");
 		BIO_printf(bio_err,"-c   to output the digest with separating colons\n");
 		BIO_printf(bio_err,"-d   to output debug info\n");
 		BIO_printf(bio_err,"-%3s to use the %s message digest algorithm (default)\n",
 			LN_md5,LN_md5);
 		BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n",
 			LN_md2,LN_md2);
 		BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n",
 			LN_sha1,LN_sha1);
 		BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n",
 			LN_sha,LN_sha);
 		BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n",
 			LN_mdc2,LN_mdc2);
 		BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n",
 			LN_ripemd160,LN_ripemd160);
 		err=1;
 		goto end;
 		}
 	in=BIO_new(BIO_s_file());
 	bmd=BIO_new(BIO_f_md());
 	if (debug)
 		{
 		BIO_set_callback(in,BIO_debug_callback);
 		/* needed for windows 3.1 */
 		BIO_set_callback_arg(in,bio_err);
 		}
 	if ((in == NULL) || (bmd == NULL))
 		{
 		ERR_print_errors(bio_err);
 		goto end;
 		}
 	/* we use md as a filter, reading from 'in' */
 	BIO_set_md(bmd,md);
 	inp=BIO_push(bmd,in);
 	if (argc == 0)
 		{
 		BIO_set_fp(in,stdin,BIO_NOCLOSE);
 		do_fp(buf,inp,separator);
 		}
 	else
 		{
 		name=OBJ_nid2sn(md->type);
 		for (i=0; i<argc; i++)
 			{
 			if (BIO_read_filename(in,argv[i]) <= 0)
 				{
 				perror(argv[i]);
 				err++;
 				continue;
 				}
 			printf("%s(%s)= ",name,argv[i]);
 			do_fp(buf,inp,separator);
 			BIO_reset(bmd);
 			}
 		}
 end:
 	if (buf != NULL)
 		{
 		memset(buf,0,BUFSIZE);
 		Free(buf);
 		}
 	if (in != NULL) BIO_free(in);
 	if (bmd != NULL) BIO_free(bmd);
 	EXIT(err);
 	}
 void do_fp(buf,bp,sep)
 unsigned char *buf;
 BIO *bp;
 int sep;
 	{
 	int len;
 	int i;
 	for (;;)
 		{
 		i=BIO_read(bp,(char *)buf,BUFSIZE);
 		if (i <= 0) break;
 		}
 	len=BIO_gets(bp,(char *)buf,BUFSIZE);
 	for (i=0; i<len; i++)
 		{
 		if (sep && (i != 0))
 			putc(':',stdout);
 		printf("%02x",buf[i]);
 		}
 	printf("\n");
 	}
--- a/apps/dh.c
+++ b/apps/dh.c
@@ -1,312 +0,0 @@
 /* apps/dh.c */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
 * 
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
 * 
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *    "This product includes cryptographic software written by
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
 * 4. If you include any Windows specific code (or a derivative thereof) from 
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
 * 
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 * 
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */
 #include <stdio.h>
 #include <stdlib.h>
 #include <time.h>
 #include <string.h>
 #include "apps.h"
 #include "bio.h"
 #include "err.h"
 #include "bn.h"
 #include "dh.h"
 #include "x509.h"
 #include "pem.h"
 #undef PROG
 #define PROG	dh_main
 /* -inform arg	- input format - default PEM (one of DER, TXT or PEM)
 * -outform arg - output format - default PEM
 * -in arg	- input file - default stdin
 * -out arg	- output file - default stdout
 * -check	- check the parameters are ok
 * -noout
 * -text
 * -C
 */
 int MAIN(argc, argv)
 int argc;
 char **argv;
 	{
 	DH *dh=NULL;
 	int i,badops=0,text=0;
 	BIO *in=NULL,*out=NULL;
 	int informat,outformat,check=0,noout=0,C=0,ret=1;
 	char *infile,*outfile,*prog;
 	apps_startup();
 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 	infile=NULL;
 	outfile=NULL;
 	informat=FORMAT_PEM;
 	outformat=FORMAT_PEM;
 	prog=argv[0];
 	argc--;
 	argv++;
 	while (argc >= 1)
 		{
 		if 	(strcmp(*argv,"-inform") == 0)
 			{
 			if (--argc < 1) goto bad;
 			informat=str2fmt(*(++argv));
 			}
 		else if (strcmp(*argv,"-outform") == 0)
 			{
 			if (--argc < 1) goto bad;
 			outformat=str2fmt(*(++argv));
 			}
 		else if (strcmp(*argv,"-in") == 0)
 			{
 			if (--argc < 1) goto bad;
 			infile= *(++argv);
 			}
 		else if (strcmp(*argv,"-out") == 0)
 			{
 			if (--argc < 1) goto bad;
 			outfile= *(++argv);
 			}
 		else if (strcmp(*argv,"-check") == 0)
 			check=1;
 		else if (strcmp(*argv,"-text") == 0)
 			text=1;
 		else if (strcmp(*argv,"-C") == 0)
 			C=1;
 		else if (strcmp(*argv,"-noout") == 0)
 			noout=1;
 		else
 			{
 			BIO_printf(bio_err,"unknown option %s\n",*argv);
 			badops=1;
 			break;
 			}
 		argc--;
 		argv++;
 		}
 	if (badops)
 		{
 bad:
 		BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
 		BIO_printf(bio_err,"where options are\n");
 		BIO_printf(bio_err," -inform arg   input format - one of DER TXT PEM\n");
 		BIO_printf(bio_err," -outform arg  output format - one of DER TXT PEM\n");
 		BIO_printf(bio_err," -in arg       input file\n");
 		BIO_printf(bio_err," -out arg      output file\n");
 		BIO_printf(bio_err," -check        check the DH parameters\n");
 		BIO_printf(bio_err," -text         print a text form of the DH parameters\n");
 		BIO_printf(bio_err," -C            Output C code\n");
 		BIO_printf(bio_err," -noout        no output\n");
 		goto end;
 		}
 	ERR_load_crypto_strings();
 	in=BIO_new(BIO_s_file());
 	out=BIO_new(BIO_s_file());
 	if ((in == NULL) || (out == NULL))
 		{
 		ERR_print_errors(bio_err);
 		goto end;
 		}
 	if (infile == NULL)
 		BIO_set_fp(in,stdin,BIO_NOCLOSE);
 	else
 		{
 		if (BIO_read_filename(in,infile) <= 0)
 			{
 			perror(infile);
 			goto end;
 			}
 		}
 	if (outfile == NULL)
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
 	else
 		{
 		if (BIO_write_filename(out,outfile) <= 0)
 			{
 			perror(outfile);
 			goto end;
 			}
 		}
 	if	(informat == FORMAT_ASN1)
 		dh=d2i_DHparams_bio(in,NULL);
 	else if (informat == FORMAT_PEM)
 		dh=PEM_read_bio_DHparams(in,NULL,NULL);
 	else
 		{
 		BIO_printf(bio_err,"bad input format specified\n");
 		goto end;
 		}
 	if (dh == NULL)
 		{
 		BIO_printf(bio_err,"unable to load DH parameters\n");
 		ERR_print_errors(bio_err);
 		goto end;
 		}
 	if (text)
 		{
 		DHparams_print(out,dh);
 #ifdef undef
 		printf("p=");
 		BN_print(stdout,dh->p);
 		printf("\ng=");
 		BN_print(stdout,dh->g);
 		printf("\n");
 		if (dh->length != 0)
 			printf("recomented private length=%ld\n",dh->length);
 #endif
 		}
 	if (check)
 		{
 		if (!DH_check(dh,&i))
 			{
 			ERR_print_errors(bio_err);
 			goto end;
 			}
 		if (i & DH_CHECK_P_NOT_PRIME)
 			printf("p value is not prime\n");
 		if (i & DH_CHECK_P_NOT_STRONG_PRIME)
 			printf("p value is not a strong prime\n");
 		if (i & DH_UNABLE_TO_CHECK_GENERATOR)
 			printf("unable to check the generator value\n");
 		if (i & DH_NOT_SUITABLE_GENERATOR)
 			printf("the g value is not a generator\n");
 		if (i == 0)
 			printf("DH parameters appear to be ok.\n");
 		}
 	if (C)
 		{
 		unsigned char *data;
 		int len,l,bits;
 		len=BN_num_bytes(dh->p);
 		bits=BN_num_bits(dh->p);
 		data=(unsigned char *)Malloc(len);
 		if (data == NULL)
 			{
 			perror("Malloc");
 			goto end;
 			}
 		l=BN_bn2bin(dh->p,data);
 		printf("static unsigned char dh%d_p[]={",bits);
 		for (i=0; i<l; i++)
 			{
 			if ((i%12) == 0) printf("\n\t");
 			printf("0x%02X,",data[i]);
 			}
 		printf("\n\t};\n");
 		l=BN_bn2bin(dh->g,data);
 		printf("static unsigned char dh%d_g[]={",bits);
 		for (i=0; i<l; i++)
 			{
 			if ((i%12) == 0) printf("\n\t");
 			printf("0x%02X,",data[i]);
 			}
 		printf("\n\t};\n\n");
 		printf("DH *get_dh%d()\n\t{\n",bits);
 		printf("\tDH *dh;\n\n");
 		printf("\tif ((dh=DH_new()) == NULL) return(NULL);\n");
 		printf("\tdh->p=BN_bin2bn(dh%d_p,sizeof(dh%d_p),NULL);\n",
 			bits,bits);
 		printf("\tdh->g=BN_bin2bn(dh%d_g,sizeof(dh%d_g),NULL);\n",
 			bits,bits);
 		printf("\tif ((dh->p == NULL) || (dh->g == NULL))\n");
 		printf("\t\treturn(NULL);\n");
 		printf("\treturn(dh);\n\t}\n");
 		}
 	if (!noout)
 		{
 		if 	(outformat == FORMAT_ASN1)
 			i=i2d_DHparams_bio(out,dh);
 		else if (outformat == FORMAT_PEM)
 			i=PEM_write_bio_DHparams(out,dh);
 		else	{
 			BIO_printf(bio_err,"bad output format specified for outfile\n");
 			goto end;
 			}
 		if (!i)
 			{
 			BIO_printf(bio_err,"unable to write DH paramaters\n");
 			ERR_print_errors(bio_err);
 			goto end;
 			}
 		}
 	ret=0;
 end:
 	if (in != NULL) BIO_free(in);
 	if (out != NULL) BIO_free(out);
 	if (dh != NULL) DH_free(dh);
 	EXIT(ret);
 	}
--- a/apps/dh1024.pem
+++ b/apps/dh1024.pem
@@ -1,5 +0,0 @@
 -----BEGIN DH PARAMETERS-----
 MIGHAoGBAJf2QmHKtQXdKCjhPx1ottPb0PMTBH9A6FbaWMsTuKG/K3g6TG1Z1fkq
 /Gz/PWk/eLI9TzFgqVAuPvr3q14a1aZeVUMTgo2oO5/y2UHe6VaJ+trqCTat3xlx
 /mNbIK9HA2RgPC3gWfVLZQrY+gz3ASHHR5nXWHEyvpuZm7m3h+irAgEC
 -----END DH PARAMETERS-----
--- a/apps/dsa-ca.pem
+++ b/apps/dsa-ca.pem
@@ -1,40 +0,0 @@
 -----BEGIN DSA PRIVATE KEY-----
 MIIBugIBAAKBgQCnP26Fv0FqKX3wn0cZMJCaCR3aajMexT2GlrMV4FMuj+BZgnOQ
 PnUxmUd6UvuF5NmmezibaIqEm4fGHrV+hktTW1nPcWUZiG7OZq5riDb77Cjcwtel
 u+UsOSZL2ppwGJU3lRBWI/YV7boEXt45T/23Qx+1pGVvzYAR5HCVW1DNSQIVAPcH
 Me36bAYD1YWKHKycZedQZmVvAoGATd9MA6aRivUZb1BGJZnlaG8w42nh5bNdmLso
 hkj83pkEP1+IDJxzJA0gXbkqmj8YlifkYofBe3RiU/xhJ6h6kQmdtvFNnFQPWAbu
 SXQHzlV+I84W9srcWmEBfslxtU323DQph2j2XiCTs9v15AlsQReVkusBtXOlan7Y
 Mu0OArgCgYAapll6iqz9XrZFlk2GCVcB+KihxWnH7IuHvSLw9YUrJahcBHmbpvt4
 94lF4gC5w3WPM+vXJofbusk4GoQEEsQNMDaah4m49uUqAylOVFJJJXuirVJ+o+0T
 tOFDITEAl+YZZariXOD7tdOSOl9RLMPC6+daHKS9e68u3enxhqnDGQIUB78dhW77
 J6zsFbSEHaQGUmfSeoM=
 -----END DSA PRIVATE KEY-----
 -----BEGIN CERTIFICATE REQUEST-----
 MIICUjCCAhECAQAwUjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUx
 ITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDELMAkGA1UEAxMCQ0Ew
 ggG0MIIBKQYFKw4DAgwwggEeAoGBAKc/boW/QWopffCfRxkwkJoJHdpqMx7FPYaW
 sxXgUy6P4FmCc5A+dTGZR3pS+4Xk2aZ7OJtoioSbh8YetX6GS1NbWc9xZRmIbs5m
 rmuINvvsKNzC16W75Sw5JkvamnAYlTeVEFYj9hXtugRe3jlP/bdDH7WkZW/NgBHk
 cJVbUM1JAhUA9wcx7fpsBgPVhYocrJxl51BmZW8CgYBN30wDppGK9RlvUEYlmeVo
 bzDjaeHls12YuyiGSPzemQQ/X4gMnHMkDSBduSqaPxiWJ+Rih8F7dGJT/GEnqHqR
 CZ228U2cVA9YBu5JdAfOVX4jzhb2ytxaYQF+yXG1TfbcNCmHaPZeIJOz2/XkCWxB
 F5WS6wG1c6Vqftgy7Q4CuAOBhAACgYAapll6iqz9XrZFlk2GCVcB+KihxWnH7IuH
 vSLw9YUrJahcBHmbpvt494lF4gC5w3WPM+vXJofbusk4GoQEEsQNMDaah4m49uUq
 AylOVFJJJXuirVJ+o+0TtOFDITEAl+YZZariXOD7tdOSOl9RLMPC6+daHKS9e68u
 3enxhqnDGaAAMAkGBSsOAwIbBQADMAAwLQIVAJGVuFsG/0DBuSZ0jF7ypdU0/G0v
 AhQfeF5BoMMDbX/kidUVpQ6gadPlZA==
 -----END CERTIFICATE REQUEST-----
 -----BEGIN CERTIFICATE-----
 MIIBrjCCAWwCAQswCQYFKw4DAhsFADBTMQswCQYDVQQGEwJBVTETMBEGA1UECBMK
 U29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQww
 CgYDVQQDEwNQQ0EwHhcNOTcwNjE1MDIxNDI5WhcNOTcwNzE1MDIxNDI5WjBSMQsw
 CQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJu
 ZXQgV2lkZ2l0cyBQdHkgTHRkMQswCQYDVQQDEwJDQTCBkjAJBgUrDgMCDAUAA4GE
 AAKBgBqmWXqKrP1etkWWTYYJVwH4qKHFacfsi4e9IvD1hSslqFwEeZum+3j3iUXi
 ALnDdY8z69cmh9u6yTgahAQSxA0wNpqHibj25SoDKU5UUkkle6KtUn6j7RO04UMh
 MQCX5hllquJc4Pu105I6X1Esw8Lr51ocpL17ry7d6fGGqcMZMAkGBSsOAwIbBQAD
 MQAwLgIVAJ4wtQsANPxHo7Q4IQZYsL12SKdbAhUAjJ9n38zxT+iai2164xS+LIfa
 C1Q=
 -----END CERTIFICATE-----
--- a/apps/dsa-pca.pem
+++ b/apps/dsa-pca.pem
@@ -1,46 +0,0 @@
 -----BEGIN DSA PRIVATE KEY-----
 MIIBvAIBAAKBgQCnP26Fv0FqKX3wn0cZMJCaCR3aajMexT2GlrMV4FMuj+BZgnOQ
 PnUxmUd6UvuF5NmmezibaIqEm4fGHrV+hktTW1nPcWUZiG7OZq5riDb77Cjcwtel
 u+UsOSZL2ppwGJU3lRBWI/YV7boEXt45T/23Qx+1pGVvzYAR5HCVW1DNSQIVAPcH
 Me36bAYD1YWKHKycZedQZmVvAoGATd9MA6aRivUZb1BGJZnlaG8w42nh5bNdmLso
 hkj83pkEP1+IDJxzJA0gXbkqmj8YlifkYofBe3RiU/xhJ6h6kQmdtvFNnFQPWAbu
 SXQHzlV+I84W9srcWmEBfslxtU323DQph2j2XiCTs9v15AlsQReVkusBtXOlan7Y
 Mu0OArgCgYEApu25HkB1b4gKMIV7aLGNSIknMzYgrB7o1kQxeDf34dDVRM9OZ8tk
 umz6tl+iUcNe5EoxdsYV1IXSddjOi08LOLsZq7AQlNnKvbtlmMDULpqkZJD0bO7A
 29nisJfKy1URqABLw5DgfcPh1ZLXtmDfUgJvmjgTmvTPT2j9TPjq7RUCFQDNvrBz
 6TicfImU7UFRn9h00j0lJQ==
 -----END DSA PRIVATE KEY-----
 -----BEGIN CERTIFICATE REQUEST-----
 MIICVTCCAhMCAQAwUzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUx
 ITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEMMAoGA1UEAxMDUENB
 MIIBtTCCASkGBSsOAwIMMIIBHgKBgQCnP26Fv0FqKX3wn0cZMJCaCR3aajMexT2G
 lrMV4FMuj+BZgnOQPnUxmUd6UvuF5NmmezibaIqEm4fGHrV+hktTW1nPcWUZiG7O
 Zq5riDb77Cjcwtelu+UsOSZL2ppwGJU3lRBWI/YV7boEXt45T/23Qx+1pGVvzYAR
 5HCVW1DNSQIVAPcHMe36bAYD1YWKHKycZedQZmVvAoGATd9MA6aRivUZb1BGJZnl
 aG8w42nh5bNdmLsohkj83pkEP1+IDJxzJA0gXbkqmj8YlifkYofBe3RiU/xhJ6h6
 kQmdtvFNnFQPWAbuSXQHzlV+I84W9srcWmEBfslxtU323DQph2j2XiCTs9v15Als
 QReVkusBtXOlan7YMu0OArgDgYUAAoGBAKbtuR5AdW+ICjCFe2ixjUiJJzM2IKwe
 6NZEMXg39+HQ1UTPTmfLZLps+rZfolHDXuRKMXbGFdSF0nXYzotPCzi7GauwEJTZ
 yr27ZZjA1C6apGSQ9GzuwNvZ4rCXystVEagAS8OQ4H3D4dWS17Zg31ICb5o4E5r0
 z09o/Uz46u0VoAAwCQYFKw4DAhsFAAMxADAuAhUArRubTxsbIXy3AhtjQ943AbNB
 nSICFQCu+g1iW3jwF+gOcbroD4S/ZcvB3w==
 -----END CERTIFICATE REQUEST-----
 -----BEGIN CERTIFICATE-----
 MIIC0zCCApECAQAwCQYFKw4DAhsFADBTMQswCQYDVQQGEwJBVTETMBEGA1UECBMK
 U29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQww
 CgYDVQQDEwNQQ0EwHhcNOTcwNjE0MjI1NDQ1WhcNOTcwNzE0MjI1NDQ1WjBTMQsw
 CQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJu
 ZXQgV2lkZ2l0cyBQdHkgTHRkMQwwCgYDVQQDEwNQQ0EwggG1MIIBKQYFKw4DAgww
 ggEeAoGBAKc/boW/QWopffCfRxkwkJoJHdpqMx7FPYaWsxXgUy6P4FmCc5A+dTGZ
 R3pS+4Xk2aZ7OJtoioSbh8YetX6GS1NbWc9xZRmIbs5mrmuINvvsKNzC16W75Sw5
 JkvamnAYlTeVEFYj9hXtugRe3jlP/bdDH7WkZW/NgBHkcJVbUM1JAhUA9wcx7fps
 BgPVhYocrJxl51BmZW8CgYBN30wDppGK9RlvUEYlmeVobzDjaeHls12YuyiGSPze
 mQQ/X4gMnHMkDSBduSqaPxiWJ+Rih8F7dGJT/GEnqHqRCZ228U2cVA9YBu5JdAfO
 VX4jzhb2ytxaYQF+yXG1TfbcNCmHaPZeIJOz2/XkCWxBF5WS6wG1c6Vqftgy7Q4C
 uAOBhQACgYEApu25HkB1b4gKMIV7aLGNSIknMzYgrB7o1kQxeDf34dDVRM9OZ8tk
 umz6tl+iUcNe5EoxdsYV1IXSddjOi08LOLsZq7AQlNnKvbtlmMDULpqkZJD0bO7A
 29nisJfKy1URqABLw5DgfcPh1ZLXtmDfUgJvmjgTmvTPT2j9TPjq7RUwCQYFKw4D
 AhsFAAMxADAuAhUAvtv6AkMolix1Jvy3UnVEIUqdCUICFQC+jq8P49mwrY9oJ24n
 5rKUjNBhSg==
 -----END CERTIFICATE-----
--- a/apps/dsa.c
+++ b/apps/dsa.c
@@ -1,257 +0,0 @@
 /* apps/dsa.c */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
 * 
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
 * 
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *    "This product includes cryptographic software written by
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
 * 4. If you include any Windows specific code (or a derivative thereof) from 
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
 * 
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 * 
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include <time.h>
 #include "apps.h"
 #include "bio.h"
 #include "err.h"
 #include "dsa.h"
 #include "evp.h"
 #include "x509.h"
 #include "pem.h"
 #undef PROG
 #define PROG	dsa_main
 /* -inform arg	- input format - default PEM (one of DER, NET or PEM)
 * -outform arg - output format - default PEM
 * -in arg	- input file - default stdin
 * -out arg	- output file - default stdout
 * -des		- encrypt output if PEM format with DES in cbc mode
 * -des3	- encrypt output if PEM format
 * -idea	- encrypt output if PEM format
 * -text	- print a text version
 * -modulus	- print the DSA public key
 */
 int MAIN(argc, argv)
 int argc;
 char **argv;
 	{
 	int ret=1;
 	DSA *dsa=NULL;
 	int i,badops=0;
 	EVP_CIPHER *enc=NULL;
 	BIO *in=NULL,*out=NULL;
 	int informat,outformat,text=0,noout=0;
 	char *infile,*outfile,*prog;
 	int modulus=0;
 	apps_startup();
 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 	infile=NULL;
 	outfile=NULL;
 	informat=FORMAT_PEM;
 	outformat=FORMAT_PEM;
 	prog=argv[0];
 	argc--;
 	argv++;
 	while (argc >= 1)
 		{
 		if 	(strcmp(*argv,"-inform") == 0)
 			{
 			if (--argc < 1) goto bad;
 			informat=str2fmt(*(++argv));
 			}
 		else if (strcmp(*argv,"-outform") == 0)
 			{
 			if (--argc < 1) goto bad;
 			outformat=str2fmt(*(++argv));
 			}
 		else if (strcmp(*argv,"-in") == 0)
 			{
 			if (--argc < 1) goto bad;
 			infile= *(++argv);
 			}
 		else if (strcmp(*argv,"-out") == 0)
 			{
 			if (--argc < 1) goto bad;
 			outfile= *(++argv);
 			}
 		else if (strcmp(*argv,"-noout") == 0)
 			noout=1;
 		else if (strcmp(*argv,"-text") == 0)
 			text=1;
 		else if (strcmp(*argv,"-modulus") == 0)
 			modulus=1;
 		else if ((enc=EVP_get_cipherbyname(&(argv[0][1]))) == NULL)
 			{
 			BIO_printf(bio_err,"unknown option %s\n",*argv);
 			badops=1;
 			break;
 			}
 		argc--;
 		argv++;
 		}
 	if (badops)
 		{
 bad:
 		BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
 		BIO_printf(bio_err,"where options are\n");
 		BIO_printf(bio_err," -inform arg   input format - one of DER NET PEM\n");
 		BIO_printf(bio_err," -outform arg  output format - one of DER NET PEM\n");
 		BIO_printf(bio_err," -in arg       input file\n");
 		BIO_printf(bio_err," -out arg      output file\n");
 		BIO_printf(bio_err," -des          encrypt PEM output with cbc des\n");
 		BIO_printf(bio_err," -des3         encrypt PEM output with ede cbc des using 168 bit key\n");
 #ifndef NO_IDEA
 		BIO_printf(bio_err," -idea         encrypt PEM output with cbc idea\n");
 #endif
 		BIO_printf(bio_err," -text         print the key in text\n");
 		BIO_printf(bio_err," -noout        don't print key out\n");
 		BIO_printf(bio_err," -modulus      print the DSA public value\n");
 		goto end;
 		}
 	ERR_load_crypto_strings();
 	in=BIO_new(BIO_s_file());
 	out=BIO_new(BIO_s_file());
 	if ((in == NULL) || (out == NULL))
 		{
 		ERR_print_errors(bio_err);
 		goto end;
 		}
 	if (infile == NULL)
 		BIO_set_fp(in,stdin,BIO_NOCLOSE);
 	else
 		{
 		if (BIO_read_filename(in,infile) <= 0)
 			{
 			perror(infile);
 			goto end;
 			}
 		}
 	BIO_printf(bio_err,"read DSA private key\n");
 	if	(informat == FORMAT_ASN1)
 		dsa=d2i_DSAPrivateKey_bio(in,NULL);
 	else if (informat == FORMAT_PEM)
 		dsa=PEM_read_bio_DSAPrivateKey(in,NULL,NULL);
 	else
 		{
 		BIO_printf(bio_err,"bad input format specified for key\n");
 		goto end;
 		}
 	if (dsa == NULL)
 		{
 		BIO_printf(bio_err,"unable to load Private Key\n");
 		ERR_print_errors(bio_err);
 		goto end;
 		}
 	if (outfile == NULL)
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
 	else
 		{
 		if (BIO_write_filename(out,outfile) <= 0)
 			{
 			perror(outfile);
 			goto end;
 			}
 		}
 	if (text) 
 		if (!DSA_print(out,dsa,0))
 			{
 			perror(outfile);
 			ERR_print_errors(bio_err);
 			goto end;
 			}
 	if (modulus)
 		{
 		fprintf(stdout,"Public Key=");
 		BN_print(out,dsa->pub_key);
 		fprintf(stdout,"\n");
 		}
 	if (noout) goto end;
 	BIO_printf(bio_err,"writing DSA private key\n");
 	if 	(outformat == FORMAT_ASN1)
 		i=i2d_DSAPrivateKey_bio(out,dsa);
 	else if (outformat == FORMAT_PEM)
 		i=PEM_write_bio_DSAPrivateKey(out,dsa,enc,NULL,0,NULL);
 	else	{
 		BIO_printf(bio_err,"bad output format specified for outfile\n");
 		goto end;
 		}
 	if (!i)
 		{
 		BIO_printf(bio_err,"unable to write private key\n");
 		ERR_print_errors(bio_err);
 		}
 	else
 		ret=0;
 end:
 	if (in != NULL) BIO_free(in);
 	if (out != NULL) BIO_free(out);
 	if (dsa != NULL) DSA_free(dsa);
 	EXIT(ret);
 	}
--- a/apps/dsa1024.pem
+++ b/apps/dsa1024.pem
@@ -1,9 +0,0 @@
 -----BEGIN DSA PARAMETERS-----
 MIIBHgKBgQCnP26Fv0FqKX3wn0cZMJCaCR3aajMexT2GlrMV4FMuj+BZgnOQPnUx
 mUd6UvuF5NmmezibaIqEm4fGHrV+hktTW1nPcWUZiG7OZq5riDb77Cjcwtelu+Us
 OSZL2ppwGJU3lRBWI/YV7boEXt45T/23Qx+1pGVvzYAR5HCVW1DNSQIVAPcHMe36
 bAYD1YWKHKycZedQZmVvAoGATd9MA6aRivUZb1BGJZnlaG8w42nh5bNdmLsohkj8
 3pkEP1+IDJxzJA0gXbkqmj8YlifkYofBe3RiU/xhJ6h6kQmdtvFNnFQPWAbuSXQH
 zlV+I84W9srcWmEBfslxtU323DQph2j2XiCTs9v15AlsQReVkusBtXOlan7YMu0O
 Arg=
 -----END DSA PARAMETERS-----
--- a/apps/dsa512.pem
+++ b/apps/dsa512.pem
@@ -1,6 +0,0 @@
 -----BEGIN DSA PARAMETERS-----
 MIGdAkEAnRtpjibb8isRcBmG9hnI+BnyGFOURgbQYlAzSwI8UjADizv5X9EkBk97
 TLqqQJv9luQ3M7stWtdaEUBmonZ9MQIVAPtT71C0QJIxVoZTeuiLIppJ+3GPAkEA
 gz6I5cWJc847bAFJv7PHnwrqRJHlMKrZvltftxDXibeOdPvPKR7rqCxUUbgQ3qDO
 L8wka5B33qJoplISogOdIA==
 -----END DSA PARAMETERS-----
--- a/apps/dsap.pem
+++ b/apps/dsap.pem
@@ -1,6 +0,0 @@
 -----BEGIN DSA PARAMETERS-----
 MIGcAkEA+ZiKEvZmc9MtnaFZh4NiZ3oZS4J1PHvPrm9MXj5ntVheDPkdmBDTncya
 GAJcMjwsyB/GvLDGd6yGCw/8eF+09wIVAK3VagOxGd/Q4Af5NbxR5FB7CXEjAkA2
 t/q7HgVLi0KeKvcDG8BRl3wuy7bCvpjgtWiJc/tpvcuzeuAayH89UofjAGueKjXD
 ADiRffvSdhrNw5dkqdql
 -----END DSA PARAMETERS-----
--- a/apps/dsaparam.c
+++ b/apps/dsaparam.c
@@ -1,361 +0,0 @@
 /* apps/dsaparam.c */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
 * 
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
 * 
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *    "This product includes cryptographic software written by
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
 * 4. If you include any Windows specific code (or a derivative thereof) from 
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
 * 
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 * 
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */
 #include <stdio.h>
 #include <stdlib.h>
 #include <time.h>
 #include <string.h>
 #include "apps.h"
 #include "bio.h"
 #include "err.h"
 #include "bn.h"
 #include "rand.h"
 #include "dsa.h"
 #include "x509.h"
 #include "pem.h"
 #undef PROG
 #define PROG	dsaparam_main
 /* -inform arg	- input format - default PEM (one of DER, TXT or PEM)
 * -outform arg - output format - default PEM
 * -in arg	- input file - default stdin
 * -out arg	- output file - default stdout
 * -noout
 * -text
 * -C
 * -noout
 * -genkey
 */
 #ifndef NOPROTO
 static void MS_CALLBACK dsa_cb(int p, int n, char *arg);
 #else
 static void MS_CALLBACK dsa_cb();
 #endif
 int MAIN(argc, argv)
 int argc;
 char **argv;
 	{
 	DSA *dsa=NULL;
 	int i,badops=0,text=0;
 	BIO *in=NULL,*out=NULL;
 	int informat,outformat,noout=0,C=0,ret=1;
 	char *infile,*outfile,*prog,*inrand=NULL;
 	int numbits= -1,num,genkey=0;
 	char buffer[200],*randfile=NULL;
 	apps_startup();
 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 	infile=NULL;
 	outfile=NULL;
 	informat=FORMAT_PEM;
 	outformat=FORMAT_PEM;
 	prog=argv[0];
 	argc--;
 	argv++;
 	while (argc >= 1)
 		{
 		if 	(strcmp(*argv,"-inform") == 0)
 			{
 			if (--argc < 1) goto bad;
 			informat=str2fmt(*(++argv));
 			}
 		else if (strcmp(*argv,"-outform") == 0)
 			{
 			if (--argc < 1) goto bad;
 			outformat=str2fmt(*(++argv));
 			}
 		else if (strcmp(*argv,"-in") == 0)
 			{
 			if (--argc < 1) goto bad;
 			infile= *(++argv);
 			}
 		else if (strcmp(*argv,"-out") == 0)
 			{
 			if (--argc < 1) goto bad;
 			outfile= *(++argv);
 			}
 		else if (strcmp(*argv,"-text") == 0)
 			text=1;
 		else if (strcmp(*argv,"-C") == 0)
 			C=1;
 		else if (strcmp(*argv,"-genkey") == 0)
 			genkey=1;
 		else if (strcmp(*argv,"-rand") == 0)
 			{
 			if (--argc < 1) goto bad;
 			inrand= *(++argv);
 			}
 		else if (strcmp(*argv,"-noout") == 0)
 			noout=1;
 		else if (sscanf(*argv,"%d",&num) == 1)
 			{
 			/* generate a key */
 			numbits=num;
 			}
 		else
 			{
 			BIO_printf(bio_err,"unknown option %s\n",*argv);
 			badops=1;
 			break;
 			}
 		argc--;
 		argv++;
 		}
 	if (badops)
 		{
 bad:
 		BIO_printf(bio_err,"%s [options] [bits] <infile >outfile\n",prog);
 		BIO_printf(bio_err,"where options are\n");
 		BIO_printf(bio_err," -inform arg   input format - one of DER TXT PEM\n");
 		BIO_printf(bio_err," -outform arg  output format - one of DER TXT PEM\n");
 		BIO_printf(bio_err," -in arg       input file\n");
 		BIO_printf(bio_err," -out arg      output file\n");
 		BIO_printf(bio_err," -text         check the DSA parameters\n");
 		BIO_printf(bio_err," -C            Output C code\n");
 		BIO_printf(bio_err," -noout        no output\n");
 		BIO_printf(bio_err," -rand         files to use for random number input\n");
 		BIO_printf(bio_err," number        number of bits to use for generating private key\n");
 		goto end;
 		}
 	ERR_load_crypto_strings();
 	in=BIO_new(BIO_s_file());
 	out=BIO_new(BIO_s_file());
 	if ((in == NULL) || (out == NULL))
 		{
 		ERR_print_errors(bio_err);
 		goto end;
 		}
 	if (infile == NULL)
 		BIO_set_fp(in,stdin,BIO_NOCLOSE);
 	else
 		{
 		if (BIO_read_filename(in,infile) <= 0)
 			{
 			perror(infile);
 			goto end;
 			}
 		}
 	if (outfile == NULL)
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
 	else
 		{
 		if (BIO_write_filename(out,outfile) <= 0)
 			{
 			perror(outfile);
 			goto end;
 			}
 		}
 	if (numbits > 0)
 		{
 		randfile=RAND_file_name(buffer,200);
 		RAND_load_file(randfile,1024L*1024L);
 		BIO_printf(bio_err,"Generating DSA parameters, %d bit long prime\n",num);
 	        BIO_printf(bio_err,"This could take some time\n");
 	        dsa=DSA_generate_parameters(num,NULL,0,NULL,NULL,
 			dsa_cb,(char *)bio_err);
 		}
 	else if	(informat == FORMAT_ASN1)
 		dsa=d2i_DSAparams_bio(in,NULL);
 	else if (informat == FORMAT_PEM)
 		dsa=PEM_read_bio_DSAparams(in,NULL,NULL);
 	else
 		{
 		BIO_printf(bio_err,"bad input format specified\n");
 		goto end;
 		}
 	if (dsa == NULL)
 		{
 		BIO_printf(bio_err,"unable to load DSA parameters\n");
 		ERR_print_errors(bio_err);
 		goto end;
 		}
 	if (text)
 		{
 		DSAparams_print(out,dsa);
 		}
 	if (C)
 		{
 		unsigned char *data;
 		int l,len,bits_p,bits_q,bits_g;
 		len=BN_num_bytes(dsa->p);
 		bits_p=BN_num_bits(dsa->p);
 		bits_q=BN_num_bits(dsa->q);
 		bits_g=BN_num_bits(dsa->g);
 		data=(unsigned char *)Malloc(len+20);
 		if (data == NULL)
 			{
 			perror("Malloc");
 			goto end;
 			}
 		l=BN_bn2bin(dsa->p,data);
 		printf("static unsigned char dsa%d_p[]={",bits_p);
 		for (i=0; i<l; i++)
 			{
 			if ((i%12) == 0) printf("\n\t");
 			printf("0x%02X,",data[i]);
 			}
 		printf("\n\t};\n");
 		l=BN_bn2bin(dsa->q,data);
 		printf("static unsigned char dsa%d_q[]={",bits_p);
 		for (i=0; i<l; i++)
 			{
 			if ((i%12) == 0) printf("\n\t");
 			printf("0x%02X,",data[i]);
 			}
 		printf("\n\t};\n");
 		l=BN_bn2bin(dsa->g,data);
 		printf("static unsigned char dsa%d_g[]={",bits_p);
 		for (i=0; i<l; i++)
 			{
 			if ((i%12) == 0) printf("\n\t");
 			printf("0x%02X,",data[i]);
 			}
 		printf("\n\t};\n\n");
 		printf("DSA *get_dsa%d()\n\t{\n",bits_p);
 		printf("\tDSA *dsa;\n\n");
 		printf("\tif ((dsa=DSA_new()) == NULL) return(NULL);\n");
 		printf("\tdsa->p=BN_bin2bn(dsa%d_p,sizeof(dsa%d_p),NULL);\n",
 			bits_p,bits_p);
 		printf("\tdsa->q=BN_bin2bn(dsa%d_q,sizeof(dsa%d_q),NULL);\n",
 			bits_p,bits_p);
 		printf("\tdsa->g=BN_bin2bn(dsa%d_g,sizeof(dsa%d_g),NULL);\n",
 			bits_p,bits_p);
 		printf("\tif ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))\n");
 		printf("\t\treturn(NULL);\n");
 		printf("\treturn(dsa);\n\t}\n");
 		}
 	if (!noout)
 		{
 		if 	(outformat == FORMAT_ASN1)
 			i=i2d_DSAparams_bio(out,dsa);
 		else if (outformat == FORMAT_PEM)
 			i=PEM_write_bio_DSAparams(out,dsa);
 		else	{
 			BIO_printf(bio_err,"bad output format specified for outfile\n");
 			goto end;
 			}
 		if (!i)
 			{
 			BIO_printf(bio_err,"unable to write DSA paramaters\n");
 			ERR_print_errors(bio_err);
 			goto end;
 			}
 		}
 	if (genkey)
 		{
 		DSA *dsakey;
 		if ((dsakey=DSAparams_dup(dsa)) == NULL) goto end;
 		if (!DSA_generate_key(dsakey)) goto end;
 		if 	(outformat == FORMAT_ASN1)
 			i=i2d_DSAPrivateKey_bio(out,dsakey);
 		else if (outformat == FORMAT_PEM)
 			i=PEM_write_bio_DSAPrivateKey(out,dsakey,NULL,NULL,0,NULL);
 		else	{
 			BIO_printf(bio_err,"bad output format specified for outfile\n");
 			goto end;
 			}
 		DSA_free(dsakey);
 		}
 	ret=0;
 end:
 	if (in != NULL) BIO_free(in);
 	if (out != NULL) BIO_free(out);
 	if (dsa != NULL) DSA_free(dsa);
 	EXIT(ret);
 	}
 static void MS_CALLBACK dsa_cb(p, n, arg)
 int p;
 int n;
 char *arg;
 	{
 	char c='*';
 	if (p == 0) c='.';
 	if (p == 1) c='+';
 	if (p == 2) c='*';
 	if (p == 3) c='\n';
 	BIO_write((BIO *)arg,&c,1);
 	BIO_flush((BIO *)arg);
 #ifdef LINT
 	p=n;
 #endif
 	}
--- a/apps/eay.c
+++ b/apps/eay.c
@@ -1,130 +0,0 @@
 /* apps/eay.c */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
 * 
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
 * 
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *    "This product includes cryptographic software written by
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
 * 4. If you include any Windows specific code (or a derivative thereof) from 
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
 * 
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 * 
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #define MONOLITH
 #define USE_SOCKETS
 #include "../e_os.h"
 #include "bio.h"
 #include "stack.h"
 #include "lhash.h"
 #include "err.h"
 #include "bn.h"
 #include "evp.h"
 #include "rand.h"
 #include "conf.h"
 #include "txt_db.h"
 #include "err.h"
 #include "x509.h"
 #include "pkcs7.h"
 #include "pem.h"
 #include "asn1.h"
 #include "objects.h"
 #define MONOLITH
 #include "openssl.c"
 #include "apps.c"
 #include "asn1pars.c"
 #ifndef NO_RSA
 #include "ca.c"
 #include "genrsa.c"
 #include "req.c"
 #include "rsa.c"
 #endif
 #ifndef NO_DH
 #include "gendh.c"
 #include "dh.c"
 #endif
 #include "crl.c"
 #include "crl2p7.c"
 #include "dgst.c"
 #include "enc.c"
 #include "errstr.c"
 #if !defined(NO_SSL2) || !defined(NO_SSL3)
 #ifndef NO_SOCK
 #include "s_cb.c"
 #include "s_client.c"
 #include "s_server.c"
 #include "s_socket.c"
 #include "s_time.c"
 #endif
 #endif
 #include "speed.c"
 #include "verify.c"
 #include "version.c"
 #include "x509.c"
 #include "ciphers.c"
 #include "sess_id.c"
 #include "pkcs7.c"
 #ifndef NO_DSA
 #include "dsaparam.c"
 #include "dsa.c"
 #include "gendsa.c"
 #endif
--- a/apps/enc.c
+++ b/apps/enc.c
@@ -1,561 +0,0 @@
 /* apps/enc.c */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
 * 
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
 * 
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *    "This product includes cryptographic software written by
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
 * 4. If you include any Windows specific code (or a derivative thereof) from 
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
 * 
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 * 
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include "apps.h"
 #include "bio.h"
 #include "err.h"
 #include "evp.h"
 #include "objects.h"
 #include "x509.h"
 #ifdef NO_MD5
 #include "md5.h"
 #endif
 #include "pem.h"
 #ifndef NOPROTO
 int set_hex(char *in,unsigned char *out,int size);
 #else
 int set_hex();
 #endif
 #undef SIZE
 #undef BSIZE
 #undef PROG
 #define SIZE	(512)
 #define BSIZE	(8*1024)
 #define	PROG	enc_main
 int MAIN(argc,argv)
 int argc;
 char **argv;
 	{
 	char *strbuf=NULL;
 	unsigned char *buff=NULL,*bufsize=NULL;
 	int bsize=BSIZE,verbose=0;
 	int ret=1,inl;
 	unsigned char key[24],iv[MD5_DIGEST_LENGTH];
 	char *str=NULL;
 	char *hkey=NULL,*hiv=NULL;
 	int enc=1,printkey=0,i,base64=0;
 	int debug=0,olb64=0;
 	EVP_CIPHER *cipher=NULL,*c;
 	char *inf=NULL,*outf=NULL;
 	BIO *in=NULL,*out=NULL,*b64=NULL,*benc=NULL,*rbio=NULL,*wbio=NULL;
 #define PROG_NAME_SIZE  16
        char pname[PROG_NAME_SIZE];
 	apps_startup();
 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 	/* first check the program name */
        program_name(argv[0],pname,PROG_NAME_SIZE);
 	if (strcmp(pname,"base64") == 0)
 		base64=1;
 	cipher=EVP_get_cipherbyname(pname);
 	if (!base64 && (cipher == NULL) && (strcmp(pname,"enc") != 0))
 		{
 		BIO_printf(bio_err,"%s is an unknown cipher\n",pname);
 		goto bad;
 		}
 	argc--;
 	argv++;
 	while (argc >= 1)
 		{
 		if	(strcmp(*argv,"-e") == 0)
 			enc=1;
 		else if (strcmp(*argv,"-in") == 0)
 			{
 			if (--argc < 1) goto bad;
 			inf= *(++argv);
 			}
 		else if (strcmp(*argv,"-out") == 0)
 			{
 			if (--argc < 1) goto bad;
 			outf= *(++argv);
 			}
 		else if	(strcmp(*argv,"-d") == 0)
 			enc=0;
 		else if	(strcmp(*argv,"-p") == 0)
 			printkey=1;
 		else if	(strcmp(*argv,"-v") == 0)
 			verbose=1;
 		else if	((strcmp(*argv,"-debug") == 0) ||
 			 (strcmp(*argv,"-d") == 0))
 			debug=1;
 		else if	(strcmp(*argv,"-P") == 0)
 			printkey=2;
 		else if	(strcmp(*argv,"-A") == 0)
 			olb64=1;
 		else if	(strcmp(*argv,"-a") == 0)
 			base64=1;
 		else if	(strcmp(*argv,"-base64") == 0)
 			base64=1;
 		else if (strcmp(*argv,"-bufsize") == 0)
 			{
 			if (--argc < 1) goto bad;
 			bufsize=(unsigned char *)*(++argv);
 			}
 		else if (strcmp(*argv,"-k") == 0)
 			{
 			if (--argc < 1) goto bad;
 			str= *(++argv);
 			}
 		else if (strcmp(*argv,"-kfile") == 0)
 			{
 			static char buf[128];
 			FILE *infile;
 			char *file;
 			if (--argc < 1) goto bad;
 			file= *(++argv);
 			infile=fopen(file,"r");
 			if (infile == NULL)
 				{
 				BIO_printf(bio_err,"unable to read key from '%s'\n",
 					file);
 				goto bad;
 				}
 			buf[0]='\0';
 			fgets(buf,128,infile);
 			fclose(infile);
 			i=strlen(buf);
 			if ((i > 0) &&
 				((buf[i-1] == '\n') || (buf[i-1] == '\r')))
 				buf[--i]='\0';
 			if ((i > 0) &&
 				((buf[i-1] == '\n') || (buf[i-1] == '\r')))
 				buf[--i]='\0';
 			if (i < 1)
 				{
 				BIO_printf(bio_err,"zero length password\n");
 				goto bad;
 				}
 			str=buf;
 			}
 		else if (strcmp(*argv,"-K") == 0)
 			{
 			if (--argc < 1) goto bad;
 			hkey= *(++argv);
 			}
 		else if (strcmp(*argv,"-iv") == 0)
 			{
 			if (--argc < 1) goto bad;
 			hiv= *(++argv);
 			}
 		else if	((argv[0][0] == '-') &&
 			((c=EVP_get_cipherbyname(&(argv[0][1]))) != NULL))
 			{
 			cipher=c;
 			}
 		else if (strcmp(*argv,"-none") == 0)
 			cipher=NULL;
 		else
 			{
 			BIO_printf(bio_err,"unknown option '%s'\n",*argv);
 bad:
 			BIO_printf(bio_err,"options are\n");
 			BIO_printf(bio_err,"%-14s input file\n","-in <file>");
 			BIO_printf(bio_err,"%-14s output fileencrypt\n","-out <file>");
 			BIO_printf(bio_err,"%-14s encrypt\n","-e");
 			BIO_printf(bio_err,"%-14s decrypt\n","-d");
 			BIO_printf(bio_err,"%-14s base64 encode/decode, depending on encryption flag\n","-a/-base64");
 			BIO_printf(bio_err,"%-14s key is the next argument\n","-k");
 			BIO_printf(bio_err,"%-14s key is the first line of the file argument\n","-kfile");
 			BIO_printf(bio_err,"%-14s key/iv in hex is the next argument\n","-K/-iv");
 			BIO_printf(bio_err,"%-14s print the iv/key (then exit if -P)\n","-[pP]");
 			BIO_printf(bio_err,"%-14s buffer size\n","-bufsize <n>");
 			BIO_printf(bio_err,"Cipher Types\n");
 			BIO_printf(bio_err,"des     : 56 bit key DES encryption\n");
 			BIO_printf(bio_err,"des_ede :112 bit key ede DES encryption\n");
 			BIO_printf(bio_err,"des_ede3:168 bit key ede DES encryption\n");
 #ifndef NO_IDEA
 			BIO_printf(bio_err,"idea    :128 bit key IDEA encryption\n");
 #endif
 #ifndef NO_RC4
 			BIO_printf(bio_err,"rc2     :128 bit key RC2 encryption\n");
 #endif
 #ifndef NO_BLOWFISH
 			BIO_printf(bio_err,"bf      :128 bit key BlowFish encryption\n");
 #endif
 #ifndef NO_RC4
 			BIO_printf(bio_err," -%-5s :128 bit key RC4 encryption\n",
 				LN_rc4);
 #endif
 			BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s",
 				LN_des_ecb,LN_des_cbc,
 				LN_des_cfb64,LN_des_ofb64);
 			BIO_printf(bio_err," -%-4s (%s)\n",
 				"des", LN_des_cbc);
 			BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s",
 				LN_des_ede,LN_des_ede_cbc,
 				LN_des_ede_cfb64,LN_des_ede_ofb64);
 			BIO_printf(bio_err," -desx -none\n");
 			BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s",
 				LN_des_ede3,LN_des_ede3_cbc,
 				LN_des_ede3_cfb64,LN_des_ede3_ofb64);
 			BIO_printf(bio_err," -%-4s (%s)\n",
 				"des3", LN_des_ede3_cbc);
 #ifndef NO_IDEA
 			BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s",
 				LN_idea_ecb, LN_idea_cbc,
 				LN_idea_cfb64, LN_idea_ofb64);
 			BIO_printf(bio_err," -%-4s (%s)\n","idea",LN_idea_cbc);
 #endif
 #ifndef NO_RC2
 			BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s",
 				LN_rc2_ecb, LN_rc2_cbc,
 				LN_rc2_cfb64, LN_rc2_ofb64);
 			BIO_printf(bio_err," -%-4s (%s)\n","rc2", LN_rc2_cbc);
 #endif
 #ifndef NO_BLOWFISH
 			BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s",
 				LN_bf_ecb, LN_bf_cbc,
 				LN_bf_cfb64, LN_bf_ofb64);
 			BIO_printf(bio_err," -%-4s (%s)\n","bf", LN_bf_cbc);
 #endif
 #ifndef NO_BLOWFISH
 			BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s",
 				LN_cast5_ecb, LN_cast5_cbc,
 				LN_cast5_cfb64, LN_cast5_ofb64);
 			BIO_printf(bio_err," -%-4s (%s)\n","cast", LN_cast5_cbc);
 #endif
 #ifndef NO_BLOWFISH
 			BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s",
 				LN_rc5_ecb, LN_rc5_cbc,
 				LN_rc5_cfb64, LN_rc5_ofb64);
 			BIO_printf(bio_err," -%-4s (%s)\n","rc5", LN_rc5_cbc);
 #endif
 			goto end;
 			}
 		argc--;
 		argv++;
 		}
 	if (bufsize != NULL)
 		{
 		unsigned long n;
 		for (n=0; *bufsize; bufsize++)
 			{
 			i= *bufsize;
 			if ((i <= '9') && (i >= '0'))
 				n=n*10+i-'0';
 			else if (i == 'k')
 				{
 				n*=1024;
 				bufsize++;
 				break;
 				}
 			}
 		if (*bufsize != '\0')
 			{
 			BIO_printf(bio_err,"invalid 'bufsize' specified.\n");
 			goto end;
 			}
 		/* It must be large enough for a base64 encoded line */
 		if (n < 80) n=80;
 		bsize=(int)n;
 		if (verbose) BIO_printf(bio_err,"bufsize=%d\n",bsize);
 		}
 	strbuf=Malloc(SIZE);
 	buff=(unsigned char *)Malloc(EVP_ENCODE_LENGTH(bsize));
 	if ((buff == NULL) || (strbuf == NULL))
 		{
 		BIO_printf(bio_err,"Malloc failure %ld\n",(long)EVP_ENCODE_LENGTH(bsize));
 		goto end;
 		}
 	in=BIO_new(BIO_s_file());
 	out=BIO_new(BIO_s_file());
 	if ((in == NULL) || (out == NULL))
 		{
 		ERR_print_errors(bio_err);
 		goto end;
 		}
 	if (debug)
 		{
 		BIO_set_callback(in,BIO_debug_callback);
 		BIO_set_callback(out,BIO_debug_callback);
 		BIO_set_callback_arg(in,bio_err);
 		BIO_set_callback_arg(out,bio_err);
 		}
 	if (inf == NULL)
 		BIO_set_fp(in,stdin,BIO_NOCLOSE);
 	else
 		{
 		if (BIO_read_filename(in,inf) <= 0)
 			{
 			perror(inf);
 			goto end;
 			}
 		}
 	if ((str == NULL) && (cipher != NULL) && (hkey == NULL))
 		{
 		for (;;)
 			{
 			char buf[200];
 			sprintf(buf,"enter %s %s password:",
 				OBJ_nid2ln(EVP_CIPHER_nid(cipher)),
 				(enc)?"encryption":"decryption");
 			strbuf[0]='\0';
 			i=EVP_read_pw_string((char *)strbuf,SIZE,buf,enc);
 			if (i == 0)
 				{
 				if (strbuf[0] == '\0')
 					{
 					ret=1;
 					goto end;
 					}
 				str=strbuf;
 				break;
 				}
 			if (i < 0)
 				{
 				BIO_printf(bio_err,"bad password read\n");
 				goto end;
 				}
 			}
 		}
 	if (cipher != NULL)
 		{
 		if (str != NULL)
 			{
 			EVP_BytesToKey(cipher,EVP_md5(),NULL,
 				(unsigned char *)str,
 				strlen(str),1,key,iv);
 			/* zero the complete buffer or the string
 			 * passed from the command line
 			 * bug picked up by
 			 * Larry J. Hughes Jr. <hughes@indiana.edu> */
 			if (str == strbuf)
 				memset(str,0,SIZE);
 			else
 				memset(str,0,strlen(str));
 			}
 		if ((hiv != NULL) && !set_hex(hiv,iv,8))
 			{
 			BIO_printf(bio_err,"invalid hex iv value\n");
 			goto end;
 			}
 		if ((hkey != NULL) && !set_hex(hkey,key,24))
 			{
 			BIO_printf(bio_err,"invalid hex key value\n");
 			goto end;
 			}
 		if ((benc=BIO_new(BIO_f_cipher())) == NULL)
 			goto end;
 		BIO_set_cipher(benc,cipher,key,iv,enc);
 		if (debug)
 			{
 			BIO_set_callback(benc,BIO_debug_callback);
 			BIO_set_callback_arg(benc,bio_err);
 			}
 		if (printkey)
 			{
 			if (cipher->key_len > 0)
 				{
 				printf("key=");
 				for (i=0; i<cipher->key_len; i++)
 					printf("%02X",key[i]);
 				printf("\n");
 				}
 			if (cipher->iv_len > 0)
 				{
 				printf("iv =");
 				for (i=0; i<cipher->iv_len; i++)
 					printf("%02X",iv[i]);
 				printf("\n");
 				}
 			if (printkey == 2)
 				{
 				ret=0;
 				goto end;
 				}
 			}
 		}
 	if (outf == NULL)
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
 	else
 		{
 		if (BIO_write_filename(out,outf) <= 0)
 			{
 			perror(outf);
 			goto end;
 			}
 		}
 	rbio=in;
 	wbio=out;
 	if (base64)
 		{
 		if ((b64=BIO_new(BIO_f_base64())) == NULL)
 			goto end;
 		if (debug)
 			{
 			BIO_set_callback(b64,BIO_debug_callback);
 			BIO_set_callback_arg(b64,bio_err);
 			}
 		if (olb64)
 			BIO_set_flags(b64,BIO_FLAGS_BASE64_NO_NL);
 		if (enc)
 			wbio=BIO_push(b64,wbio);
 		else
 			rbio=BIO_push(b64,rbio);
 		}
 	/* Only encrypt/decrypt as we write the file */
 	if (benc != NULL)
 		wbio=BIO_push(benc,wbio);
 	for (;;)
 		{
 		inl=BIO_read(rbio,(char *)buff,bsize);
 		if (inl <= 0) break;
 		if (BIO_write(wbio,(char *)buff,inl) != inl)
 			{
 			BIO_printf(bio_err,"error writing output file\n");
 			goto end;
 			}
 		}
 	if (!BIO_flush(wbio))
 		{
 		BIO_printf(bio_err,"bad decrypt\n");
 		goto end;
 		}
 	ret=0;
 	if (verbose)
 		{
 		BIO_printf(bio_err,"bytes read   :%8ld\n",BIO_number_read(in));
 		BIO_printf(bio_err,"bytes written:%8ld\n",BIO_number_written(out));
 		}
 end:
 	if (strbuf != NULL) Free(strbuf);
 	if (buff != NULL) Free(buff);
 	if (in != NULL) BIO_free(in);
 	if (out != NULL) BIO_free(out);
 	if (benc != NULL) BIO_free(benc);
 	if (b64 != NULL) BIO_free(b64);
 	EXIT(ret);
 	}
 int set_hex(in,out,size)
 char *in;
 unsigned char *out;
 int size;
 	{
 	int i,n;
 	unsigned char j;
 	n=strlen(in);
 	if (n > (size*2))
 		{
 		BIO_printf(bio_err,"hex string is too long\n");
 		return(0);
 		}
 	memset(out,0,size);
 	for (i=0; i<n; i++)
 		{
 		j=(unsigned char)*in;
 		*(in++)='\0';
 		if (j == 0) break;
 		if ((j >= '0') && (j <= '9'))
 			j-='0';
 		else if ((j >= 'A') && (j <= 'F'))
 			j=j-'A'+10;
 		else if ((j >= 'a') && (j <= 'f'))
 			j=j-'a'+10;
 		else
 			{
 			BIO_printf(bio_err,"non-hex digit\n");
 			return(0);
 			}
 		if (i&1)
 			out[i/2]|=j;
 		else
 			out[i/2]=(j<<4);
 		}
 	return(1);
 	}
--- a/apps/errstr.c
+++ b/apps/errstr.c
@@ -1,116 +0,0 @@
 /* apps/errstr.c */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
 * 
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
 * 
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *    "This product includes cryptographic software written by
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
 * 4. If you include any Windows specific code (or a derivative thereof) from 
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
 * 
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 * 
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include "apps.h"
 #include "bio.h"
 #include "lhash.h"
 #include "err.h"
 #include "ssl.h"
 #undef PROG
 #define PROG	errstr_main
 int MAIN(argc, argv)
 int argc;
 char **argv;
 	{
 	int i,ret=0;
 	char buf[256];
 	unsigned long l;
 	apps_startup();
 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 	SSL_load_error_strings();
 	if ((argc > 1) && (strcmp(argv[1],"-stats") == 0))
 		{
 		BIO *out=NULL;
 		out=BIO_new(BIO_s_file());
 		if ((out != NULL) && BIO_set_fp(out,stdout,BIO_NOCLOSE))
 			{
 			lh_node_stats_bio((LHASH *)ERR_get_string_table(),out);
 			lh_stats_bio((LHASH *)ERR_get_string_table(),out);
 			lh_node_usage_stats_bio((LHASH *)
 				ERR_get_string_table(),out);
 			}
 		if (out != NULL) BIO_free(out);
 		argc--;
 		argv++;
 		}
 	for (i=1; i<argc; i++)
 		{
 		if (sscanf(argv[i],"%lx",&l))
 			printf("%s\n",ERR_error_string(l,buf));
 		else
 			{
 			printf("%s: bad error code\n",argv[i]);
 			printf("usage: errstr [-stats] <errno> ...\n");
 			ret++;
 			}
 		}
 	EXIT(ret);
 	}
--- a/apps/gendh.c
+++ b/apps/gendh.c
@@ -1,235 +0,0 @@
 /* apps/gendh.c */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
 * 
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
 * 
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *    "This product includes cryptographic software written by
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
 * 4. If you include any Windows specific code (or a derivative thereof) from 
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
 * 
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 * 
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */
 #include <stdio.h>
 #include <string.h>
 #include <sys/types.h>
 #include <sys/stat.h>
 #include "apps.h"
 #include "bio.h"
 #include "rand.h"
 #include "err.h"
 #include "bn.h"
 #include "dh.h"
 #include "x509.h"
 #include "pem.h"
 #define DEFBITS	512
 #undef PROG
 #define PROG gendh_main
 #ifndef NOPROTO
 static void MS_CALLBACK dh_cb(int p, int n, char *arg);
 static long dh_load_rand(char *names);
 #else
 static void MS_CALLBACK dh_cb();
 static long dh_load_rand();
 #endif
 int MAIN(argc, argv)
 int argc;
 char **argv;
 	{
 	char buffer[200];
 	DH *dh=NULL;
 	int ret=1,num=DEFBITS;
 	int g=2;
 	char *outfile=NULL;
 	char *inrand=NULL,*randfile;
 	BIO *out=NULL;
 	apps_startup();
 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 	argv++;
 	argc--;
 	for (;;)
 		{
 		if (argc <= 0) break;
 		if (strcmp(*argv,"-out") == 0)
 			{
 			if (--argc < 1) goto bad;
 			outfile= *(++argv);
 			}
 		else if (strcmp(*argv,"-2") == 0)
 			g=2;
 	/*	else if (strcmp(*argv,"-3") == 0)
 			g=3; */
 		else if (strcmp(*argv,"-5") == 0)
 			g=5;
 		else if (strcmp(*argv,"-rand") == 0)
 			{
 			if (--argc < 1) goto bad;
 			inrand= *(++argv);
 			}
 		else
 			break;
 		argv++;
 		argc--;
 		}
 	if ((argc >= 1) && ((sscanf(*argv,"%d",&num) == 0) || (num < 0)))
 		{
 bad:
 		BIO_printf(bio_err,"usage: gendh [args] [numbits]\n");
 		BIO_printf(bio_err," -out file - output the key to 'file\n");
 		BIO_printf(bio_err," -2    use 2 as the generator value\n");
 	/*	BIO_printf(bio_err," -3    use 3 as the generator value\n"); */
 		BIO_printf(bio_err," -5    use 5 as the generator value\n");
 		BIO_printf(bio_err," -rand file:file:...\n");
 		BIO_printf(bio_err,"           - load the file (or the files in the directory) into\n");
 		BIO_printf(bio_err,"             the random number generator\n");
 		goto end;
 		}
 	out=BIO_new(BIO_s_file());
 	if (out == NULL)
 		{
 		ERR_print_errors(bio_err);
 		goto end;
 		}
 	if (outfile == NULL)
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
 	else
 		{
 		if (BIO_write_filename(out,outfile) <= 0)
 			{
 			perror(outfile);
 			goto end;
 			}
 		}
 	randfile=RAND_file_name(buffer,200);
 	if ((randfile == NULL)|| !RAND_load_file(randfile,1024L*1024L))
 		BIO_printf(bio_err,"unable to load 'random state'\n");
 	if (inrand == NULL)
 		BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
 	else
 		{
 		BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
 			dh_load_rand(inrand));
 		}
 	BIO_printf(bio_err,"Generating DH parameters, %d bit long strong prime, generator of %d\n",num,g);
 	BIO_printf(bio_err,"This is going to take a long time\n");
 	dh=DH_generate_parameters(num,g,dh_cb,(char *)bio_err);
 	if (dh == NULL) goto end;
 	if (randfile == NULL)
 		BIO_printf(bio_err,"unable to write 'random state'\n");
 	else
 		RAND_write_file(randfile);
 	if (!PEM_write_bio_DHparams(out,dh))
 		goto end;
 	ret=0;
 end:
 	if (ret != 0)
 		ERR_print_errors(bio_err);
 	if (out != NULL) BIO_free(out);
 	if (dh != NULL) DH_free(dh);
 	EXIT(ret);
 	}
 static void MS_CALLBACK dh_cb(p,n,arg)
 int p;
 int n;
 char *arg;
 	{
 	char c='*';
 	if (p == 0) c='.';
 	if (p == 1) c='+';
 	if (p == 2) c='*';
 	if (p == 3) c='\n';
 	BIO_write((BIO *)arg,&c,1);
 	BIO_flush((BIO *)arg);
 #ifdef LINT
 	p=n;
 #endif
 	}
 static long dh_load_rand(name)
 char *name;
 	{
 	char *p,*n;
 	int last;
 	long tot=0;
 	for (;;)
 		{
 		last=0;
 		for (p=name; ((*p != '\0') && (*p != LIST_SEPARATOR_CHAR)); p++);
 		if (*p == '\0') last=1;
 		*p='\0';
 		n=name;
 		name=p+1;
 		if (*n == '\0') break;
 		tot+=RAND_load_file(n,1);
 		if (last) break;
 		}
 	return(tot);
 	}
--- a/apps/gendsa.c
+++ b/apps/gendsa.c
@@ -1,240 +0,0 @@
 /* apps/gendsa.c */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
 * 
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
 * 
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *    "This product includes cryptographic software written by
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
 * 4. If you include any Windows specific code (or a derivative thereof) from 
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
 * 
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 * 
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */
 #include <stdio.h>
 #include <string.h>
 #include <sys/types.h>
 #include <sys/stat.h>
 #include "apps.h"
 #include "bio.h"
 #include "rand.h"
 #include "err.h"
 #include "bn.h"
 #include "dsa.h"
 #include "x509.h"
 #include "pem.h"
 #define DEFBITS	512
 #undef PROG
 #define PROG gendsa_main
 #ifndef NOPROTO
 static long dsa_load_rand(char *names);
 #else
 static long dsa_load_rand();
 #endif
 int MAIN(argc, argv)
 int argc;
 char **argv;
 	{
 	char buffer[200];
 	DSA *dsa=NULL;
 	int ret=1;
 	char *outfile=NULL;
 	char *inrand=NULL,*randfile,*dsaparams=NULL;
 	BIO *out=NULL,*in=NULL;
 	EVP_CIPHER *enc=NULL;
 	apps_startup();
 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 	argv++;
 	argc--;
 	for (;;)
 		{
 		if (argc <= 0) break;
 		if (strcmp(*argv,"-out") == 0)
 			{
 			if (--argc < 1) goto bad;
 			outfile= *(++argv);
 			}
 		else if (strcmp(*argv,"-rand") == 0)
 			{
 			if (--argc < 1) goto bad;
 			inrand= *(++argv);
 			}
 		else if (strcmp(*argv,"-") == 0)
 			goto bad;
 		else if (dsaparams == NULL)
 			{
 			dsaparams= *argv;
 			}
 #ifndef NO_DES
 		else if (strcmp(*argv,"-des") == 0)
 			enc=EVP_des_cbc();
 		else if (strcmp(*argv,"-des3") == 0)
 			enc=EVP_des_ede3_cbc();
 #endif
 #ifndef NO_IDEA
 		else if (strcmp(*argv,"-idea") == 0)
 			enc=EVP_idea_cbc();
 #endif
 		else
 			goto bad;
 		argv++;
 		argc--;
 		}
 	if (dsaparams == NULL)
 		{
 bad:
 		BIO_printf(bio_err,"usage: gendsa [args] dsaparam-file\n");
 		BIO_printf(bio_err," -out file - output the key to 'file'\n");
 #ifndef NO_DES
 		BIO_printf(bio_err," -des      - encrypt the generated key with DES in cbc mode\n");
 		BIO_printf(bio_err," -des3     - encrypt the generated key with DES in ede cbc mode (168 bit key)\n");
 #endif
 #ifndef NO_IDEA
 		BIO_printf(bio_err," -idea     - encrypt the generated key with IDEA in cbc mode\n");
 #endif
 		BIO_printf(bio_err," -rand file:file:...\n");
 		BIO_printf(bio_err,"           - load the file (or the files in the directory) into\n");
 		BIO_printf(bio_err,"             the random number generator\n");
 		BIO_printf(bio_err," dsaparam-file\n");
 		BIO_printf(bio_err,"           - a DSA parameter file as generated by the dsaparam command\n");
 		goto end;
 		}
 	in=BIO_new(BIO_s_file());
 	if (!(BIO_read_filename(in,dsaparams)))
 		{
 		perror(dsaparams);
 		goto end;
 		}
 	if ((dsa=PEM_read_bio_DSAparams(in,NULL,NULL)) == NULL)
 		{
 		BIO_printf(bio_err,"unable to load DSA parameter file\n");
 		goto end;
 		}
 	BIO_free(in);
 	out=BIO_new(BIO_s_file());
 	if (out == NULL) goto end;
 	if (outfile == NULL)
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
 	else
 		{
 		if (BIO_write_filename(out,outfile) <= 0)
 			{
 			perror(outfile);
 			goto end;
 			}
 		}
 	randfile=RAND_file_name(buffer,200);
 	if ((randfile == NULL)|| !RAND_load_file(randfile,1024L*1024L))
 		BIO_printf(bio_err,"unable to load 'random state'\n");
 	if (inrand == NULL)
 		BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
 	else
 		{
 		BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
 			dsa_load_rand(inrand));
 		}
 	BIO_printf(bio_err,"Generating DSA key, %d bits\n",
 							BN_num_bits(dsa->p));
 	if (!DSA_generate_key(dsa)) goto end;
 	if (randfile == NULL)
 		BIO_printf(bio_err,"unable to write 'random state'\n");
 	else
 		RAND_write_file(randfile);
 	if (!PEM_write_bio_DSAPrivateKey(out,dsa,enc,NULL,0,NULL))
 		goto end;
 	ret=0;
 end:
 	if (ret != 0)
 		ERR_print_errors(bio_err);
 	if (out != NULL) BIO_free(out);
 	if (dsa != NULL) DSA_free(dsa);
 	EXIT(ret);
 	}
 static long dsa_load_rand(name)
 char *name;
 	{
 	char *p,*n;
 	int last;
 	long tot=0;
 	for (;;)
 		{
 		last=0;
 		for (p=name; ((*p != '\0') && (*p != LIST_SEPARATOR_CHAR)); p++);
 		if (*p == '\0') last=1;
 		*p='\0';
 		n=name;
 		name=p+1;
 		if (*n == '\0') break;
 		tot+=RAND_load_file(n,1);
 		if (last) break;
 		}
 	return(tot);
 	}
--- a/apps/genrsa.c
+++ b/apps/genrsa.c
@@ -1,278 +0,0 @@
 /* apps/genrsa.c */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
 * 
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
 * 
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *    "This product includes cryptographic software written by
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
 * 4. If you include any Windows specific code (or a derivative thereof) from 
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
 * 
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 * 
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */
 #include <stdio.h>
 #include <string.h>
 #include <sys/types.h>
 #include <sys/stat.h>
 #include "apps.h"
 #include "bio.h"
 #include "rand.h"
 #include "err.h"
 #include "bn.h"
 #include "rsa.h"
 #include "evp.h"
 #include "x509.h"
 #include "pem.h"
 #define DEFBITS	512
 #undef PROG
 #define PROG genrsa_main
 #ifndef NOPROTO
 static void MS_CALLBACK genrsa_cb(int p, int n, char *arg);
 static long gr_load_rand(char *names);
 #else
 static void MS_CALLBACK genrsa_cb();
 static long gr_load_rand();
 #endif
 int MAIN(argc, argv)
 int argc;
 char **argv;
 	{
 	int ret=1;
 	char buffer[200];
 	RSA *rsa=NULL;
 	int i,num=DEFBITS;
 	long rnum=0,l;
 	EVP_CIPHER *enc=NULL;
 	unsigned long f4=RSA_F4;
 	char *outfile=NULL;
 	char *inrand=NULL,*randfile;
 	BIO *out=NULL;
 	apps_startup();
 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 	if ((out=BIO_new(BIO_s_file())) == NULL)
 		{
 		BIO_printf(bio_err,"unable to creat BIO for output\n");
 		goto err;
 		}
 	argv++;
 	argc--;
 	for (;;)
 		{
 		if (argc <= 0) break;
 		if (strcmp(*argv,"-out") == 0)
 			{
 			if (--argc < 1) goto bad;
 			outfile= *(++argv);
 			}
 		else if (strcmp(*argv,"-3") == 0)
 			f4=3;
 		else if (strcmp(*argv,"-F4") == 0)
 			f4=RSA_F4;
 		else if (strcmp(*argv,"-rand") == 0)
 			{
 			if (--argc < 1) goto bad;
 			inrand= *(++argv);
 			}
 #ifndef NO_DES
 		else if (strcmp(*argv,"-des") == 0)
 			enc=EVP_des_cbc();
 		else if (strcmp(*argv,"-des3") == 0)
 			enc=EVP_des_ede3_cbc();
 #endif
 #ifndef NO_IDEA
 		else if (strcmp(*argv,"-idea") == 0)
 			enc=EVP_idea_cbc();
 #endif
 		else
 			break;
 		argv++;
 		argc--;
 		}
 	if ((argc >= 1) && ((sscanf(*argv,"%d",&num) == 0) || (num < 0)))
 		{
 bad:
 		BIO_printf(bio_err,"usage: genrsa [args] [numbits]\n");
 		BIO_printf(bio_err," -des      - encrypt the generated key with DES in cbc mode\n");
 		BIO_printf(bio_err," -des3     - encrypt the generated key with DES in ede cbc mode (168 bit key)\n");
 #ifndef NO_IDEA
 		BIO_printf(bio_err," -idea     - encrypt the generated key with IDEA in cbc mode\n");
 #endif
 		BIO_printf(bio_err," -out file - output the key to 'file\n");
 		BIO_printf(bio_err," -f4       - use F4 (0x10001) for the E value\n");
 		BIO_printf(bio_err," -3        - use 3 for the E value\n");
 		BIO_printf(bio_err," -rand file:file:...\n");
 		BIO_printf(bio_err,"           - load the file (or the files in the directory) into\n");
 		BIO_printf(bio_err,"             the random number generator\n");
 		goto err;
 		}
 	ERR_load_crypto_strings();
 	if (outfile == NULL)
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
 	else
 		{
 		if (BIO_write_filename(out,outfile) <= 0)
 			{
 			perror(outfile);
 			goto err;
 			}
 		}
 #ifdef WINDOWS
 	BIO_printf(bio_err,"Loading 'screen' into random state -");
 	BIO_flush(bio_err);
 	RAND_screen();
 	BIO_printf(bio_err," done\n");
 #endif
 	randfile=RAND_file_name(buffer,200);
 	if ((randfile == NULL) ||
 		 !(rnum=(long)RAND_load_file(randfile,1024L*1024L)))
 		{
 		BIO_printf(bio_err,"unable to load 'random state'\n");
 		}
 	if (inrand == NULL)
 		{
 		if (rnum == 0)
 			{
 			BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
 			}
 		}
 	else
 		{
 		rnum+=gr_load_rand(inrand);
 		}
 	if (rnum != 0)
 		BIO_printf(bio_err,"%ld semi-random bytes loaded\n",rnum);
 	BIO_printf(bio_err,"Generating RSA private key, %d bit long modulus\n",
 		num);
 	rsa=RSA_generate_key(num,f4,genrsa_cb,(char *)bio_err);
 	if (randfile == NULL)
 		BIO_printf(bio_err,"unable to write 'random state'\n");
 	else
 		RAND_write_file(randfile);
 	if (rsa == NULL) goto err;
 	/* We need to do the folloing for when the base number size is <
 	 * long, esp windows 3.1 :-(. */
 	l=0L;
 	for (i=0; i<rsa->e->top; i++)
 		{
 #ifndef SIXTY_FOUR_BIT
 		l<<=BN_BITS4;
 		l<<=BN_BITS4;
 #endif
 		l+=rsa->e->d[i];
 		}
 	BIO_printf(bio_err,"e is %ld (0x%lX)\n",l,l);
 	if (!PEM_write_bio_RSAPrivateKey(out,rsa,enc,NULL,0,NULL))
 		goto err;
 	ret=0;
 err:
 	if (rsa != NULL) RSA_free(rsa);
 	if (out != NULL) BIO_free(out);
 	if (ret != 0)
 		ERR_print_errors(bio_err);
 	EXIT(ret);
 	}
 static void MS_CALLBACK genrsa_cb(p, n, arg)
 int p;
 int n;
 char *arg;
 	{
 	char c='*';
 	if (p == 0) c='.';
 	if (p == 1) c='+';
 	if (p == 2) c='*';
 	if (p == 3) c='\n';
 	BIO_write((BIO *)arg,&c,1);
 	BIO_flush((BIO *)arg);
 #ifdef LINT
 	p=n;
 #endif
 	}
 static long gr_load_rand(name)
 char *name;
 	{
 	char *p,*n;
 	int last;
 	long tot=0;
 	for (;;)
 		{
 		last=0;
 		for (p=name; ((*p != '\0') && (*p != LIST_SEPARATOR_CHAR)); p++);
 		if (*p == '\0') last=1;
 		*p='\0';
 		n=name;
 		name=p+1;
 		if (*n == '\0') break;
 		tot+=RAND_load_file(n,1024L*1024L);
 		if (last) break;
 		}
 	return(tot);
 	}
--- a/apps/nseq.c
+++ b/apps/nseq.c
@@ -1,182 +0,0 @@
 /* nseq.c */
 /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
 * project 1999.
 */
 /* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer. 
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    licensing@OpenSSL.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */
 #include <stdio.h>
 #include "pem.h"
 #include "err.h"
 #include "apps.h"
 #undef PROG
 #define PROG nseq_main
 #ifdef NOPROTO
 static int dump_cert_text(BIO *out, X509 *x);
 #else
 static int dump_cert_text();
 #endif
 int MAIN(argc, argv)
 int argc;
 char **argv;
 {
 	char **args, *infile = NULL, *outfile = NULL;
 	BIO *in = NULL, *out = NULL;
 	int toseq = 0;
 	X509 *x509 = NULL;
 	NETSCAPE_CERT_SEQUENCE *seq = NULL;
 	int i, ret = 1;
 	int badarg = 0;
 	if (bio_err == NULL) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
 	ERR_load_crypto_strings();
        SSLeay_add_all_algorithms();
 	args = argv + 1;
 	while (!badarg && *args && *args[0] == '-') {
 		if (!strcmp (*args, "-toseq")) toseq = 1;
 		else if (!strcmp (*args, "-in")) {
 			if (args[1]) {
 				args++;
 				infile = *args;
 			} else badarg = 1;
 		} else if (!strcmp (*args, "-out")) {
 			if (args[1]) {
 				args++;
 				outfile = *args;
 			} else badarg = 1;
 		} else badarg = 1;
 		args++;
 	}
 	if (badarg) {
 		BIO_printf (bio_err, "Netscape certificate sequence utility\n");
 		BIO_printf (bio_err, "Usage nseq [options]\n");
 		BIO_printf (bio_err, "where options are\n");
                BIO_printf (bio_err, "-in file  input file\n");
                BIO_printf (bio_err, "-out file output file\n");
                BIO_printf (bio_err, "-toseq    output NS Sequence file\n");
 		EXIT(1);
 	}
 	if (infile) {
 		if (!(in = BIO_new_file (infile, "r"))) {
 			BIO_printf (bio_err,
 				 "Can't open input file %s\n", infile);
 			goto end;
 		}
 	} else in = BIO_new_fp(stdin, BIO_NOCLOSE);
 	if (outfile) {
 		if (!(out = BIO_new_file (outfile, "w"))) {
 			BIO_printf (bio_err,
 				 "Can't open output file %s\n", outfile);
 			goto end;
 		}
 	} else out = BIO_new_fp(stdout, BIO_NOCLOSE);
 	if (toseq) {
 		seq = NETSCAPE_CERT_SEQUENCE_new();
 		seq->certs = sk_new(NULL);
 		while((x509 = PEM_read_bio_X509(in, NULL, NULL))) 
 					sk_push(seq->certs, (char *)x509);
 		if(!sk_num(seq->certs))
 		{
 			BIO_printf (bio_err, "Error reading certs file %s\n", infile);
 			ERR_print_errors(bio_err);
 			goto end;
 		}
 		PEM_write_bio_NETSCAPE_CERT_SEQUENCE(out, seq);
 		ret = 0;
 		goto end;
 	}
 	if (!(seq = PEM_read_bio_NETSCAPE_CERT_SEQUENCE(in, NULL, NULL))) {
 		BIO_printf (bio_err, "Error reading sequence file %s\n", infile);
 		ERR_print_errors(bio_err);
 		goto end;
 	}
 	for(i = 0; i < sk_num(seq->certs); i++) {
 		x509 = (X509 *) sk_value(seq->certs, i);
 		dump_cert_text(out, x509);
 		PEM_write_bio_X509(out, x509);
 	}
 	ret = 0;
 end:
 	BIO_free(in);
 	BIO_free(out);
 	NETSCAPE_CERT_SEQUENCE_free(seq);
 	EXIT(ret);
 }
 static int dump_cert_text(out, x)
 BIO *out;
 X509 *x;
 {
        char buf[256];
        X509_NAME_oneline(X509_get_subject_name(x),buf,256);
        BIO_puts(out,"subject=");
        BIO_puts(out,buf);
        X509_NAME_oneline(X509_get_issuer_name(x),buf,256);
        BIO_puts(out,"\nissuer= ");
        BIO_puts(out,buf);
        BIO_puts(out,"\n");
        return 0;
 }
--- a/apps/oid.cnf
+++ b/apps/oid.cnf
@@ -1,6 +0,0 @@
 2.99999.1       SET.ex1         SET x509v3 extension 1
 2.99999.2       SET.ex2         SET x509v3 extension 2
 2.99999.3       SET.ex3         SET x509v3 extension 3
 2.99999.4       SET.ex4         SET x509v3 extension 4
 2.99999.5       SET.ex5         SET x509v3 extension 5
 2.99999.6       SET.ex6         SET x509v3 extension 6
--- a/apps/openssl.c
+++ b/apps/openssl.c
@@ -1,361 +0,0 @@
 /* apps/openssl.c */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
 * 
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
 * 
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *    "This product includes cryptographic software written by
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
 * 4. If you include any Windows specific code (or a derivative thereof) from 
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
 * 
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 * 
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */
 #ifndef DEBUG
 #undef DEBUG
 #endif
 #include <stdio.h>
 #include <string.h>
 #include <stdlib.h>
 #include "bio.h"
 #include "crypto.h"
 #include "lhash.h"
 #include "conf.h"
 #include "x509.h"
 #include "pem.h"
 #include "ssl.h"
 #define SSLEAY	/* turn off a few special case MONOLITH macros */
 #define USE_SOCKETS /* needed for the _O_BINARY defs in the MS world */
 #define SSLEAY_SRC
 #include "apps.h"
 #include "s_apps.h"
 #include "err.h"
 /*
 #ifdef WINDOWS
 #include "bss_file.c"
 #endif
 */
 #ifndef NOPROTO
 static unsigned long MS_CALLBACK hash(FUNCTION *a);
 static int MS_CALLBACK cmp(FUNCTION *a,FUNCTION *b);
 static LHASH *prog_init(void );
 static int do_cmd(LHASH *prog,int argc,char *argv[]);
 #else
 static unsigned long MS_CALLBACK hash();
 static int MS_CALLBACK cmp();
 static LHASH *prog_init();
 static int do_cmd();
 #endif
 LHASH *config=NULL;
 char *default_config_file=NULL;
 #ifdef DEBUG
 static void sig_stop(i)
 int i;
 	{
 	char *a=NULL;
 	*a='\0';
 	}
 #endif
 /* Make sure there is only one when MONOLITH is defined */
 #ifdef MONOLITH
 BIO *bio_err=NULL;
 #endif
 int main(Argc,Argv)
 int Argc;
 char *Argv[];
 	{
 	ARGS arg;
 #define PROG_NAME_SIZE	16
 	char pname[PROG_NAME_SIZE];
 	FUNCTION f,*fp;
 	MS_STATIC char *prompt,buf[1024],config_name[256];
 	int n,i,ret=0;
 	int argc;
 	char **argv,*p;
 	LHASH *prog=NULL;
 	long errline;
 	arg.data=NULL;
 	arg.count=0;
 	/* SSLeay_add_ssl_algorithms(); is called in apps_startup() */
 	apps_startup();
 #if defined(DEBUG) && !defined(WINDOWS) && !defined(MSDOS)
 #ifdef SIGBUS
 	signal(SIGBUS,sig_stop);
 #endif
 #ifdef SIGSEGV
 	signal(SIGSEGV,sig_stop);
 #endif
 #endif
 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
 	ERR_load_crypto_strings();
 	/* Lets load up our environment a little */
 	p=getenv("OPENSSL_CONF");
 	if (p == NULL)
 		p=getenv("SSLEAY_CONF");
 	if (p == NULL)
 		{
 		strcpy(config_name,X509_get_default_cert_area());
 		strcat(config_name,"/lib/");
 		strcat(config_name,OPENSSL_CONF);
 		p=config_name;
 		}
 	default_config_file=p;
 	config=CONF_load(config,p,&errline);
 	if (config == NULL) ERR_clear_error();
 	prog=prog_init();
 	/* first check the program name */
 	program_name(Argv[0],pname,PROG_NAME_SIZE);
 	f.name=pname;
 	fp=(FUNCTION *)lh_retrieve(prog,(char *)&f);
 	if (fp != NULL)
 		{
 		Argv[0]=pname;
 		ret=fp->func(Argc,Argv);
 		goto end;
 		}
 	/* ok, now check that there are not arguments, if there are,
 	 * run with them, shifting the ssleay off the front */
 	if (Argc != 1)
 		{
 		Argc--;
 		Argv++;
 		ret=do_cmd(prog,Argc,Argv);
 		if (ret < 0) ret=0;
 		goto end;
 		}
 	/* ok, lets enter the old 'OpenSSL>' mode */
 	for (;;)
 		{
 		ret=0;
 		p=buf;
 		n=1024;
 		i=0;
 		for (;;)
 			{
 			p[0]='\0';
 			if (i++)
 				prompt=">";
 			else	prompt="OpenSSL> ";
 			fputs(prompt,stdout);
 			fflush(stdout);
 			fgets(p,n,stdin);
 			if (p[0] == '\0') goto end;
 			i=strlen(p);
 			if (i <= 1) break;
 			if (p[i-2] != '\\') break;
 			i-=2;
 			p+=i;
 			n-=i;
 			}
 		if (!chopup_args(&arg,buf,&argc,&argv)) break;
 		ret=do_cmd(prog,argc,argv);
 		if (ret < 0)
 			{
 			ret=0;
 			goto end;
 			}
 		if (ret != 0)
 			BIO_printf(bio_err,"error in %s\n",argv[0]);
 		BIO_flush(bio_err);
 		}
 	BIO_printf(bio_err,"bad exit\n");
 	ret=1;
 end:
 	if (config != NULL)
 		{
 		CONF_free(config);
 		config=NULL;
 		}
 	if (prog != NULL) lh_free(prog);
 	if (arg.data != NULL) Free(arg.data);
 	ERR_remove_state(0);
 	EVP_cleanup();
 	ERR_free_strings();
 	CRYPTO_mem_leaks(bio_err);
 	if (bio_err != NULL)
 		{
 		BIO_free(bio_err);
 		bio_err=NULL;
 		}
 	EXIT(ret);
 	}
 static int do_cmd(prog,argc,argv)
 LHASH *prog;
 int argc;
 char *argv[];
 	{
 	FUNCTION f,*fp;
 	int i,ret=1,tp,nl;
 	if ((argc <= 0) || (argv[0] == NULL))
 		{ ret=0; goto end; }
 	f.name=argv[0];
 	fp=(FUNCTION *)lh_retrieve(prog,(char *)&f);
 	if (fp != NULL)
 		{
 		ret=fp->func(argc,argv);
 		}
 	else if ((strcmp(argv[0],"quit") == 0) ||
 		(strcmp(argv[0],"q") == 0) ||
 		(strcmp(argv[0],"exit") == 0) ||
 		(strcmp(argv[0],"bye") == 0))
 		{
 		ret= -1;
 		goto end;
 		}
 	else
 		{
 		BIO_printf(bio_err,"openssl:Error: '%s' is an invalid command.\n",
 			argv[0]);
 		BIO_printf(bio_err, "\nStandard commands");
 		i=0;
 		tp=0;
 		for (fp=functions; fp->name != NULL; fp++)
 			{
 			nl=0;
 			if (((i++) % 5) == 0)
 				{
 				BIO_printf(bio_err,"\n");
 				nl=1;
 				}
 			if (fp->type != tp)
 				{
 				tp=fp->type;
 				if (!nl) BIO_printf(bio_err,"\n");
 				if (tp == FUNC_TYPE_MD)
 					{
 					i=1;
 					BIO_printf(bio_err,
 						"\nMessage Digest commands (see the `dgst' command for more details)\n");
 					}
 				else if (tp == FUNC_TYPE_CIPHER)
 					{
 					i=1;
 					BIO_printf(bio_err,"\nCipher commands (see the `enc' command for more details)\n");
 					}
 				}
 			BIO_printf(bio_err,"%-15s",fp->name);
 			}
 		BIO_printf(bio_err,"\n\n");
 		ret=0;
 		}
 end:
 	return(ret);
 	}
 static int SortFnByName(const void *_f1,const void *_f2)
    {
    const FUNCTION *f1=_f1;
    const FUNCTION *f2=_f2;
    if(f1->type != f2->type)
 	return f1->type-f2->type;
    return strcmp(f1->name,f2->name);
    }
 static LHASH *prog_init()
 	{
 	LHASH *ret;
 	FUNCTION *f;
 	int i;
 	/* Purely so it looks nice when the user hits ? */
 	for(i=0,f=functions ; f->name != NULL ; ++f,++i)
 	    ;
 	qsort(functions,i,sizeof *functions,SortFnByName);
 	if ((ret=lh_new(hash,cmp)) == NULL) return(NULL);
 	for (f=functions; f->name != NULL; f++)
 		lh_insert(ret,(char *)f);
 	return(ret);
 	}
 static int MS_CALLBACK cmp(a,b)
 FUNCTION *a,*b;
 	{
 	return(strncmp(a->name,b->name,8));
 	}
 static unsigned long MS_CALLBACK hash(a)
 FUNCTION *a;
 	{
 	return(lh_strhash(a->name));
 	}
 #undef SSLEAY
--- a/apps/openssl.cnf
+++ b/apps/openssl.cnf
@@ -1,199 +0,0 @@
 #
 # OpenSSL example configuration file.
 # This is mostly being used for generation of certificate requests.
 #
 RANDFILE		= $ENV::HOME/.rnd
 oid_file		= $ENV::HOME/.oid
 oid_section		= new_oids
 [ new_oids ]
 # We can add new OIDs in here for use by 'ca' and 'req'.
 # Add a simple OID like this:
 # testoid1=1.2.3.4
 # Or use config file substitution like this:
 # testoid2=${testoid1}.5.6
 ####################################################################
 [ ca ]
 default_ca	= CA_default		# The default ca section
 ####################################################################
 [ CA_default ]
 dir		= ./demoCA		# Where everything is kept
 certs		= $dir/certs		# Where the issued certs are kept
 crl_dir		= $dir/crl		# Where the issued crl are kept
 database	= $dir/index.txt	# database index file.
 new_certs_dir	= $dir/newcerts		# default place for new certs.
 certificate	= $dir/cacert.pem 	# The CA certificate
 serial		= $dir/serial 		# The current serial number
 crl		= $dir/crl.pem 		# The current CRL
 private_key	= $dir/private/cakey.pem# The private key
 RANDFILE	= $dir/private/.rand	# private random number file
 x509_extensions	= usr_cert		# The extentions to add to the cert
 crl_extensions	= crl_ext		# Extensions to add to CRL
 default_days	= 365			# how long to certify for
 default_crl_days= 30			# how long before next CRL
 default_md	= md5			# which md to use.
 preserve	= no			# keep passed DN ordering
 # A few difference way of specifying how similar the request should look
 # For type CA, the listed attributes must be the same, and the optional
 # and supplied fields are just that :-)
 policy		= policy_match
 # For the CA policy
 [ policy_match ]
 countryName		= match
 stateOrProvinceName	= match
 organizationName	= match
 organizationalUnitName	= optional
 commonName		= supplied
 emailAddress		= optional
 # For the 'anything' policy
 # At this point in time, you must list all acceptable 'object'
 # types.
 [ policy_anything ]
 countryName		= optional
 stateOrProvinceName	= optional
 localityName		= optional
 organizationName	= optional
 organizationalUnitName	= optional
 commonName		= supplied
 emailAddress		= optional
 ####################################################################
 [ req ]
 default_bits		= 1024
 default_keyfile 	= privkey.pem
 distinguished_name	= req_distinguished_name
 attributes		= req_attributes
 x509_extensions	= v3_ca	# The extentions to add to the self signed cert
 [ req_distinguished_name ]
 countryName			= Country Name (2 letter code)
 countryName_default		= AU
 countryName_min			= 2
 countryName_max			= 2
 stateOrProvinceName		= State or Province Name (full name)
 stateOrProvinceName_default	= Some-State
 localityName			= Locality Name (eg, city)
 0.organizationName		= Organization Name (eg, company)
 0.organizationName_default	= Internet Widgits Pty Ltd
 # we can do this but it is not needed normally :-)
 #1.organizationName		= Second Organization Name (eg, company)
 #1.organizationName_default	= World Wide Web Pty Ltd
 organizationalUnitName		= Organizational Unit Name (eg, section)
 #organizationalUnitName_default	=
 commonName			= Common Name (eg, YOUR name)
 commonName_max			= 64
 emailAddress			= Email Address
 emailAddress_max		= 40
 # SET-ex3			= SET extension number 3
 [ req_attributes ]
 challengePassword		= A challenge password
 challengePassword_min		= 4
 challengePassword_max		= 20
 unstructuredName		= An optional company name
 [ usr_cert ]
 # These extensions are added when 'ca' signs a request.
 # This goes against PKIX guidelines but some CAs do it and some software
 # requires this to avoid interpreting an end user certificate as a CA.
 basicConstraints=CA:FALSE
 # Here are some examples of the usage of nsCertType. If it is omitted
 # the certificate can be used for anything *except* object signing.
 # This is OK for an SSL server.
 #nsCertType			= server
 # For an object signing certificate this would be used.
 #nsCertType = objsign
 # For normal client use this is typical
 #nsCertType = client, email
 # This is typical also
 keyUsage = nonRepudiation, digitalSignature, keyEncipherment
 nsComment			= "OpenSSL Generated Certificate"
 # PKIX recommendations
 subjectKeyIdentifier=hash
 authorityKeyIdentifier=keyid,issuer:always
 # Import the email address.
 subjectAltName=email:copy
 # Copy subject details
 issuerAltName=issuer:copy
 #nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
 #nsBaseUrl
 #nsRevocationUrl
 #nsRenewalUrl
 #nsCaPolicyUrl
 #nsSslServerName
 [ v3_ca]
 # Extensions for a typical CA
 # It's a CA certificate
 basicConstraints = CA:true
 # PKIX recommendation.
 subjectKeyIdentifier=hash
 authorityKeyIdentifier=keyid:always,issuer:always
 # This is what PKIX recommends but some broken software chokes on critical
 # extensions.
 #basicConstraints = critical,CA:true
 # Key usage: again this should really be critical.
 keyUsage = cRLSign, keyCertSign
 # Some might want this also
 #nsCertType = sslCA, emailCA
 # Include email address in subject alt name: another PKIX recommendation
 subjectAltName=email:copy
 # Copy issuer details
 issuerAltName=issuer:copy
 # RAW DER hex encoding of an extension: beware experts only!
 # 1.2.3.5=RAW:02:03
 # You can even override a supported extension:
 # basicConstraints= critical, RAW:30:03:01:01:FF
 [ crl_ext ]
 # CRL extensions.
 # Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
 issuerAltName=issuer:copy
 authorityKeyIdentifier=keyid:always,issuer:always
--- a/apps/pca-cert.srl
+++ b/apps/pca-cert.srl
@@ -1 +0,0 @@
 01
--- a/apps/pca-key.pem
+++ b/apps/pca-key.pem
@@ -1,15 +0,0 @@
 -----BEGIN RSA PRIVATE KEY-----
 MIICXAIBAAKBgQCdoWk/3+WcMlfjIrkg40ketmnQaEogQe1LLcuOJV6rKfUSAsPg
 wgsabJ/wn8TxA1yy3eKJbFl3OiUXMRsp22Jp85PmemiDzyUIStwk72qhp1imbANZ
 vlmlCFKiQrjUyuDfu4TABmn+kkt3vR1YBEOGt+IFye1UBVSATVdRJ2UVhwIDAQAB
 AoGAba4fTtuap5l7/8ZsbE7Z1O32KJY4ZcOZukLOLUUhXxXduT+FTgGWujc0/rgc
 z9qYCLlNZHOouMYTgtSfYvuMuLZ11VIt0GYH+nRioLShE59Yy+zCRyC+gPigS1kz
 xvo14AsOIPYV14Tk/SsHyq6E0eTk7VzaIE197giiINUERPECQQDSKmtPTh/lRKw7
 HSZSM0I1mFWn/1zqrAbontRQY5w98QWIOe5qmzYyFbPXYT3d9BzlsMyhgiRNoBbD
 yvohSHXJAkEAwAHx6ezAZeWWzD5yXD36nyjpkVCw7Tk7TSmOceLJMWt1QcrCfqlS
 xA5jjpQ6Z8suU5DdtWAryM2sAir1WisYzwJAd6Zcx56jvAQ3xcPXsE6scBTVFzrj
 7FqZ6E+cclPzfLQ+QQsyOBE7bpI6e/FJppY26XGZXo3YGzV8IGXrt40oOQJALETG
 h86EFXo3qGOFbmsDy4pdP5nBERCu8X1xUCSfintiD4c2DInxgS5oGclnJeMcjTvL
 QjQoJCX3UJCi/OUO1QJBAKgcDHWjMvt+l1pjJBsSEZ0HX9AAIIVx0RQmbFGS+F2Q
 hhu5l77WnnZOQ9vvhV5u7NPCUF9nhU3jh60qWWO8mkc=
 -----END RSA PRIVATE KEY-----
--- a/apps/pca-req.pem
+++ b/apps/pca-req.pem
@@ -1,11 +0,0 @@
 -----BEGIN CERTIFICATE REQUEST-----
 MIIBmjCCAQMCAQAwXDELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQx
 GjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYDVQQDExNUZXN0IFBDQSAo
 MTAyNCBiaXQpMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCdoWk/3+WcMlfj
 Irkg40ketmnQaEogQe1LLcuOJV6rKfUSAsPgwgsabJ/wn8TxA1yy3eKJbFl3OiUX
 MRsp22Jp85PmemiDzyUIStwk72qhp1imbANZvlmlCFKiQrjUyuDfu4TABmn+kkt3
 vR1YBEOGt+IFye1UBVSATVdRJ2UVhwIDAQABMA0GCSqGSIb3DQEBBAUAA4GBAEzz
 IG8NnfpnPTQSCN5zJhOfy6p9AcDyQzuJirYv1HR/qoYWalPh/U2uiK0lAim7qMcv
 wOlK3I7A8B7/4dLqvIqgtUj9b1WT8zIrnwdvJI4osLI2BY+c1pVlp174DHLMol1L
 Cl1e3N5BTm7lCitTYjuUhsw6hiA8IcdNKDo6sktV
 -----END CERTIFICATE REQUEST-----
--- a/apps/pem_mail.c
+++ b/apps/pem_mail.c
@@ -1,170 +0,0 @@
 /* apps/pem_mail.c */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
 * 
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
 * 
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *    "This product includes cryptographic software written by
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
 * 4. If you include any Windows specific code (or a derivative thereof) from 
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
 * 
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 * 
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */
 #include <stdio.h>
 #include "rsa.h"
 #include "evp.h"
 #include "objects.h"
 #include "x509.h"
 #include "err.h"
 #include "pem.h"
 #include "apps.h"
 #undef PROG
 #define PROG	pem_mail_main
 static char *usage[]={
 "usage: pem_mail args\n",
 "\n",
 " -in arg         - input file - default stdin\n",
 " -out arg        - output file - default stdout\n",
 " -cert arg       - the certificate to use\n",
 " -key arg        - the private key to use\n",
 " -MIC           - sign the message\n",
 " -enc arg        - encrypt with one of cbc-des\n",
 NULL
 };
 typedef struct lines_St
 	{
 	char *line;
 	struct lines_st *next;
 	} LINES;
 int main(argc, argv)
 int argc;
 char **argv;
 	{
 	FILE *in;
 	RSA *rsa=NULL;
 	EVP_MD_CTX ctx;
 	unsigned int mic=0,i,n;
 	unsigned char buf[1024*15];
 	char *prog,*infile=NULL,*outfile=NULL,*key=NULL;
 	int badops=0;
 	apps_startup();
 	prog=argv[0];
 	argc--;
 	argv++;
 	while (argc >= 1)
 		{
 		if (strcmp(*argv,"-key") == 0)
 			{
 			if (--argc < 1) goto bad;
 			key= *(++argv);
 			}
 		else if (strcmp(*argv,"-in") == 0)
 			{
 			if (--argc < 1) goto bad;
 			infile= *(++argv);
 			}
 		else if (strcmp(*argv,"-out") == 0)
 			{
 			if (--argc < 1) goto bad;
 			outfile= *(++argv);
 			}
 		else if (strcmp(*argv,"-mic") == 0)
 			mic=1;
 		else
 			{
 			BIO_printf(bio_err,"unknown option %s\n",*argv);
 			badops=1;
 			break;
 			}
 		argc--;
 		argv++;
 		}
 	if (badops)
 		{
 bad:
 		BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
 		BIO_printf(bio_err,"where options  are\n");
 		EXIT(1);
 		}
 	if (key == NULL)
 		{ BIO_printf(bio_err,"you need to specify a key\n"); EXIT(1); }
 	in=fopen(key,"r");
 	if (in == NULL) { perror(key); EXIT(1); }
 	rsa=PEM_read_RSAPrivateKey(in,NULL,NULL);
 	if (rsa == NULL)
 		{
 		BIO_printf(bio_err,"unable to load Private Key\n");
 		ERR_print_errors(bio_err);
 		EXIT(1);
 		}
 	fclose(in);
 	PEM_SignInit(&ctx,EVP_md5());
 	for (;;)
 		{
 		i=fread(buf,1,1024*10,stdin);
 		if (i <= 0) break;
 		PEM_SignUpdate(&ctx,buf,i);
 		}
 	if (!PEM_SignFinal(&ctx,buf,&n,rsa)) goto err;
 	BIO_printf(bio_err,"%s\n",buf);
 	EXIT(0);
 err:
 	ERR_print_errors(bio_err);
 	EXIT(1);
 	}
--- a/apps/pkcs7.c
+++ b/apps/pkcs7.c
@@ -1,315 +0,0 @@
 /* apps/pkcs7.c */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
 * 
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
 * 
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *    "This product includes cryptographic software written by
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
 * 4. If you include any Windows specific code (or a derivative thereof) from 
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
 * 
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 * 
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include <time.h>
 #include "apps.h"
 #include "err.h"
 #include "objects.h"
 #include "evp.h"
 #include "x509.h"
 #include "pkcs7.h"
 #include "pem.h"
 #undef PROG
 #define PROG	pkcs7_main
 /* -inform arg	- input format - default PEM (one of DER, TXT or PEM)
 * -outform arg - output format - default PEM
 * -in arg	- input file - default stdin
 * -out arg	- output file - default stdout
 * -des		- encrypt output if PEM format with DES in cbc mode
 * -des3	- encrypt output if PEM format
 * -idea	- encrypt output if PEM format
 * -print_certs
 */
 int MAIN(argc, argv)
 int argc;
 char **argv;
 	{
 	PKCS7 *p7=NULL;
 	int i,badops=0;
 #if !defined(NO_DES) || !defined(NO_IDEA)
 	EVP_CIPHER *enc=NULL;
 #endif
 	BIO *in=NULL,*out=NULL;
 	int informat,outformat;
 	char *infile,*outfile,*prog,buf[256];
 	int print_certs=0;
 	int ret=0;
 	apps_startup();
 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 	infile=NULL;
 	outfile=NULL;
 	informat=FORMAT_PEM;
 	outformat=FORMAT_PEM;
 	prog=argv[0];
 	argc--;
 	argv++;
 	while (argc >= 1)
 		{
 		if 	(strcmp(*argv,"-inform") == 0)
 			{
 			if (--argc < 1) goto bad;
 			informat=str2fmt(*(++argv));
 			}
 		else if (strcmp(*argv,"-outform") == 0)
 			{
 			if (--argc < 1) goto bad;
 			outformat=str2fmt(*(++argv));
 			}
 		else if (strcmp(*argv,"-in") == 0)
 			{
 			if (--argc < 1) goto bad;
 			infile= *(++argv);
 			}
 		else if (strcmp(*argv,"-out") == 0)
 			{
 			if (--argc < 1) goto bad;
 			outfile= *(++argv);
 			}
 		else if (strcmp(*argv,"-print_certs") == 0)
 			print_certs=1;
 #ifndef NO_DES
 		else if (strcmp(*argv,"-des") == 0)
 			enc=EVP_des_cbc();
 		else if (strcmp(*argv,"-des3") == 0)
 			enc=EVP_des_ede3_cbc();
 #endif
 #ifndef NO_IDEA
 		else if (strcmp(*argv,"-idea") == 0)
 			enc=EVP_idea_cbc();
 #endif
 		else
 			{
 			BIO_printf(bio_err,"unknown option %s\n",*argv);
 			badops=1;
 			break;
 			}
 		argc--;
 		argv++;
 		}
 	if (badops)
 		{
 bad:
 		BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
 		BIO_printf(bio_err,"where options are\n");
 		BIO_printf(bio_err," -inform arg   input format - one of DER TXT PEM\n");
 		BIO_printf(bio_err," -outform arg  output format - one of DER TXT PEM\n");
 		BIO_printf(bio_err," -in arg       input file\n");
 		BIO_printf(bio_err," -out arg      output file\n");
 		BIO_printf(bio_err," -print_certs  print any certs or crl in the input\n");
 		BIO_printf(bio_err," -des          encrypt PEM output with cbc des\n");
 		BIO_printf(bio_err," -des3         encrypt PEM output with ede cbc des using 168 bit key\n");
 #ifndef NO_IDEA
 		BIO_printf(bio_err," -idea         encrypt PEM output with cbc idea\n");
 #endif
 		EXIT(1);
 		}
 	ERR_load_crypto_strings();
 	in=BIO_new(BIO_s_file());
 	out=BIO_new(BIO_s_file());
 	if ((in == NULL) || (out == NULL))
 		{
 		ERR_print_errors(bio_err);
                goto end;
                }
 	if (infile == NULL)
 		BIO_set_fp(in,stdin,BIO_NOCLOSE);
 	else
 		{
 		if (BIO_read_filename(in,infile) <= 0)
 		if (in == NULL)
 			{
 			perror(infile);
 			goto end;
 			}
 		}
 	if	(informat == FORMAT_ASN1)
 		p7=d2i_PKCS7_bio(in,NULL);
 	else if (informat == FORMAT_PEM)
 		p7=PEM_read_bio_PKCS7(in,NULL,NULL);
 	else
 		{
 		BIO_printf(bio_err,"bad input format specified for pkcs7 object\n");
 		goto end;
 		}
 	if (p7 == NULL)
 		{
 		BIO_printf(bio_err,"unable to load PKCS7 object\n");
 		ERR_print_errors(bio_err);
 		goto end;
 		}
 	if (outfile == NULL)
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
 	else
 		{
 		if (BIO_write_filename(out,outfile) <= 0)
 			{
 			perror(outfile);
 			goto end;
 			}
 		}
 	if (print_certs)
 		{
 		STACK *certs=NULL;
 		STACK *crls=NULL;
 		i=OBJ_obj2nid(p7->type);
 		switch (i)
 			{
 		case NID_pkcs7_signed:
 			certs=p7->d.sign->cert;
 			crls=p7->d.sign->crl;
 			break;
 		case NID_pkcs7_signedAndEnveloped:
 			certs=p7->d.signed_and_enveloped->cert;
 			crls=p7->d.signed_and_enveloped->crl;
 			break;
 		default:
 			break;
 			}
 		if (certs != NULL)
 			{
 			X509 *x;
 			for (i=0; i<sk_num(certs); i++)
 				{
 				x=(X509 *)sk_value(certs,i);
 				X509_NAME_oneline(X509_get_subject_name(x),
 					buf,256);
 				BIO_puts(out,"subject=");
 				BIO_puts(out,buf);
 				X509_NAME_oneline(X509_get_issuer_name(x),
 					buf,256);
 				BIO_puts(out,"\nissuer= ");
 				BIO_puts(out,buf);
 				BIO_puts(out,"\n");
 				PEM_write_bio_X509(out,x);
 				BIO_puts(out,"\n");
 				}
 			}
 		if (crls != NULL)
 			{
 			X509_CRL *crl;
 			for (i=0; i<sk_num(crls); i++)
 				{
 				crl=(X509_CRL *)sk_value(crls,i);
 				X509_NAME_oneline(crl->crl->issuer,buf,256);
 				BIO_puts(out,"issuer= ");
 				BIO_puts(out,buf);
 				BIO_puts(out,"\nlast update=");
 				ASN1_TIME_print(out,crl->crl->lastUpdate);
 				BIO_puts(out,"\nnext update=");
 				ASN1_TIME_print(out,crl->crl->nextUpdate);
 				BIO_puts(out,"\n");
 				PEM_write_bio_X509_CRL(out,crl);
 				BIO_puts(out,"\n");
 				}
 			}
 		ret=0;
 		goto end;
 		}
 	if 	(outformat == FORMAT_ASN1)
 		i=i2d_PKCS7_bio(out,p7);
 	else if (outformat == FORMAT_PEM)
 		i=PEM_write_bio_PKCS7(out,p7);
 	else	{
 		BIO_printf(bio_err,"bad output format specified for outfile\n");
 		goto end;
 		}
 	if (!i)
 		{
 		BIO_printf(bio_err,"unable to write pkcs7 object\n");
 		ERR_print_errors(bio_err);
 		goto end;
 		}
 	ret=0;
 end:
 	if (p7 != NULL) PKCS7_free(p7);
 	if (in != NULL) BIO_free(in);
 	if (out != NULL) BIO_free(out);
 	EXIT(ret);
 	}
--- a/apps/privkey.pem
+++ b/apps/privkey.pem
@@ -1,18 +0,0 @@
 -----BEGIN RSA PRIVATE KEY-----
 Proc-Type: 4,ENCRYPTED
 DEK-Info: DES-EDE3-CBC,BA26229A1653B7FF
 6nhWG8PKhTPO/s3ZvjUa6226NlKdvPDZFsNXOOoSUs9ejxpb/aj5huhs6qRYzsz9
 Year47uaAZYhGD0vAagnNiBnYmjWEpN9G/wQxG7pgZThK1ZxDi63qn8aQ8UjuGHo
 F6RpnnBQIAnWTWqr/Qsybtc5EoNkrj/Cpx0OfbSr6gZsFBCxwX1R1hT3/mhJ45f3
 XMofY32Vdfx9/vtw1O7HmlHXQnXaqnbd9/nn1EpvFJG9+UjPoW7gV4jCOLuR4deE
 jS8hm+cpkwXmFtk3VGjT9tQXPpMv3JpYfBqgGQoMAJ5Toq0DWcHi6Wg08PsD8lgy
 vmTioPsRg+JGkJkJ8GnusgLpQdlQJbjzd7wGE6ElUFLfOxLo8bLlRHoriHNdWYhh
 JjY0LyeTkovcmWxVjImc6ZyBz5Ly4t0BYf1gq3OkjsV91Q1taBxnhiavfizqMCAf
 PPB3sLQnlXG77TOXkNxpqbZfEYrVZW2Nsqqdn8s07Uj4IMONZyq2odYKWFPMJBiM
 POYwXjMAOcmFMTHYsVlhcUJuV6LOuipw/FEbTtPH/MYMxLe4zx65dYo1rb4iLKLS
 gMtB0o/Wl4Xno3ZXh1ucicYnV2J7NpVcjVq+3SFiCRu2SrSkZHZ23EPS13Ec6fcz
 8X/YGA2vTJ8MAOozAzQUwHQYvLk7bIoQVekqDq4p0AZQbhdspHpArCk0Ifqqzg/v
 Uyky/zZiQYanzDenTSRVI/8wac3olxpU8QvbySxYqmbkgq6bTpXJfYFQfnAttEsC
 dA4S5UFgyOPZluxCAM4yaJF3Ft6neutNwftuJQMbgCUi9vYg2tGdSw==
 -----END RSA PRIVATE KEY-----
--- a/apps/progs.h
+++ b/apps/progs.h
@@ -1,254 +0,0 @@
 #ifndef NOPROTO
 extern int verify_main(int argc,char *argv[]);
 extern int asn1parse_main(int argc,char *argv[]);
 extern int req_main(int argc,char *argv[]);
 extern int dgst_main(int argc,char *argv[]);
 extern int dh_main(int argc,char *argv[]);
 extern int enc_main(int argc,char *argv[]);
 extern int gendh_main(int argc,char *argv[]);
 extern int errstr_main(int argc,char *argv[]);
 extern int ca_main(int argc,char *argv[]);
 extern int crl_main(int argc,char *argv[]);
 extern int rsa_main(int argc,char *argv[]);
 extern int dsa_main(int argc,char *argv[]);
 extern int dsaparam_main(int argc,char *argv[]);
 extern int x509_main(int argc,char *argv[]);
 extern int genrsa_main(int argc,char *argv[]);
 extern int gendsa_main(int argc,char *argv[]);
 extern int s_server_main(int argc,char *argv[]);
 extern int s_client_main(int argc,char *argv[]);
 extern int speed_main(int argc,char *argv[]);
 extern int s_time_main(int argc,char *argv[]);
 extern int version_main(int argc,char *argv[]);
 extern int pkcs7_main(int argc,char *argv[]);
 extern int crl2pkcs7_main(int argc,char *argv[]);
 extern int sess_id_main(int argc,char *argv[]);
 extern int ciphers_main(int argc,char *argv[]);
 extern int nseq_main(int argc,char *argv[]);
 #else
 extern int verify_main();
 extern int asn1parse_main();
 extern int req_main();
 extern int dgst_main();
 extern int dh_main();
 extern int enc_main();
 extern int gendh_main();
 extern int errstr_main();
 extern int ca_main();
 extern int crl_main();
 extern int rsa_main();
 extern int dsa_main();
 extern int dsaparam_main();
 extern int x509_main();
 extern int genrsa_main();
 extern int gendsa_main();
 extern int s_server_main();
 extern int s_client_main();
 extern int speed_main();
 extern int s_time_main();
 extern int version_main();
 extern int pkcs7_main();
 extern int crl2pkcs7_main();
 extern int sess_id_main();
 extern int ciphers_main();
 extern int nseq_main();
 #endif
 #ifdef SSLEAY_SRC
 #define FUNC_TYPE_GENERAL	1
 #define FUNC_TYPE_MD		2
 #define FUNC_TYPE_CIPHER	3
 typedef struct {
 	int type;
 	char *name;
 	int (*func)();
 	} FUNCTION;
 FUNCTION functions[] = {
 	{FUNC_TYPE_GENERAL,"verify",verify_main},
 	{FUNC_TYPE_GENERAL,"asn1parse",asn1parse_main},
 	{FUNC_TYPE_GENERAL,"req",req_main},
 	{FUNC_TYPE_GENERAL,"dgst",dgst_main},
 #ifndef NO_DH
 	{FUNC_TYPE_GENERAL,"dh",dh_main},
 #endif
 	{FUNC_TYPE_GENERAL,"enc",enc_main},
 #ifndef NO_DH
 	{FUNC_TYPE_GENERAL,"gendh",gendh_main},
 #endif
 	{FUNC_TYPE_GENERAL,"errstr",errstr_main},
 	{FUNC_TYPE_GENERAL,"ca",ca_main},
 	{FUNC_TYPE_GENERAL,"crl",crl_main},
 #ifndef NO_RSA
 	{FUNC_TYPE_GENERAL,"rsa",rsa_main},
 #endif
 #ifndef NO_DSA
 	{FUNC_TYPE_GENERAL,"dsa",dsa_main},
 #endif
 #ifndef NO_DSA
 	{FUNC_TYPE_GENERAL,"dsaparam",dsaparam_main},
 #endif
 	{FUNC_TYPE_GENERAL,"x509",x509_main},
 #ifndef NO_RSA
 	{FUNC_TYPE_GENERAL,"genrsa",genrsa_main},
 #endif
 #ifndef NO_DSA
 	{FUNC_TYPE_GENERAL,"gendsa",gendsa_main},
 #endif
 #if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(O_SSL3))
 	{FUNC_TYPE_GENERAL,"s_server",s_server_main},
 #endif
 #if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(O_SSL3))
 	{FUNC_TYPE_GENERAL,"s_client",s_client_main},
 #endif
 	{FUNC_TYPE_GENERAL,"speed",speed_main},
 #if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(O_SSL3))
 	{FUNC_TYPE_GENERAL,"s_time",s_time_main},
 #endif
 	{FUNC_TYPE_GENERAL,"version",version_main},
 	{FUNC_TYPE_GENERAL,"pkcs7",pkcs7_main},
 	{FUNC_TYPE_GENERAL,"crl2pkcs7",crl2pkcs7_main},
 	{FUNC_TYPE_GENERAL,"sess_id",sess_id_main},
 #if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(O_SSL3))
 	{FUNC_TYPE_GENERAL,"ciphers",ciphers_main},
 #endif
 	{FUNC_TYPE_GENERAL,"nseq",nseq_main},
 	{FUNC_TYPE_MD,"md2",dgst_main},
 	{FUNC_TYPE_MD,"md5",dgst_main},
 	{FUNC_TYPE_MD,"sha",dgst_main},
 	{FUNC_TYPE_MD,"sha1",dgst_main},
 	{FUNC_TYPE_MD,"mdc2",dgst_main},
 	{FUNC_TYPE_MD,"rmd160",dgst_main},
 	{FUNC_TYPE_CIPHER,"base64",enc_main},
 #ifndef NO_DES
 	{FUNC_TYPE_CIPHER,"des",enc_main},
 #endif
 #ifndef NO_DES
 	{FUNC_TYPE_CIPHER,"des3",enc_main},
 #endif
 #ifndef NO_DES
 	{FUNC_TYPE_CIPHER,"desx",enc_main},
 #endif
 #ifndef NO_IDEA
 	{FUNC_TYPE_CIPHER,"idea",enc_main},
 #endif
 #ifndef NO_RC4
 	{FUNC_TYPE_CIPHER,"rc4",enc_main},
 #endif
 #ifndef NO_RC2
 	{FUNC_TYPE_CIPHER,"rc2",enc_main},
 #endif
 #ifndef NO_BLOWFISH
 	{FUNC_TYPE_CIPHER,"bf",enc_main},
 #endif
 #ifndef NO_CAST
 	{FUNC_TYPE_CIPHER,"cast",enc_main},
 #endif
 #ifndef NO_RC5
 	{FUNC_TYPE_CIPHER,"rc5",enc_main},
 #endif
 #ifndef NO_DES
 	{FUNC_TYPE_CIPHER,"des-ecb",enc_main},
 #endif
 #ifndef NO_DES
 	{FUNC_TYPE_CIPHER,"des-ede",enc_main},
 #endif
 #ifndef NO_DES
 	{FUNC_TYPE_CIPHER,"des-ede3",enc_main},
 #endif
 #ifndef NO_DES
 	{FUNC_TYPE_CIPHER,"des-cbc",enc_main},
 #endif
 #ifndef NO_DES
 	{FUNC_TYPE_CIPHER,"des-ede-cbc",enc_main},
 #endif
 #ifndef NO_DES
 	{FUNC_TYPE_CIPHER,"des-ede3-cbc",enc_main},
 #endif
 #ifndef NO_DES
 	{FUNC_TYPE_CIPHER,"des-cfb",enc_main},
 #endif
 #ifndef NO_DES
 	{FUNC_TYPE_CIPHER,"des-ede-cfb",enc_main},
 #endif
 #ifndef NO_DES
 	{FUNC_TYPE_CIPHER,"des-ede3-cfb",enc_main},
 #endif
 #ifndef NO_DES
 	{FUNC_TYPE_CIPHER,"des-ofb",enc_main},
 #endif
 #ifndef NO_DES
 	{FUNC_TYPE_CIPHER,"des-ede-ofb",enc_main},
 #endif
 #ifndef NO_DES
 	{FUNC_TYPE_CIPHER,"des-ede3-ofb",enc_main},
 #endif
 #ifndef NO_IDEA
 	{FUNC_TYPE_CIPHER,"idea-cbc",enc_main},
 #endif
 #ifndef NO_IDEA
 	{FUNC_TYPE_CIPHER,"idea-ecb",enc_main},
 #endif
 #ifndef NO_IDEA
 	{FUNC_TYPE_CIPHER,"idea-cfb",enc_main},
 #endif
 #ifndef NO_IDEA
 	{FUNC_TYPE_CIPHER,"idea-ofb",enc_main},
 #endif
 #ifndef NO_RC2
 	{FUNC_TYPE_CIPHER,"rc2-cbc",enc_main},
 #endif
 #ifndef NO_RC2
 	{FUNC_TYPE_CIPHER,"rc2-ecb",enc_main},
 #endif
 #ifndef NO_RC2
 	{FUNC_TYPE_CIPHER,"rc2-cfb",enc_main},
 #endif
 #ifndef NO_RC2
 	{FUNC_TYPE_CIPHER,"rc2-ofb",enc_main},
 #endif
 #ifndef NO_BLOWFISH
 	{FUNC_TYPE_CIPHER,"bf-cbc",enc_main},
 #endif
 #ifndef NO_BLOWFISH
 	{FUNC_TYPE_CIPHER,"bf-ecb",enc_main},
 #endif
 #ifndef NO_BLOWFISH
 	{FUNC_TYPE_CIPHER,"bf-cfb",enc_main},
 #endif
 #ifndef NO_BLOWFISH
 	{FUNC_TYPE_CIPHER,"bf-ofb",enc_main},
 #endif
 #ifndef NO_CAST
 	{FUNC_TYPE_CIPHER,"cast5-cbc",enc_main},
 #endif
 #ifndef NO_CAST
 	{FUNC_TYPE_CIPHER,"cast5-ecb",enc_main},
 #endif
 #ifndef NO_CAST
 	{FUNC_TYPE_CIPHER,"cast5-cfb",enc_main},
 #endif
 #ifndef NO_CAST
 	{FUNC_TYPE_CIPHER,"cast5-ofb",enc_main},
 #endif
 #ifndef NO_CAST
 	{FUNC_TYPE_CIPHER,"cast-cbc",enc_main},
 #endif
 #ifndef NO_RC5
 	{FUNC_TYPE_CIPHER,"rc5-cbc",enc_main},
 #endif
 #ifndef NO_RC5
 	{FUNC_TYPE_CIPHER,"rc5-ecb",enc_main},
 #endif
 #ifndef NO_RC5
 	{FUNC_TYPE_CIPHER,"rc5-cfb",enc_main},
 #endif
 #ifndef NO_RC5
 	{FUNC_TYPE_CIPHER,"rc5-ofb",enc_main},
 #endif
 	{0,NULL,NULL}
 	};
 #endif
--- a/apps/progs.pl
+++ b/apps/progs.pl
@@ -1,82 +0,0 @@
 #!/usr/local/bin/perl
 print "#ifndef NOPROTO\n";
 grep(s/^asn1pars$/asn1parse/,@ARGV);
 foreach (@ARGV)
 	{ printf "extern int %s_main(int argc,char *argv[]);\n",$_; }
 print "#else\n";
 foreach (@ARGV)
 	{ printf "extern int %s_main();\n",$_; }
 print "#endif\n";
 print <<'EOF';
 #ifdef SSLEAY_SRC
 #define FUNC_TYPE_GENERAL	1
 #define FUNC_TYPE_MD		2
 #define FUNC_TYPE_CIPHER	3
 typedef struct {
 	int type;
 	char *name;
 	int (*func)();
 	} FUNCTION;
 FUNCTION functions[] = {
 EOF
 foreach (@ARGV)
 	{
 	push(@files,$_);
 	$str="\t{FUNC_TYPE_GENERAL,\"$_\",${_}_main},\n";
 	if (($_ =~ /^s_/) || ($_ =~ /^ciphers$/))
 		{ print "#if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(O_SSL3))\n${str}#endif\n"; } 
 	elsif ( ($_ =~ /^rsa$/) || ($_ =~ /^genrsa$/) ) 
 		{ print "#ifndef NO_RSA\n${str}#endif\n";  }
 	elsif ( ($_ =~ /^dsa$/) || ($_ =~ /^gendsa$/) || ($_ =~ /^dsaparam$/))
 		{ print "#ifndef NO_DSA\n${str}#endif\n"; }
 	elsif ( ($_ =~ /^dh$/) || ($_ =~ /^gendh$/))
 		{ print "#ifndef NO_DH\n${str}#endif\n"; }
 	else
 		{ print $str; }
 	}
 foreach ("md2","md5","sha","sha1","mdc2","rmd160")
 	{
 	push(@files,$_);
 	printf "\t{FUNC_TYPE_MD,\"%s\",dgst_main},\n",$_;
 	}
 foreach (
 	"base64",
 	"des", "des3", "desx", "idea", "rc4", "rc2","bf","cast","rc5",
 	"des-ecb", "des-ede",    "des-ede3",
 	"des-cbc", "des-ede-cbc","des-ede3-cbc",
 	"des-cfb", "des-ede-cfb","des-ede3-cfb",
 	"des-ofb", "des-ede-ofb","des-ede3-ofb",
 	"idea-cbc","idea-ecb",   "idea-cfb", "idea-ofb",
 	"rc2-cbc", "rc2-ecb",    "rc2-cfb",  "rc2-ofb",
 	"bf-cbc",  "bf-ecb",     "bf-cfb",   "bf-ofb",
 	"cast5-cbc","cast5-ecb", "cast5-cfb","cast5-ofb",
 	"cast-cbc", "rc5-cbc",   "rc5-ecb",  "rc5-cfb",  "rc5-ofb")
 	{
 	push(@files,$_);
 	$t=sprintf("\t{FUNC_TYPE_CIPHER,\"%s\",enc_main},\n",$_);
 	if    ($_ =~ /des/)  { $t="#ifndef NO_DES\n${t}#endif\n"; }
 	elsif ($_ =~ /idea/) { $t="#ifndef NO_IDEA\n${t}#endif\n"; }
 	elsif ($_ =~ /rc4/)  { $t="#ifndef NO_RC4\n${t}#endif\n"; }
 	elsif ($_ =~ /rc2/)  { $t="#ifndef NO_RC2\n${t}#endif\n"; }
 	elsif ($_ =~ /bf/)   { $t="#ifndef NO_BLOWFISH\n${t}#endif\n"; }
 	elsif ($_ =~ /cast/) { $t="#ifndef NO_CAST\n${t}#endif\n"; }
 	elsif ($_ =~ /rc5/)  { $t="#ifndef NO_RC5\n${t}#endif\n"; }
 	print $t;
 	}
 print "\t{0,NULL,NULL}\n\t};\n";
 print "#endif\n\n";
--- a/apps/req.c
+++ b/apps/req.c
--- a/apps/req.pem
+++ b/apps/req.pem
@@ -1,11 +0,0 @@
 -----BEGIN CERTIFICATE REQUEST-----
 MIIBlzCCAVcCAQAwXjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUx
 ITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEXMBUGA1UEAxMORXJp
 YyB0aGUgWW91bmcwge8wgaYGBSsOAwIMMIGcAkEA+ZiKEvZmc9MtnaFZh4NiZ3oZ
 S4J1PHvPrm9MXj5ntVheDPkdmBDTncyaGAJcMjwsyB/GvLDGd6yGCw/8eF+09wIV
 AK3VagOxGd/Q4Af5NbxR5FB7CXEjAkA2t/q7HgVLi0KeKvcDG8BRl3wuy7bCvpjg
 tWiJc/tpvcuzeuAayH89UofjAGueKjXDADiRffvSdhrNw5dkqdqlA0QAAkEAtUSo
 84OekjitKGVjxLu0HvXck29pu+foad53vPKXAsuJdACj88BPqZ91Y9PIJf1GUh38
 CuiHWi7z3cEDfZCyCKAAMAkGBSsOAwIbBQADLwAwLAIUTg8amKVBE9oqC5B75dDQ
 Chy3LdQCFHKodGEj3LjuTzdm/RTe2KZL9Uzf
 -----END CERTIFICATE REQUEST-----
--- a/apps/rsa.c
+++ b/apps/rsa.c
@@ -1,303 +0,0 @@
 /* apps/rsa.c */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
 * 
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
 * 
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *    "This product includes cryptographic software written by
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
 * 4. If you include any Windows specific code (or a derivative thereof) from 
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
 * 
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 * 
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include <time.h>
 #include "apps.h"
 #include "bio.h"
 #include "err.h"
 #include "rsa.h"
 #include "evp.h"
 #include "x509.h"
 #include "pem.h"
 #undef PROG
 #define PROG	rsa_main
 /* -inform arg	- input format - default PEM (one of DER, NET or PEM)
 * -outform arg - output format - default PEM
 * -in arg	- input file - default stdin
 * -out arg	- output file - default stdout
 * -des		- encrypt output if PEM format with DES in cbc mode
 * -des3	- encrypt output if PEM format
 * -idea	- encrypt output if PEM format
 * -text	- print a text version
 * -modulus	- print the RSA key modulus
 */
 int MAIN(argc, argv)
 int argc;
 char **argv;
 	{
 	int ret=1;
 	RSA *rsa=NULL;
 	int i,badops=0;
 	EVP_CIPHER *enc=NULL;
 	BIO *in=NULL,*out=NULL;
 	int informat,outformat,text=0,noout=0;
 	char *infile,*outfile,*prog;
 	int modulus=0;
 	apps_startup();
 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 	infile=NULL;
 	outfile=NULL;
 	informat=FORMAT_PEM;
 	outformat=FORMAT_PEM;
 	prog=argv[0];
 	argc--;
 	argv++;
 	while (argc >= 1)
 		{
 		if 	(strcmp(*argv,"-inform") == 0)
 			{
 			if (--argc < 1) goto bad;
 			informat=str2fmt(*(++argv));
 			}
 		else if (strcmp(*argv,"-outform") == 0)
 			{
 			if (--argc < 1) goto bad;
 			outformat=str2fmt(*(++argv));
 			}
 		else if (strcmp(*argv,"-in") == 0)
 			{
 			if (--argc < 1) goto bad;
 			infile= *(++argv);
 			}
 		else if (strcmp(*argv,"-out") == 0)
 			{
 			if (--argc < 1) goto bad;
 			outfile= *(++argv);
 			}
 		else if (strcmp(*argv,"-noout") == 0)
 			noout=1;
 		else if (strcmp(*argv,"-text") == 0)
 			text=1;
 		else if (strcmp(*argv,"-modulus") == 0)
 			modulus=1;
 		else if ((enc=EVP_get_cipherbyname(&(argv[0][1]))) == NULL)
 			{
 			BIO_printf(bio_err,"unknown option %s\n",*argv);
 			badops=1;
 			break;
 			}
 		argc--;
 		argv++;
 		}
 	if (badops)
 		{
 bad:
 		BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
 		BIO_printf(bio_err,"where options are\n");
 		BIO_printf(bio_err," -inform arg   input format - one of DER NET PEM\n");
 		BIO_printf(bio_err," -outform arg  output format - one of DER NET PEM\n");
 		BIO_printf(bio_err," -in arg       input file\n");
 		BIO_printf(bio_err," -out arg      output file\n");
 		BIO_printf(bio_err," -des          encrypt PEM output with cbc des\n");
 		BIO_printf(bio_err," -des3         encrypt PEM output with ede cbc des using 168 bit key\n");
 #ifndef NO_IDEA
 		BIO_printf(bio_err," -idea         encrypt PEM output with cbc idea\n");
 #endif
 		BIO_printf(bio_err," -text         print the key in text\n");
 		BIO_printf(bio_err," -noout        don't print key out\n");
 		BIO_printf(bio_err," -modulus      print the RSA key modulus\n");
 		goto end;
 		}
 	ERR_load_crypto_strings();
 	in=BIO_new(BIO_s_file());
 	out=BIO_new(BIO_s_file());
 	if ((in == NULL) || (out == NULL))
 		{
 		ERR_print_errors(bio_err);
 		goto end;
 		}
 	if (infile == NULL)
 		BIO_set_fp(in,stdin,BIO_NOCLOSE);
 	else
 		{
 		if (BIO_read_filename(in,infile) <= 0)
 			{
 			perror(infile);
 			goto end;
 			}
 		}
 	BIO_printf(bio_err,"read RSA private key\n");
 	if	(informat == FORMAT_ASN1)
 		rsa=d2i_RSAPrivateKey_bio(in,NULL);
 #ifndef NO_RC4
 	else if (informat == FORMAT_NETSCAPE)
 		{
 		BUF_MEM *buf=NULL;
 		unsigned char *p;
 		int size=0;
 		buf=BUF_MEM_new();
 		for (;;)
 			{
 			if ((buf == NULL) || (!BUF_MEM_grow(buf,size+1024*10)))
 				goto end;
 			i=BIO_read(in,&(buf->data[size]),1024*10);
 			size+=i;
 			if (i == 0) break;
 			if (i < 0)
 				{
 				perror("reading private key");
 				BUF_MEM_free(buf);
 				goto end;
 				}
 			}
 		p=(unsigned char *)buf->data;
 		rsa=(RSA *)d2i_Netscape_RSA(NULL,&p,(long)size,NULL);
 		BUF_MEM_free(buf);
 		}
 #endif
 	else if (informat == FORMAT_PEM)
 		rsa=PEM_read_bio_RSAPrivateKey(in,NULL,NULL);
 	else
 		{
 		BIO_printf(bio_err,"bad input format specified for key\n");
 		goto end;
 		}
 	if (rsa == NULL)
 		{
 		BIO_printf(bio_err,"unable to load Private Key\n");
 		ERR_print_errors(bio_err);
 		goto end;
 		}
 	if (outfile == NULL)
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
 	else
 		{
 		if (BIO_write_filename(out,outfile) <= 0)
 			{
 			perror(outfile);
 			goto end;
 			}
 		}
 	if (text) 
 		if (!RSA_print(out,rsa,0))
 			{
 			perror(outfile);
 			ERR_print_errors(bio_err);
 			goto end;
 			}
 	if (modulus)
 		{
 		fprintf(stdout,"Modulus=");
 		BN_print(out,rsa->n);
 		fprintf(stdout,"\n");
 		}
 	if (noout) goto end;
 	BIO_printf(bio_err,"writing RSA private key\n");
 	if 	(outformat == FORMAT_ASN1)
 		i=i2d_RSAPrivateKey_bio(out,rsa);
 #ifndef NO_RC4
 	else if (outformat == FORMAT_NETSCAPE)
 		{
 		unsigned char *p,*pp;
 		int size;
 		i=1;
 		size=i2d_Netscape_RSA(rsa,NULL,NULL);
 		if ((p=(unsigned char *)Malloc(size)) == NULL)
 			{
 			BIO_printf(bio_err,"Malloc failure\n");
 			goto end;
 			}
 		pp=p;
 		i2d_Netscape_RSA(rsa,&p,NULL);
 		BIO_write(out,(char *)pp,size);
 		Free(pp);
 		}
 #endif
 	else if (outformat == FORMAT_PEM)
 		i=PEM_write_bio_RSAPrivateKey(out,rsa,enc,NULL,0,NULL);
 	else	{
 		BIO_printf(bio_err,"bad output format specified for outfile\n");
 		goto end;
 		}
 	if (!i)
 		{
 		BIO_printf(bio_err,"unable to write private key\n");
 		ERR_print_errors(bio_err);
 		}
 	else
 		ret=0;
 end:
 	if (in != NULL) BIO_free(in);
 	if (out != NULL) BIO_free(out);
 	if (rsa != NULL) RSA_free(rsa);
 	EXIT(ret);
 	}
--- a/apps/rsa/01.pem
+++ b/apps/rsa/01.pem
@@ -1,15 +0,0 @@
 -----BEGIN CERTIFICATE-----
 MIICTjCCAbsCEGiuFKTJn6nzmiPPLxUZs1owDQYJKoZIhvcNAQEEBQAwXzELMAkG
 A1UEBhMCVVMxIDAeBgNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYD
 VQQLEyVTZWN1cmUgU2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk4
 MDUxODAwMDAwMFoXDTk5MDUxODIzNTk1OVowdTELMAkGA1UEBhMCVVMxETAPBgNV
 BAgTCE5ldyBZb3JrMREwDwYDVQQHFAhOZXcgWW9yazEeMBwGA1UEChQVSW5kdXN0
 cmlhbCBQcmVzcyBJbmMuMSAwHgYDVQQDFBd3d3cuaW5kdXN0cmlhbHByZXNzLmNv
 bTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqiH9xUJNHvqCmaDon27ValJb
 qTLymF3yKKWBxbODLWjX7yKjewoqWhotaEARI6jXPqomU87gFU1tH4r/bgwh3FmU
 MK3qo92XOsvwNAHzXzWRXQNJmm54g2F1RUt00pgYiOximDse1t9RL5POCDEbfX8D
 gugrE/WwkS2FrSoc5/cCAwEAATANBgkqhkiG9w0BAQQFAAN+AIw7fvF0EtEvrNS/
 LYuqAgUw/tH0FLgCkqKLmYYm/yR+Z0hD2eP/UhF+jAwmV8rHtBnaTM7oN23RVW2k
 Cf8soiGfr2PYtfufpXtd7azUFa+WJCWnp0N29EG0BR1JOFC0Q/4dh/X9qulM8luq
 Pjrmw2eSgbdmmdumWAcNPVbV
 -----END CERTIFICATE-----
--- a/apps/rsa/1.txt
+++ b/apps/rsa/1.txt
@@ -1,50 +0,0 @@
 issuer= /C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
 subject=/C=US/ST=New York/L=New York/O=Industrial Press Inc./CN=www.industrialpress.com
 Certificate:
    Data:
        Version: 1 (0x0)
        Serial Number:
            68:ae:14:a4:c9:9f:a9:f3:9a:23:cf:2f:15:19:b3:5a
        Signature Algorithm: md5WithRSAEncryption
        Issuer: C=US, O=RSA Data Security, Inc., OU=Secure Server Certification Authority
        Validity
            Not Before: May 18 00:00:00 1998 GMT
            Not After : May 18 23:59:59 1999 GMT
        Subject: C=US, ST=New York, L=New York, O=Industrial Press Inc., CN=www.industrialpress.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (1024 bit)
                Modulus (1024 bit):
                    00:aa:21:fd:c5:42:4d:1e:fa:82:99:a0:e8:9f:6e:
                    d5:6a:52:5b:a9:32:f2:98:5d:f2:28:a5:81:c5:b3:
                    83:2d:68:d7:ef:22:a3:7b:0a:2a:5a:1a:2d:68:40:
                    11:23:a8:d7:3e:aa:26:53:ce:e0:15:4d:6d:1f:8a:
                    ff:6e:0c:21:dc:59:94:30:ad:ea:a3:dd:97:3a:cb:
                    f0:34:01:f3:5f:35:91:5d:03:49:9a:6e:78:83:61:
                    75:45:4b:74:d2:98:18:88:ec:62:98:3b:1e:d6:df:
                    51:2f:93:ce:08:31:1b:7d:7f:03:82:e8:2b:13:f5:
                    b0:91:2d:85:ad:2a:1c:e7:f7
                Exponent: 65537 (0x10001)
    Signature Algorithm: md5WithRSAEncryption
        8c:3b:7e:f1:74:12:d1:2f:ac:d4:bf:2d:8b:aa:02:05:30:fe:
        d1:f4:14:b8:02:92:a2:8b:99:86:26:ff:24:7e:67:48:43:d9:
        e3:ff:52:11:7e:8c:0c:26:57:ca:c7:b4:19:da:4c:ce:e8:37:
        6d:d1:55:6d:a4:09:ff:2c:a2:21:9f:af:63:d8:b5:fb:9f:a5:
        7b:5d:ed:ac:d4:15:af:96:24:25:a7:a7:43:76:f4:41:b4:05:
        1d:49:38:50:b4:43:fe:1d:87:f5:fd:aa:e9:4c:f2:5b:aa:3e:
        3a:e6:c3:67:92:81:b7:66:99:db:a6:58:07:0d:3d:56:d5
 -----BEGIN CERTIFICATE-----
 MIICTjCCAbsCEGiuFKTJn6nzmiPPLxUZs1owDQYJKoZIhvcNAQEEBQAwXzELMAkG
 A1UEBhMCVVMxIDAeBgNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYD
 VQQLEyVTZWN1cmUgU2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk4
 MDUxODAwMDAwMFoXDTk5MDUxODIzNTk1OVowdTELMAkGA1UEBhMCVVMxETAPBgNV
 BAgTCE5ldyBZb3JrMREwDwYDVQQHFAhOZXcgWW9yazEeMBwGA1UEChQVSW5kdXN0
 cmlhbCBQcmVzcyBJbmMuMSAwHgYDVQQDFBd3d3cuaW5kdXN0cmlhbHByZXNzLmNv
 bTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqiH9xUJNHvqCmaDon27ValJb
 qTLymF3yKKWBxbODLWjX7yKjewoqWhotaEARI6jXPqomU87gFU1tH4r/bgwh3FmU
 MK3qo92XOsvwNAHzXzWRXQNJmm54g2F1RUt00pgYiOximDse1t9RL5POCDEbfX8D
 gugrE/WwkS2FrSoc5/cCAwEAATANBgkqhkiG9w0BAQQFAAN+AIw7fvF0EtEvrNS/
 LYuqAgUw/tH0FLgCkqKLmYYm/yR+Z0hD2eP/UhF+jAwmV8rHtBnaTM7oN23RVW2k
 Cf8soiGfr2PYtfufpXtd7azUFa+WJCWnp0N29EG0BR1JOFC0Q/4dh/X9qulM8luq
 Pjrmw2eSgbdmmdumWAcNPVbV
 -----END CERTIFICATE-----
--- a/apps/rsa/SecureServer.pem
+++ b/apps/rsa/SecureServer.pem
@@ -1,47 +0,0 @@
 Certificate:
    Data:
        Version: 1 (0x0)
        Serial Number:
            02:ad:66:7e:4e:45:fe:5e:57:6f:3c:98:19:5e:dd:c0
        Signature Algorithm: md2WithRSAEncryption
        Issuer: C=US, O=RSA Data Security, Inc., OU=Secure Server Certification Authority
        Validity
            Not Before: Nov  9 00:00:00 1994 GMT
            Not After : Jan  7 23:59:59 2010 GMT
        Subject: C=US, O=RSA Data Security, Inc., OU=Secure Server Certification Authority
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (1000 bit)
                Modulus (1000 bit):
                    00:92:ce:7a:c1:ae:83:3e:5a:aa:89:83:57:ac:25:
                    01:76:0c:ad:ae:8e:2c:37:ce:eb:35:78:64:54:03:
                    e5:84:40:51:c9:bf:8f:08:e2:8a:82:08:d2:16:86:
                    37:55:e9:b1:21:02:ad:76:68:81:9a:05:a2:4b:c9:
                    4b:25:66:22:56:6c:88:07:8f:f7:81:59:6d:84:07:
                    65:70:13:71:76:3e:9b:77:4c:e3:50:89:56:98:48:
                    b9:1d:a7:29:1a:13:2e:4a:11:59:9c:1e:15:d5:49:
                    54:2c:73:3a:69:82:b1:97:39:9c:6d:70:67:48:e5:
                    dd:2d:d6:c8:1e:7b
                Exponent: 65537 (0x10001)
    Signature Algorithm: md2WithRSAEncryption
        65:dd:7e:e1:b2:ec:b0:e2:3a:e0:ec:71:46:9a:19:11:b8:d3:
        c7:a0:b4:03:40:26:02:3e:09:9c:e1:12:b3:d1:5a:f6:37:a5:
        b7:61:03:b6:5b:16:69:3b:c6:44:08:0c:88:53:0c:6b:97:49:
        c7:3e:35:dc:6c:b9:bb:aa:df:5c:bb:3a:2f:93:60:b6:a9:4b:
        4d:f2:20:f7:cd:5f:7f:64:7b:8e:dc:00:5c:d7:fa:77:ca:39:
        16:59:6f:0e:ea:d3:b5:83:7f:4d:4d:42:56:76:b4:c9:5f:04:
        f8:38:f8:eb:d2:5f:75:5f:cd:7b:fc:e5:8e:80:7c:fc:50
 -----BEGIN CERTIFICATE-----
 MIICNDCCAaECEAKtZn5ORf5eV288mBle3cAwDQYJKoZIhvcNAQECBQAwXzELMAkG
 A1UEBhMCVVMxIDAeBgNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYD
 VQQLEyVTZWN1cmUgU2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk0
 MTEwOTAwMDAwMFoXDTEwMDEwNzIzNTk1OVowXzELMAkGA1UEBhMCVVMxIDAeBgNV
 BAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYDVQQLEyVTZWN1cmUgU2Vy
 dmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGbMA0GCSqGSIb3DQEBAQUAA4GJ
 ADCBhQJ+AJLOesGugz5aqomDV6wlAXYMra6OLDfO6zV4ZFQD5YRAUcm/jwjiioII
 0haGN1XpsSECrXZogZoFokvJSyVmIlZsiAeP94FZbYQHZXATcXY+m3dM41CJVphI
 uR2nKRoTLkoRWZweFdVJVCxzOmmCsZc5nG1wZ0jl3S3WyB57AgMBAAEwDQYJKoZI
 hvcNAQECBQADfgBl3X7hsuyw4jrg7HFGmhkRuNPHoLQDQCYCPgmc4RKz0Vr2N6W3
 YQO2WxZpO8ZECAyIUwxrl0nHPjXcbLm7qt9cuzovk2C2qUtN8iD3zV9/ZHuO3ABc
 1/p3yjkWWW8O6tO1g39NTUJWdrTJXwT4OPjr0l91X817/OWOgHz8UA==
 -----END CERTIFICATE-----
--- a/apps/rsa/s.txt
+++ b/apps/rsa/s.txt
@@ -1,49 +0,0 @@
 issuer= /C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
 subject=/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
 Certificate:
    Data:
        Version: 1 (0x0)
        Serial Number:
            02:ad:66:7e:4e:45:fe:5e:57:6f:3c:98:19:5e:dd:c0
        Signature Algorithm: md2WithRSAEncryption
        Issuer: C=US, O=RSA Data Security, Inc., OU=Secure Server Certification Authority
        Validity
            Not Before: Nov  9 00:00:00 1994 GMT
            Not After : Jan  7 23:59:59 2010 GMT
        Subject: C=US, O=RSA Data Security, Inc., OU=Secure Server Certification Authority
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (1000 bit)
                Modulus (1000 bit):
                    00:92:ce:7a:c1:ae:83:3e:5a:aa:89:83:57:ac:25:
                    01:76:0c:ad:ae:8e:2c:37:ce:eb:35:78:64:54:03:
                    e5:84:40:51:c9:bf:8f:08:e2:8a:82:08:d2:16:86:
                    37:55:e9:b1:21:02:ad:76:68:81:9a:05:a2:4b:c9:
                    4b:25:66:22:56:6c:88:07:8f:f7:81:59:6d:84:07:
                    65:70:13:71:76:3e:9b:77:4c:e3:50:89:56:98:48:
                    b9:1d:a7:29:1a:13:2e:4a:11:59:9c:1e:15:d5:49:
                    54:2c:73:3a:69:82:b1:97:39:9c:6d:70:67:48:e5:
                    dd:2d:d6:c8:1e:7b
                Exponent: 65537 (0x10001)
    Signature Algorithm: md2WithRSAEncryption
        65:dd:7e:e1:b2:ec:b0:e2:3a:e0:ec:71:46:9a:19:11:b8:d3:
        c7:a0:b4:03:40:26:02:3e:09:9c:e1:12:b3:d1:5a:f6:37:a5:
        b7:61:03:b6:5b:16:69:3b:c6:44:08:0c:88:53:0c:6b:97:49:
        c7:3e:35:dc:6c:b9:bb:aa:df:5c:bb:3a:2f:93:60:b6:a9:4b:
        4d:f2:20:f7:cd:5f:7f:64:7b:8e:dc:00:5c:d7:fa:77:ca:39:
        16:59:6f:0e:ea:d3:b5:83:7f:4d:4d:42:56:76:b4:c9:5f:04:
        f8:38:f8:eb:d2:5f:75:5f:cd:7b:fc:e5:8e:80:7c:fc:50
 -----BEGIN CERTIFICATE-----
 MIICNDCCAaECEAKtZn5ORf5eV288mBle3cAwDQYJKoZIhvcNAQECBQAwXzELMAkG
 A1UEBhMCVVMxIDAeBgNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYD
 VQQLEyVTZWN1cmUgU2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk0
 MTEwOTAwMDAwMFoXDTEwMDEwNzIzNTk1OVowXzELMAkGA1UEBhMCVVMxIDAeBgNV
 BAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYDVQQLEyVTZWN1cmUgU2Vy
 dmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGbMA0GCSqGSIb3DQEBAQUAA4GJ
 ADCBhQJ+AJLOesGugz5aqomDV6wlAXYMra6OLDfO6zV4ZFQD5YRAUcm/jwjiioII
 0haGN1XpsSECrXZogZoFokvJSyVmIlZsiAeP94FZbYQHZXATcXY+m3dM41CJVphI
 uR2nKRoTLkoRWZweFdVJVCxzOmmCsZc5nG1wZ0jl3S3WyB57AgMBAAEwDQYJKoZI
 hvcNAQECBQADfgBl3X7hsuyw4jrg7HFGmhkRuNPHoLQDQCYCPgmc4RKz0Vr2N6W3
 YQO2WxZpO8ZECAyIUwxrl0nHPjXcbLm7qt9cuzovk2C2qUtN8iD3zV9/ZHuO3ABc
 1/p3yjkWWW8O6tO1g39NTUJWdrTJXwT4OPjr0l91X817/OWOgHz8UA==
 -----END CERTIFICATE-----
--- a/apps/rsa8192.pem
+++ b/apps/rsa8192.pem
@@ -1,101 +0,0 @@
 -----BEGIN RSA PRIVATE KEY-----
 MIISKAIBAAKCBAEAiQ2f1X6Bte1DKD0OoCBKEikzPW+5w3oXk3WwnE97Wxzy6wJZ
 ebbZC3CZKKBnJeBMrysPf+lK+9+fP6Vm8bp1wvbcSIA59BDrX6irFSuM/bdnkbuF
 MFlDjt+uVrxwoyqfPi2IPot1HQg3l5mdyBqcTWvbOnU2L9HZxJfPUCjfzdTMPrMY
 55/A20XL7tlV2opEfwhy3uVlveQBM0DnZ3MUQfrk+lRRNWv7yE4ScbOfER9fjvOm
 yJc3ZbOa3e+AMGGU9OqJ/fyOl0SGYyP2k23omy/idBV4uOs8QWdnAvq8UOzDdua3
 tuf5Tn17XBurPJ8juwyPBNispkwwn8BjxAZVPhwUIcxFBg339IxJ9cW0WdVy4nNA
 LWo/8Ahlf+kZNnFNGCPFytU9gGMLMhab9w/rLrwa9qNe4L8Fmu1JxONn1WfhMOKE
 aFmycf2olJsYLgUIGYZrjnYu0p/7P3yhTOv8JIhmK+SzmA/I0xiQoF84rpaQzH2d
 PvxICOA9oQSowou0gLuBSZWm6LiXirg1DZCziU46v33ErQlWM1dSyNaUSzihcV59
 mVD0nmzboXH75lGiyiZlp8cLbozzoCwvk9rYqpUGSBzbAy0ECCpabGpzO2Ug+oDi
 71e5z4WMpeoR4IS8MaOG/GsJnwaXhiB/gNYfK+8pRADVk5StEAZDE2alSuCbDs0z
 d9zYr4/em5T9VZsLetxRE7pm/Es9yELuViz8/Tm0/8MVdmNYc/xZU1t6qYYFdyQ2
 wlGDTiNPsjR8yXCkmBjKwqnuleu1X6LaZu3VPhEkXGcyFAquQUkSiMv0Yu74qAe0
 bQ2v+jjZzP6AM9LUo89cW4Kd8SGD96BdNlAVPNMXoBcIOsZBwsOtETBd4KAyvkXE
 Ob17u+PLl4UPnSxm9ypKZunUNFRPxtKUyjySYnvlGL+kTjAXrIrZwKJqIn0uhnfa
 Ck3o7bU6yVMK22ODxy2/Vi3E0P6k5JLwnrF0VIOBqGhts66qo6mWDP8l6MZHARFd
 pU+nofssVmr8tLKmMmjYGMM5GmKIXRNBs0ksTwFnKRs9AmpE5owC8tTSVdTAkGuS
 os7QwLvyvNzq7BGJiVr0Iy3Dhsl1vzR35acNOrCsDl3DcCQONKJ2sVXV4pD3dBah
 mG3sR/jHgjasffJJ35uiGoAua9dbT7HG/+D0z1SHYaVqH8zO4VZSOnGJh/P9rtxx
 cckFDbiag/JMWig2lbnCjebTtp/BcUsK3TNaDOb7vb0LvbAeRJadd1EFu6PSlH3K
 LykSUPm4UedvUU3cWjqkSY5lITFJkVaIYOv/EljYtK7p7kFZFTaEwMAWxgsXU3pQ
 tTzVmq1gZ4vXPwcUq0zK50Frq0F7SQc21ZsunwIDAQABAoIEADuQAkDEpBausJsS
 PgL1RXuzECPJJJCBxTE+2qx0FoY4hJICCWTORHGmU8nGPE3Ht0wBiNDsULw6KXl9
 psmzYW6D3qRbpdQebky6fu/KZ5H0XTyGpJGomaXELH5hkwo2gdKB805LSXB+m7p0
 9o96kSdMkpBLVGtf5iZ8W4rY2LsZmlI9f7taQHSLVt/M8HTz1mTnBRU92QO3zZW6
 xVa+OrWaFl18u3ZeIaSh2X40tBK68cqstXVD0r2OWuXNKobcQeJW8/XABzBShZ0c
 ihL0lzyqiN4uXrLu+Nbr22b+FU2OODy6dGk3U6/69NvI4piMCPlHsfhHOnFjd1ZW
 RIVywyUlCtLNdcn11CchuRro+0J3c2Ba+i9Cl9r3qzT11xFEGF8/XLyUBBCB+uGf
 1dR/xJQhCA7cXWWLXyI/semxcvTaGpImP6kiIl1MAjHjXZTSdvyw4JmfXyYGhSjI
 P0mw3Xn7FXxJ/os9gOfNKz2nZHjr0q4sgWRYO+4vllkeL0GteZrg4oVaVpmZb7LH
 77afhodLylhijlEtV5skfkPujbBLQk6E5Ez3U/huEt2NLg6guADmwxMxfBRliZO4
 4Ex/td4cuggpEj3FGJV74qRvdvj/MF/uF7IxC/3WapPIsFBFH4zrJsUYt6u3L68I
 /KC/bfioDeUR/8ANw1DNh+UsnPV3GJIwDkIJKdppi2uXPahJyJQQ8Inps53nn8Gg
 GifS+HnOXNgMoKOJnZ9IDGjXpfjIs8dJNrGfDHF0mH30N2WARq2v/a3cNUC+f8Bq
 HSKQ9YrZopktMunsut8u7ZYbTmjIqJpXCaM0CCrSlzSMTDHFSj2tzLk6+qnxeGxB
 ZwIdShbdeK+0ETG91lE1e9RPQs/uXQP9+uCHJV0YpqQcA6pkCLYJfYpoSMu/Bafy
 AgfVZz6l5tyEnV0wCcbopsQShc1k9xtTbYNF1h9AQHknj6zeDW4iZMvmVeh3RovT
 52OA2R8oLyauF+QaG6x2wUjEx13SJlaBarJZ4seZIOJ+a8+oNzKsbgokXc2cyC9p
 5FAZz1OsOb68o93qD1Xvl7bY97fq2q55L7G1XHPPLtZE5lGiLGDtnAuwY8UPrdpr
 7Mv2yIxB7xVGurXyHb5PvusR88XED6HMPfLBG/55ENHTal7G5mRix+IWSBAIkxA5
 KZ0j8r5Ng4+wELZhqFQai39799bIAyiV6CEz4kyDXlo0kSSexp8o4iz5sPq5vp6h
 cCb7rdRw7uRnbXrHmXahxoB+ibXaurgV/6B2yurrU/UFoxEp2sHp8LXZGfF6ztY1
 dMhSQAACK2vGy5yNagbkTHLgVaHicG5zavJBqzCE+lbPlCqhOUQPdOIwvjHNjdS/
 DL3WV/ECggIBAMbW65wPk/i43nSyeZeYwcHtR1SUJqDXavYfBPC0VRhKz+7DVMFw
 Nwnocn6gITABc445W1yl7U3uww+LGuDlSlFnd8WuiXpVYud9/jeNu6Mu4wvNsnWr
 f4f4ua8CcS03GmqmcbROD2Z6by1AblCZ2UL1kv9cUX1FLVjPP1ESAGKoePt3BmZQ
 J1uJfK8HilNT8dcUlj/5CBi2uHxttDhoG0sxXE/SVsG9OD/Pjme0mj7gdzc6Ztd+
 TALuvpNQR4pRzfo5XWDZBcEYntcEE3PxYJB1+vnZ8509ew5/yLHTbLjFxIcx71zY
 fhH0gM36Sz7mz37r0+E/QkRkc5bVIDC4LDnWmjpAde6QUx0d218ShNx6sJo4kt5c
 Dd7tEVx8nuX8AIZYgwsOb382anLyFRkkmEdK3gRvwQ6SWR36Ez5L7/mHWODpLAX5
 mVBKSG4/ccFbc633/g0xHw0Nwajir/klckdakuYPlwF0yAxJSKDLhmNctDhRmxjC
 YP+fISkl5oTvFRzJH6HEyNu8M3ybRvmpPIjM5J5JpnB2IYbohYBR+T6/97C1DKrd
 mzL5PjlrWm0c1/d7LlDoP65fOShDMmj2zCiBAHHOM0Alokx+v5LmMd8NJumZIwGJ
 Rt5OpeMOhowz6j1AjYxYgV7PmJL6Ovpfb775od/aLaUbbwHz2uWIvfF7AoICAQCw
 c7NaO7oJVLJClhYw6OCvjT6oqtgNVWaennnDiJgzY9lv5HEgV0MAG0eYuB3hvj+w
 Y1P9DJxP1D+R+cshYrAFg8yU/3kaYVNI0Bl3ygX0eW1b/0HZTdocs+8kM/9PZQDR
 WrKQoU5lHvqRt99dXlD4NWGI2YQtzdZ8iet9QLqnjwRZabgE96mF01qKisMnFcsh
 KjT7ieheU4J15TZj/mdZRNK126d7e3q/rNj73e5EJ9tkYLcolSr4gpknUMJULSEi
 JH1/Qx7C/mTAMRsN5SkOthnGq0djCNWfPv/3JV0H67Uf5krFlnwLebrgfTYoPPdo
 yO7iBUNJzv6Qh22malLp4P8gzACkD7DGlSTnoB5cLwcjmDGg+i9WrUBbOiVTeQfZ
 kOj1o+Tz35ndpq/DDUVlqliB9krcxva+QHeJPH53EGI+YVg1nD+s/vUDZ3mQMGX9
 DQou2L8uU6RnWNv/BihGcL8QvS4Ty6QyPOUPpD3zc70JQAEcQk9BxQNaELgJX0IN
 22cYn22tYvElew9G41OpDqzBRcfbdJmKXQ2HcroShutYJQRGUpAXHk24fy6JVkIU
 ojF5U6cwextMja1ZIIZgh9eugIRUeIE7319nQNDzuXWjRCcoBLA25P7wnpHWDRpz
 D9ovXCIvdja74lL5psqobV6L5+fbLPkSgXoImKR0LQKCAgAIC9Jk8kxumCyIVGCP
 PeM5Uby9M3GMuKrfYsn0Y5e97+kSJF1dpojTodBgR2KQar6eVrvXt+8uZCcIjfx8
 dUrYmHNEUJfHl4T1ESgkX1vkcpVFeQFruZDjk7EP3+1sgvpSroGTZkVBRFsTXbQZ
 FuCv0Pgt1TKG+zGmklxhj3TsiRy8MEjWAxBUp++ftZJnZNI4feDGnfEx7tLwVhAg
 6DWSiWDO6hgQpvOLwX5lu+0x9itc1MQsnDO/OqIDnBAJDN5k7cVVkfKlqbVjxgpz
 eqUJs3yAd81f44kDQTCB4ahYocgeIGsrOqd/WoGL1EEPPo/O9wQP7VtlIRt8UwuG
 bS18+a4sBUfAa56xYu/pnPo7YcubsgZfcSIujzFQqMpVTClJRnOnEuJ4J1+PXzRz
 XAO9fs4VJ+CMEmgAyonUz4Xadxulnknlw//sO9VKgM69oFHCDHL/XamAAbqAdwvf
 7R/+uy+Ol7romC0wMhb6SsIZazrvvH2mNtduAKZ638nAP1x/WbQp+6iVG7yJok7w
 82Q7tO7baOePTXh12Rrt4mNPor0HLYxhra4GFgfqkumJ2Mz0esuZAozxJXFOq8ly
 beo9CVtXP5zbT6qNpeNismX6PLICaev8t+1iOZSE56WSLtefuuj/cOVrTMNDz1Rr
 pUkEVV2zjUSjlcScM538A9iL2QKCAgBLbBk0r6T0ihRsK9UucMxhnYEz/Vq+UEu9
 70Vi1AciqEJv9nh4d3Q3HnH7EHANZxG4Jqzm1DYYVUQa9GfkTFeq88xFv/GW2hUM
 YY8RSfRDrIeXNEOETCe37x2AHw25dRXlZtw+wARPau91y9+Y/FCl18NqCHfcUEin
 ERjsf/eI2bPlODAlR2tZvZ7M60VBdqpN8cmV3zvI3e88z43xLfQlDyr1+v7a5Evy
 lEJnXlSTI2o+vKxtl103vjMSwA1gh63K90gBVsJWXQDZueOzi8mB9UqNRfcMmOEe
 4YHttTXPxeu0x+4cCRfam9zKShsVFgI28vRQ/ijl6qmbQ5gV8wqf18GV1j1L4z0P
 lP6iVynDA4MMrug/w9DqPsHsfK0pwekeETfSj4y0xVXyjWZBfHG2ZBrS6mDTf+RG
 LC4sJgR0hjdILLnUqIX7PzuhieBHRrjBcopwvcryVWRHnI7kslAS0+yHjiWc5oW3
 x5mtlum4HzelNYuD9cAE/95P6CeSMfp9CyIE/KSX4VvsRm6gQVkoQRKMxnQIFQ3w
 O5gl1l88vhjoo2HxYScgCp70BsDwiUNTqIR3NM+ZBHYFweVf3Gwz5LzHZT2rEZtD
 6VXRP75Q/2wOLnqCO4bK4BUs6sqxcQZmOldruPkPynrY0oPfHHExjxZDvQu4/r80
 Ls3n0L8yvQKCAgEAnYWS6EikwaQNpJEfiUnOlglgFz4EE1eVkrDbBY4J3oPU+doz
 DrqmsvgpSZIAfd2MUbkN4pOMsMTjbeIYWDnZDa1RoctKs3FhwFPHwAjQpznab4mn
 Bp81FMHM40qyb0NaNuFRwghdXvoQvBBX1p8oEnFzDRvTiuS/vTPTA8KDY8IeRp8R
 oGzKHpfziNwq/URpqj7pwi9odNjGZvR2IwYw9jCLPIqaEbMoSOdI0mg4MoYyqP4q
 nm7d4wqSDwrYxiXZ6f3nYpkhEY1lb0Wbksp1ig8sKSF4nDZRGK1RSfE+6gjBp94H
 X/Wog6Zb6NC9ZpusTiDLvuIUXcyUJvmHiWjSNqiTv8jurlwEsgSwhziEQfqLrtdV
 QI3PRMolBkD1iCk+HFE53r05LMf1bp3r4MS+naaQrLbIrl1kgDNGwVdgS+SCM7Bg
 TwEgE67iOb2iIoUpon/NyP4LesMzvdpsu2JFlfz13PmmQ34mFI7tWvOb3NA5DP3c
 46C6SaWI0TD9B11nJbHGTYN3Si9n0EBgoDJEXUKeh3km9O47dgvkSug4WzhYsvrE
 rMlMLtKfp2w8HlMZpsUlToNCx6CI+tJrohzcs3BAVAbjFAXRKWGijB1rxwyDdHPv
 I+/wJTNaRNPQ1M0SwtEL/zJd21y3KSPn4eL+GP3efhlDSjtlDvZqkdAUsU8=
 -----END RSA PRIVATE KEY-----
--- a/apps/s1024key.pem
+++ b/apps/s1024key.pem
@@ -1,15 +0,0 @@
 -----BEGIN RSA PRIVATE KEY-----
 MIICXgIBAAKBgQCzEfU8E+ZGTGtHXV5XhvM2Lg32fXUIjydXb34BGVPX6oN7+aNV
 S9eWayvW/+9/vUb0aCqilJrpFesgItV2T8VhhjOE++XUz46uNpcMU7wHMEAXUufP
 pztpFm8ZEk2tFKvadkSSoN8lb11juvZVkSkPlB65pFhSe4QKSp6J4HrkYwIDAQAB
 AoGBAKy8jvb0Lzby8q11yNLf7+78wCVdYi7ugMHcYA1JVFK8+zb1WfSm44FLQo/0
 dSChAjgz36TTexeLODPYxleJndjVcOMVzsLJjSM8dLpXsTS4FCeMbhw2s2u+xqKY
 bbPWfk+HOTyJjfnkcC5Nbg44eOmruq0gSmBeUXVM5UntlTnxAkEA7TGCA3h7kx5E
 Bl4zl2pc3gPAGt+dyfk5Po9mGJUUXhF5p2zueGmYWW74TmOWB1kzt4QRdYMzFePq
 zfDNXEa1CwJBAMFErdY0xp0UJ13WwBbUTk8rujqQdHtjw0klhpbuKkjxu2hN0wwM
 6p0D9qxF7JHaghqVRI0fAW/EE0OzdHMR9QkCQQDNR26dMFXKsoPu+vItljj/UEGf
 QG7gERiQ4yxaFBPHgdpGo0kT31eh9x9hQGDkxTe0GNG/YSgCRvm8+C3TMcKXAkBD
 dhGn36wkUFCddMSAM4NSJ1VN8/Z0y5HzCmI8dM3VwGtGMUQlxKxwOl30LEQzdS5M
 0SWojNYXiT2gOBfBwtbhAkEAhafl5QEOIgUz+XazS/IlZ8goNKdDVfYgK3mHHjvv
 nY5G+AuGebdNkXJr4KSWxDcN+C2i47zuj4QXA16MAOandA==
 -----END RSA PRIVATE KEY-----
--- a/apps/s1024req.pem
+++ b/apps/s1024req.pem
@@ -1,11 +0,0 @@
 -----BEGIN CERTIFICATE REQUEST-----
 MIIBojCCAQsCAQAwZDELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQx
 GjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMSQwIgYDVQQDExtTZXJ2ZXIgdGVz
 dCBjZXJ0ICgxMDI0IGJpdCkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALMR
 9TwT5kZMa0ddXleG8zYuDfZ9dQiPJ1dvfgEZU9fqg3v5o1VL15ZrK9b/73+9RvRo
 KqKUmukV6yAi1XZPxWGGM4T75dTPjq42lwxTvAcwQBdS58+nO2kWbxkSTa0Uq9p2
 RJKg3yVvXWO69lWRKQ+UHrmkWFJ7hApKnongeuRjAgMBAAEwDQYJKoZIhvcNAQEE
 BQADgYEAStHlk4pBbwiNeQ2/PKTPPXzITYC8Gn0XMbrU94e/6JIKiO7aArq9Espq
 nrBSvC14dHcNl6NNvnkEKdQ7hAkcACfBbnOXA/oQvMBd4GD78cH3k0jVDoVUEjil
 frLfWlckW6WzpTktt0ZPDdAjJCmKVh0ABHimi7Bo9FC3wIGIe5M=
 -----END CERTIFICATE REQUEST-----
--- a/apps/s512-key.pem
+++ b/apps/s512-key.pem
@@ -1,9 +0,0 @@
 -----BEGIN RSA PRIVATE KEY-----
 MIIBPAIBAAJBAJ+zw4Qnlf8SMVIPFe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVD
 TGiXav6ooKXfX3j/7tdkuD8Ey2//Kv7+ue0CAwEAAQJAN6W31vDEP2DjdqhzCDDu
 OA4NACqoiFqyblo7yc2tM4h4xMbC3Yx5UKMN9ZkCtX0gzrz6DyF47bdKcWBzNWCj
 gQIhANEoojVt7hq+SQ6MCN6FTAysGgQf56Q3TYoJMoWvdiXVAiEAw3e3rc+VJpOz
 rHuDo6bgpjUAAXM+v3fcpsfZSNO6V7kCIQCtbVjanpUwvZkMI9by02oUk9taki3b
 PzPfAfNPYAbCJQIhAJXNQDWyqwn/lGmR11cqY2y9nZ1+5w3yHGatLrcDnQHxAiEA
 vnlEGo8K85u+KwIOimM48ZG8oTk7iFdkqLJR1utT3aU=
 -----END RSA PRIVATE KEY-----
--- a/apps/s512-req.pem
+++ b/apps/s512-req.pem
@@ -1,8 +0,0 @@
 -----BEGIN CERTIFICATE REQUEST-----
 MIIBGzCBxgIBADBjMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEa
 MBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxIzAhBgNVBAMTGlNlcnZlciB0ZXN0
 IGNlcnQgKDUxMiBiaXQpMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJ+zw4Qnlf8S
 MVIPFe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVDTGiXav6ooKXfX3j/7tdkuD8E
 y2//Kv7+ue0CAwEAATANBgkqhkiG9w0BAQQFAANBAAB+uQi+qwn6qRSHB8EUTvsm
 5TNTHzYDeN39nyIbZNX2s0se3Srn2Bxft5YCwD3moFZ9QoyDHxE0h6qLX5yjD+8=
 -----END CERTIFICATE REQUEST-----
--- a/apps/s_apps.h
+++ b/apps/s_apps.h
@@ -1,119 +0,0 @@
 /* apps/s_apps.h */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
 * 
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
 * 
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *    "This product includes cryptographic software written by
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
 * 4. If you include any Windows specific code (or a derivative thereof) from 
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
 * 
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 * 
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */
 #define PORT            4433
 #define PORT_STR        "4433"
 #define PROTOCOL        "tcp"
 #ifndef NOPROTO
 int do_accept(int acc_sock, int *sock, char **host);
 int do_server(int port, int *ret, int (*cb) (), char *context);
 #ifdef HEADER_X509_H
 int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
 #else
 int MS_CALLBACK verify_callback(int ok, char *ctx);
 #endif
 #ifdef HEADER_SSL_H
 int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file);
 #else
 int set_cert_stuff(char *ctx, char *cert_file, char *key_file);
 #endif
 int init_client(int *sock, char *server, int port);
 int init_client_ip(int *sock,unsigned char ip[4], int port);
 int nbio_init_client_ip(int *sock,unsigned char ip[4], int port);
 int nbio_sock_error(int sock);
 int spawn(int argc, char **argv, int *in, int *out);
 int init_server(int *sock, int port);
 int init_server_long(int *sock, int port,char *ip);
 int should_retry(int i);
 void sock_cleanup(void );
 int extract_port(char *str, short *port_ptr);
 int extract_host_port(char *str,char **host_ptr,unsigned char *ip,short *p);
 int host_ip(char *str, unsigned char ip[4]);
 long MS_CALLBACK bio_dump_cb(BIO *bio, int cmd, char *argp,
 	int argi, long argl, long ret);
 #ifdef HEADER_SSL_H
 void MS_CALLBACK apps_ssl_info_callback(SSL *s, int where, int ret);
 #else
 void MS_CALLBACK apps_ssl_info_callback(char *s, int where, int ret);
 #endif
 #else
 int do_accept();
 int do_server();
 int MS_CALLBACK verify_callback();
 int set_cert_stuff();
 int init_client();
 int init_client_ip();
 int nbio_init_client_ip();
 int nbio_sock_error();
 int spawn();
 int init_server();
 int should_retry();
 void sock_cleanup();
 int extract_port();
 int extract_host_port();
 int host_ip();
 long MS_CALLBACK bio_dump_cb();
 void MS_CALLBACK apps_ssl_info_callback();
 #endif
--- a/apps/s_cb.c
+++ b/apps/s_cb.c
@@ -1,251 +0,0 @@
 /* apps/s_cb.c */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
 * 
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
 * 
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *    "This product includes cryptographic software written by
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
 * 4. If you include any Windows specific code (or a derivative thereof) from 
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
 * 
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 * 
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */
 #include <stdio.h>
 #include <stdlib.h>
 #define USE_SOCKETS
 #define NON_MAIN
 #include "apps.h"
 #undef NON_MAIN
 #undef USE_SOCKETS
 #include "err.h"
 #include "x509.h"
 #include "ssl.h"
 #include "s_apps.h"
 int verify_depth=0;
 int verify_error=X509_V_OK;
 int MS_CALLBACK verify_callback(ok, ctx)
 int ok;
 X509_STORE_CTX *ctx;
 	{
 	char buf[256];
 	X509 *err_cert;
 	int err,depth;
 	err_cert=X509_STORE_CTX_get_current_cert(ctx);
 	err=	X509_STORE_CTX_get_error(ctx);
 	depth=	X509_STORE_CTX_get_error_depth(ctx);
 	X509_NAME_oneline(X509_get_subject_name(err_cert),buf,256);
 	BIO_printf(bio_err,"depth=%d %s\n",depth,buf);
 	if (!ok)
 		{
 		BIO_printf(bio_err,"verify error:num=%d:%s\n",err,
 			X509_verify_cert_error_string(err));
 		if (verify_depth >= depth)
 			{
 			ok=1;
 			verify_error=X509_V_OK;
 			}
 		else
 			{
 			ok=0;
 			verify_error=X509_V_ERR_CERT_CHAIN_TOO_LONG;
 			}
 		}
 	switch (ctx->error)
 		{
 	case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
 		X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert),buf,256);
 		BIO_printf(bio_err,"issuer= %s\n",buf);
 		break;
 	case X509_V_ERR_CERT_NOT_YET_VALID:
 	case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
 		BIO_printf(bio_err,"notBefore=");
 		ASN1_TIME_print(bio_err,X509_get_notBefore(ctx->current_cert));
 		BIO_printf(bio_err,"\n");
 		break;
 	case X509_V_ERR_CERT_HAS_EXPIRED:
 	case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
 		BIO_printf(bio_err,"notAfter=");
 		ASN1_TIME_print(bio_err,X509_get_notAfter(ctx->current_cert));
 		BIO_printf(bio_err,"\n");
 		break;
 		}
 	BIO_printf(bio_err,"verify return:%d\n",ok);
 	return(ok);
 	}
 int set_cert_stuff(ctx, cert_file, key_file)
 SSL_CTX *ctx;
 char *cert_file;
 char *key_file;
 	{
 	if (cert_file != NULL)
 		{
 		/*
 		SSL *ssl;
 		X509 *x509;
 		*/
 		if (SSL_CTX_use_certificate_file(ctx,cert_file,
 			SSL_FILETYPE_PEM) <= 0)
 			{
 			BIO_printf(bio_err,"unable to get certificate from '%s'\n",cert_file);
 			ERR_print_errors(bio_err);
 			return(0);
 			}
 		if (key_file == NULL) key_file=cert_file;
 		if (SSL_CTX_use_PrivateKey_file(ctx,key_file,
 			SSL_FILETYPE_PEM) <= 0)
 			{
 			BIO_printf(bio_err,"unable to get private key from '%s'\n",key_file);
 			ERR_print_errors(bio_err);
 			return(0);
 			}
 		/*
 		In theory this is no longer needed 
 		ssl=SSL_new(ctx);
 		x509=SSL_get_certificate(ssl);
 		if (x509 != NULL) {
 			EVP_PKEY *pktmp;
 			pktmp = X509_get_pubkey(x509);
 			EVP_PKEY_copy_parameters(pktmp,
 						SSL_get_privatekey(ssl));
 			EVP_PKEY_free(pktmp);
 		}
 		SSL_free(ssl);
 		*/
 		/* If we are using DSA, we can copy the parameters from
 		 * the private key */
 		/* Now we know that a key and cert have been set against
 		 * the SSL context */
 		if (!SSL_CTX_check_private_key(ctx))
 			{
 			BIO_printf(bio_err,"Private key does not match the certificate public key\n");
 			return(0);
 			}
 		}
 	return(1);
 	}
 long MS_CALLBACK bio_dump_cb(bio,cmd,argp,argi,argl,ret)
 BIO *bio;
 int cmd;
 char *argp;
 int argi;
 long argl;
 long ret;
 	{
 	BIO *out;
 	out=(BIO *)BIO_get_callback_arg(bio);
 	if (out == NULL) return(ret);
 	if (cmd == (BIO_CB_READ|BIO_CB_RETURN))
 		{
 		BIO_printf(out,"read from %08X [%08lX] (%d bytes => %ld (0x%X))\n",
 			bio,argp,argi,ret,ret);
 		BIO_dump(out,argp,(int)ret);
 		return(ret);
 		}
 	else if (cmd == (BIO_CB_WRITE|BIO_CB_RETURN))
 		{
 		BIO_printf(out,"write to %08X [%08lX] (%d bytes => %ld (0x%X))\n",
 			bio,argp,argi,ret,ret);
 		BIO_dump(out,argp,(int)ret);
 		}
 	return(ret);
 	}
 void MS_CALLBACK apps_ssl_info_callback(s,where,ret)
 SSL *s;
 int where;
 int ret;
 	{
 	char *str;
 	int w;
 	w=where& ~SSL_ST_MASK;
 	if (w & SSL_ST_CONNECT) str="SSL_connect";
 	else if (w & SSL_ST_ACCEPT) str="SSL_accept";
 	else str="undefined";
 	if (where & SSL_CB_LOOP)
 		{
 		BIO_printf(bio_err,"%s:%s\n",str,SSL_state_string_long(s));
 		}
 	else if (where & SSL_CB_ALERT)
 		{
 		str=(where & SSL_CB_READ)?"read":"write";
 		BIO_printf(bio_err,"SSL3 alert %s:%s:%s\n",
 			str,
 			SSL_alert_type_string_long(ret),
 			SSL_alert_desc_string_long(ret));
 		}
 	else if (where & SSL_CB_EXIT)
 		{
 		if (ret == 0)
 			BIO_printf(bio_err,"%s:failed in %s\n",
 				str,SSL_state_string_long(s));
 		else if (ret < 0)
 			{
 			BIO_printf(bio_err,"%s:error in %s\n",
 				str,SSL_state_string_long(s));
 			}
 		}
 	}
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -1,758 +0,0 @@
 /* apps/s_client.c */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
 * 
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
 * 
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *    "This product includes cryptographic software written by
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
 * 4. If you include any Windows specific code (or a derivative thereof) from 
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
 * 
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 * 
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #define USE_SOCKETS
 #ifdef NO_STDIO
 #define APPS_WIN16
 #endif
 #include "apps.h"
 #include "x509.h"
 #include "ssl.h"
 #include "err.h"
 #include "pem.h"
 #include "s_apps.h"
 #undef PROG
 #define PROG	s_client_main
 /*#define SSL_HOST_NAME	"www.netscape.com" */
 /*#define SSL_HOST_NAME	"193.118.187.102" */
 #define SSL_HOST_NAME	"localhost"
 /*#define TEST_CERT "client.pem" */ /* no default cert. */
 #undef BUFSIZZ
 #define BUFSIZZ 1024*8
 extern int verify_depth;
 extern int verify_error;
 #ifdef FIONBIO
 static int c_nbio=0;
 #endif
 static int c_Pause=0;
 static int c_debug=0;
 #ifndef NOPROTO
 static void sc_usage(void);
 static void print_stuff(BIO *berr,SSL *con,int full);
 #else
 static void sc_usage();
 static void print_stuff();
 #endif
 static BIO *bio_c_out=NULL;
 static int c_quiet=0;
 static void sc_usage()
 	{
 	BIO_printf(bio_err,"usage: s_client args\n");
 	BIO_printf(bio_err,"\n");
 	BIO_printf(bio_err," -host host     - use -connect instead\n");
 	BIO_printf(bio_err," -port port     - use -connect instead\n");
 	BIO_printf(bio_err," -connect host:port - who to connect to (default is %s:%s)\n",SSL_HOST_NAME,PORT_STR);
 	BIO_printf(bio_err," -verify arg   - turn on peer certificate verification\n");
 	BIO_printf(bio_err," -cert arg     - certificate file to use, PEM format assumed\n");
 	BIO_printf(bio_err," -key arg      - Private key file to use, PEM format assumed, in cert file if\n");
 	BIO_printf(bio_err,"                 not specified but cert file is.\n");
 	BIO_printf(bio_err," -CApath arg   - PEM format directory of CA's\n");
 	BIO_printf(bio_err," -CAfile arg   - PEM format file of CA's\n");
 	BIO_printf(bio_err," -reconnect    - Drop and re-make the connection with the same Session-ID\n");
 	BIO_printf(bio_err," -pause        - sleep(1) after each read(2) and write(2) system call\n");
 	BIO_printf(bio_err," -debug        - extra output\n");
 	BIO_printf(bio_err," -nbio_test    - more ssl protocol testing\n");
 	BIO_printf(bio_err," -state        - print the 'ssl' states\n");
 #ifdef FIONBIO
 	BIO_printf(bio_err," -nbio         - Run with non-blocking IO\n");
 #endif
 	BIO_printf(bio_err," -quiet        - no s_client output\n");
 	BIO_printf(bio_err," -ssl2         - just use SSLv2\n");
 	BIO_printf(bio_err," -ssl3         - just use SSLv3\n");
 	BIO_printf(bio_err," -tls1         - just use TLSv1\n");
 	BIO_printf(bio_err," -no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol\n");
 	BIO_printf(bio_err," -bugs         - Switch on all SSL implementation bug workarounds\n");
 	BIO_printf(bio_err," -cipher       - prefered cipher to use, use the 'openssl ciphers'\n");
 	BIO_printf(bio_err,"                 command to see what is available\n");
 	}
 int MAIN(argc, argv)
 int argc;
 char **argv;
 	{
 	int off=0;
 	SSL *con=NULL,*con2=NULL;
 	int s,k,width,state=0;
 	char *cbuf=NULL,*sbuf=NULL;
 	int cbuf_len,cbuf_off;
 	int sbuf_len,sbuf_off;
 	fd_set readfds,writefds;
 	short port=PORT;
 	int full_log=1;
 	char *host=SSL_HOST_NAME;
 	char *cert_file=NULL,*key_file=NULL;
 	char *CApath=NULL,*CAfile=NULL,*cipher=NULL;
 	int reconnect=0,badop=0,verify=SSL_VERIFY_NONE,bugs=0;
 	int write_tty,read_tty,write_ssl,read_ssl,tty_on;
 	SSL_CTX *ctx=NULL;
 	int ret=1,in_init=1,i,nbio_test=0;
 	SSL_METHOD *meth=NULL;
 	BIO *sbio;
 	/*static struct timeval timeout={10,0};*/
 #if !defined(NO_SSL2) && !defined(NO_SSL3)
 	meth=SSLv23_client_method();
 #elif !defined(NO_SSL3)
 	meth=SSLv3_client_method();
 #elif !defined(NO_SSL2)
 	meth=SSLv2_client_method();
 #endif
 	apps_startup();
 	c_Pause=0;
 	c_quiet=0;
 	c_debug=0;
 	if (bio_err == NULL)
 		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
 	if (	((cbuf=Malloc(BUFSIZZ)) == NULL) ||
 		((sbuf=Malloc(BUFSIZZ)) == NULL))
 		{
 		BIO_printf(bio_err,"out of memory\n");
 		goto end;
 		}
 	verify_depth=0;
 	verify_error=X509_V_OK;
 #ifdef FIONBIO
 	c_nbio=0;
 #endif
 	argc--;
 	argv++;
 	while (argc >= 1)
 		{
 		if	(strcmp(*argv,"-host") == 0)
 			{
 			if (--argc < 1) goto bad;
 			host= *(++argv);
 			}
 		else if	(strcmp(*argv,"-port") == 0)
 			{
 			if (--argc < 1) goto bad;
 			port=atoi(*(++argv));
 			if (port == 0) goto bad;
 			}
 		else if (strcmp(*argv,"-connect") == 0)
 			{
 			if (--argc < 1) goto bad;
 			if (!extract_host_port(*(++argv),&host,NULL,&port))
 				goto bad;
 			}
 		else if	(strcmp(*argv,"-verify") == 0)
 			{
 			verify=SSL_VERIFY_PEER;
 			if (--argc < 1) goto bad;
 			verify_depth=atoi(*(++argv));
 			BIO_printf(bio_err,"verify depth is %d\n",verify_depth);
 			}
 		else if	(strcmp(*argv,"-cert") == 0)
 			{
 			if (--argc < 1) goto bad;
 			cert_file= *(++argv);
 			}
 		else if	(strcmp(*argv,"-quiet") == 0)
 			c_quiet=1;
 		else if	(strcmp(*argv,"-pause") == 0)
 			c_Pause=1;
 		else if	(strcmp(*argv,"-debug") == 0)
 			c_debug=1;
 		else if	(strcmp(*argv,"-nbio_test") == 0)
 			nbio_test=1;
 		else if	(strcmp(*argv,"-state") == 0)
 			state=1;
 #ifndef NO_SSL2
 		else if	(strcmp(*argv,"-ssl2") == 0)
 			meth=SSLv2_client_method();
 #endif
 #ifndef NO_SSL3
 		else if	(strcmp(*argv,"-ssl3") == 0)
 			meth=SSLv3_client_method();
 #endif
 #ifndef NO_TLS1
 		else if	(strcmp(*argv,"-tls1") == 0)
 			meth=TLSv1_client_method();
 #endif
 		else if (strcmp(*argv,"-bugs") == 0)
 			bugs=1;
 		else if	(strcmp(*argv,"-key") == 0)
 			{
 			if (--argc < 1) goto bad;
 			key_file= *(++argv);
 			}
 		else if	(strcmp(*argv,"-reconnect") == 0)
 			{
 			reconnect=5;
 			}
 		else if	(strcmp(*argv,"-CApath") == 0)
 			{
 			if (--argc < 1) goto bad;
 			CApath= *(++argv);
 			}
 		else if	(strcmp(*argv,"-CAfile") == 0)
 			{
 			if (--argc < 1) goto bad;
 			CAfile= *(++argv);
 			}
 		else if (strcmp(*argv,"-no_tls1") == 0)
 			off|=SSL_OP_NO_TLSv1;
 		else if (strcmp(*argv,"-no_ssl3") == 0)
 			off|=SSL_OP_NO_SSLv3;
 		else if (strcmp(*argv,"-no_ssl2") == 0)
 			off|=SSL_OP_NO_SSLv2;
 		else if	(strcmp(*argv,"-cipher") == 0)
 			{
 			if (--argc < 1) goto bad;
 			cipher= *(++argv);
 			}
 #ifdef FIONBIO
 		else if (strcmp(*argv,"-nbio") == 0)
 			{ c_nbio=1; }
 #endif
 		else
 			{
 			BIO_printf(bio_err,"unknown option %s\n",*argv);
 			badop=1;
 			break;
 			}
 		argc--;
 		argv++;
 		}
 	if (badop)
 		{
 bad:
 		sc_usage();
 		goto end;
 		}
 	if (bio_c_out == NULL)
 		{
 		if (c_quiet)
 			{
 			bio_c_out=BIO_new(BIO_s_null());
 			}
 		else
 			{
 			if (bio_c_out == NULL)
 				bio_c_out=BIO_new_fp(stdout,BIO_NOCLOSE);
 			}
 		}
 	SSLeay_add_ssl_algorithms();
 	ctx=SSL_CTX_new(meth);
 	if (ctx == NULL)
 		{
 		ERR_print_errors(bio_err);
 		goto end;
 		}
 	if (bugs)
 		SSL_CTX_set_options(ctx,SSL_OP_ALL|off);
 	else
 		SSL_CTX_set_options(ctx,off);
 	if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback);
 	if (cipher != NULL)
 		SSL_CTX_set_cipher_list(ctx,cipher);
 #if 0
 	else
 		SSL_CTX_set_cipher_list(ctx,getenv("SSL_CIPHER"));
 #endif
 	SSL_CTX_set_verify(ctx,verify,verify_callback);
 	if (!set_cert_stuff(ctx,cert_file,key_file))
 		goto end;
 	if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) ||
 		(!SSL_CTX_set_default_verify_paths(ctx)))
 		{
 		/* BIO_printf(bio_err,"error seting default verify locations\n"); */
 		ERR_print_errors(bio_err);
 		/* goto end; */
 		}
 	SSL_load_error_strings();
 	con=(SSL *)SSL_new(ctx);
 /*	SSL_set_cipher_list(con,"RC4-MD5"); */
 re_start:
 	if (init_client(&s,host,port) == 0)
 		{
 		BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error());
 		SHUTDOWN(s);
 		goto end;
 		}
 	BIO_printf(bio_c_out,"CONNECTED(%08X)\n",s);
 #ifdef FIONBIO
 	if (c_nbio)
 		{
 		unsigned long l=1;
 		BIO_printf(bio_c_out,"turning on non blocking io\n");
 		if (BIO_socket_ioctl(s,FIONBIO,&l) < 0)
 			{
 			ERR_print_errors(bio_err);
 			goto end;
 			}
 		}
 #endif                                              
 	if (c_Pause & 0x01) con->debug=1;
 	sbio=BIO_new_socket(s,BIO_NOCLOSE);
 	if (nbio_test)
 		{
 		BIO *test;
 		test=BIO_new(BIO_f_nbio_test());
 		sbio=BIO_push(test,sbio);
 		}
 	if (c_debug)
 		{
 		con->debug=1;
 		BIO_set_callback(sbio,bio_dump_cb);
 		BIO_set_callback_arg(sbio,bio_c_out);
 		}
 	SSL_set_bio(con,sbio,sbio);
 	SSL_set_connect_state(con);
 	/* ok, lets connect */
 	width=SSL_get_fd(con)+1;
 	read_tty=1;
 	write_tty=0;
 	tty_on=0;
 	read_ssl=1;
 	write_ssl=1;
 	cbuf_len=0;
 	cbuf_off=0;
 	sbuf_len=0;
 	sbuf_off=0;
 	for (;;)
 		{
 		FD_ZERO(&readfds);
 		FD_ZERO(&writefds);
 		if (SSL_in_init(con) && !SSL_total_renegotiations(con))
 			{
 			in_init=1;
 			tty_on=0;
 			}
 		else
 			{
 			tty_on=1;
 			if (in_init)
 				{
 				in_init=0;
 				print_stuff(bio_c_out,con,full_log);
 				if (full_log > 0) full_log--;
 				if (reconnect)
 					{
 					reconnect--;
 					BIO_printf(bio_c_out,"drop connection and then reconnect\n");
 					SSL_shutdown(con);
 					SSL_set_connect_state(con);
 					SHUTDOWN(SSL_get_fd(con));
 					goto re_start;
 					}
 				}
 			}
 #ifndef WINDOWS
 		if (tty_on)
 			{
 			if (read_tty)  FD_SET(fileno(stdin),&readfds);
 			if (write_tty) FD_SET(fileno(stdout),&writefds);
 			}
 #endif
 		if (read_ssl)
 			FD_SET(SSL_get_fd(con),&readfds);
 		if (write_ssl)
 			FD_SET(SSL_get_fd(con),&writefds);
 /*		printf("mode tty(%d %d%d) ssl(%d%d)\n",
 			tty_on,read_tty,write_tty,read_ssl,write_ssl);*/
 		i=select(width,&readfds,&writefds,NULL,NULL);
 		if ( i < 0)
 			{
 			BIO_printf(bio_err,"bad select %d\n",
 				get_last_socket_error());
 			goto shut;
 			/* goto end; */
 			}
 		if (FD_ISSET(SSL_get_fd(con),&writefds))
 			{
 			k=SSL_write(con,&(cbuf[cbuf_off]),
 				(unsigned int)cbuf_len);
 			switch (SSL_get_error(con,k))
 				{
 			case SSL_ERROR_NONE:
 				cbuf_off+=k;
 				cbuf_len-=k;
 				if (k <= 0) goto end;
 				/* we have done a  write(con,NULL,0); */
 				if (cbuf_len <= 0)
 					{
 					read_tty=1;
 					write_ssl=0;
 					}
 				else /* if (cbuf_len > 0) */
 					{
 					read_tty=0;
 					write_ssl=1;
 					}
 				break;
 			case SSL_ERROR_WANT_WRITE:
 				BIO_printf(bio_c_out,"write W BLOCK\n");
 				write_ssl=1;
 				read_tty=0;
 				break;
 			case SSL_ERROR_WANT_READ:
 				BIO_printf(bio_c_out,"write R BLOCK\n");
 				write_tty=0;
 				read_ssl=1;
 				write_ssl=0;
 				break;
 			case SSL_ERROR_WANT_X509_LOOKUP:
 				BIO_printf(bio_c_out,"write X BLOCK\n");
 				break;
 			case SSL_ERROR_ZERO_RETURN:
 				if (cbuf_len != 0)
 					{
 					BIO_printf(bio_c_out,"shutdown\n");
 					goto shut;
 					}
 				else
 					{
 					read_tty=1;
 					write_ssl=0;
 					break;
 					}
 			case SSL_ERROR_SYSCALL:
 				if ((k != 0) || (cbuf_len != 0))
 					{
 					BIO_printf(bio_err,"write:errno=%d\n",
 						get_last_socket_error());
 					goto shut;
 					}
 				else
 					{
 					read_tty=1;
 					write_ssl=0;
 					}
 				break;
 			case SSL_ERROR_SSL:
 				ERR_print_errors(bio_err);
 				goto shut;
 				}
 			}
 #ifndef WINDOWS
 		else if (FD_ISSET(fileno(stdout),&writefds))
 			{
 			i=write(fileno(stdout),&(sbuf[sbuf_off]),sbuf_len);
 			if (i <= 0)
 				{
 				BIO_printf(bio_c_out,"DONE\n");
 				goto shut;
 				/* goto end; */
 				}
 			sbuf_len-=i;;
 			sbuf_off+=i;
 			if (sbuf_len <= 0)
 				{
 				read_ssl=1;
 				write_tty=0;
 				}
 			}
 #endif
 		else if (FD_ISSET(SSL_get_fd(con),&readfds))
 			{
 #ifdef RENEG
 { static int iiii; if (++iiii == 52) { SSL_renegotiate(con); iiii=0; } }
 #endif
 #if 1
 			k=SSL_read(con,sbuf,1024 /* BUFSIZZ */ );
 #else
 /* Demo for pending and peek :-) */
 			k=SSL_read(con,sbuf,16);
 { char zbuf[10240]; 
 printf("read=%d pending=%d peek=%d\n",k,SSL_pending(con),SSL_peek(con,zbuf,10240));
 }
 #endif
 			switch (SSL_get_error(con,k))
 				{
 			case SSL_ERROR_NONE:
 				if (k <= 0)
 					goto end;
 				sbuf_off=0;
 				sbuf_len=k;
 				read_ssl=0;
 				write_tty=1;
 				break;
 			case SSL_ERROR_WANT_WRITE:
 				BIO_printf(bio_c_out,"read W BLOCK\n");
 				write_ssl=1;
 				read_tty=0;
 				break;
 			case SSL_ERROR_WANT_READ:
 				BIO_printf(bio_c_out,"read R BLOCK\n");
 				write_tty=0;
 				read_ssl=1;
 				if ((read_tty == 0) && (write_ssl == 0))
 					write_ssl=1;
 				break;
 			case SSL_ERROR_WANT_X509_LOOKUP:
 				BIO_printf(bio_c_out,"read X BLOCK\n");
 				break;
 			case SSL_ERROR_SYSCALL:
 				BIO_printf(bio_err,"read:errno=%d\n",get_last_socket_error());
 				goto shut;
 			case SSL_ERROR_ZERO_RETURN:
 				BIO_printf(bio_c_out,"closed\n");
 				goto shut;
 			case SSL_ERROR_SSL:
 				ERR_print_errors(bio_err);
 				goto shut;
 				/* break; */
 				}
 			}
 #ifndef WINDOWS
 		else if (FD_ISSET(fileno(stdin),&readfds))
 			{
 			i=read(fileno(stdin),cbuf,BUFSIZZ);
 			if ((!c_quiet) && ((i <= 0) || (cbuf[0] == 'Q')))
 				{
 				BIO_printf(bio_err,"DONE\n");
 				goto shut;
 				}
 			if ((!c_quiet) && (cbuf[0] == 'R'))
 				{
 				SSL_renegotiate(con);
 				read_tty=0;
 				write_ssl=1;
 				}
 			else
 				{
 				cbuf_len=i;
 				cbuf_off=0;
 				}
 			read_tty=0;
 			write_ssl=1;
 			}
 #endif
 		}
 shut:
 	SSL_shutdown(con);
 	SHUTDOWN(SSL_get_fd(con));
 	ret=0;
 end:
 	if (con != NULL) SSL_free(con);
 	if (con2 != NULL) SSL_free(con2);
 	if (ctx != NULL) SSL_CTX_free(ctx);
 	if (cbuf != NULL) { memset(cbuf,0,BUFSIZZ); Free(cbuf); }
 	if (sbuf != NULL) { memset(sbuf,0,BUFSIZZ); Free(sbuf); }
 	if (bio_c_out != NULL)
 		{
 		BIO_free(bio_c_out);
 		bio_c_out=NULL;
 		}
 	EXIT(ret);
 	}
 static void print_stuff(bio,s,full)
 BIO *bio;
 SSL *s;
 int full;
 	{
 	X509 *peer=NULL;
 	char *p;
 	static char *space="                ";
 	char buf[BUFSIZ];
 	STACK *sk;
 	SSL_CIPHER *c;
 	X509_NAME *xn;
 	int j,i;
 	if (full)
 		{
 		sk=SSL_get_peer_cert_chain(s);
 		if (sk != NULL)
 			{
 			BIO_printf(bio,"---\nCertificate chain\n");
 			for (i=0; i<sk_num(sk); i++)
 				{
 				X509_NAME_oneline(X509_get_subject_name((X509 *)
 					sk_value(sk,i)),buf,BUFSIZ);
 				BIO_printf(bio,"%2d s:%s\n",i,buf);
 				X509_NAME_oneline(X509_get_issuer_name((X509 *)
 					sk_value(sk,i)),buf,BUFSIZ);
 				BIO_printf(bio,"   i:%s\n",buf);
 				}
 			}
 		BIO_printf(bio,"---\n");
 		peer=SSL_get_peer_certificate(s);
 		if (peer != NULL)
 			{
 			BIO_printf(bio,"Server certificate\n");
 			PEM_write_bio_X509(bio,peer);
 			X509_NAME_oneline(X509_get_subject_name(peer),
 				buf,BUFSIZ);
 			BIO_printf(bio,"subject=%s\n",buf);
 			X509_NAME_oneline(X509_get_issuer_name(peer),
 				buf,BUFSIZ);
 			BIO_printf(bio,"issuer=%s\n",buf);
 			}
 		else
 			BIO_printf(bio,"no peer certificate available\n");
 		sk=SSL_get_client_CA_list(s);
 		if ((sk != NULL) && (sk_num(sk) > 0))
 			{
 			BIO_printf(bio,"---\nAcceptable client certificate CA names\n");
 			for (i=0; i<sk_num(sk); i++)
 				{
 				xn=(X509_NAME *)sk_value(sk,i);
 				X509_NAME_oneline(xn,buf,sizeof(buf));
 				BIO_write(bio,buf,strlen(buf));
 				BIO_write(bio,"\n",1);
 				}
 			}
 		else
 			{
 			BIO_printf(bio,"---\nNo client certificate CA names sent\n");
 			}
 		p=SSL_get_shared_ciphers(s,buf,BUFSIZ);
 		if (p != NULL)
 			{
 			BIO_printf(bio,"---\nCiphers common between both SSL endpoints:\n");
 			j=i=0;
 			while (*p)
 				{
 				if (*p == ':')
 					{
 					BIO_write(bio,space,15-j%25);
 					i++;
 					j=0;
 					BIO_write(bio,((i%3)?" ":"\n"),1);
 					}
 				else
 					{
 					BIO_write(bio,p,1);
 					j++;
 					}
 				p++;
 				}
 			BIO_write(bio,"\n",1);
 			}
 		BIO_printf(bio,"---\nSSL handshake has read %ld bytes and written %ld bytes\n",
 			BIO_number_read(SSL_get_rbio(s)),
 			BIO_number_written(SSL_get_wbio(s)));
 		}
 	BIO_printf(bio,((s->hit)?"---\nReused, ":"---\nNew, "));
 	c=SSL_get_current_cipher(s);
 	BIO_printf(bio,"%s, Cipher is %s\n",
 		SSL_CIPHER_get_version(c),
 		SSL_CIPHER_get_name(c));
 	if (peer != NULL) {
 		EVP_PKEY *pktmp;
 		pktmp = X509_get_pubkey(peer);
 		BIO_printf(bio,"Server public key is %d bit\n",
 							 EVP_PKEY_bits(pktmp));
 		EVP_PKEY_free(pktmp);
 	}
 	SSL_SESSION_print(bio,SSL_get_session(s));
 	BIO_printf(bio,"---\n");
 	if (peer != NULL)
 		X509_free(peer);
 	}
--- a/apps/s_server.c
+++ b/apps/s_server.c
--- a/apps/s_socket.c
+++ b/apps/s_socket.c
@@ -1,675 +0,0 @@
 /* apps/s_socket.c */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
 * 
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
 * 
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *    "This product includes cryptographic software written by
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
 * 4. If you include any Windows specific code (or a derivative thereof) from 
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
 * 
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 * 
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include <errno.h>
 #include <signal.h>
 #define USE_SOCKETS
 #define NON_MAIN
 #include "apps.h"
 #undef USE_SOCKETS
 #undef NON_MAIN
 #include "s_apps.h"
 #include "ssl.h"
 #ifndef NOPROTO
 static struct hostent *GetHostByName(char *name);
 int sock_init(void );
 #else
 static struct hostent *GetHostByName();
 int sock_init();
 #endif
 #ifdef WIN16
 #define SOCKET_PROTOCOL	0 /* more microsoft stupidity */
 #else
 #define SOCKET_PROTOCOL	IPPROTO_TCP
 #endif
 #ifdef WINDOWS
 static struct WSAData wsa_state;
 static int wsa_init_done=0;
 #ifdef WIN16
 static HWND topWnd=0;
 static FARPROC lpTopWndProc=NULL;
 static FARPROC lpTopHookProc=NULL;
 extern HINSTANCE _hInstance;  /* nice global CRT provides */
 static LONG FAR PASCAL topHookProc(hwnd,message,wParam,lParam)
 HWND hwnd;
 UINT message;
 WPARAM wParam;
 LPARAM lParam;
 	{
 	if (hwnd == topWnd)
 		{
 		switch(message)
 			{
 		case WM_DESTROY:
 		case WM_CLOSE:
 			SetWindowLong(topWnd,GWL_WNDPROC,(LONG)lpTopWndProc);
 			sock_cleanup();
 			break;
 			}
 		}
 	return CallWindowProc(lpTopWndProc,hwnd,message,wParam,lParam);
 	}
 static BOOL CALLBACK enumproc(HWND hwnd,LPARAM lParam)
 	{
 	topWnd=hwnd;
 	return(FALSE);
 	}
 #endif /* WIN32 */
 #endif /* WINDOWS */
 void sock_cleanup()
 	{
 #ifdef WINDOWS
 	if (wsa_init_done)
 		{
 		wsa_init_done=0;
 		WSACancelBlockingCall();
 		WSACleanup();
 		}
 #endif
 	}
 int sock_init()
 	{
 #ifdef WINDOWS
 	if (!wsa_init_done)
 		{
 		int err;
 #ifdef SIGINT
 		signal(SIGINT,(void (*)(int))sock_cleanup);
 #endif
 		wsa_init_done=1;
 		memset(&wsa_state,0,sizeof(wsa_state));
 		if (WSAStartup(0x0101,&wsa_state)!=0)
 			{
 			err=WSAGetLastError();
 			BIO_printf(bio_err,"unable to start WINSOCK, error code=%d\n",err);
 			return(0);
 			}
 #ifdef WIN16
 		EnumTaskWindows(GetCurrentTask(),enumproc,0L);
 		lpTopWndProc=(FARPROC)GetWindowLong(topWnd,GWL_WNDPROC);
 		lpTopHookProc=MakeProcInstance((FARPROC)topHookProc,_hInstance);
 		SetWindowLong(topWnd,GWL_WNDPROC,(LONG)lpTopHookProc);
 #endif /* WIN16 */
 		}
 #endif /* WINDOWS */
 	return(1);
 	}
 int init_client(sock, host, port)
 int *sock;
 char *host;
 int port;
 	{
 	unsigned char ip[4];
 	short p=0;
 	if (!host_ip(host,&(ip[0])))
 		{
 		return(0);
 		}
 	if (p != 0) port=p;
 	return(init_client_ip(sock,ip,port));
 	}
 int init_client_ip(sock, ip, port)
 int *sock;
 unsigned char ip[4];
 int port;
 	{
 	unsigned long addr;
 	struct sockaddr_in them;
 	int s,i;
 	if (!sock_init()) return(0);
 	memset((char *)&them,0,sizeof(them));
 	them.sin_family=AF_INET;
 	them.sin_port=htons((unsigned short)port);
 	addr=(unsigned long)
 		((unsigned long)ip[0]<<24L)|
 		((unsigned long)ip[1]<<16L)|
 		((unsigned long)ip[2]<< 8L)|
 		((unsigned long)ip[3]);
 	them.sin_addr.s_addr=htonl(addr);
 	s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
 	if (s == INVALID_SOCKET) { perror("socket"); return(0); }
 	i=0;
 	i=setsockopt(s,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));
 	if (i < 0) { perror("keepalive"); return(0); }
 	if (connect(s,(struct sockaddr *)&them,sizeof(them)) == -1)
 		{ close(s); perror("connect"); return(0); }
 	*sock=s;
 	return(1);
 	}
 int nbio_sock_error(sock)
 int sock;
 	{
 	int j,i,size;
 	size=sizeof(int);
 	i=getsockopt(sock,SOL_SOCKET,SO_ERROR,(char *)&j,&size);
 	if (i < 0)
 		return(1);
 	else
 		return(j);
 	}
 int nbio_init_client_ip(sock, ip, port)
 int *sock;
 unsigned char ip[4];
 int port;
 	{
 	unsigned long addr;
 	struct sockaddr_in them;
 	int s,i;
 	if (!sock_init()) return(0);
 	memset((char *)&them,0,sizeof(them));
 	them.sin_family=AF_INET;
 	them.sin_port=htons((unsigned short)port);
 	addr=	(unsigned long)
 		((unsigned long)ip[0]<<24L)|
 		((unsigned long)ip[1]<<16L)|
 		((unsigned long)ip[2]<< 8L)|
 		((unsigned long)ip[3]);
 	them.sin_addr.s_addr=htonl(addr);
 	if (*sock <= 0)
 		{
 		unsigned long l=1;
 		s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
 		if (s == INVALID_SOCKET) { perror("socket"); return(0); }
 		i=0;
 		i=setsockopt(s,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));
 		if (i < 0) { perror("keepalive"); return(0); }
 		*sock=s;
 #ifdef FIONBIO
 		BIO_socket_ioctl(s,FIONBIO,&l);
 #endif
 		}
 	else
 		s= *sock;
 	i=connect(s,(struct sockaddr *)&them,sizeof(them));
 	if (i == INVALID_SOCKET)
 		{
 		if (BIO_sock_should_retry(i))
 			return(-1);
 		else
 			return(0);
 		}
 	else
 		return(1);
 	}
 int do_server(port, ret, cb, context)
 int port;
 int *ret;
 int (*cb)();
 char *context;
 	{
 	int sock;
 	char *name;
 	int accept_socket;
 	int i;
 	if (!init_server(&accept_socket,port)) return(0);
 	if (ret != NULL)
 		{
 		*ret=accept_socket;
 		/* return(1);*/
 		}
 	for (;;)
 		{
 		if (do_accept(accept_socket,&sock,&name) == 0)
 			{
 			SHUTDOWN(accept_socket);
 			return(0);
 			}
 		i=(*cb)(name,sock, context);
 		if (name != NULL) Free(name);
 		SHUTDOWN2(sock);
 		if (i < 0)
 			{
 			SHUTDOWN2(accept_socket);
 			return(i);
 			}
 		}
 	}
 int init_server_long(sock, port, ip)
 int *sock;
 int port;
 char *ip;
 	{
 	int ret=0;
 	struct sockaddr_in server;
 	int s= -1,i;
 	if (!sock_init()) return(0);
 	memset((char *)&server,0,sizeof(server));
 	server.sin_family=AF_INET;
 	server.sin_port=htons((unsigned short)port);
 	if (ip == NULL)
 		server.sin_addr.s_addr=INADDR_ANY;
 	else
 /* Added for T3E, address-of fails on bit field (beckman@acl.lanl.gov) */
 #ifndef BIT_FIELD_LIMITS
 		memcpy(&server.sin_addr.s_addr,ip,4);
 #else
 		memcpy(&server.sin_addr,ip,4);
 #endif
 	s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
 	if (s == INVALID_SOCKET) goto err;
 	if (bind(s,(struct sockaddr *)&server,sizeof(server)) == -1)
 		{
 #ifndef WINDOWS
 		perror("bind");
 #endif
 		goto err;
 		}
 	/* Make it 128 for linux */
 	if (listen(s,128) == -1) goto err;
 	i=0;
 	*sock=s;
 	ret=1;
 err:
 	if ((ret == 0) && (s != -1))
 		{
 		SHUTDOWN(s);
 		}
 	return(ret);
 	}
 int init_server(sock,port)
 int *sock;
 int port;
 	{
 	return(init_server_long(sock, port, NULL));
 	}
 int do_accept(acc_sock, sock, host)
 int acc_sock;
 int *sock;
 char **host;
 	{
 	int ret,i;
 	struct hostent *h1,*h2;
 	static struct sockaddr_in from;
 	int len;
 /*	struct linger ling; */
 	if (!sock_init()) return(0);
 #ifndef WINDOWS
 redoit:
 #endif
 	memset((char *)&from,0,sizeof(from));
 	len=sizeof(from);
 	ret=accept(acc_sock,(struct sockaddr *)&from,&len);
 	if (ret == INVALID_SOCKET)
 		{
 #ifdef WINDOWS
 		i=WSAGetLastError();
 		BIO_printf(bio_err,"accept error %d\n",i);
 #else
 		if (errno == EINTR)
 			{
 			/*check_timeout(); */
 			goto redoit;
 			}
 		fprintf(stderr,"errno=%d ",errno);
 		perror("accept");
 #endif
 		return(0);
 		}
 /*
 	ling.l_onoff=1;
 	ling.l_linger=0;
 	i=setsockopt(ret,SOL_SOCKET,SO_LINGER,(char *)&ling,sizeof(ling));
 	if (i < 0) { perror("linger"); return(0); }
 	i=0;
 	i=setsockopt(ret,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));
 	if (i < 0) { perror("keepalive"); return(0); }
 */
 	if (host == NULL) goto end;
 #ifndef BIT_FIELD_LIMITS
 	/* I should use WSAAsyncGetHostByName() under windows */
 	h1=gethostbyaddr((char *)&from.sin_addr.s_addr,
 		sizeof(from.sin_addr.s_addr),AF_INET);
 #else
 	h1=gethostbyaddr((char *)&from.sin_addr,
 		sizeof(struct in_addr),AF_INET);
 #endif
 	if (h1 == NULL)
 		{
 		BIO_printf(bio_err,"bad gethostbyaddr\n");
 		*host=NULL;
 		/* return(0); */
 		}
 	else
 		{
 		if ((*host=(char *)Malloc(strlen(h1->h_name)+1)) == NULL)
 			{
 			perror("Malloc");
 			return(0);
 			}
 		strcpy(*host,h1->h_name);
 		h2=GetHostByName(*host);
 		if (h2 == NULL)
 			{
 			BIO_printf(bio_err,"gethostbyname failure\n");
 			return(0);
 			}
 		i=0;
 		if (h2->h_addrtype != AF_INET)
 			{
 			BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n");
 			return(0);
 			}
 		}
 end:
 	*sock=ret;
 	return(1);
 	}
 int extract_host_port(str,host_ptr,ip,port_ptr)
 char *str;
 char **host_ptr;
 unsigned char *ip;
 short *port_ptr;
 	{
 	char *h,*p;
 	h=str;
 	p=strchr(str,':');
 	if (p == NULL)
 		{
 		BIO_printf(bio_err,"no port defined\n");
 		return(0);
 		}
 	*(p++)='\0';
 	if ((ip != NULL) && !host_ip(str,ip))
 		goto err;
 	if (host_ptr != NULL) *host_ptr=h;
 	if (!extract_port(p,port_ptr))
 		goto err;
 	return(1);
 err:
 	return(0);
 	}
 int host_ip(str,ip)
 char *str;
 unsigned char ip[4];
 	{
 	unsigned int in[4]; 
 	int i;
 	if (sscanf(str,"%d.%d.%d.%d",&(in[0]),&(in[1]),&(in[2]),&(in[3])) == 4)
 		{
 		for (i=0; i<4; i++)
 			if (in[i] > 255)
 				{
 				BIO_printf(bio_err,"invalid IP address\n");
 				goto err;
 				}
 		ip[0]=in[0];
 		ip[1]=in[1];
 		ip[2]=in[2];
 		ip[3]=in[3];
 		}
 	else
 		{ /* do a gethostbyname */
 		struct hostent *he;
 		if (!sock_init()) return(0);
 		he=GetHostByName(str);
 		if (he == NULL)
 			{
 			BIO_printf(bio_err,"gethostbyname failure\n");
 			goto err;
 			}
 		/* cast to short because of win16 winsock definition */
 		if ((short)he->h_addrtype != AF_INET)
 			{
 			BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n");
 			return(0);
 			}
 		ip[0]=he->h_addr_list[0][0];
 		ip[1]=he->h_addr_list[0][1];
 		ip[2]=he->h_addr_list[0][2];
 		ip[3]=he->h_addr_list[0][3];
 		}
 	return(1);
 err:
 	return(0);
 	}
 int extract_port(str,port_ptr)
 char *str;
 short *port_ptr;
 	{
 	int i;
 	struct servent *s;
 	i=atoi(str);
 	if (i != 0)
 		*port_ptr=(unsigned short)i;
 	else
 		{
 		s=getservbyname(str,"tcp");
 		if (s == NULL)
 			{
 			BIO_printf(bio_err,"getservbyname failure for %s\n",str);
 			return(0);
 			}
 		*port_ptr=ntohs((unsigned short)s->s_port);
 		}
 	return(1);
 	}
 #define GHBN_NUM	4
 static struct ghbn_cache_st
 	{
 	char name[128];
 	struct hostent ent;
 	unsigned long order;
 	} ghbn_cache[GHBN_NUM];
 static unsigned long ghbn_hits=0L;
 static unsigned long ghbn_miss=0L;
 static struct hostent *GetHostByName(name)
 char *name;
 	{
 	struct hostent *ret;
 	int i,lowi=0;
 	unsigned long low= (unsigned long)-1;
 	for (i=0; i<GHBN_NUM; i++)
 		{
 		if (low > ghbn_cache[i].order)
 			{
 			low=ghbn_cache[i].order;
 			lowi=i;
 			}
 		if (ghbn_cache[i].order > 0)
 			{
 			if (strncmp(name,ghbn_cache[i].name,128) == 0)
 				break;
 			}
 		}
 	if (i == GHBN_NUM) /* no hit*/
 		{
 		ghbn_miss++;
 		ret=gethostbyname(name);
 		if (ret == NULL) return(NULL);
 		/* else add to cache */
 		strncpy(ghbn_cache[lowi].name,name,128);
 		memcpy((char *)&(ghbn_cache[lowi].ent),ret,sizeof(struct hostent));
 		ghbn_cache[lowi].order=ghbn_miss+ghbn_hits;
 		return(ret);
 		}
 	else
 		{
 		ghbn_hits++;
 		ret= &(ghbn_cache[i].ent);
 		ghbn_cache[i].order=ghbn_miss+ghbn_hits;
 		return(ret);
 		}
 	}
 #ifndef MSDOS
 int spawn(argc, argv, in, out)
 int argc;
 char **argv;
 int *in;
 int *out;
 	{
 	int pid;
 #define CHILD_READ	p1[0]
 #define CHILD_WRITE	p2[1]
 #define PARENT_READ	p2[0]
 #define PARENT_WRITE	p1[1]
 	int p1[2],p2[2];
 	if ((pipe(p1) < 0) || (pipe(p2) < 0)) return(-1);
 	if ((pid=fork()) == 0)
 		{ /* child */
 		if (dup2(CHILD_WRITE,fileno(stdout)) < 0)
 			perror("dup2");
 		if (dup2(CHILD_WRITE,fileno(stderr)) < 0)
 			perror("dup2");
 		if (dup2(CHILD_READ,fileno(stdin)) < 0)
 			perror("dup2");
 		close(CHILD_READ); 
 		close(CHILD_WRITE);
 		close(PARENT_READ);
 		close(PARENT_WRITE);
 		execvp(argv[0],argv);
 		perror("child");
 		exit(1);
 		}
 	/* parent */
 	*in= PARENT_READ;
 	*out=PARENT_WRITE;
 	close(CHILD_READ);
 	close(CHILD_WRITE);
 	return(pid);
 	}
 #endif /* MSDOS */
 #ifdef undef
 	/* Turn on synchronous sockets so that we can do a WaitForMultipleObjects
 	 * on sockets */
 	{
 	SOCKET s;
 	int optionValue = SO_SYNCHRONOUS_NONALERT;
 	int err;
 	err = setsockopt( 
 	    INVALID_SOCKET, 
 	    SOL_SOCKET, 
 	    SO_OPENTYPE, 
 	    (char *)&optionValue, 
 	    sizeof(optionValue));
 	if (err != NO_ERROR) {
 	/* failed for some reason... */
 		BIO_printf(bio_err, "failed to setsockopt(SO_OPENTYPE, SO_SYNCHRONOUS_ALERT) - %d\n",
 			WSAGetLastError());
 		}
 	}
 #endif
--- a/apps/s_time.c
+++ b/apps/s_time.c
@@ -1,704 +0,0 @@
 /* apps/s_time.c */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
 * 
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
 * 
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *    "This product includes cryptographic software written by
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
 * 4. If you include any Windows specific code (or a derivative thereof) from 
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
 * 
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 * 
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */
 #define NO_SHUTDOWN
 /*-----------------------------------------
   s_time - SSL client connection timer program
   Written and donated by Larry Streepy <streepy@healthcare.com>
  -----------------------------------------*/
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #ifdef NO_STDIO
 #define APPS_WIN16
 #endif
 #include "x509.h"
 #include "ssl.h"
 #include "pem.h"
 #define USE_SOCKETS
 #include "apps.h"
 #include "s_apps.h"
 #include "err.h"
 #ifdef WIN32_STUFF
 #include "winmain.h"
 #include "wintext.h"
 #endif
 #ifndef MSDOS
 #define TIMES
 #endif
 #ifndef VMS
 #ifndef _IRIX
 #include <time.h>
 #endif
 #ifdef TIMES
 #include <sys/types.h>
 #include <sys/times.h>
 #endif
 #else /* VMS */
 #include <types.h>
 struct tms {
 	time_t tms_utime;
 	time_t tms_stime;
 	time_t tms_uchild;	/* I dunno...  */
 	time_t tms_uchildsys;	/* so these names are a guess :-) */
 	}
 #endif
 #ifndef TIMES
 #include <sys/timeb.h>
 #endif
 #ifdef _AIX
 #include <sys/select.h>
 #endif
 #if defined(sun) || defined(__ultrix)
 #define _POSIX_SOURCE
 #include <limits.h>
 #include <sys/param.h>
 #endif
 /* The following if from times(3) man page.  It may need to be changed
 */
 #ifndef HZ
 #ifndef CLK_TCK
 #ifndef VMS
 #define HZ      100.0
 #else /* VMS */
 #define HZ      100.0
 #endif
 #else /* CLK_TCK */
 #define HZ ((double)CLK_TCK)
 #endif
 #endif
 #undef PROG
 #define PROG s_time_main
 #define ioctl ioctlsocket
 #define SSL_CONNECT_NAME	"localhost:4433"
 /*#define TEST_CERT "client.pem" */ /* no default cert. */
 #undef BUFSIZZ
 #define BUFSIZZ 1024*10
 #define min(a,b) (((a) < (b)) ? (a) : (b))
 #define max(a,b) (((a) > (b)) ? (a) : (b))
 #undef SECONDS
 #define SECONDS	30
 extern int verify_depth;
 extern int verify_error;
 #ifndef NOPROTO
 static void s_time_usage(void);
 static int parseArgs( int argc, char **argv );
 static SSL *doConnection( SSL *scon );
 static void s_time_init(void);
 #else
 static void s_time_usage();
 static int parseArgs();
 static SSL *doConnection();
 static void s_time_init();
 #endif
 /***********************************************************************
 * Static data declarations
 */
 /* static char *port=PORT_STR;*/
 static char *host=SSL_CONNECT_NAME;
 static char *t_cert_file=NULL;
 static char *t_key_file=NULL;
 static char *CApath=NULL;
 static char *CAfile=NULL;
 static char *tm_cipher=NULL;
 static int tm_verify = SSL_VERIFY_NONE;
 static int maxTime = SECONDS;
 static SSL_CTX *tm_ctx=NULL;
 static SSL_METHOD *s_time_meth=NULL;
 static char *s_www_path=NULL;
 static long bytes_read=0; 
 static int st_bugs=0;
 static int perform=0;
 #ifdef FIONBIO
 static int t_nbio=0;
 #endif
 #ifdef WIN32
 static int exitNow = 0;		/* Set when it's time to exit main */
 #endif
 static void s_time_init()
 	{
 	host=SSL_CONNECT_NAME;
 	t_cert_file=NULL;
 	t_key_file=NULL;
 	CApath=NULL;
 	CAfile=NULL;
 	tm_cipher=NULL;
 	tm_verify = SSL_VERIFY_NONE;
 	maxTime = SECONDS;
 	tm_ctx=NULL;
 	s_time_meth=NULL;
 	s_www_path=NULL;
 	bytes_read=0; 
 	st_bugs=0;
 	perform=0;
 #ifdef FIONBIO
 	t_nbio=0;
 #endif
 #ifdef WIN32
 	exitNow = 0;		/* Set when it's time to exit main */
 #endif
 	}
 /***********************************************************************
 * usage - display usage message
 */
 static void s_time_usage()
 {
 	static char umsg[] = "\
 -time arg     - max number of seconds to collect data, default %d\n\
 -verify arg   - turn on peer certificate verification, arg == depth\n\
 -cert arg     - certificate file to use, PEM format assumed\n\
 -key arg      - RSA file to use, PEM format assumed, key is in cert file\n\
                file if not specified by this option\n\
 -CApath arg   - PEM format directory of CA's\n\
 -CAfile arg   - PEM format file of CA's\n\
 -cipher       - prefered cipher to use, play with 'openssl ciphers'\n\n";
 	printf( "usage: s_time <args>\n\n" );
 	printf("-connect host:port - host:port to connect to (default is %s)\n",SSL_CONNECT_NAME);
 #ifdef FIONBIO
 	printf("-nbio         - Run with non-blocking IO\n");
 	printf("-ssl2         - Just use SSLv2\n");
 	printf("-ssl3         - Just use SSLv3\n");
 	printf("-bugs         - Turn on SSL bug compatability\n");
 	printf("-new          - Just time new connections\n");
 	printf("-reuse        - Just time connection reuse\n");
 	printf("-www page     - Retrieve 'page' from the site\n");
 #endif
 	printf( umsg,SECONDS );
 }
 /***********************************************************************
 * parseArgs - Parse command line arguments and initialize data
 *
 * Returns 0 if ok, -1 on bad args
 */
 static int parseArgs(argc,argv)
 int argc;
 char **argv;
 {
    int badop = 0;
    verify_depth=0;
    verify_error=X509_V_OK;
 #ifdef FIONBIO
    t_nbio=0;
 #endif
 	apps_startup();
 	s_time_init();
 	if (bio_err == NULL)
 		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
    argc--;
    argv++;
    while (argc >= 1) {
 	if (strcmp(*argv,"-connect") == 0)
 		{
 		if (--argc < 1) goto bad;
 		host= *(++argv);
 		}
 #if 0
 	else if( strcmp(*argv,"-host") == 0)
 		{
 		if (--argc < 1) goto bad;
 		host= *(++argv);
 		}
 	else if( strcmp(*argv,"-port") == 0)
 		{
 		if (--argc < 1) goto bad;
 		port= *(++argv);
 		}
 #endif
 	else if (strcmp(*argv,"-reuse") == 0)
 		perform=2;
 	else if (strcmp(*argv,"-new") == 0)
 		perform=1;
 	else if( strcmp(*argv,"-verify") == 0) {
 	    tm_verify=SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE;
 	    if (--argc < 1) goto bad;
 	    verify_depth=atoi(*(++argv));
 	    BIO_printf(bio_err,"verify depth is %d\n",verify_depth);
 	} else if( strcmp(*argv,"-cert") == 0) {
 	    if (--argc < 1) goto bad;
 	    t_cert_file= *(++argv);
 	} else if( strcmp(*argv,"-key") == 0) {
 	    if (--argc < 1) goto bad;
 	    t_key_file= *(++argv);
 	} else if( strcmp(*argv,"-CApath") == 0) {
 	    if (--argc < 1) goto bad;
 	    CApath= *(++argv);
 	} else if( strcmp(*argv,"-CAfile") == 0) {
 	    if (--argc < 1) goto bad;
 	    CAfile= *(++argv);
 	} else if( strcmp(*argv,"-cipher") == 0) {
 	    if (--argc < 1) goto bad;
 	    tm_cipher= *(++argv);
 	}
 #ifdef FIONBIO
 	else if(strcmp(*argv,"-nbio") == 0) {
 	    t_nbio=1;
 	}
 #endif
 	else if(strcmp(*argv,"-www") == 0)
 		{
 		if (--argc < 1) goto bad;
 		s_www_path= *(++argv);
 		}
 	else if(strcmp(*argv,"-bugs") == 0)
 	    st_bugs=1;
 #ifndef NO_SSL2
 	else if(strcmp(*argv,"-ssl2") == 0)
 	    s_time_meth=SSLv2_client_method();
 #endif
 #ifndef NO_SSL3
 	else if(strcmp(*argv,"-ssl3") == 0)
 	    s_time_meth=SSLv3_client_method();
 #endif
 	else if( strcmp(*argv,"-time") == 0) {
 	    if (--argc < 1) goto bad;
 	    maxTime= atoi(*(++argv));
 	}
 	else {
 	    BIO_printf(bio_err,"unknown option %s\n",*argv);
 	    badop=1;
 	    break;
 	}
 	argc--;
 	argv++;
    }
    if (perform == 0) perform=3;
    if(badop) {
 bad:
 		s_time_usage();
 		return -1;
    }
 	return 0;			/* Valid args */
 }
 /***********************************************************************
 * TIME - time functions
 */
 #define START	0
 #define STOP	1
 static double tm_Time_F(s)
 int s;
 	{
 	static double ret;
 #ifdef TIMES
 	static struct tms tstart,tend;
 	if(s == START) {
 		times(&tstart);
 		return(0);
 	} else {
 		times(&tend);
 		ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
 		return((ret == 0.0)?1e-6:ret);
 	}
 #else /* !times() */
 	static struct timeb tstart,tend;
 	long i;
 	if(s == START) {
 		ftime(&tstart);
 		return(0);
 	} else {
 		ftime(&tend);
 		i=(long)tend.millitm-(long)tstart.millitm;
 		ret=((double)(tend.time-tstart.time))+((double)i)/1000.0;
 		return((ret == 0.0)?1e-6:ret);
 	}
 #endif
 }
 /***********************************************************************
 * MAIN - main processing area for client
 *			real name depends on MONOLITH
 */
 int
 MAIN(argc,argv)
 int argc;
 char **argv;
 	{
 	double totalTime = 0.0;
 	int nConn = 0;
 	SSL *scon=NULL;
 	long finishtime=0;
 	int ret=1,i;
 	MS_STATIC char buf[1024*8];
 	int ver;
 #if !defined(NO_SSL2) && !defined(NO_SSL3)
 	s_time_meth=SSLv23_client_method();
 #elif !defined(NO_SSL3)
 	s_time_meth=SSLv3_client_method();
 #elif !defined(NO_SSL2)
 	s_time_meth=SSLv2_client_method();
 #endif
 	/* parse the command line arguments */
 	if( parseArgs( argc, argv ) < 0 )
 		goto end;
 	SSLeay_add_ssl_algorithms();
 	if ((tm_ctx=SSL_CTX_new(s_time_meth)) == NULL) return(1);
 	SSL_CTX_set_quiet_shutdown(tm_ctx,1);
 	if (st_bugs) SSL_CTX_set_options(tm_ctx,SSL_OP_ALL);
 	SSL_CTX_set_cipher_list(tm_ctx,tm_cipher);
 	if(!set_cert_stuff(tm_ctx,t_cert_file,t_key_file)) 
 		goto end;
 	SSL_load_error_strings();
 	if ((!SSL_CTX_load_verify_locations(tm_ctx,CAfile,CApath)) ||
 		(!SSL_CTX_set_default_verify_paths(tm_ctx)))
 		{
 		/* BIO_printf(bio_err,"error seting default verify locations\n"); */
 		ERR_print_errors(bio_err);
 		/* goto end; */
 		}
 	if (tm_cipher == NULL)
 		tm_cipher = getenv("SSL_CIPHER");
 	if (tm_cipher == NULL ) {
 		fprintf( stderr, "No CIPHER specified\n" );
 /*		EXIT(1); */
 	}
 	if (!(perform & 1)) goto next;
 	printf( "Collecting connection statistics for %d seconds\n", maxTime );
 	/* Loop and time how long it takes to make connections */
 	bytes_read=0;
 	finishtime=(long)time(NULL)+maxTime;
 	tm_Time_F(START);
 	for (;;)
 		{
 		if (finishtime < time(NULL)) break;
 #ifdef WIN32_STUFF
 		if( flushWinMsgs(0) == -1 )
 			goto end;
 		if( waitingToDie || exitNow )		/* we're dead */
 			goto end;
 #endif
 		if( (scon = doConnection( NULL )) == NULL )
 			goto end;
 		if (s_www_path != NULL)
 			{
 			sprintf(buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path);
 			SSL_write(scon,buf,strlen(buf));
 			while ((i=SSL_read(scon,buf,sizeof(buf))) > 0)
 				bytes_read+=i;
 			}
 #ifdef NO_SHUTDOWN
 		SSL_set_shutdown(scon,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
 #else
 		SSL_shutdown(scon);
 #endif
 		SHUTDOWN2(SSL_get_fd(scon));
 		nConn += 1;
 		if (SSL_session_reused(scon))
 			ver='r';
 		else
 			{
 			ver=SSL_version(scon);
 			if (ver == TLS1_VERSION)
 				ver='t';
 			else if (ver == SSL3_VERSION)
 				ver='3';
 			else if (ver == SSL2_VERSION)
 				ver='2';
 			else
 				ver='*';
 			}
 		fputc(ver,stdout);
 		fflush(stdout);
 		SSL_free( scon );
 		scon=NULL;
 		}
 	totalTime += tm_Time_F(STOP); /* Add the time for this iteration */
 	i=(int)(time(NULL)-finishtime+maxTime);
 	printf( "\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n", nConn, totalTime, ((double)nConn/totalTime),bytes_read);
 	printf( "%d connections in %ld real seconds, %ld bytes read per connection\n",nConn,time(NULL)-finishtime+maxTime,bytes_read/nConn);
 	/* Now loop and time connections using the same session id over and over */
 next:
 	if (!(perform & 2)) goto end;
 	printf( "\n\nNow timing with session id reuse.\n" );
 	/* Get an SSL object so we can reuse the session id */
 	if( (scon = doConnection( NULL )) == NULL )
 		{
 		fprintf( stderr, "Unable to get connection\n" );
 		goto end;
 		}
 	if (s_www_path != NULL)
 		{
 		sprintf(buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path);
 		SSL_write(scon,buf,strlen(buf));
 		while (SSL_read(scon,buf,sizeof(buf)) > 0)
 			;
 		}
 #ifdef NO_SHUTDOWN
 	SSL_set_shutdown(scon,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
 #else
 	SSL_shutdown(scon);
 #endif
 	SHUTDOWN2(SSL_get_fd(scon));
 	nConn = 0;
 	totalTime = 0.0;
 	finishtime=time(NULL)+maxTime;
 	printf( "starting\n" );
 	bytes_read=0;
 	tm_Time_F(START);
 	for (;;)
 		{
 		if (finishtime < time(NULL)) break;
 #ifdef WIN32_STUFF
 		if( flushWinMsgs(0) == -1 )
 			goto end;
 		if( waitingToDie || exitNow )	/* we're dead */
 			goto end;
 #endif
 	 	if( (doConnection( scon )) == NULL )
 			goto end;
 		if (s_www_path)
 			{
 			sprintf(buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path);
 			SSL_write(scon,buf,strlen(buf));
 			while ((i=SSL_read(scon,buf,sizeof(buf))) > 0)
 				bytes_read+=i;
 			}
 #ifdef NO_SHUTDOWN
 		SSL_set_shutdown(scon,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
 #else
 		SSL_shutdown(scon);
 #endif
 		SHUTDOWN2(SSL_get_fd(scon));
 		nConn += 1;
 		if (SSL_session_reused(scon))
 			ver='r';
 		else
 			{
 			ver=SSL_version(scon);
 			if (ver == TLS1_VERSION)
 				ver='t';
 			else if (ver == SSL3_VERSION)
 				ver='3';
 			else if (ver == SSL2_VERSION)
 				ver='2';
 			else
 				ver='*';
 			}
 		fputc(ver,stdout);
 		fflush(stdout);
 		}
 	totalTime += tm_Time_F(STOP); /* Add the time for this iteration*/
 	printf( "\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n", nConn, totalTime, ((double)nConn/totalTime),bytes_read);
 	printf( "%d connections in %ld real seconds, %ld bytes read per connection\n",nConn,time(NULL)-finishtime+maxTime,bytes_read/nConn);
 	ret=0;
 end:
 	if (scon != NULL) SSL_free(scon);
 	if (tm_ctx != NULL)
 		{
 		SSL_CTX_free(tm_ctx);
 		tm_ctx=NULL;
 		}
 	EXIT(ret);
 	}
 /***********************************************************************
 * doConnection - make a connection
 * Args:
 *		scon	= earlier ssl connection for session id, or NULL
 * Returns:
 *		SSL *	= the connection pointer.
 */
 static SSL *
 doConnection(scon)
 SSL *scon;
 	{
 	BIO *conn;
 	SSL *serverCon;
 	int width, i;
 	fd_set readfds;
 	if ((conn=BIO_new(BIO_s_connect())) == NULL)
 		return(NULL);
 /*	BIO_set_conn_port(conn,port);*/
 	BIO_set_conn_hostname(conn,host);
 	if (scon == NULL)
 		serverCon=(SSL *)SSL_new(tm_ctx);
 	else
 		{
 		serverCon=scon;
 		SSL_set_connect_state(serverCon);
 		}
 	SSL_set_bio(serverCon,conn,conn);
 #if 0
 	if( scon != NULL )
 		SSL_set_session(serverCon,SSL_get_session(scon));
 #endif
 	/* ok, lets connect */
 	for(;;) {
 		i=SSL_connect(serverCon);
 		if (BIO_sock_should_retry(i))
 			{
 			BIO_printf(bio_err,"DELAY\n");
 			i=SSL_get_fd(serverCon);
 			width=i+1;
 			FD_ZERO(&readfds);
 			FD_SET(i,&readfds);
 			select(width,&readfds,NULL,NULL,NULL);
 			continue;
 			}
 		break;
 		}
 	if(i <= 0)
 		{
 		BIO_printf(bio_err,"ERROR\n");
 		if (verify_error != X509_V_OK)
 			BIO_printf(bio_err,"verify error:%s\n",
 				X509_verify_cert_error_string(verify_error));
 		else
 			ERR_print_errors(bio_err);
 		if (scon == NULL)
 			SSL_free(serverCon);
 		return NULL;
 		}
 	return serverCon;
 	}
--- a/apps/sc.c
+++ b/apps/sc.c
@@ -1,784 +0,0 @@
 /* apps/s_client.c */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
 * 
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
 * 
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *    "This product includes cryptographic software written by
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
 * 4. If you include any Windows specific code (or a derivative thereof) from 
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
 * 
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 * 
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #define USE_SOCKETS
 #ifdef NO_STDIO
 #define APPS_WIN16
 #endif
 #include "apps.h"
 #include "x509.h"
 #include "ssl.h"
 #include "err.h"
 #include "pem.h"
 #include "s_apps.h"
 #ifdef WINDOWS
 /* Most of the #if(n)def WINDOWS put in by Gerrit van Niekerk 
   <gerritvn@osi.co.za> to support the keyboard under Windows.
   Tested using Win95, *should* work with NT and Win3.x
 */
 #include <conio.h>
 #endif
 #undef PROG
 #define PROG	s_client_main
 /*#define SSL_HOST_NAME	"www.netscape.com" */
 /*#define SSL_HOST_NAME	"193.118.187.102" */
 #define SSL_HOST_NAME	"localhost"
 /*#define TEST_CERT "client.pem" */ /* no default cert. */
 #undef BUFSIZZ
 #define BUFSIZZ 1024*8
 extern int verify_depth;
 extern int verify_error;
 #ifdef FIONBIO
 static int c_nbio=0;
 #endif
 static int c_Pause=0;
 static int c_debug=0;
 #ifndef NOPROTO
 static void sc_usage(void);
 static void print_stuff(BIO *berr,SSL *con,int full);
 #else
 static void sc_usage();
 static void print_stuff();
 #endif
 static BIO *bio_c_out=NULL;
 static int c_quiet=0;
 static void sc_usage()
 	{
 	BIO_printf(bio_err,"usage: client args\n");
 	BIO_printf(bio_err,"\n");
 	BIO_printf(bio_err," -host host     - use -connect instead\n");
 	BIO_printf(bio_err," -port port     - use -connect instead\n");
 	BIO_printf(bio_err," -connect host:port - who to connect to (default is %s:%s)\n",SSL_HOST_NAME,PORT_STR);
 	BIO_printf(bio_err," -verify arg   - turn on peer certificate verification\n");
 	BIO_printf(bio_err," -cert arg     - certificate file to use, PEM format assumed\n");
 	BIO_printf(bio_err," -key arg      - Private key file to use, PEM format assumed, in cert file if\n");
 	BIO_printf(bio_err,"                 not specified but cert file is.\n");
 	BIO_printf(bio_err," -CApath arg   - PEM format directory of CA's\n");
 	BIO_printf(bio_err," -CAfile arg   - PEM format file of CA's\n");
 	BIO_printf(bio_err," -reconnect    - Drop and re-make the connection with the same Session-ID\n");
 	BIO_printf(bio_err," -pause        - sleep(1) after each read(2) and write(2) system call\n");
 	BIO_printf(bio_err," -debug        - extra output\n");
 	BIO_printf(bio_err," -nbio_test    - more ssl protocol testing\n");
 	BIO_printf(bio_err," -state        - print the 'ssl' states\n");
 #ifdef FIONBIO
 	BIO_printf(bio_err," -nbio         - Run with non-blocking IO\n");
 #endif
 	BIO_printf(bio_err," -quiet        - no s_client output\n");
 	BIO_printf(bio_err," -ssl2         - just use SSLv2\n");
 	BIO_printf(bio_err," -ssl3         - just use SSLv3\n");
 	BIO_printf(bio_err," -tls1         - just use TLSv1\n");
 	BIO_printf(bio_err," -no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol\n");
 	BIO_printf(bio_err," -bugs         - Switch on all SSL implementation bug workarounds\n");
 	BIO_printf(bio_err," -cipher       - prefered cipher to use, use the 'openssl ciphers'\n");
 	BIO_printf(bio_err,"                 command to see what is available\n");
 	}
 int MAIN(argc, argv)
 int argc;
 char **argv;
 	{
 	int off=0;
 	SSL *con=NULL,*con2=NULL;
 	int s,k,width,state=0;
 	char *cbuf=NULL,*sbuf=NULL;
 	int cbuf_len,cbuf_off;
 	int sbuf_len,sbuf_off;
 	fd_set readfds,writefds;
 	short port=PORT;
 	int full_log=1;
 	char *host=SSL_HOST_NAME;
 	char *cert_file=NULL,*key_file=NULL;
 	char *CApath=NULL,*CAfile=NULL,*cipher=NULL;
 	int reconnect=0,badop=0,verify=SSL_VERIFY_NONE,bugs=0;
 	int write_tty,read_tty,write_ssl,read_ssl,tty_on;
 	SSL_CTX *ctx=NULL;
 	int ret=1,in_init=1,i,nbio_test=0;
 	SSL_METHOD *meth=NULL;
 	BIO *sbio;
 	/*static struct timeval timeout={10,0};*/
 #if !defined(NO_SSL2) && !defined(NO_SSL3)
 	meth=SSLv23_client_method();
 #elif !defined(NO_SSL3)
 	meth=SSLv3_client_method();
 #elif !defined(NO_SSL2)
 	meth=SSLv2_client_method();
 #endif
 	apps_startup();
 	c_Pause=0;
 	c_quiet=0;
 	c_debug=0;
 	if (bio_err == NULL)
 		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
 	if (	((cbuf=Malloc(BUFSIZZ)) == NULL) ||
 		((sbuf=Malloc(BUFSIZZ)) == NULL))
 		{
 		BIO_printf(bio_err,"out of memory\n");
 		goto end;
 		}
 	verify_depth=0;
 	verify_error=X509_V_OK;
 #ifdef FIONBIO
 	c_nbio=0;
 #endif
 #ifdef WINDOWS
 	c_nbio = 1;
 #endif
 	argc--;
 	argv++;
 	while (argc >= 1)
 		{
 		if	(strcmp(*argv,"-host") == 0)
 			{
 			if (--argc < 1) goto bad;
 			host= *(++argv);
 			}
 		else if	(strcmp(*argv,"-port") == 0)
 			{
 			if (--argc < 1) goto bad;
 			port=atoi(*(++argv));
 			if (port == 0) goto bad;
 			}
 		else if (strcmp(*argv,"-connect") == 0)
 			{
 			if (--argc < 1) goto bad;
 			if (!extract_host_port(*(++argv),&host,NULL,&port))
 				goto bad;
 			}
 		else if	(strcmp(*argv,"-verify") == 0)
 			{
 			verify=SSL_VERIFY_PEER;
 			if (--argc < 1) goto bad;
 			verify_depth=atoi(*(++argv));
 			BIO_printf(bio_err,"verify depth is %d\n",verify_depth);
 			}
 		else if	(strcmp(*argv,"-cert") == 0)
 			{
 			if (--argc < 1) goto bad;
 			cert_file= *(++argv);
 			}
 		else if	(strcmp(*argv,"-quiet") == 0)
 			c_quiet=1;
 		else if	(strcmp(*argv,"-pause") == 0)
 			c_Pause=1;
 		else if	(strcmp(*argv,"-debug") == 0)
 			c_debug=1;
 		else if	(strcmp(*argv,"-nbio_test") == 0)
 			nbio_test=1;
 		else if	(strcmp(*argv,"-state") == 0)
 			state=1;
 #ifndef NO_SSL2
 		else if	(strcmp(*argv,"-ssl2") == 0)
 			meth=SSLv2_client_method();
 #endif
 #ifndef NO_SSL3
 		else if	(strcmp(*argv,"-ssl3") == 0)
 			meth=SSLv3_client_method();
 #endif
 #ifndef NO_TLS1
 		else if	(strcmp(*argv,"-tls1") == 0)
 			meth=TLSv1_client_method();
 #endif
 		else if (strcmp(*argv,"-bugs") == 0)
 			bugs=1;
 		else if	(strcmp(*argv,"-key") == 0)
 			{
 			if (--argc < 1) goto bad;
 			key_file= *(++argv);
 			}
 		else if	(strcmp(*argv,"-reconnect") == 0)
 			{
 			reconnect=5;
 			}
 		else if	(strcmp(*argv,"-CApath") == 0)
 			{
 			if (--argc < 1) goto bad;
 			CApath= *(++argv);
 			}
 		else if	(strcmp(*argv,"-CAfile") == 0)
 			{
 			if (--argc < 1) goto bad;
 			CAfile= *(++argv);
 			}
 		else if (strcmp(*argv,"-no_tls1") == 0)
 			off|=SSL_OP_NO_TLSv1;
 		else if (strcmp(*argv,"-no_ssl3") == 0)
 			off|=SSL_OP_NO_SSLv3;
 		else if (strcmp(*argv,"-no_ssl2") == 0)
 			off|=SSL_OP_NO_SSLv2;
 		else if	(strcmp(*argv,"-cipher") == 0)
 			{
 			if (--argc < 1) goto bad;
 			cipher= *(++argv);
 			}
 #ifdef FIONBIO
 		else if (strcmp(*argv,"-nbio") == 0)
 			{ c_nbio=1; }
 #endif
 		else
 			{
 			BIO_printf(bio_err,"unknown option %s\n",*argv);
 			badop=1;
 			break;
 			}
 		argc--;
 		argv++;
 		}
 	if (badop)
 		{
 bad:
 		sc_usage();
 		goto end;
 		}
 	if (bio_c_out == NULL)
 		{
 		if (c_quiet)
 			{
 			bio_c_out=BIO_new(BIO_s_null());
 			}
 		else
 			{
 			if (bio_c_out == NULL)
 				bio_c_out=BIO_new_fp(stdout,BIO_NOCLOSE);
 			}
 		}
 	SSLeay_add_ssl_algorithms();
 	ctx=SSL_CTX_new(meth);
 	if (ctx == NULL)
 		{
 		ERR_print_errors(bio_err);
 		goto end;
 		}
 	if (bugs)
 		SSL_CTX_set_options(ctx,SSL_OP_ALL|off);
 	else
 		SSL_CTX_set_options(ctx,off);
 	if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback);
 	if (cipher != NULL)
 		SSL_CTX_set_cipher_list(ctx,cipher);
 #if 0
 	else
 		SSL_CTX_set_cipher_list(ctx,getenv("SSL_CIPHER"));
 #endif
 	SSL_CTX_set_verify(ctx,verify,verify_callback);
 	if (!set_cert_stuff(ctx,cert_file,key_file))
 		goto end;
 	if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) ||
 		(!SSL_CTX_set_default_verify_paths(ctx)))
 		{
 		/* BIO_printf(bio_err,"error seting default verify locations\n"); */
 		ERR_print_errors(bio_err);
 		/* goto end; */
 		}
 	SSL_load_error_strings();
 	con=(SSL *)SSL_new(ctx);
 /*	SSL_set_cipher_list(con,"RC4-MD5"); */
 re_start:
 	if (init_client(&s,host,port) == 0)
 		{
 		BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error());
 		SHUTDOWN(s);
 		goto end;
 		}
 	BIO_printf(bio_c_out,"CONNECTED(%08X)\n",s);
 #ifdef FIONBIO
 	if (c_nbio)
 		{
 		unsigned long l=1;
 		BIO_printf(bio_c_out,"turning on non blocking io\n");
 		if (BIO_socket_ioctl(s,FIONBIO,&l) < 0)
 			{
 			ERR_print_errors(bio_err);
 			goto end;
 			}
 		}
 #endif                                              
 	if (c_Pause & 0x01) con->debug=1;
 	sbio=BIO_new_socket(s,BIO_NOCLOSE);
 	if (nbio_test)
 		{
 		BIO *test;
 		test=BIO_new(BIO_f_nbio_test());
 		sbio=BIO_push(test,sbio);
 		}
 	if (c_debug)
 		{
 		con->debug=1;
 		BIO_set_callback(sbio,bio_dump_cb);
 		BIO_set_callback_arg(sbio,bio_c_out);
 		}
 	SSL_set_bio(con,sbio,sbio);
 	SSL_set_connect_state(con);
 	/* ok, lets connect */
 	width=SSL_get_fd(con)+1;
 	read_tty=1;
 	write_tty=0;
 	tty_on=0;
 	read_ssl=1;
 	write_ssl=1;
 	cbuf_len=0;
 	cbuf_off=0;
 	sbuf_len=0;
 	sbuf_off=0;
 	for (;;)
 		{
 		FD_ZERO(&readfds);
 		FD_ZERO(&writefds);
 		if (SSL_in_init(con) && !SSL_total_renegotiations(con))
 			{
 			in_init=1;
 			tty_on=0;
 			}
 		else
 			{
 			tty_on=1;
 			if (in_init)
 				{
 				in_init=0;
 				print_stuff(bio_c_out,con,full_log);
 				if (full_log > 0) full_log--;
 				if (reconnect)
 					{
 					reconnect--;
 					BIO_printf(bio_c_out,"drop connection and then reconnect\n");
 					SSL_shutdown(con);
 					SSL_set_connect_state(con);
 					SHUTDOWN(SSL_get_fd(con));
 					goto re_start;
 					}
 				}
 			}
 #ifndef WINDOWS
 		if (tty_on)
 			{
 			if (read_tty)  FD_SET(fileno(stdin),&readfds);
 			if (write_tty) FD_SET(fileno(stdout),&writefds);
 			}
 #endif
 		if (read_ssl)
 			FD_SET(SSL_get_fd(con),&readfds);
 		if (write_ssl)
 			FD_SET(SSL_get_fd(con),&writefds);
 /*		printf("mode tty(%d %d%d) ssl(%d%d)\n",
 			tty_on,read_tty,write_tty,read_ssl,write_ssl);*/
 #ifndef WINDOWS
 		i=select(width,&readfds,&writefds,NULL,NULL);
 		if ( i < 0)
 			{
 			BIO_printf(bio_err,"bad select %d\n",
 				get_last_socket_error());
 			goto shut;
 			/* goto end; */
 			}
 		if (FD_ISSET(SSL_get_fd(con),&writefds))
 #else
 		if (write_ssl)
 #endif
 			{
 			k=SSL_write(con,&(cbuf[cbuf_off]),
 				(unsigned int)cbuf_len);
 			switch (SSL_get_error(con,k))
 				{
 			case SSL_ERROR_NONE:
 				cbuf_off+=k;
 				cbuf_len-=k;
 				if (k <= 0) goto end;
 				/* we have done a  write(con,NULL,0); */
 				if (cbuf_len <= 0)
 					{
 					read_tty=1;
 					write_ssl=0;
 					}
 				else /* if (cbuf_len > 0) */
 					{
 					read_tty=0;
 					write_ssl=1;
 					}
 				break;
 			case SSL_ERROR_WANT_WRITE:
 #ifndef WINDOWS
 				BIO_printf(bio_c_out,"write W BLOCK\n");
 #endif
 				write_ssl=1;
 				read_tty=0;
 				break;
 			case SSL_ERROR_WANT_READ:
 #ifndef WINDOWS
 				BIO_printf(bio_c_out,"write R BLOCK\n");
 #endif
 				write_tty=0;
 				read_ssl=1;
 				write_ssl=0;
 				break;
 			case SSL_ERROR_WANT_X509_LOOKUP:
 				BIO_printf(bio_c_out,"write X BLOCK\n");
 				break;
 			case SSL_ERROR_ZERO_RETURN:
 				if (cbuf_len != 0)
 					{
 					BIO_printf(bio_c_out,"shutdown\n");
 					goto shut;
 					}
 				else
 					{
 					read_tty=1;
 					write_ssl=0;
 					break;
 					}
 			case SSL_ERROR_SYSCALL:
 				if ((k != 0) || (cbuf_len != 0))
 					{
 					BIO_printf(bio_err,"write:errno=%d\n",
 						get_last_socket_error());
 					goto shut;
 					}
 				else
 					{
 					read_tty=1;
 					write_ssl=0;
 					}
 				break;
 			case SSL_ERROR_SSL:
 				ERR_print_errors(bio_err);
 				goto shut;
 				}
 			}
 #ifndef WINDOWS
 		else if (FD_ISSET(fileno(stdout),&writefds))
 #else
 		else if (tty_on && write_tty)
 #endif
 			{
 			i=write(fileno(stdout),&(sbuf[sbuf_off]),sbuf_len);
 			if (i <= 0)
 				{
 				BIO_printf(bio_c_out,"DONE\n");
 				goto shut;
 				/* goto end; */
 				}
 			sbuf_len-=i;;
 			sbuf_off+=i;
 			if (sbuf_len <= 0)
 				{
 				read_ssl=1;
 				write_tty=0;
 				}
 			}
 #ifndef WINDOWS
 		else if (FD_ISSET(SSL_get_fd(con),&readfds))
 #else
 		if (read_ssl)
 #endif
 			{
 #ifdef RENEG
 { static int iiii; if (++iiii == 52) { SSL_renegotiate(con); iiii=0; } }
 #endif
 			k=SSL_read(con,sbuf,1024 /* BUFSIZZ */ );
 			switch (SSL_get_error(con,k))
 				{
 			case SSL_ERROR_NONE:
 				if (k <= 0)
 					goto end;
 				sbuf_off=0;
 				sbuf_len=k;
 				read_ssl=0;
 				write_tty=1;
 				break;
 			case SSL_ERROR_WANT_WRITE:
 #ifndef WINDOWS
 				BIO_printf(bio_c_out,"read W BLOCK\n");
 #endif
 				write_ssl=1;
 				read_tty=0;
 				break;
 			case SSL_ERROR_WANT_READ:
 #ifndef WINDOWS
 				BIO_printf(bio_c_out,"read R BLOCK\n");
 #endif
 				write_tty=0;
 				read_ssl=1;
 				if ((read_tty == 0) && (write_ssl == 0))
 					write_ssl=1;
 				break;
 			case SSL_ERROR_WANT_X509_LOOKUP:
 				BIO_printf(bio_c_out,"read X BLOCK\n");
 				break;
 			case SSL_ERROR_SYSCALL:
 				BIO_printf(bio_err,"read:errno=%d\n",get_last_socket_error());
 				goto shut;
 			case SSL_ERROR_ZERO_RETURN:
 				BIO_printf(bio_c_out,"closed\n");
 				goto shut;
 			case SSL_ERROR_SSL:
 				ERR_print_errors(bio_err);
 				goto shut;
 				break;
 				}
 			}
 #ifndef WINDOWS
 		else if (FD_ISSET(fileno(stdin),&readfds))
 			{
 			i=read(fileno(stdin),cbuf,BUFSIZZ);
 #else
 		if (tty_on && read_tty && _kbhit())
 			{
 			i = 1;
 			cbuf[0] = _getch();
 #endif
 			if ((!c_quiet) && ((i <= 0) || (cbuf[0] == 'Q')))
 				{
 				BIO_printf(bio_err,"DONE\n");
 				goto shut;
 				}
 			if ((!c_quiet) && (cbuf[0] == 'R'))
 				{
 				SSL_renegotiate(con);
 				read_tty=0;
 				write_ssl=1;
 				}
 			else
 				{
 				cbuf_len=i;
 				cbuf_off=0;
 				}
 			read_tty=0;
 			write_ssl=1;
 			}
 		}
 shut:
 	SSL_shutdown(con);
 	SHUTDOWN(SSL_get_fd(con));
 	ret=0;
 end:
 	if (con != NULL) SSL_free(con);
 	if (con2 != NULL) SSL_free(con2);
 	if (ctx != NULL) SSL_CTX_free(ctx);
 	if (cbuf != NULL) { memset(cbuf,0,BUFSIZZ); Free(cbuf); }
 	if (sbuf != NULL) { memset(sbuf,0,BUFSIZZ); Free(sbuf); }
 	if (bio_c_out != NULL)
 		{
 		BIO_free(bio_c_out);
 		bio_c_out=NULL;
 		}
 	EXIT(ret);
 	}
 static void print_stuff(bio,s,full)
 BIO *bio;
 SSL *s;
 int full;
 	{
 	X509 *peer=NULL;
 	char *p;
 	static char *space="                ";
 	char buf[BUFSIZ];
 	STACK *sk;
 	SSL_CIPHER *c;
 	X509_NAME *xn;
 	int j,i;
 	if (full)
 		{
 		sk=SSL_get_peer_cert_chain(s);
 		if (sk != NULL)
 			{
 			BIO_printf(bio,"---\nCertificate chain\n");
 			for (i=0; i<sk_num(sk); i++)
 				{
 				X509_NAME_oneline(X509_get_subject_name((X509 *)
 					sk_value(sk,i)),buf,BUFSIZ);
 				BIO_printf(bio,"%2d s:%s\n",i,buf);
 				X509_NAME_oneline(X509_get_issuer_name((X509 *)
 					sk_value(sk,i)),buf,BUFSIZ);
 				BIO_printf(bio,"   i:%s\n",buf);
 				}
 			}
 		BIO_printf(bio,"---\n");
 		peer=SSL_get_peer_certificate(s);
 		if (peer != NULL)
 			{
 			BIO_printf(bio,"Server certificate\n");
 			PEM_write_bio_X509(bio,peer);
 			X509_NAME_oneline(X509_get_subject_name(peer),
 				buf,BUFSIZ);
 			BIO_printf(bio,"subject=%s\n",buf);
 			X509_NAME_oneline(X509_get_issuer_name(peer),
 				buf,BUFSIZ);
 			BIO_printf(bio,"issuer=%s\n",buf);
 			}
 		else
 			BIO_printf(bio,"no peer certificate available\n");
 		sk=SSL_get_client_CA_list(s);
 		if ((sk != NULL) && (sk_num(sk) > 0))
 			{
 			BIO_printf(bio,"---\nAcceptable client certificate CA names\n");
 			for (i=0; i<sk_num(sk); i++)
 				{
 				xn=(X509_NAME *)sk_value(sk,i);
 				X509_NAME_oneline(xn,buf,sizeof(buf));
 				BIO_write(bio,buf,strlen(buf));
 				BIO_write(bio,"\n",1);
 				}
 			}
 		else
 			{
 			BIO_printf(bio,"---\nNo client certificate CA names sent\n");
 			}
 		p=SSL_get_shared_ciphers(s,buf,BUFSIZ);
 		if (p != NULL)
 			{
 			BIO_printf(bio,"---\nCiphers common between both SSL endpoints:\n");
 			j=i=0;
 			while (*p)
 				{
 				if (*p == ':')
 					{
 					BIO_write(bio,space,15-j%25);
 					i++;
 					j=0;
 					BIO_write(bio,((i%3)?" ":"\n"),1);
 					}
 				else
 					{
 					BIO_write(bio,p,1);
 					j++;
 					}
 				p++;
 				}
 			BIO_write(bio,"\n",1);
 			}
 		BIO_printf(bio,"---\nSSL handshake has read %ld bytes and written %ld bytes\n",
 			BIO_number_read(SSL_get_rbio(s)),
 			BIO_number_written(SSL_get_wbio(s)));
 		}
 	BIO_printf(bio,((s->hit)?"---\nReused, ":"---\nNew, "));
 	c=SSL_get_current_cipher(s);
 	BIO_printf(bio,"%s, Cipher is %s\n",
 		SSL_CIPHER_get_version(c),
 		SSL_CIPHER_get_name(c));
 	if (peer != NULL)
 	{
 		EVP_PKEY *pktmp;
 		BIO_printf(bio,"Server public key is %d bit\n",
 							EVP_PKEY_bits(pktmp));
 		EVP_PKEY_free(pktmp);
 	}
 	SSL_SESSION_print(bio,SSL_get_session(s));
 	BIO_printf(bio,"---\n");
 	if (peer != NULL)
 		X509_free(peer);
 	}
--- a/apps/server.pem
+++ b/apps/server.pem
@@ -1,369 +0,0 @@
 issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
 subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Server test cert (512 bit)
 -----BEGIN CERTIFICATE-----
 MIIB6TCCAVICAQQwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCQVUxEzARBgNV
 BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYD
 VQQDExJUZXN0IENBICgxMDI0IGJpdCkwHhcNOTgwNjI5MjM1MjQwWhcNMDAwNjI4
 MjM1MjQwWjBjMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEaMBgG
 A1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxIzAhBgNVBAMTGlNlcnZlciB0ZXN0IGNl
 cnQgKDUxMiBiaXQpMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJ+zw4Qnlf8SMVIP
 Fe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVDTGiXav6ooKXfX3j/7tdkuD8Ey2//
 Kv7+ue0CAwEAATANBgkqhkiG9w0BAQQFAAOBgQCVvvfkGSe2GHgDFfmOua4Isjb9
 JVhImWMASiOClkZlMESDJjsszg/6+d/W+8TrbObhazpl95FivXBVucbj9dudh7AO
 IZu1h1MAPlyknc9Ud816vz3FejB4qqUoaXjnlkrIgEbr/un7jSS86WOe0hRhwHkJ
 FUGcPZf9ND22Etc+AQ==
 -----END CERTIFICATE-----
 -----BEGIN RSA PRIVATE KEY-----
 MIIBPAIBAAJBAJ+zw4Qnlf8SMVIPFe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVD
 TGiXav6ooKXfX3j/7tdkuD8Ey2//Kv7+ue0CAwEAAQJAN6W31vDEP2DjdqhzCDDu
 OA4NACqoiFqyblo7yc2tM4h4xMbC3Yx5UKMN9ZkCtX0gzrz6DyF47bdKcWBzNWCj
 gQIhANEoojVt7hq+SQ6MCN6FTAysGgQf56Q3TYoJMoWvdiXVAiEAw3e3rc+VJpOz
 rHuDo6bgpjUAAXM+v3fcpsfZSNO6V7kCIQCtbVjanpUwvZkMI9by02oUk9taki3b
 PzPfAfNPYAbCJQIhAJXNQDWyqwn/lGmR11cqY2y9nZ1+5w3yHGatLrcDnQHxAiEA
 vnlEGo8K85u+KwIOimM48ZG8oTk7iFdkqLJR1utT3aU=
 -----END RSA PRIVATE KEY-----
 subject=/C=US/O=AT&T Bell Laboratories/OU=Prototype Research CA
 issuer= /C=US/O=AT&T Bell Laboratories/OU=Prototype Research CA
 notBefore=950413210656Z
 notAfter =970412210656Z
 -----BEGIN X509 CERTIFICATE-----
 MIICCDCCAXECAQAwDQYJKoZIhvcNAQEEBQAwTjELMAkGA1UEBhMCVVMxHzAdBgNV
 BAoUFkFUJlQgQmVsbCBMYWJvcmF0b3JpZXMxHjAcBgNVBAsUFVByb3RvdHlwZSBS
 ZXNlYXJjaCBDQTAeFw05NTA0MTMyMTA2NTZaFw05NzA0MTIyMTA2NTZaME4xCzAJ
 BgNVBAYTAlVTMR8wHQYDVQQKFBZBVCZUIEJlbGwgTGFib3JhdG9yaWVzMR4wHAYD
 VQQLFBVQcm90b3R5cGUgUmVzZWFyY2ggQ0EwgZwwDQYJKoZIhvcNAQEBBQADgYoA
 MIGGAoGAebOmgtSCl+wCYZc86UGYeTLY8cjmW2P0FN8ToT/u2pECCoFdrlycX0OR
 3wt0ZhpFXLVNeDnHwEE9veNUih7pCL2ZBFqoIoQkB1lZmXRiVtjGonz8BLm/qrFM
 YHb0lme/Ol+s118mwKVxnn6bSAeI/OXKhLaVdYZWk+aEaxEDkVkCAQ8wDQYJKoZI
 hvcNAQEEBQADgYEAAZMG14lZmZ8bahkaHaTV9dQf4p2FZiQTFwHP9ZyGsXPC+LT5
 dG5iTaRmyjNIJdPWohZDl97kAci79aBndvuEvRKOjLHs3WRGBIwERnAcnY9Mz8u/
 zIHK23PjYVxGGaZd669OJwD0CYyqH22HH9nFUGaoJdsv39ChW0NRdLE9+y8=
 -----END X509 CERTIFICATE-----
 issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit)
 subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
 -----BEGIN CERTIFICATE-----
 MIICJjCCAY8CAQAwDQYJKoZIhvcNAQEEBQAwXDELMAkGA1UEBhMCQVUxEzARBgNV
 BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYD
 VQQDExNUZXN0IFBDQSAoMTAyNCBiaXQpMB4XDTk3MDYwOTEzNTc0M1oXDTAxMDYw
 OTEzNTc0M1owWzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxGjAY
 BgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYDVQQDExJUZXN0IENBICgxMDI0
 IGJpdCkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKO7o8t116VP6cgybTsZ
 DCZhr95nYlZuya3aCi1IKoztqwWnjbmDFIriOqGFPrZQ+moMETC9D59iRW/dFXSv
 1F65ka/XY2hLh9exCCo7XuUcDs53Qp3bI3AmMqHjgzE8oO3ajyJAzJkTTOUecQU2
 mw/gI4tMM0LqWMQS7luTy4+xAgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAM7achv3v
 hLQJcv/65eGEpBXM40ZDVoFQFFJWaY5p883HTqLB1x4FdzsXHH0QKBTcKpWwqyu4
 YDm3fb8oDugw72bCzfyZK/zVZPR/hVlqI/fvU109Qoc+7oPvIXWky71HfcK6ZBCA
 q30KIqGM/uoM60INq97qjDmCJapagcNBGQs=
 -----END CERTIFICATE-----
 -----BEGIN RSA PRIVATE KEY-----
 MIICXQIBAAKBgQCju6PLddelT+nIMm07GQwmYa/eZ2JWbsmt2gotSCqM7asFp425
 gxSK4jqhhT62UPpqDBEwvQ+fYkVv3RV0r9ReuZGv12NoS4fXsQgqO17lHA7Od0Kd
 2yNwJjKh44MxPKDt2o8iQMyZE0zlHnEFNpsP4COLTDNC6ljEEu5bk8uPsQIDAQAB
 AoGAVZmpFZsDZfr0l2S9tLLwpjRWNOlKATQkno6q2WesT0eGLQufTciY+c8ypfU6
 hyio8r5iUl/VhhdjhAtKx1mRpiotftHo/eYf8rtsrnprOnWG0bWjLjtIoMbcxGn2
 J3bN6LJmbJMjDs0eJ3KnTu646F3nDUw2oGAwmpzKXA1KAP0CQQDRvQhxk2D3Pehs
 HvG665u2pB5ipYQngEFlZO7RHJZzJOZEWSLuuMqaF/7pTfA5jiBvWqCgJeCRRInL
 21ru4dlPAkEAx9jj7BgKn5TYnMoBSSe0afjsV9oApVpN1Nacb1YDtCwy+scp3++s
 nFxlv98wxIlSdpwMUn+AUWfjiWR7Tu/G/wJBAJ/KjwZIrFVxewP0x2ILYsTRYLzz
 MS4PDsO7FB+I0i7DbBOifXS2oNSpd3I0CNMwrxFnUHzynpbOStVfN3ZL5w0CQQCa
 pwFahxBRhkJKsxhjoFJBX9yl75JoY4Wvm5Tbo9ih6UJaRx3kqfkN14L2BKYcsZgb
 KY9vmDOYy6iNfjDeWTfJAkBkfPUb8oTJ/nSP5zN6sqGxSY4krc4xLxpRmxoJ8HL2
 XfhqXkTzbU13RX9JJ/NZ8vQN9Vm2NhxRGJocQkmcdVtJ
 -----END RSA PRIVATE KEY-----
 -----BEGIN X509 CERTIFICATE-----
 MIICYDCCAiACAgEoMAkGBSsOAwINBQAwfDELMAkGA1UEBhMCVVMxNjA0BgNVBAoT
 LU5hdGlvbmFsIEFlcm9uYXV0aWNzIGFuZCBTcGFjZSBBZG1pbmlzdHJhdGlvbjEZ
 MBcGA1UECxMQVGVzdCBFbnZpcm9ubWVudDEaMBgGA1UECxMRRFNTLU5BU0EtUGls
 b3QtQ0EwHhcNOTYwMjI2MTYzMjQ1WhcNOTcwMjI1MTYzMjQ1WjB8MQswCQYDVQQG
 EwJVUzE2MDQGA1UEChMtTmF0aW9uYWwgQWVyb25hdXRpY3MgYW5kIFNwYWNlIEFk
 bWluaXN0cmF0aW9uMRkwFwYDVQQLExBUZXN0IEVudmlyb25tZW50MRowGAYDVQQL
 ExFEU1MtTkFTQS1QaWxvdC1DQTCB8jAJBgUrDgMCDAUAA4HkADCB4AJBAMA/ssKb
 hPNUG7ZlASfVwEJU21O5OyF/iyBzgHI1O8eOhJGUYO8cc8wDMjR508Mr9cp6Uhl/
 ZB7FV5GkLNEnRHYCQQDUEaSg45P2qrDwixTRhFhmWz5Nvc4lRFQ/42XPcchiJBLb
 bn3QK74T2IxY1yY+kCNq8XrIqf5fJJzIH0J/xUP3AhUAsg2wsQHfDGYk/BOSulX3
 fVd0geUCQQCzCFUQAh+ZkEmp5804cs6ZWBhrUAfnra8lJItYo9xPcXgdIfLfibcX
 R71UsyO77MRD7B0+Ag2tq794IleCVcEEMAkGBSsOAwINBQADLwAwLAIUUayDfreR
 Yh2WeU86/pHNdkUC1IgCFEfxe1f0oMpxJyrJ5XIxTi7vGdoK
 -----END X509 CERTIFICATE-----
 -----BEGIN X509 CERTIFICATE-----
 MIICGTCCAdgCAwCqTDAJBgUrDgMCDQUAMHwxCzAJBgNVBAYTAlVTMTYwNAYDVQQK
 Ey1OYXRpb25hbCBBZXJvbmF1dGljcyBhbmQgU3BhY2UgQWRtaW5pc3RyYXRpb24x
 GTAXBgNVBAsTEFRlc3QgRW52aXJvbm1lbnQxGjAYBgNVBAsTEURTUy1OQVNBLVBp
 bG90LUNBMB4XDTk2MDUxNDE3MDE0MVoXDTk3MDUxNDE3MDE0MVowMzELMAkGA1UE
 BhMCQVUxDzANBgNVBAoTBk1pbmNvbTETMBEGA1UEAxMKRXJpYyBZb3VuZzCB8jAJ
 BgUrDgMCDAUAA4HkADCB4AJBAKbfHz6vE6pXXMTpswtGUec2tvnfLJUsoxE9qs4+
 ObZX7LmLvragNPUeiTJx7UOWZ5DfBj6bXLc8eYne0lP1g3ACQQDUEaSg45P2qrDw
 ixTRhFhmWz5Nvc4lRFQ/42XPcchiJBLbbn3QK74T2IxY1yY+kCNq8XrIqf5fJJzI
 H0J/xUP3AhUAsg2wsQHfDGYk/BOSulX3fVd0geUCQQCzCFUQAh+ZkEmp5804cs6Z
 WBhrUAfnra8lJItYo9xPcXgdIfLfibcXR71UsyO77MRD7B0+Ag2tq794IleCVcEE
 MAkGBSsOAwINBQADMAAwLQIUWsuuJRE3VT4ueWkWMAJMJaZjj1ECFQCYY0zX4bzM
 LC7obsrHD8XAHG+ZRG==
 -----END X509 CERTIFICATE-----
 -----BEGIN CERTIFICATE-----
 MIICTTCCAbagAwIBAgIBADANBgkqhkiG9w0BAQQFADBMMQswCQYDVQQGEwJHQjEM
 MAoGA1UEChMDVUNMMRgwFgYDVQQLEw9JQ0UtVEVMIFByb2plY3QxFTATBgNVBAMT
 DFRydXN0RmFjdG9yeTAeFw05NzA0MjIxNDM5MTRaFw05ODA0MjIxNDM5MTRaMEwx
 CzAJBgNVBAYTAkdCMQwwCgYDVQQKEwNVQ0wxGDAWBgNVBAsTD0lDRS1URUwgUHJv
 amVjdDEVMBMGA1UEAxMMVHJ1c3RGYWN0b3J5MIGcMAoGBFUIAQECAgQAA4GNADCB
 iQKBgQCEieR8NcXkUW1f0G6aC6u0i8q/98JqS6RxK5YmHIGKCkuTWAUjzLfUa4dt
 U9igGCjTuxaDqlzEim+t/02pmiBZT9HaX++35MjQPUWmsChcYU5WyzGErXi+rQaw
 zlwS73zM8qiPj/97lXYycWhgL0VaiDSPxRXEUdWoaGruom4mNQIDAQABo0IwQDAd
 BgNVHQ4EFgQUHal1LZr7oVg5z6lYzrhTgZRCmcUwDgYDVR0PAQH/BAQDAgH2MA8G
 A1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAfaggfl6FZoioecjv0dq8
 /DXo/u11iMZvXn08gjX/zl2b4wtPbShOSY5FhkSm8GeySasz+/Nwb/uzfnIhokWi
 lfPZHtlCWtXbIy/TN51eJyq04ceDCQDWvLC2enVg9KB+GJ34b5c5VaPRzq8MBxsA
 S7ELuYGtmYgYm9NZOIr7yU0=
 -----END CERTIFICATE-----
 -----BEGIN CERTIFICATE-----
 MIIB6jCCAZQCAgEtMA0GCSqGSIb3DQEBBAUAMIGAMQswCQYDVQQGEwJVUzE2MDQG
 A1UEChMtTmF0aW9uYWwgQWVyb25hdXRpY3MgYW5kIFNwYWNlIEFkbWluaXN0cmF0
 aW9uMRkwFwYDVQQLExBUZXN0IEVudmlyb25tZW50MR4wHAYDVQQLExVNRDUtUlNB
 LU5BU0EtUGlsb3QtQ0EwHhcNOTYwNDMwMjIwNTAwWhcNOTcwNDMwMjIwNTAwWjCB
 gDELMAkGA1UEBhMCVVMxNjA0BgNVBAoTLU5hdGlvbmFsIEFlcm9uYXV0aWNzIGFu
 ZCBTcGFjZSBBZG1pbmlzdHJhdGlvbjEZMBcGA1UECxMQVGVzdCBFbnZpcm9ubWVu
 dDEeMBwGA1UECxMVTUQ1LVJTQS1OQVNBLVBpbG90LUNBMFkwCgYEVQgBAQICAgAD
 SwAwSAJBALmmX5+GqAvcrWK13rfDrNX9UfeA7f+ijyBgeFQjYUoDpFqapw4nzQBL
 bAXug8pKkRwa2Zh8YODhXsRWu2F/UckCAwEAATANBgkqhkiG9w0BAQQFAANBAH9a
 OBA+QCsjxXgnSqHx04gcU8S49DVUb1f2XVoLnHlIb8RnX0k5O6mpHT5eti9bLkiW
 GJNMJ4L0AJ/ac+SmHZc=
 -----END CERTIFICATE-----
 -----BEGIN CERTIFICATE-----
 MIICajCCAdMCBDGA0QUwDQYJKoZIhvcNAQEEBQAwfTELMAkGA1UEBhMCQ2ExDzAN
 BgNVBAcTBk5lcGVhbjEeMBwGA1UECxMVTm8gTGlhYmlsaXR5IEFjY2VwdGVkMR8w
 HQYDVQQKExZGb3IgRGVtbyBQdXJwb3NlcyBPbmx5MRwwGgYDVQQDExNFbnRydXN0
 IERlbW8gV2ViIENBMB4XDTk2MDQyNjEzMzUwMVoXDTA2MDQyNjEzMzUwMVowfTEL
 MAkGA1UEBhMCQ2ExDzANBgNVBAcTBk5lcGVhbjEeMBwGA1UECxMVTm8gTGlhYmls
 aXR5IEFjY2VwdGVkMR8wHQYDVQQKExZGb3IgRGVtbyBQdXJwb3NlcyBPbmx5MRww
 GgYDVQQDExNFbnRydXN0IERlbW8gV2ViIENBMIGdMA0GCSqGSIb3DQEBAQUAA4GL
 ADCBhwKBgQCaroS7O1DA0hm4IefNYU1cx/nqOmzEnk291d1XqznDeF4wEgakbkCc
 zTKxK791yNpXG5RmngqH7cygDRTHZJ6mfCRn0wGC+AI00F2vYTGqPGRQL1N3lZT0
 YDKFC0SQeMMjFIZ1aeQigroFQnHo0VB3zWIMpNkka8PY9lxHZAmWwQIBAzANBgkq
 hkiG9w0BAQQFAAOBgQBAx0UMVA1s54lMQyXjMX5kj99FJN5itb8bK1Rk+cegPQPF
 cWO9SEWyEjjBjIkjjzAwBkaEszFsNGxemxtXvwjIm1xEUMTVlPEWTs2qnDvAUA9W
 YqhWbhH0toGT36236QAsqCZ76rbTRVSSX2BHyJwJMG2tCRv7kRJ//NIgxj3H4w==
 -----END CERTIFICATE-----
 issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit)
 subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit)
 -----BEGIN CERTIFICATE-----
 MIICJzCCAZACAQAwDQYJKoZIhvcNAQEEBQAwXDELMAkGA1UEBhMCQVUxEzARBgNV
 BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYD
 VQQDExNUZXN0IFBDQSAoMTAyNCBiaXQpMB4XDTk3MDYwOTEzNTczN1oXDTAxMDYw
 OTEzNTczN1owXDELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxGjAY
 BgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYDVQQDExNUZXN0IFBDQSAoMTAy
 NCBiaXQpMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCdoWk/3+WcMlfjIrkg
 40ketmnQaEogQe1LLcuOJV6rKfUSAsPgwgsabJ/wn8TxA1yy3eKJbFl3OiUXMRsp
 22Jp85PmemiDzyUIStwk72qhp1imbANZvlmlCFKiQrjUyuDfu4TABmn+kkt3vR1Y
 BEOGt+IFye1UBVSATVdRJ2UVhwIDAQABMA0GCSqGSIb3DQEBBAUAA4GBABNA1u/S
 Cg/LJZWb7GliiKJsvuhxlE4E5JxQF2zMub/CSNbF97//tYSyj96sxeFQxZXbcjm9
 xt6mr/xNLA4szNQMJ4P+L7b5e/jC5DSqlwS+CUYJgaFs/SP+qJoCSu1bR3IM9XWO
 cRBpDmcBbYLkSyB92WURvsZ1LtjEcn+cdQVI
 -----END CERTIFICATE-----
 -----BEGIN RSA PRIVATE KEY-----
 MIICXAIBAAKBgQCdoWk/3+WcMlfjIrkg40ketmnQaEogQe1LLcuOJV6rKfUSAsPg
 wgsabJ/wn8TxA1yy3eKJbFl3OiUXMRsp22Jp85PmemiDzyUIStwk72qhp1imbANZ
 vlmlCFKiQrjUyuDfu4TABmn+kkt3vR1YBEOGt+IFye1UBVSATVdRJ2UVhwIDAQAB
 AoGAba4fTtuap5l7/8ZsbE7Z1O32KJY4ZcOZukLOLUUhXxXduT+FTgGWujc0/rgc
 z9qYCLlNZHOouMYTgtSfYvuMuLZ11VIt0GYH+nRioLShE59Yy+zCRyC+gPigS1kz
 xvo14AsOIPYV14Tk/SsHyq6E0eTk7VzaIE197giiINUERPECQQDSKmtPTh/lRKw7
 HSZSM0I1mFWn/1zqrAbontRQY5w98QWIOe5qmzYyFbPXYT3d9BzlsMyhgiRNoBbD
 yvohSHXJAkEAwAHx6ezAZeWWzD5yXD36nyjpkVCw7Tk7TSmOceLJMWt1QcrCfqlS
 xA5jjpQ6Z8suU5DdtWAryM2sAir1WisYzwJAd6Zcx56jvAQ3xcPXsE6scBTVFzrj
 7FqZ6E+cclPzfLQ+QQsyOBE7bpI6e/FJppY26XGZXo3YGzV8IGXrt40oOQJALETG
 h86EFXo3qGOFbmsDy4pdP5nBERCu8X1xUCSfintiD4c2DInxgS5oGclnJeMcjTvL
 QjQoJCX3UJCi/OUO1QJBAKgcDHWjMvt+l1pjJBsSEZ0HX9AAIIVx0RQmbFGS+F2Q
 hhu5l77WnnZOQ9vvhV5u7NPCUF9nhU3jh60qWWO8mkc=
 -----END RSA PRIVATE KEY-----
 subject=/C=US/O=RSA Data Security, Inc./OU=Commercial Certification Authority
 issuer= /C=US/O=RSA Data Security, Inc./OU=Commercial Certification Authority
 notBefore=941104185834Z
 notAfter =991103185834Z
 -----BEGIN X509 CERTIFICATE-----
 MIICIzCCAZACBQJBAAAWMA0GCSqGSIb3DQEBAgUAMFwxCzAJBgNVBAYTAlVTMSAw
 HgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjErMCkGA1UECxMiQ29tbWVy
 Y2lhbCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NDExMDQxODU4MzRaFw05
 OTExMDMxODU4MzRaMFwxCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdSU0EgRGF0YSBT
 ZWN1cml0eSwgSW5jLjErMCkGA1UECxMiQ29tbWVyY2lhbCBDZXJ0aWZpY2F0aW9u
 IEF1dGhvcml0eTCBmzANBgkqhkiG9w0BAQEFAAOBiQAwgYUCfgCk+4Fie84QJ93o
 975sbsZwmdu41QUDaSiCnHJ/lj+O7Kwpkj+KFPhCdr69XQO5kNTQvAayUTNfxMK/
 touPmbZiImDd298ggrTKoi8tUO2UMt7gVY3UaOLgTNLNBRYulWZcYVI4HlGogqHE
 7yXpCuaLK44xZtn42f29O2nZ6wIDAQABMA0GCSqGSIb3DQEBAgUAA34AdrW2EP4j
 9/dZYkuwX5zBaLxJu7NJbyFHXSudVMQAKD+YufKKg5tgf+tQx6sFEC097TgCwaVI
 0v5loMC86qYjFmZsGySp8+x5NRhPJsjjr1BKx6cxa9B8GJ1Qv6km+iYrRpwUqbtb
 MJhCKLVLU7tDCZJAuqiqWqTGtotXTcU=
 -----END X509 CERTIFICATE-----
 subject=/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
 issuer= /C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
 notBefore=941109235417Z
 notAfter =991231235417Z
 -----BEGIN X509 CERTIFICATE-----
 MIICKTCCAZYCBQJBAAABMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMSAw
 HgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjEuMCwGA1UECxMlU2VjdXJl
 IFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NDExMDkyMzU0MTda
 Fw05OTEyMzEyMzU0MTdaMF8xCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdSU0EgRGF0
 YSBTZWN1cml0eSwgSW5jLjEuMCwGA1UECxMlU2VjdXJlIFNlcnZlciBDZXJ0aWZp
 Y2F0aW9uIEF1dGhvcml0eTCBmzANBgkqhkiG9w0BAQEFAAOBiQAwgYUCfgCSznrB
 roM+WqqJg1esJQF2DK2ujiw3zus1eGRUA+WEQFHJv48I4oqCCNIWhjdV6bEhAq12
 aIGaBaJLyUslZiJWbIgHj/eBWW2EB2VwE3F2Ppt3TONQiVaYSLkdpykaEy5KEVmc
 HhXVSVQsczppgrGXOZxtcGdI5d0t1sgeewIDAQABMA0GCSqGSIb3DQEBAgUAA34A
 iNHReSHO4ovo+MF9NFM/YYPZtgs4F7boviGNjwC4i1N+RGceIr2XJ+CchcxK9oU7
 suK+ktPlDemvXA4MRpX/oRxePug2WHpzpgr4IhFrwwk4fia7c+8AvQKk8xQNMD9h
 cHsg/jKjn7P0Z1LctO6EjJY2IN6BCINxIYoPnqk=
 -----END X509 CERTIFICATE-----
 subject=/C=ZA/SP=Western Cape/L=Cape Town/O=Thawte Consulting cc
 	/OU=Certification Services Division/CN=Thawte Server CA
 	/Email=server-certs@thawte.com
 issuer= /C=ZA/SP=Western Cape/L=Cape Town/O=Thawte Consulting cc
 	/OU=Certification Services Division/CN=Thawte Server CA
 	/Email=server-certs@thawte.com
 -----BEGIN CERTIFICATE-----
 MIIC+TCCAmICAQAwDQYJKoZIhvcNAQEEBQAwgcQxCzAJBgNVBAYTAlpBMRUwEwYD
 VQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsGA1UEChMU
 VGhhd3RlIENvbnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2Vy
 dmljZXMgRGl2aXNpb24xGTAXBgNVBAMTEFRoYXd0ZSBTZXJ2ZXIgQ0ExJjAkBgkq
 hkiG9w0BCQEWF3NlcnZlci1jZXJ0c0B0aGF3dGUuY29tMB4XDTk2MDcyNzE4MDc1
 N1oXDTk4MDcyNzE4MDc1N1owgcQxCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0
 ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsGA1UEChMUVGhhd3RlIENv
 bnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2VydmljZXMgRGl2
 aXNpb24xGTAXBgNVBAMTEFRoYXd0ZSBTZXJ2ZXIgQ0ExJjAkBgkqhkiG9w0BCQEW
 F3NlcnZlci1jZXJ0c0B0aGF3dGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
 iQKBgQDTpFBuyP9Wa+bPXbbqDGh1R6KqwtqEJfyo9EdR2oW1IHSUhh4PdcnpCGH1
 Bm0wbhUZAulSwGLbTZme4moMRDjN/r7jZAlwxf6xaym2L0nIO9QnBCUQly/nkG3A
 KEKZ10xD3sP1IW1Un13DWOHA5NlbsLjctHvfNjrCtWYiEtaHDQIDAQABMA0GCSqG
 SIb3DQEBBAUAA4GBAIsvn7ifX3RUIrvYXtpI4DOfARkTogwm6o7OwVdl93yFhDcX
 7h5t0XZ11MUAMziKdde3rmTvzUYIUCYoY5b032IwGMTvdiclK+STN6NP2m5nvFAM
 qJT5gC5O+j/jBuZRQ4i0AMYQr5F4lT8oBJnhgafw6PL8aDY2vMHGSPl9+7uf
 -----END CERTIFICATE-----
 -----BEGIN CERTIFICATE-----
 MIIDDTCCAnYCAQAwDQYJKoZIhvcNAQEEBQAwgc4xCzAJBgNVBAYTAlpBMRUwEwYD
 VQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsGA1UEChMU
 VGhhd3RlIENvbnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2Vy
 dmljZXMgRGl2aXNpb24xITAfBgNVBAMTGFRoYXd0ZSBQcmVtaXVtIFNlcnZlciBD
 QTEoMCYGCSqGSIb3DQEJARYZcHJlbWl1bS1zZXJ2ZXJAdGhhd3RlLmNvbTAeFw05
 NjA3MjcxODA3MTRaFw05ODA3MjcxODA3MTRaMIHOMQswCQYDVQQGEwJaQTEVMBMG
 A1UECBMMV2VzdGVybiBDYXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xHTAbBgNVBAoT
 FFRoYXd0ZSBDb25zdWx0aW5nIGNjMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNl
 cnZpY2VzIERpdmlzaW9uMSEwHwYDVQQDExhUaGF3dGUgUHJlbWl1bSBTZXJ2ZXIg
 Q0ExKDAmBgkqhkiG9w0BCQEWGXByZW1pdW0tc2VydmVyQHRoYXd0ZS5jb20wgZ8w
 DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANI2NmqL18JbntqBQWKPOO5JBFXW0O8c
 G5UWR+8YSDU6UvQragaPOy/qVuOvho2eF/eetGV1Ak3vywmiIVHYm9Bn0LoNkgYU
 c9STy5cqAJxcTgy8+hVS/PJEbtoRSm4Iny8t4/mqOoZztkZTWMiJBb2DEbhzP6oH
 jfRCTedAnRw3AgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAutFIgTRZVYerIZfL9lvR
 w9Eifvvo5KTZ3h+Bj+VzNnyw4Qc/IyXkPOu6SIiH9LQ3sCmWBdxpe+qr4l77rLj2
 GYuMtESFfn1XVALzkYgC7JcPuTOjMfIiMByt+uFf8AV8x0IW/Qkuv+hEQcyM9vxK
 3VZdLbCVIhNoEsysrxCpxcI=
 -----END CERTIFICATE-----
 Tims test GCI CA
 -----BEGIN CERTIFICATE-----
 MIIB8DCCAZoCAQAwDQYJKoZIhvcNAQEEBQAwgYIxCzAJBgNVBAYTAkFVMRMwEQYD
 VQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5
 cHRTb2Z0IFB0eSBMdGQxFDASBgNVBAsTC2RldmVsb3BtZW50MRkwFwYDVQQDExBD
 cnlwdFNvZnQgRGV2IENBMB4XDTk3MDMyMjEzMzQwNFoXDTk4MDMyMjEzMzQwNFow
 gYIxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhC
 cmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxFDASBgNVBAsTC2Rl
 dmVsb3BtZW50MRkwFwYDVQQDExBDcnlwdFNvZnQgRGV2IENBMFwwDQYJKoZIhvcN
 AQEBBQADSwAwSAJBAOAOAqogG5QwAmLhzyO4CoRnx/wVy4NZP4dxJy83O1EnL0rw
 OdsamJKvPOLHgSXo3gDu9uVyvCf/QJmZAmC5ml8CAwEAATANBgkqhkiG9w0BAQQF
 AANBADRRS/GVdd7rAqRW6SdmgLJduOU2yq3avBu99kRqbp9A/dLu6r6jU+eP4oOA
 TfdbFZtAAD2Hx9jUtY3tfdrJOb8= 
 -----END CERTIFICATE-----
 -----BEGIN CERTIFICATE-----
 MIICVjCCAgACAQAwDQYJKoZIhvcNAQEEBQAwgbUxCzAJBgNVBAYTAkFVMRMwEQYD
 VQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5
 cHRTb2Z0IFB0eSBMdGQxLDAqBgNVBAsTI1dPUlRITEVTUyBDRVJUSUZJQ0FUSU9O
 IEFVVEhPUklUSUVTMTQwMgYDVQQDEytaRVJPIFZBTFVFIENBIC0gREVNT05TVFJB
 VElPTiBQVVJQT1NFUyBPTkxZMB4XDTk3MDQwMzEzMjI1NFoXDTk4MDQwMzEzMjI1
 NFowgbUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQH
 EwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxLDAqBgNVBAsT
 I1dPUlRITEVTUyBDRVJUSUZJQ0FUSU9OIEFVVEhPUklUSUVTMTQwMgYDVQQDEyta
 RVJPIFZBTFVFIENBIC0gREVNT05TVFJBVElPTiBQVVJQT1NFUyBPTkxZMFwwDQYJ
 KoZIhvcNAQEBBQADSwAwSAJBAOZ7T7yqP/tyspcko3yPY1y0Cm2EmwNvzW4QgVXR
 Fjs3HmJ4xtSpXdo6mwcGezL3Abt/aQXaxv9PU8xt+Jr0OFUCAwEAATANBgkqhkiG
 9w0BAQQFAANBAOQpYmGgyCqCy1OljgJhCqQOu627oVlHzK1L+t9vBaMfn40AVUR4
 WzQVWO31KTgi5vTK1U+3h46fgUWqQ0h+6rU=
 -----END CERTIFICATE-----
 -----BEGIN CERTIFICATE-----
 MIAwgKADAgECAgEAMA0GCSqGSIb3DQEBBAUAMGIxETAPBgNVBAcTCEludGVybmV0
 MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNpZ24gQ2xh
 c3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjAeFw05NjA0MDgxMDIwMjda
 Fw05NzA0MDgxMDIwMjdaMGIxETAPBgNVBAcTCEludGVybmV0MRcwFQYDVQQKEw5W
 ZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNpZ24gQ2xhc3MgMSBDQSAtIElu
 ZGl2aWR1YWwgU3Vic2NyaWJlcjCAMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2
 FKbPTdAFDdjKI9BvqrQpkmOOLPhvltcunXZLEbE2jVfJw/0cxrr+Hgi6M8qV6r7j
 W80GqLd5HUQq7XPysVKDaBBwZJHXPmv5912dFEObbpdFmIFH0S3L3bty10w/cari
 QPJUObwW7s987LrbP2wqsxaxhhKdrpM01bjV0Pc+qQIDAQABAAAAADANBgkqhkiG
 9w0BAQQFAAOBgQA+1nJryNt8VBRjRr07ArDAV/3jAH7GjDc9jsrxZS68ost9v06C
 TvTNKGL+LISNmFLXl+JXhgGB0JZ9fvyYzNgHQ46HBUng1H6voalfJgS2KdEo50wW
 8EFZYMDkT1k4uynwJqkVN2QJK/2q4/A/VCov5h6SlM8Affg2W+1TLqvqkwAA
 -----END CERTIFICATE-----
 subject=/L=Internet/O=VeriSign, Inc./OU=VeriSign Class 2 CA - Individual Subscriber
 issuer= /L=Internet/O=VeriSign, Inc./OU=VeriSign Class 2 CA - Individual Subscriber
 -----BEGIN CERTIFICATE-----
 MIIEkzCCA/ygAwIBAgIRANDTUpSRL3nTFeMrMayFSPAwDQYJKoZIhvcNAQECBQAw
 YjERMA8GA1UEBxMISW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQw
 MgYDVQQLEytWZXJpU2lnbiBDbGFzcyAyIENBIC0gSW5kaXZpZHVhbCBTdWJzY3Jp
 YmVyMB4XDTk2MDYwNDAwMDAwMFoXDTk4MDYwNDIzNTk1OVowYjERMA8GA1UEBxMI
 SW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytWZXJp
 U2lnbiBDbGFzcyAyIENBIC0gSW5kaXZpZHVhbCBTdWJzY3JpYmVyMIGfMA0GCSqG
 SIb3DQEBAQUAA4GNADCBiQKBgQC6A+2czKGRcYMfm8gdnk+0de99TDDzsqo0v5nb
 RsbUmMcdRQ7nsMbRWe0SAb/9QoLTZ/cJ0iOBqdrkz7UpqqKarVoTSdlSMVM92tWp
 3bJncZHQD1t4xd6lQVdI1/T6R+5J0T1ukOdsI9Jmf+F28S6g3R3L1SFwiHKeZKZv
 z+793wIDAQABo4ICRzCCAkMwggIpBgNVHQMBAf8EggIdMIICGTCCAhUwggIRBgtg
 hkgBhvhFAQcBATCCAgAWggGrVGhpcyBjZXJ0aWZpY2F0ZSBpbmNvcnBvcmF0ZXMg
 YnkgcmVmZXJlbmNlLCBhbmQgaXRzIHVzZSBpcyBzdHJpY3RseSBzdWJqZWN0IHRv
 LCB0aGUgVmVyaVNpZ24gQ2VydGlmaWNhdGlvbiBQcmFjdGljZSBTdGF0ZW1lbnQg
 KENQUyksIGF2YWlsYWJsZSBhdDogaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL0NQ
 Uy0xLjA7IGJ5IEUtbWFpbCBhdCBDUFMtcmVxdWVzdHNAdmVyaXNpZ24uY29tOyBv
 ciBieSBtYWlsIGF0IFZlcmlTaWduLCBJbmMuLCAyNTkzIENvYXN0IEF2ZS4sIE1v
 dW50YWluIFZpZXcsIENBIDk0MDQzIFVTQSBUZWwuICsxICg0MTUpIDk2MS04ODMw
 IENvcHlyaWdodCAoYykgMTk5NiBWZXJpU2lnbiwgSW5jLiAgQWxsIFJpZ2h0cyBS
 ZXNlcnZlZC4gQ0VSVEFJTiBXQVJSQU5USUVTIERJU0NMQUlNRUQgYW5kIExJQUJJ
 TElUWSBMSU1JVEVELqAOBgxghkgBhvhFAQcBAQGhDgYMYIZIAYb4RQEHAQECMC8w
 LRYraHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkvQ1BTLTEuMDAU
 BglghkgBhvhCAQEBAf8EBAMCAgQwDQYJKoZIhvcNAQECBQADgYEApRJRkNBqLLgs
 53IR/d18ODdLOWMTZ+QOOxBrq460iBEdUwgF8vmPRX1ku7UiDeNzaLlurE6eFqHq
 2zPyK5j60zfTLVJMWKcQWwTJLjHtXrW8pxhNtFc6Fdvy5ZkHnC/9NIl7/t4U6WqB
 p4y+p7SdMIkEwIZfds0VbnQyX5MRUJY=
 -----END CERTIFICATE-----
 subject=/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
 issuer= /C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
 -----BEGIN CERTIFICATE-----
 MIICMTCCAZoCBQKhAAABMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMRcw
 FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMg
 UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NjAxMjkwMDAwMDBa
 Fw05OTEyMzEyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2ln
 biwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZp
 Y2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAyVxZ
 nvIbigEUtBDfBEDb41evakVAj4QMC9Ez2dkRz+4CWB8l9yqoRAWq7AMfeH+ek7ma
 AKojfdashaJjRcdyJ8z0TMZ1cdI5709C8HXfCpDGjiBvmA/4rCNfcCk2pMmG57Ga
 IMtTpYXnPb59mv4kRTPcdhXtD6JxZExlLoFoRacCAwEAATANBgkqhkiG9w0BAQIF
 AAOBgQB1Zmw+0c2B27X4LzZRtvdCvM1Cr9wO+hVs+GeTVzrrtpLotgHKjLeOQ7RJ
 Zfk+7r11Ri7J/CVdqMcvi5uPaM+0nJcYwE3vH9mvgrPmZLiEXIqaB1JDYft0nls6
 NvxMsvwaPxUupVs8G5DsiCnkWRb5zget7Ond2tIxik/W2O8XjQ==
 -----END CERTIFICATE-----
 subject=/C=US/O=VeriSign, Inc./OU=Class 4 Public Primary Certification Authority
 issuer= /C=US/O=VeriSign, Inc./OU=Class 4 Public Primary Certification Authority
 -----BEGIN CERTIFICATE-----
 MIICMTCCAZoCBQKmAAABMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMRcw
 FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgNCBQdWJsaWMg
 UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NjAxMjkwMDAwMDBa
 Fw05OTEyMzEyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2ln
 biwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgNCBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZp
 Y2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0LJ1
 9njQrlpQ9OlQqZ+M1++RlHDo0iSQdomF1t+s5gEXMoDwnZNHvJplnR+Xrr/phnVj
 IIm9gFidBAydqMEk6QvlMXi9/C0MN2qeeIDpRnX57aP7E3vIwUzSo+/1PLBij0pd
 O92VZ48TucE81qcmm+zDO3rZTbxtm+gVAePwR6kCAwEAATANBgkqhkiG9w0BAQIF
 AAOBgQBT3dPwnCR+QKri/AAa19oM/DJhuBUNlvP6Vxt/M3yv6ZiaYch6s7f/sdyZ
 g9ysEvxwyR84Qu1E9oAuW2szaayc01znX1oYx7EteQSWQZGZQbE8DbqEOcY7l/Am
 yY7uvcxClf8exwI/VAx49byqYHwCaejcrOICdmHEPgPq0ook0Q==
 -----END CERTIFICATE-----
--- a/apps/server.srl
+++ b/apps/server.srl
@@ -1 +0,0 @@
 01
--- a/apps/server2.pem
+++ b/apps/server2.pem
@@ -1,376 +0,0 @@
 issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
 subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Server test cert (1024 bit)
 -----BEGIN CERTIFICATE-----
 MIICLjCCAZcCAQEwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCQVUxEzARBgNV
 BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYD
 VQQDExJUZXN0IENBICgxMDI0IGJpdCkwHhcNOTcwNjA5MTM1NzU0WhcNOTgwNjA5
 MTM1NzU0WjBkMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEaMBgG
 A1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxJDAiBgNVBAMTG1NlcnZlciB0ZXN0IGNl
 cnQgKDEwMjQgYml0KTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAsxH1PBPm
 RkxrR11eV4bzNi4N9n11CI8nV29+ARlT1+qDe/mjVUvXlmsr1v/vf71G9GgqopSa
 6RXrICLVdk/FYYYzhPvl1M+OrjaXDFO8BzBAF1Lnz6c7aRZvGRJNrRSr2nZEkqDf
 JW9dY7r2VZEpD5QeuaRYUnuECkqeieB65GMCAwEAATANBgkqhkiG9w0BAQQFAAOB
 gQCWsOta6C0wiVzXz8wPmJKyTrurMlgUss2iSuW9366iwofZddsNg7FXniMzkIf6
 dp7jnmWZwKZ9cXsNUS2o4OL07qOk2HOywC0YsNZQsOBu1CBTYYkIefDiKFL1zQHh
 8lwwNd4NP+OE3NzUNkCfh4DnFfg9WHkXUlD5UpxNRJ4gJA==
 -----END CERTIFICATE-----
 -----BEGIN RSA PRIVATE KEY-----
 MIICXgIBAAKBgQCzEfU8E+ZGTGtHXV5XhvM2Lg32fXUIjydXb34BGVPX6oN7+aNV
 S9eWayvW/+9/vUb0aCqilJrpFesgItV2T8VhhjOE++XUz46uNpcMU7wHMEAXUufP
 pztpFm8ZEk2tFKvadkSSoN8lb11juvZVkSkPlB65pFhSe4QKSp6J4HrkYwIDAQAB
 AoGBAKy8jvb0Lzby8q11yNLf7+78wCVdYi7ugMHcYA1JVFK8+zb1WfSm44FLQo/0
 dSChAjgz36TTexeLODPYxleJndjVcOMVzsLJjSM8dLpXsTS4FCeMbhw2s2u+xqKY
 bbPWfk+HOTyJjfnkcC5Nbg44eOmruq0gSmBeUXVM5UntlTnxAkEA7TGCA3h7kx5E
 Bl4zl2pc3gPAGt+dyfk5Po9mGJUUXhF5p2zueGmYWW74TmOWB1kzt4QRdYMzFePq
 zfDNXEa1CwJBAMFErdY0xp0UJ13WwBbUTk8rujqQdHtjw0klhpbuKkjxu2hN0wwM
 6p0D9qxF7JHaghqVRI0fAW/EE0OzdHMR9QkCQQDNR26dMFXKsoPu+vItljj/UEGf
 QG7gERiQ4yxaFBPHgdpGo0kT31eh9x9hQGDkxTe0GNG/YSgCRvm8+C3TMcKXAkBD
 dhGn36wkUFCddMSAM4NSJ1VN8/Z0y5HzCmI8dM3VwGtGMUQlxKxwOl30LEQzdS5M
 0SWojNYXiT2gOBfBwtbhAkEAhafl5QEOIgUz+XazS/IlZ8goNKdDVfYgK3mHHjvv
 nY5G+AuGebdNkXJr4KSWxDcN+C2i47zuj4QXA16MAOandA==
 -----END RSA PRIVATE KEY-----
 subject=/C=US/O=AT&T Bell Laboratories/OU=Prototype Research CA
 issuer= /C=US/O=AT&T Bell Laboratories/OU=Prototype Research CA
 notBefore=950413210656Z
 notAfter =970412210656Z
 -----BEGIN X509 CERTIFICATE-----
 MIICCDCCAXECAQAwDQYJKoZIhvcNAQEEBQAwTjELMAkGA1UEBhMCVVMxHzAdBgNV
 BAoUFkFUJlQgQmVsbCBMYWJvcmF0b3JpZXMxHjAcBgNVBAsUFVByb3RvdHlwZSBS
 ZXNlYXJjaCBDQTAeFw05NTA0MTMyMTA2NTZaFw05NzA0MTIyMTA2NTZaME4xCzAJ
 BgNVBAYTAlVTMR8wHQYDVQQKFBZBVCZUIEJlbGwgTGFib3JhdG9yaWVzMR4wHAYD
 VQQLFBVQcm90b3R5cGUgUmVzZWFyY2ggQ0EwgZwwDQYJKoZIhvcNAQEBBQADgYoA
 MIGGAoGAebOmgtSCl+wCYZc86UGYeTLY8cjmW2P0FN8ToT/u2pECCoFdrlycX0OR
 3wt0ZhpFXLVNeDnHwEE9veNUih7pCL2ZBFqoIoQkB1lZmXRiVtjGonz8BLm/qrFM
 YHb0lme/Ol+s118mwKVxnn6bSAeI/OXKhLaVdYZWk+aEaxEDkVkCAQ8wDQYJKoZI
 hvcNAQEEBQADgYEAAZMG14lZmZ8bahkaHaTV9dQf4p2FZiQTFwHP9ZyGsXPC+LT5
 dG5iTaRmyjNIJdPWohZDl97kAci79aBndvuEvRKOjLHs3WRGBIwERnAcnY9Mz8u/
 zIHK23PjYVxGGaZd669OJwD0CYyqH22HH9nFUGaoJdsv39ChW0NRdLE9+y8=
 -----END X509 CERTIFICATE-----
 issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit)
 subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
 -----BEGIN CERTIFICATE-----
 MIICJjCCAY8CAQAwDQYJKoZIhvcNAQEEBQAwXDELMAkGA1UEBhMCQVUxEzARBgNV
 BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYD
 VQQDExNUZXN0IFBDQSAoMTAyNCBiaXQpMB4XDTk3MDYwOTEzNTc0M1oXDTAxMDYw
 OTEzNTc0M1owWzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxGjAY
 BgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYDVQQDExJUZXN0IENBICgxMDI0
 IGJpdCkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKO7o8t116VP6cgybTsZ
 DCZhr95nYlZuya3aCi1IKoztqwWnjbmDFIriOqGFPrZQ+moMETC9D59iRW/dFXSv
 1F65ka/XY2hLh9exCCo7XuUcDs53Qp3bI3AmMqHjgzE8oO3ajyJAzJkTTOUecQU2
 mw/gI4tMM0LqWMQS7luTy4+xAgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAM7achv3v
 hLQJcv/65eGEpBXM40ZDVoFQFFJWaY5p883HTqLB1x4FdzsXHH0QKBTcKpWwqyu4
 YDm3fb8oDugw72bCzfyZK/zVZPR/hVlqI/fvU109Qoc+7oPvIXWky71HfcK6ZBCA
 q30KIqGM/uoM60INq97qjDmCJapagcNBGQs=
 -----END CERTIFICATE-----
 -----BEGIN RSA PRIVATE KEY-----
 MIICXQIBAAKBgQCju6PLddelT+nIMm07GQwmYa/eZ2JWbsmt2gotSCqM7asFp425
 gxSK4jqhhT62UPpqDBEwvQ+fYkVv3RV0r9ReuZGv12NoS4fXsQgqO17lHA7Od0Kd
 2yNwJjKh44MxPKDt2o8iQMyZE0zlHnEFNpsP4COLTDNC6ljEEu5bk8uPsQIDAQAB
 AoGAVZmpFZsDZfr0l2S9tLLwpjRWNOlKATQkno6q2WesT0eGLQufTciY+c8ypfU6
 hyio8r5iUl/VhhdjhAtKx1mRpiotftHo/eYf8rtsrnprOnWG0bWjLjtIoMbcxGn2
 J3bN6LJmbJMjDs0eJ3KnTu646F3nDUw2oGAwmpzKXA1KAP0CQQDRvQhxk2D3Pehs
 HvG665u2pB5ipYQngEFlZO7RHJZzJOZEWSLuuMqaF/7pTfA5jiBvWqCgJeCRRInL
 21ru4dlPAkEAx9jj7BgKn5TYnMoBSSe0afjsV9oApVpN1Nacb1YDtCwy+scp3++s
 nFxlv98wxIlSdpwMUn+AUWfjiWR7Tu/G/wJBAJ/KjwZIrFVxewP0x2ILYsTRYLzz
 MS4PDsO7FB+I0i7DbBOifXS2oNSpd3I0CNMwrxFnUHzynpbOStVfN3ZL5w0CQQCa
 pwFahxBRhkJKsxhjoFJBX9yl75JoY4Wvm5Tbo9ih6UJaRx3kqfkN14L2BKYcsZgb
 KY9vmDOYy6iNfjDeWTfJAkBkfPUb8oTJ/nSP5zN6sqGxSY4krc4xLxpRmxoJ8HL2
 XfhqXkTzbU13RX9JJ/NZ8vQN9Vm2NhxRGJocQkmcdVtJ
 -----END RSA PRIVATE KEY-----
 -----BEGIN X509 CERTIFICATE-----
 MIICYDCCAiACAgEoMAkGBSsOAwINBQAwfDELMAkGA1UEBhMCVVMxNjA0BgNVBAoT
 LU5hdGlvbmFsIEFlcm9uYXV0aWNzIGFuZCBTcGFjZSBBZG1pbmlzdHJhdGlvbjEZ
 MBcGA1UECxMQVGVzdCBFbnZpcm9ubWVudDEaMBgGA1UECxMRRFNTLU5BU0EtUGls
 b3QtQ0EwHhcNOTYwMjI2MTYzMjQ1WhcNOTcwMjI1MTYzMjQ1WjB8MQswCQYDVQQG
 EwJVUzE2MDQGA1UEChMtTmF0aW9uYWwgQWVyb25hdXRpY3MgYW5kIFNwYWNlIEFk
 bWluaXN0cmF0aW9uMRkwFwYDVQQLExBUZXN0IEVudmlyb25tZW50MRowGAYDVQQL
 ExFEU1MtTkFTQS1QaWxvdC1DQTCB8jAJBgUrDgMCDAUAA4HkADCB4AJBAMA/ssKb
 hPNUG7ZlASfVwEJU21O5OyF/iyBzgHI1O8eOhJGUYO8cc8wDMjR508Mr9cp6Uhl/
 ZB7FV5GkLNEnRHYCQQDUEaSg45P2qrDwixTRhFhmWz5Nvc4lRFQ/42XPcchiJBLb
 bn3QK74T2IxY1yY+kCNq8XrIqf5fJJzIH0J/xUP3AhUAsg2wsQHfDGYk/BOSulX3
 fVd0geUCQQCzCFUQAh+ZkEmp5804cs6ZWBhrUAfnra8lJItYo9xPcXgdIfLfibcX
 R71UsyO77MRD7B0+Ag2tq794IleCVcEEMAkGBSsOAwINBQADLwAwLAIUUayDfreR
 Yh2WeU86/pHNdkUC1IgCFEfxe1f0oMpxJyrJ5XIxTi7vGdoK
 -----END X509 CERTIFICATE-----
 -----BEGIN X509 CERTIFICATE-----
 MIICGTCCAdgCAwCqTDAJBgUrDgMCDQUAMHwxCzAJBgNVBAYTAlVTMTYwNAYDVQQK
 Ey1OYXRpb25hbCBBZXJvbmF1dGljcyBhbmQgU3BhY2UgQWRtaW5pc3RyYXRpb24x
 GTAXBgNVBAsTEFRlc3QgRW52aXJvbm1lbnQxGjAYBgNVBAsTEURTUy1OQVNBLVBp
 bG90LUNBMB4XDTk2MDUxNDE3MDE0MVoXDTk3MDUxNDE3MDE0MVowMzELMAkGA1UE
 BhMCQVUxDzANBgNVBAoTBk1pbmNvbTETMBEGA1UEAxMKRXJpYyBZb3VuZzCB8jAJ
 BgUrDgMCDAUAA4HkADCB4AJBAKbfHz6vE6pXXMTpswtGUec2tvnfLJUsoxE9qs4+
 ObZX7LmLvragNPUeiTJx7UOWZ5DfBj6bXLc8eYne0lP1g3ACQQDUEaSg45P2qrDw
 ixTRhFhmWz5Nvc4lRFQ/42XPcchiJBLbbn3QK74T2IxY1yY+kCNq8XrIqf5fJJzI
 H0J/xUP3AhUAsg2wsQHfDGYk/BOSulX3fVd0geUCQQCzCFUQAh+ZkEmp5804cs6Z
 WBhrUAfnra8lJItYo9xPcXgdIfLfibcXR71UsyO77MRD7B0+Ag2tq794IleCVcEE
 MAkGBSsOAwINBQADMAAwLQIUWsuuJRE3VT4ueWkWMAJMJaZjj1ECFQCYY0zX4bzM
 LC7obsrHD8XAHG+ZRG==
 -----END X509 CERTIFICATE-----
 -----BEGIN CERTIFICATE-----
 MIICTTCCAbagAwIBAgIBADANBgkqhkiG9w0BAQQFADBMMQswCQYDVQQGEwJHQjEM
 MAoGA1UEChMDVUNMMRgwFgYDVQQLEw9JQ0UtVEVMIFByb2plY3QxFTATBgNVBAMT
 DFRydXN0RmFjdG9yeTAeFw05NzA0MjIxNDM5MTRaFw05ODA0MjIxNDM5MTRaMEwx
 CzAJBgNVBAYTAkdCMQwwCgYDVQQKEwNVQ0wxGDAWBgNVBAsTD0lDRS1URUwgUHJv
 amVjdDEVMBMGA1UEAxMMVHJ1c3RGYWN0b3J5MIGcMAoGBFUIAQECAgQAA4GNADCB
 iQKBgQCEieR8NcXkUW1f0G6aC6u0i8q/98JqS6RxK5YmHIGKCkuTWAUjzLfUa4dt
 U9igGCjTuxaDqlzEim+t/02pmiBZT9HaX++35MjQPUWmsChcYU5WyzGErXi+rQaw
 zlwS73zM8qiPj/97lXYycWhgL0VaiDSPxRXEUdWoaGruom4mNQIDAQABo0IwQDAd
 BgNVHQ4EFgQUHal1LZr7oVg5z6lYzrhTgZRCmcUwDgYDVR0PAQH/BAQDAgH2MA8G
 A1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAfaggfl6FZoioecjv0dq8
 /DXo/u11iMZvXn08gjX/zl2b4wtPbShOSY5FhkSm8GeySasz+/Nwb/uzfnIhokWi
 lfPZHtlCWtXbIy/TN51eJyq04ceDCQDWvLC2enVg9KB+GJ34b5c5VaPRzq8MBxsA
 S7ELuYGtmYgYm9NZOIr7yU0=
 -----END CERTIFICATE-----
 -----BEGIN CERTIFICATE-----
 MIIB6jCCAZQCAgEtMA0GCSqGSIb3DQEBBAUAMIGAMQswCQYDVQQGEwJVUzE2MDQG
 A1UEChMtTmF0aW9uYWwgQWVyb25hdXRpY3MgYW5kIFNwYWNlIEFkbWluaXN0cmF0
 aW9uMRkwFwYDVQQLExBUZXN0IEVudmlyb25tZW50MR4wHAYDVQQLExVNRDUtUlNB
 LU5BU0EtUGlsb3QtQ0EwHhcNOTYwNDMwMjIwNTAwWhcNOTcwNDMwMjIwNTAwWjCB
 gDELMAkGA1UEBhMCVVMxNjA0BgNVBAoTLU5hdGlvbmFsIEFlcm9uYXV0aWNzIGFu
 ZCBTcGFjZSBBZG1pbmlzdHJhdGlvbjEZMBcGA1UECxMQVGVzdCBFbnZpcm9ubWVu
 dDEeMBwGA1UECxMVTUQ1LVJTQS1OQVNBLVBpbG90LUNBMFkwCgYEVQgBAQICAgAD
 SwAwSAJBALmmX5+GqAvcrWK13rfDrNX9UfeA7f+ijyBgeFQjYUoDpFqapw4nzQBL
 bAXug8pKkRwa2Zh8YODhXsRWu2F/UckCAwEAATANBgkqhkiG9w0BAQQFAANBAH9a
 OBA+QCsjxXgnSqHx04gcU8S49DVUb1f2XVoLnHlIb8RnX0k5O6mpHT5eti9bLkiW
 GJNMJ4L0AJ/ac+SmHZc=
 -----END CERTIFICATE-----
 -----BEGIN CERTIFICATE-----
 MIICajCCAdMCBDGA0QUwDQYJKoZIhvcNAQEEBQAwfTELMAkGA1UEBhMCQ2ExDzAN
 BgNVBAcTBk5lcGVhbjEeMBwGA1UECxMVTm8gTGlhYmlsaXR5IEFjY2VwdGVkMR8w
 HQYDVQQKExZGb3IgRGVtbyBQdXJwb3NlcyBPbmx5MRwwGgYDVQQDExNFbnRydXN0
 IERlbW8gV2ViIENBMB4XDTk2MDQyNjEzMzUwMVoXDTA2MDQyNjEzMzUwMVowfTEL
 MAkGA1UEBhMCQ2ExDzANBgNVBAcTBk5lcGVhbjEeMBwGA1UECxMVTm8gTGlhYmls
 aXR5IEFjY2VwdGVkMR8wHQYDVQQKExZGb3IgRGVtbyBQdXJwb3NlcyBPbmx5MRww
 GgYDVQQDExNFbnRydXN0IERlbW8gV2ViIENBMIGdMA0GCSqGSIb3DQEBAQUAA4GL
 ADCBhwKBgQCaroS7O1DA0hm4IefNYU1cx/nqOmzEnk291d1XqznDeF4wEgakbkCc
 zTKxK791yNpXG5RmngqH7cygDRTHZJ6mfCRn0wGC+AI00F2vYTGqPGRQL1N3lZT0
 YDKFC0SQeMMjFIZ1aeQigroFQnHo0VB3zWIMpNkka8PY9lxHZAmWwQIBAzANBgkq
 hkiG9w0BAQQFAAOBgQBAx0UMVA1s54lMQyXjMX5kj99FJN5itb8bK1Rk+cegPQPF
 cWO9SEWyEjjBjIkjjzAwBkaEszFsNGxemxtXvwjIm1xEUMTVlPEWTs2qnDvAUA9W
 YqhWbhH0toGT36236QAsqCZ76rbTRVSSX2BHyJwJMG2tCRv7kRJ//NIgxj3H4w==
 -----END CERTIFICATE-----
 issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit)
 subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit)
 -----BEGIN CERTIFICATE-----
 MIICJzCCAZACAQAwDQYJKoZIhvcNAQEEBQAwXDELMAkGA1UEBhMCQVUxEzARBgNV
 BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYD
 VQQDExNUZXN0IFBDQSAoMTAyNCBiaXQpMB4XDTk3MDYwOTEzNTczN1oXDTAxMDYw
 OTEzNTczN1owXDELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxGjAY
 BgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYDVQQDExNUZXN0IFBDQSAoMTAy
 NCBiaXQpMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCdoWk/3+WcMlfjIrkg
 40ketmnQaEogQe1LLcuOJV6rKfUSAsPgwgsabJ/wn8TxA1yy3eKJbFl3OiUXMRsp
 22Jp85PmemiDzyUIStwk72qhp1imbANZvlmlCFKiQrjUyuDfu4TABmn+kkt3vR1Y
 BEOGt+IFye1UBVSATVdRJ2UVhwIDAQABMA0GCSqGSIb3DQEBBAUAA4GBABNA1u/S
 Cg/LJZWb7GliiKJsvuhxlE4E5JxQF2zMub/CSNbF97//tYSyj96sxeFQxZXbcjm9
 xt6mr/xNLA4szNQMJ4P+L7b5e/jC5DSqlwS+CUYJgaFs/SP+qJoCSu1bR3IM9XWO
 cRBpDmcBbYLkSyB92WURvsZ1LtjEcn+cdQVI
 -----END CERTIFICATE-----
 -----BEGIN RSA PRIVATE KEY-----
 MIICXAIBAAKBgQCdoWk/3+WcMlfjIrkg40ketmnQaEogQe1LLcuOJV6rKfUSAsPg
 wgsabJ/wn8TxA1yy3eKJbFl3OiUXMRsp22Jp85PmemiDzyUIStwk72qhp1imbANZ
 vlmlCFKiQrjUyuDfu4TABmn+kkt3vR1YBEOGt+IFye1UBVSATVdRJ2UVhwIDAQAB
 AoGAba4fTtuap5l7/8ZsbE7Z1O32KJY4ZcOZukLOLUUhXxXduT+FTgGWujc0/rgc
 z9qYCLlNZHOouMYTgtSfYvuMuLZ11VIt0GYH+nRioLShE59Yy+zCRyC+gPigS1kz
 xvo14AsOIPYV14Tk/SsHyq6E0eTk7VzaIE197giiINUERPECQQDSKmtPTh/lRKw7
 HSZSM0I1mFWn/1zqrAbontRQY5w98QWIOe5qmzYyFbPXYT3d9BzlsMyhgiRNoBbD
 yvohSHXJAkEAwAHx6ezAZeWWzD5yXD36nyjpkVCw7Tk7TSmOceLJMWt1QcrCfqlS
 xA5jjpQ6Z8suU5DdtWAryM2sAir1WisYzwJAd6Zcx56jvAQ3xcPXsE6scBTVFzrj
 7FqZ6E+cclPzfLQ+QQsyOBE7bpI6e/FJppY26XGZXo3YGzV8IGXrt40oOQJALETG
 h86EFXo3qGOFbmsDy4pdP5nBERCu8X1xUCSfintiD4c2DInxgS5oGclnJeMcjTvL
 QjQoJCX3UJCi/OUO1QJBAKgcDHWjMvt+l1pjJBsSEZ0HX9AAIIVx0RQmbFGS+F2Q
 hhu5l77WnnZOQ9vvhV5u7NPCUF9nhU3jh60qWWO8mkc=
 -----END RSA PRIVATE KEY-----
 subject=/C=US/O=RSA Data Security, Inc./OU=Commercial Certification Authority
 issuer= /C=US/O=RSA Data Security, Inc./OU=Commercial Certification Authority
 notBefore=941104185834Z
 notAfter =991103185834Z
 -----BEGIN X509 CERTIFICATE-----
 MIICIzCCAZACBQJBAAAWMA0GCSqGSIb3DQEBAgUAMFwxCzAJBgNVBAYTAlVTMSAw
 HgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjErMCkGA1UECxMiQ29tbWVy
 Y2lhbCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NDExMDQxODU4MzRaFw05
 OTExMDMxODU4MzRaMFwxCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdSU0EgRGF0YSBT
 ZWN1cml0eSwgSW5jLjErMCkGA1UECxMiQ29tbWVyY2lhbCBDZXJ0aWZpY2F0aW9u
 IEF1dGhvcml0eTCBmzANBgkqhkiG9w0BAQEFAAOBiQAwgYUCfgCk+4Fie84QJ93o
 975sbsZwmdu41QUDaSiCnHJ/lj+O7Kwpkj+KFPhCdr69XQO5kNTQvAayUTNfxMK/
 touPmbZiImDd298ggrTKoi8tUO2UMt7gVY3UaOLgTNLNBRYulWZcYVI4HlGogqHE
 7yXpCuaLK44xZtn42f29O2nZ6wIDAQABMA0GCSqGSIb3DQEBAgUAA34AdrW2EP4j
 9/dZYkuwX5zBaLxJu7NJbyFHXSudVMQAKD+YufKKg5tgf+tQx6sFEC097TgCwaVI
 0v5loMC86qYjFmZsGySp8+x5NRhPJsjjr1BKx6cxa9B8GJ1Qv6km+iYrRpwUqbtb
 MJhCKLVLU7tDCZJAuqiqWqTGtotXTcU=
 -----END X509 CERTIFICATE-----
 subject=/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
 issuer= /C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
 notBefore=941109235417Z
 notAfter =991231235417Z
 -----BEGIN X509 CERTIFICATE-----
 MIICKTCCAZYCBQJBAAABMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMSAw
 HgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjEuMCwGA1UECxMlU2VjdXJl
 IFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NDExMDkyMzU0MTda
 Fw05OTEyMzEyMzU0MTdaMF8xCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdSU0EgRGF0
 YSBTZWN1cml0eSwgSW5jLjEuMCwGA1UECxMlU2VjdXJlIFNlcnZlciBDZXJ0aWZp
 Y2F0aW9uIEF1dGhvcml0eTCBmzANBgkqhkiG9w0BAQEFAAOBiQAwgYUCfgCSznrB
 roM+WqqJg1esJQF2DK2ujiw3zus1eGRUA+WEQFHJv48I4oqCCNIWhjdV6bEhAq12
 aIGaBaJLyUslZiJWbIgHj/eBWW2EB2VwE3F2Ppt3TONQiVaYSLkdpykaEy5KEVmc
 HhXVSVQsczppgrGXOZxtcGdI5d0t1sgeewIDAQABMA0GCSqGSIb3DQEBAgUAA34A
 iNHReSHO4ovo+MF9NFM/YYPZtgs4F7boviGNjwC4i1N+RGceIr2XJ+CchcxK9oU7
 suK+ktPlDemvXA4MRpX/oRxePug2WHpzpgr4IhFrwwk4fia7c+8AvQKk8xQNMD9h
 cHsg/jKjn7P0Z1LctO6EjJY2IN6BCINxIYoPnqk=
 -----END X509 CERTIFICATE-----
 subject=/C=ZA/SP=Western Cape/L=Cape Town/O=Thawte Consulting cc
 	/OU=Certification Services Division/CN=Thawte Server CA
 	/Email=server-certs@thawte.com
 issuer= /C=ZA/SP=Western Cape/L=Cape Town/O=Thawte Consulting cc
 	/OU=Certification Services Division/CN=Thawte Server CA
 	/Email=server-certs@thawte.com
 -----BEGIN CERTIFICATE-----
 MIIC+TCCAmICAQAwDQYJKoZIhvcNAQEEBQAwgcQxCzAJBgNVBAYTAlpBMRUwEwYD
 VQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsGA1UEChMU
 VGhhd3RlIENvbnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2Vy
 dmljZXMgRGl2aXNpb24xGTAXBgNVBAMTEFRoYXd0ZSBTZXJ2ZXIgQ0ExJjAkBgkq
 hkiG9w0BCQEWF3NlcnZlci1jZXJ0c0B0aGF3dGUuY29tMB4XDTk2MDcyNzE4MDc1
 N1oXDTk4MDcyNzE4MDc1N1owgcQxCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0
 ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsGA1UEChMUVGhhd3RlIENv
 bnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2VydmljZXMgRGl2
 aXNpb24xGTAXBgNVBAMTEFRoYXd0ZSBTZXJ2ZXIgQ0ExJjAkBgkqhkiG9w0BCQEW
 F3NlcnZlci1jZXJ0c0B0aGF3dGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
 iQKBgQDTpFBuyP9Wa+bPXbbqDGh1R6KqwtqEJfyo9EdR2oW1IHSUhh4PdcnpCGH1
 Bm0wbhUZAulSwGLbTZme4moMRDjN/r7jZAlwxf6xaym2L0nIO9QnBCUQly/nkG3A
 KEKZ10xD3sP1IW1Un13DWOHA5NlbsLjctHvfNjrCtWYiEtaHDQIDAQABMA0GCSqG
 SIb3DQEBBAUAA4GBAIsvn7ifX3RUIrvYXtpI4DOfARkTogwm6o7OwVdl93yFhDcX
 7h5t0XZ11MUAMziKdde3rmTvzUYIUCYoY5b032IwGMTvdiclK+STN6NP2m5nvFAM
 qJT5gC5O+j/jBuZRQ4i0AMYQr5F4lT8oBJnhgafw6PL8aDY2vMHGSPl9+7uf
 -----END CERTIFICATE-----
 -----BEGIN CERTIFICATE-----
 MIIDDTCCAnYCAQAwDQYJKoZIhvcNAQEEBQAwgc4xCzAJBgNVBAYTAlpBMRUwEwYD
 VQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsGA1UEChMU
 VGhhd3RlIENvbnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2Vy
 dmljZXMgRGl2aXNpb24xITAfBgNVBAMTGFRoYXd0ZSBQcmVtaXVtIFNlcnZlciBD
 QTEoMCYGCSqGSIb3DQEJARYZcHJlbWl1bS1zZXJ2ZXJAdGhhd3RlLmNvbTAeFw05
 NjA3MjcxODA3MTRaFw05ODA3MjcxODA3MTRaMIHOMQswCQYDVQQGEwJaQTEVMBMG
 A1UECBMMV2VzdGVybiBDYXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xHTAbBgNVBAoT
 FFRoYXd0ZSBDb25zdWx0aW5nIGNjMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNl
 cnZpY2VzIERpdmlzaW9uMSEwHwYDVQQDExhUaGF3dGUgUHJlbWl1bSBTZXJ2ZXIg
 Q0ExKDAmBgkqhkiG9w0BCQEWGXByZW1pdW0tc2VydmVyQHRoYXd0ZS5jb20wgZ8w
 DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANI2NmqL18JbntqBQWKPOO5JBFXW0O8c
 G5UWR+8YSDU6UvQragaPOy/qVuOvho2eF/eetGV1Ak3vywmiIVHYm9Bn0LoNkgYU
 c9STy5cqAJxcTgy8+hVS/PJEbtoRSm4Iny8t4/mqOoZztkZTWMiJBb2DEbhzP6oH
 jfRCTedAnRw3AgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAutFIgTRZVYerIZfL9lvR
 w9Eifvvo5KTZ3h+Bj+VzNnyw4Qc/IyXkPOu6SIiH9LQ3sCmWBdxpe+qr4l77rLj2
 GYuMtESFfn1XVALzkYgC7JcPuTOjMfIiMByt+uFf8AV8x0IW/Qkuv+hEQcyM9vxK
 3VZdLbCVIhNoEsysrxCpxcI=
 -----END CERTIFICATE-----
 Tims test GCI CA
 -----BEGIN CERTIFICATE-----
 MIIB8DCCAZoCAQAwDQYJKoZIhvcNAQEEBQAwgYIxCzAJBgNVBAYTAkFVMRMwEQYD
 VQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5
 cHRTb2Z0IFB0eSBMdGQxFDASBgNVBAsTC2RldmVsb3BtZW50MRkwFwYDVQQDExBD
 cnlwdFNvZnQgRGV2IENBMB4XDTk3MDMyMjEzMzQwNFoXDTk4MDMyMjEzMzQwNFow
 gYIxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhC
 cmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxFDASBgNVBAsTC2Rl
 dmVsb3BtZW50MRkwFwYDVQQDExBDcnlwdFNvZnQgRGV2IENBMFwwDQYJKoZIhvcN
 AQEBBQADSwAwSAJBAOAOAqogG5QwAmLhzyO4CoRnx/wVy4NZP4dxJy83O1EnL0rw
 OdsamJKvPOLHgSXo3gDu9uVyvCf/QJmZAmC5ml8CAwEAATANBgkqhkiG9w0BAQQF
 AANBADRRS/GVdd7rAqRW6SdmgLJduOU2yq3avBu99kRqbp9A/dLu6r6jU+eP4oOA
 TfdbFZtAAD2Hx9jUtY3tfdrJOb8= 
 -----END CERTIFICATE-----
 -----BEGIN CERTIFICATE-----
 MIICVjCCAgACAQAwDQYJKoZIhvcNAQEEBQAwgbUxCzAJBgNVBAYTAkFVMRMwEQYD
 VQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5
 cHRTb2Z0IFB0eSBMdGQxLDAqBgNVBAsTI1dPUlRITEVTUyBDRVJUSUZJQ0FUSU9O
 IEFVVEhPUklUSUVTMTQwMgYDVQQDEytaRVJPIFZBTFVFIENBIC0gREVNT05TVFJB
 VElPTiBQVVJQT1NFUyBPTkxZMB4XDTk3MDQwMzEzMjI1NFoXDTk4MDQwMzEzMjI1
 NFowgbUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQH
 EwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxLDAqBgNVBAsT
 I1dPUlRITEVTUyBDRVJUSUZJQ0FUSU9OIEFVVEhPUklUSUVTMTQwMgYDVQQDEyta
 RVJPIFZBTFVFIENBIC0gREVNT05TVFJBVElPTiBQVVJQT1NFUyBPTkxZMFwwDQYJ
 KoZIhvcNAQEBBQADSwAwSAJBAOZ7T7yqP/tyspcko3yPY1y0Cm2EmwNvzW4QgVXR
 Fjs3HmJ4xtSpXdo6mwcGezL3Abt/aQXaxv9PU8xt+Jr0OFUCAwEAATANBgkqhkiG
 9w0BAQQFAANBAOQpYmGgyCqCy1OljgJhCqQOu627oVlHzK1L+t9vBaMfn40AVUR4
 WzQVWO31KTgi5vTK1U+3h46fgUWqQ0h+6rU=
 -----END CERTIFICATE-----
 -----BEGIN CERTIFICATE-----
 MIAwgKADAgECAgEAMA0GCSqGSIb3DQEBBAUAMGIxETAPBgNVBAcTCEludGVybmV0
 MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNpZ24gQ2xh
 c3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjAeFw05NjA0MDgxMDIwMjda
 Fw05NzA0MDgxMDIwMjdaMGIxETAPBgNVBAcTCEludGVybmV0MRcwFQYDVQQKEw5W
 ZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNpZ24gQ2xhc3MgMSBDQSAtIElu
 ZGl2aWR1YWwgU3Vic2NyaWJlcjCAMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2
 FKbPTdAFDdjKI9BvqrQpkmOOLPhvltcunXZLEbE2jVfJw/0cxrr+Hgi6M8qV6r7j
 W80GqLd5HUQq7XPysVKDaBBwZJHXPmv5912dFEObbpdFmIFH0S3L3bty10w/cari
 QPJUObwW7s987LrbP2wqsxaxhhKdrpM01bjV0Pc+qQIDAQABAAAAADANBgkqhkiG
 9w0BAQQFAAOBgQA+1nJryNt8VBRjRr07ArDAV/3jAH7GjDc9jsrxZS68ost9v06C
 TvTNKGL+LISNmFLXl+JXhgGB0JZ9fvyYzNgHQ46HBUng1H6voalfJgS2KdEo50wW
 8EFZYMDkT1k4uynwJqkVN2QJK/2q4/A/VCov5h6SlM8Affg2W+1TLqvqkwAA
 -----END CERTIFICATE-----
 subject=/L=Internet/O=VeriSign, Inc./OU=VeriSign Class 2 CA - Individual Subscriber
 issuer= /L=Internet/O=VeriSign, Inc./OU=VeriSign Class 2 CA - Individual Subscriber
 -----BEGIN CERTIFICATE-----
 MIIEkzCCA/ygAwIBAgIRANDTUpSRL3nTFeMrMayFSPAwDQYJKoZIhvcNAQECBQAw
 YjERMA8GA1UEBxMISW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQw
 MgYDVQQLEytWZXJpU2lnbiBDbGFzcyAyIENBIC0gSW5kaXZpZHVhbCBTdWJzY3Jp
 YmVyMB4XDTk2MDYwNDAwMDAwMFoXDTk4MDYwNDIzNTk1OVowYjERMA8GA1UEBxMI
 SW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytWZXJp
 U2lnbiBDbGFzcyAyIENBIC0gSW5kaXZpZHVhbCBTdWJzY3JpYmVyMIGfMA0GCSqG
 SIb3DQEBAQUAA4GNADCBiQKBgQC6A+2czKGRcYMfm8gdnk+0de99TDDzsqo0v5nb
 RsbUmMcdRQ7nsMbRWe0SAb/9QoLTZ/cJ0iOBqdrkz7UpqqKarVoTSdlSMVM92tWp
 3bJncZHQD1t4xd6lQVdI1/T6R+5J0T1ukOdsI9Jmf+F28S6g3R3L1SFwiHKeZKZv
 z+793wIDAQABo4ICRzCCAkMwggIpBgNVHQMBAf8EggIdMIICGTCCAhUwggIRBgtg
 hkgBhvhFAQcBATCCAgAWggGrVGhpcyBjZXJ0aWZpY2F0ZSBpbmNvcnBvcmF0ZXMg
 YnkgcmVmZXJlbmNlLCBhbmQgaXRzIHVzZSBpcyBzdHJpY3RseSBzdWJqZWN0IHRv
 LCB0aGUgVmVyaVNpZ24gQ2VydGlmaWNhdGlvbiBQcmFjdGljZSBTdGF0ZW1lbnQg
 KENQUyksIGF2YWlsYWJsZSBhdDogaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL0NQ
 Uy0xLjA7IGJ5IEUtbWFpbCBhdCBDUFMtcmVxdWVzdHNAdmVyaXNpZ24uY29tOyBv
 ciBieSBtYWlsIGF0IFZlcmlTaWduLCBJbmMuLCAyNTkzIENvYXN0IEF2ZS4sIE1v
 dW50YWluIFZpZXcsIENBIDk0MDQzIFVTQSBUZWwuICsxICg0MTUpIDk2MS04ODMw
 IENvcHlyaWdodCAoYykgMTk5NiBWZXJpU2lnbiwgSW5jLiAgQWxsIFJpZ2h0cyBS
 ZXNlcnZlZC4gQ0VSVEFJTiBXQVJSQU5USUVTIERJU0NMQUlNRUQgYW5kIExJQUJJ
 TElUWSBMSU1JVEVELqAOBgxghkgBhvhFAQcBAQGhDgYMYIZIAYb4RQEHAQECMC8w
 LRYraHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkvQ1BTLTEuMDAU
 BglghkgBhvhCAQEBAf8EBAMCAgQwDQYJKoZIhvcNAQECBQADgYEApRJRkNBqLLgs
 53IR/d18ODdLOWMTZ+QOOxBrq460iBEdUwgF8vmPRX1ku7UiDeNzaLlurE6eFqHq
 2zPyK5j60zfTLVJMWKcQWwTJLjHtXrW8pxhNtFc6Fdvy5ZkHnC/9NIl7/t4U6WqB
 p4y+p7SdMIkEwIZfds0VbnQyX5MRUJY=
 -----END CERTIFICATE-----
 subject=/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
 issuer= /C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
 -----BEGIN CERTIFICATE-----
 MIICMTCCAZoCBQKhAAABMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMRcw
 FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMg
 UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NjAxMjkwMDAwMDBa
 Fw05OTEyMzEyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2ln
 biwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZp
 Y2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAyVxZ
 nvIbigEUtBDfBEDb41evakVAj4QMC9Ez2dkRz+4CWB8l9yqoRAWq7AMfeH+ek7ma
 AKojfdashaJjRcdyJ8z0TMZ1cdI5709C8HXfCpDGjiBvmA/4rCNfcCk2pMmG57Ga
 IMtTpYXnPb59mv4kRTPcdhXtD6JxZExlLoFoRacCAwEAATANBgkqhkiG9w0BAQIF
 AAOBgQB1Zmw+0c2B27X4LzZRtvdCvM1Cr9wO+hVs+GeTVzrrtpLotgHKjLeOQ7RJ
 Zfk+7r11Ri7J/CVdqMcvi5uPaM+0nJcYwE3vH9mvgrPmZLiEXIqaB1JDYft0nls6
 NvxMsvwaPxUupVs8G5DsiCnkWRb5zget7Ond2tIxik/W2O8XjQ==
 -----END CERTIFICATE-----
 subject=/C=US/O=VeriSign, Inc./OU=Class 4 Public Primary Certification Authority
 issuer= /C=US/O=VeriSign, Inc./OU=Class 4 Public Primary Certification Authority
 -----BEGIN CERTIFICATE-----
 MIICMTCCAZoCBQKmAAABMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMRcw
 FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgNCBQdWJsaWMg
 UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NjAxMjkwMDAwMDBa
 Fw05OTEyMzEyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2ln
 biwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgNCBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZp
 Y2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0LJ1
 9njQrlpQ9OlQqZ+M1++RlHDo0iSQdomF1t+s5gEXMoDwnZNHvJplnR+Xrr/phnVj
 IIm9gFidBAydqMEk6QvlMXi9/C0MN2qeeIDpRnX57aP7E3vIwUzSo+/1PLBij0pd
 O92VZ48TucE81qcmm+zDO3rZTbxtm+gVAePwR6kCAwEAATANBgkqhkiG9w0BAQIF
 AAOBgQBT3dPwnCR+QKri/AAa19oM/DJhuBUNlvP6Vxt/M3yv6ZiaYch6s7f/sdyZ
 g9ysEvxwyR84Qu1E9oAuW2szaayc01znX1oYx7EteQSWQZGZQbE8DbqEOcY7l/Am
 yY7uvcxClf8exwI/VAx49byqYHwCaejcrOICdmHEPgPq0ook0Q==
 -----END CERTIFICATE-----
--- a/apps/sess_id.c
+++ b/apps/sess_id.c
@@ -1,317 +0,0 @@
 /* apps/sess_id.c */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
 * 
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
 * 
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *    "This product includes cryptographic software written by
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
 * 4. If you include any Windows specific code (or a derivative thereof) from 
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
 * 
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 * 
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include "apps.h"
 #include "bio.h"
 #include "err.h"
 #include "x509.h"
 #include "pem.h"
 #include "ssl.h"
 #undef PROG
 #define PROG	sess_id_main
 static char *sess_id_usage[]={
 "usage: sess_id args\n",
 "\n",
 " -inform arg     - input format - default PEM (one of DER, TXT or PEM)\n",
 " -outform arg    - output format - default PEM\n",
 " -in arg         - input file - default stdin\n",
 " -out arg        - output file - default stdout\n",
 " -text           - print ssl session id details\n",
 " -cert           - output certificate \n",
 " -noout          - no CRL output\n",
 " -context arg    - set the session ID context\n",
 NULL
 };
 #ifndef NOPROTO
 static SSL_SESSION *load_sess_id(char *file, int format);
 #else
 static SSL_SESSION *load_sess_id();
 #endif
 int MAIN(argc, argv)
 int argc;
 char **argv;
 	{
 	SSL_SESSION *x=NULL;
 	int ret=1,i,num,badops=0;
 	BIO *out=NULL;
 	int informat,outformat;
 	char *infile=NULL,*outfile=NULL,*context=NULL;
 	int cert=0,noout=0,text=0;
 	char **pp;
 	apps_startup();
 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 	informat=FORMAT_PEM;
 	outformat=FORMAT_PEM;
 	argc--;
 	argv++;
 	num=0;
 	while (argc >= 1)
 		{
 		if 	(strcmp(*argv,"-inform") == 0)
 			{
 			if (--argc < 1) goto bad;
 			informat=str2fmt(*(++argv));
 			}
 		else if (strcmp(*argv,"-outform") == 0)
 			{
 			if (--argc < 1) goto bad;
 			outformat=str2fmt(*(++argv));
 			}
 		else if (strcmp(*argv,"-in") == 0)
 			{
 			if (--argc < 1) goto bad;
 			infile= *(++argv);
 			}
 		else if (strcmp(*argv,"-out") == 0)
 			{
 			if (--argc < 1) goto bad;
 			outfile= *(++argv);
 			}
 		else if (strcmp(*argv,"-text") == 0)
 			text= ++num;
 		else if (strcmp(*argv,"-cert") == 0)
 			cert= ++num;
 		else if (strcmp(*argv,"-noout") == 0)
 			noout= ++num;
 		else if (strcmp(*argv,"-context") == 0)
 		    {
 		    if(--argc < 1) goto bad;
 		    context=*++argv;
 		    }
 		else
 			{
 			BIO_printf(bio_err,"unknown option %s\n",*argv);
 			badops=1;
 			break;
 			}
 		argc--;
 		argv++;
 		}
 	if (badops)
 		{
 bad:
 		for (pp=sess_id_usage; (*pp != NULL); pp++)
 			BIO_printf(bio_err,*pp);
 		goto end;
 		}
 	ERR_load_crypto_strings();
 	x=load_sess_id(infile,informat);
 	if (x == NULL) { goto end; }
 	if(context)
 	    {
 	    x->sid_ctx_length=strlen(context);
 	    if(x->sid_ctx_length > SSL_MAX_SID_CTX_LENGTH)
 		{
 		BIO_printf(bio_err,"Context too long\n");
 		goto end;
 		}
 	    memcpy(x->sid_ctx,context,x->sid_ctx_length);
 	    }
 #ifdef undef
 	/* just testing for memory leaks :-) */
 	{
 	SSL_SESSION *s;
 	char buf[1024*10],*p;
 	int i;
 	s=SSL_SESSION_new();
 	p= &buf;
 	i=i2d_SSL_SESSION(x,&p);
 	p= &buf;
 	d2i_SSL_SESSION(&s,&p,(long)i);
 	p= &buf;
 	d2i_SSL_SESSION(&s,&p,(long)i);
 	p= &buf;
 	d2i_SSL_SESSION(&s,&p,(long)i);
 	SSL_SESSION_free(s);
 	}
 #endif
 	if (!noout || text)
 		{
 		out=BIO_new(BIO_s_file());
 		if (out == NULL)
 			{
 			ERR_print_errors(bio_err);
 			goto end;
 			}
 		if (outfile == NULL)
 			BIO_set_fp(out,stdout,BIO_NOCLOSE);
 		else
 			{
 			if (BIO_write_filename(out,outfile) <= 0)
 				{
 				perror(outfile);
 				goto end;
 				}
 			}
 		}
 	if (text)
 		{
 		SSL_SESSION_print(out,x);
 		if (cert)
 			{
 			if (x->peer == NULL)
 				BIO_puts(out,"No certificate present\n");
 			else
 				X509_print(out,x->peer);
 			}
 		}
 	if (!noout && !cert)
 		{
 		if 	(outformat == FORMAT_ASN1)
 			i=(int)i2d_SSL_SESSION_bio(out,x);
 		else if (outformat == FORMAT_PEM)
 			i=PEM_write_bio_SSL_SESSION(out,x);
 		else	{
 			BIO_printf(bio_err,"bad output format specified for outfile\n");
 			goto end;
 			}
 		if (!i) {
 			BIO_printf(bio_err,"unable to write SSL_SESSION\n");
 			goto end;
 			}
 		}
 	else if (!noout && (x->peer != NULL)) /* just print the certificate */
 		{
 		if 	(outformat == FORMAT_ASN1)
 			i=(int)i2d_X509_bio(out,x->peer);
 		else if (outformat == FORMAT_PEM)
 			i=PEM_write_bio_X509(out,x->peer);
 		else	{
 			BIO_printf(bio_err,"bad output format specified for outfile\n");
 			goto end;
 			}
 		if (!i) {
 			BIO_printf(bio_err,"unable to write X509\n");
 			goto end;
 			}
 		}
 	ret=0;
 end:
 	if (out != NULL) BIO_free(out);
 	if (x != NULL) SSL_SESSION_free(x);
 	EXIT(ret);
 	}
 static SSL_SESSION *load_sess_id(infile, format)
 char *infile;
 int format;
 	{
 	SSL_SESSION *x=NULL;
 	BIO *in=NULL;
 	in=BIO_new(BIO_s_file());
 	if (in == NULL)
 		{
 		ERR_print_errors(bio_err);
 		goto end;
 		}
 	if (infile == NULL)
 		BIO_set_fp(in,stdin,BIO_NOCLOSE);
 	else
 		{
 		if (BIO_read_filename(in,infile) <= 0)
 			{
 			perror(infile);
 			goto end;
 			}
 		}
 	if 	(format == FORMAT_ASN1)
 		x=d2i_SSL_SESSION_bio(in,NULL);
 	else if (format == FORMAT_PEM)
 		x=PEM_read_bio_SSL_SESSION(in,NULL,NULL);
 	else	{
 		BIO_printf(bio_err,"bad input format specified for input crl\n");
 		goto end;
 		}
 	if (x == NULL)
 		{
 		BIO_printf(bio_err,"unable to load SSL_SESSION\n");
 		ERR_print_errors(bio_err);
 		goto end;
 		}
 end:
 	if (in != NULL) BIO_free(in);
 	return(x);
 	}
--- a/apps/set/set-g-ca.pem
+++ b/apps/set/set-g-ca.pem
@@ -1,21 +0,0 @@
 -----BEGIN CERTIFICATE-----
 MIIDeDCCAuGgAwIBAgIgYCYUeg8NJ9kO1q3z6vGCkAmPRfu5+Nur0FyGF79MADMw
 DQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCVVMxFDASBgNVBAoTC0JDQTEwMTcx
 MTA0MSAwHgYDVQQDExdCcmFuZCBOYW1lOlByb2R1Y3QgVHlwZTAeFw05NjEwMjIw
 MDAwMDBaFw05NjExMjEyMzU5NTlaMEUxCzAJBgNVBAYTAlVTMRQwEgYDVQQKEwtQ
 Q0ExMDIxMTgyODEgMB4GA1UEAxMXQnJhbmQgTmFtZTpQcm9kdWN0IFR5cGUwgZ8w
 DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJyi5V7l1HohY6hN/2N9x6mvWeMy8rD1
 6lfXjgmiuGmhpaszWYaalesMcS2OGuG8Lq3PkaSzpVzqASKfIOjxLMsdpYyYJRub
 vRPDWi3xd8wlp9xUwWHKqn+ki8mPo0yN4eONwZZ4rcZr6K+tWd+5EJZSjuENJoQ/
 SRRmGRzdcS7XAgMBAAGjggFXMIIBUzBUBgNVHSMETTBLoSekJTAjMQswCQYDVQQG
 EwJVUzEUMBIGA1UEChMLUkNBMTAxMTE4MjmCIGApUs14Ad7t9VTGq2PpV8DylPQ7
 aATM2mor7lc1fWvZMA4GA1UdDwEB/wQEAwIBBjAuBgNVHRABAf8EJDAigA8xOTk2
 MTAyMjAxMjIwMFqBDzE5OTYxMTIxMjM1OTU5WjAbBgNVHSABAf8EETAPMA0GC2CG
 SAGG+EUBBwEBMBIGA1UdEwEB/wQIMAYBAf8CAQAwDwYEho1vAwEB/wQEAwICBDB5
 BgSGjW8HAQH/BG4wbDAkAgEAMAkGBSsOAwIaBQAEFDJmNzRiMWFmNGZjYzA2MGY3
 Njc2Ew90ZXJzZSBzdGF0ZW1lbnSAF2h0dHA6Ly93d3cudmVyaXNpZ24uY29tgRpn
 ZXRzZXQtY2VudGVyQHZlcmlzaWduLmNvbTANBgkqhkiG9w0BAQUFAAOBgQBn19R2
 AgGvpJDmfXrHTDdCoYyMkaP2MPzw0hFRwh+wqnw0/pqUXa7MrLXMqtD3rUyOWaNR
 9fYpJZd0Bh/1OeIc2+U+VNfUovLLuZ8nNemdxyq2KMYnHtnh7UdO7atZ+PFLVu8x
 a+J2Mtj8MGy12CJNTJcjLSrJ/1f3AuVrwELjlQ==
 -----END CERTIFICATE-----
--- a/apps/set/set-m-ca.pem
+++ b/apps/set/set-m-ca.pem
@@ -1,21 +0,0 @@
 -----BEGIN CERTIFICATE-----
 MIIDeDCCAuGgAwIBAgIgEGvcf5aUnufALdVMa/dmPdflq1CoORGeK5DUwbqhVYcw
 DQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCVVMxFDASBgNVBAoTC0JDQTEwMTcx
 MTA0MSAwHgYDVQQDExdCcmFuZCBOYW1lOlByb2R1Y3QgVHlwZTAeFw05NjEwMjIw
 MDAwMDBaFw05NjExMjEyMzU5NTlaMEUxCzAJBgNVBAYTAlVTMRQwEgYDVQQKEwtN
 Q0ExMDIxMTgyNzEgMB4GA1UEAxMXQnJhbmQgTmFtZTpQcm9kdWN0IFR5cGUwgZ8w
 DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALuWwr63YrT1GIZpYKfIeiVFHESG/FZO
 7RAJKml/p12ZyZ7D5YPP4BBXVsa1H8e8arR1LKC4rdCArrtKKlBeBiMo9+NB+u35
 FnLnTmfzM4iZ2Syw35DXY8+Xn/LM7RJ1RG+vMNcTqpoUg7QPye7flq2Pt7vVROPn
 SZxPyVxmILe3AgMBAAGjggFXMIIBUzBUBgNVHSMETTBLoSekJTAjMQswCQYDVQQG
 EwJVUzEUMBIGA1UEChMLUkNBMTAxMTE4MjmCIGApUs14Ad7t9VTGq2PpV8DylPQ7
 aATM2mor7lc1fWvZMA4GA1UdDwEB/wQEAwIBBjAuBgNVHRABAf8EJDAigA8xOTk2
 MTAyMjAxMjEwMFqBDzE5OTYxMTIxMjM1OTU5WjAbBgNVHSABAf8EETAPMA0GC2CG
 SAGG+EUBBwEBMBIGA1UdEwEB/wQIMAYBAf8CAQAwDwYEho1vAwEB/wQEAwIDCDB5
 BgSGjW8HAQH/BG4wbDAkAgEAMAkGBSsOAwIaBQAEFDJmNzRiMWFmNGZjYzA2MGY3
 Njc2Ew90ZXJzZSBzdGF0ZW1lbnSAF2h0dHA6Ly93d3cudmVyaXNpZ24uY29tgRpn
 ZXRzZXQtY2VudGVyQHZlcmlzaWduLmNvbTANBgkqhkiG9w0BAQUFAAOBgQApaj0W
 GgyR47URZEZ7z83yivvnVErqtodub/nR1fMgJ4bDC0ofjA0SzXBP1/3eDq9VkPuS
 EKUw9BpM2XrSUKhJ6F1CbBjWpM0M7GC1nTSxMxmV+XL+Ab/Gn2SwozUApWtht29/
 x9VLB8qsi6wN2aOsVdQMl5iVCjGQYfEkyuoIgA==
 -----END CERTIFICATE-----
--- a/apps/set/set_b_ca.pem
+++ b/apps/set/set_b_ca.pem
@@ -1,23 +0,0 @@
 -----BEGIN CERTIFICATE-----
 MIID1zCCAr+gAwIBAgIgYClSzXgB3u31VMarY+lXwPKU9DtoBMzaaivuVzV9a9kw
 DQYJKoZIhvcNAQEFBQAwIzELMAkGA1UEBhMCVVMxFDASBgNVBAoTC1JDQTEwMTEx
 ODI5MB4XDTk2MTAxNzAwMDAwMFoXDTk2MTExNjIzNTk1OVowRTELMAkGA1UEBhMC
 VVMxFDASBgNVBAoTC0JDQTEwMTcxMTA0MSAwHgYDVQQDExdCcmFuZCBOYW1lOlBy
 b2R1Y3QgVHlwZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApPewvR0BwV02
 9E12ic48pMY/aMB6SkMEWPDx2hURr0DKYGJ6qMvzZn2pSfaVH1BqDtK6oK4Ye5Mj
 ItywwQIdXXO9Ut8+TLnvtzq9ByCJ0YThjZJBc7ZcpJxSV7QAoBON/lzxZuAVq3+L
 3uc39MgRwmBpRllZEpWrkojxs6166X0CAwEAAaOCAVcwggFTMFQGA1UdIwRNMEuh
 J6QlMCMxCzAJBgNVBAYTAlVTMRQwEgYDVQQKEwtSQ0ExMDExMTgyOYIgVqenwCYv
 mmxUIvi9gUMCa+uJGJ60mZecw9HrISXnLaYwDgYDVR0PAQH/BAQDAgEGMC4GA1Ud
 EAEB/wQkMCKADzE5OTYxMDE3MTc1NzAwWoEPMTk5NjExMTYyMzU5NTlaMBsGA1Ud
 IAEB/wQRMA8wDQYLYIZIAYb4RQEHAQEwEgYDVR0TAQH/BAgwBgEB/wIBATAPBgSG
 jW8DAQH/BAQDAgABMHkGBIaNbwcBAf8EbjBsMCQCAQAwCQYFKw4DAhoFAAQUMmY3
 NGIxYWY0ZmNjMDYwZjc2NzYTD3RlcnNlIHN0YXRlbWVudIAXaHR0cDovL3d3dy52
 ZXJpc2lnbi5jb22BGmdldHNldC1jZW50ZXJAdmVyaXNpZ24uY29tMA0GCSqGSIb3
 DQEBBQUAA4IBAQAWoMS8Aj2sO0LDxRoMcnWTKY8nd8Jw2vl2Mgsm+0qCvcndICM5
 43N0y9uHlP8WeCZULbFz95gTL8mfP/QTu4EctMUkQgRHJnx80f0XSF3HE/X6zBbI
 9rit/bF6yP1mhkdss/vGanReDpki7q8pLx+VIIcxWst/366HP3dW1Fb7ECW/WmVV
 VMN93f/xqk9I4sXchVZcVKQT3W4tzv+qQvugrEi1dSEkbAy1CITEAEGiaFhGUyCe
 WPox3guRXaEHoINNeajGrISe6d//alsz5EEroBoLnM2ryqWfLAtRsf4rjNzTgklw
 lbiz0fw7bNkXKp5ZVr0wlnOjQnoSM6dTI0AV
 -----END CERTIFICATE-----
--- a/apps/set/set_c_ca.pem
+++ b/apps/set/set_c_ca.pem
@@ -1,21 +0,0 @@
 -----BEGIN CERTIFICATE-----
 MIIDeDCCAuGgAwIBAgIgOnl8J6lAYNDdTWtIojWCGnloNf4ufHjOZ4Fkxwg5xOsw
 DQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCVVMxFDASBgNVBAoTC0JDQTEwMTcx
 MTA0MSAwHgYDVQQDExdCcmFuZCBOYW1lOlByb2R1Y3QgVHlwZTAeFw05NjEwMjIw
 MDAwMDBaFw05NjExMjEyMzU5NTlaMEUxCzAJBgNVBAYTAlVTMRQwEgYDVQQKEwtD
 Q0ExMDIxMTYxNjEgMB4GA1UEAxMXQnJhbmQgTmFtZTpQcm9kdWN0IFR5cGUwgZ8w
 DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANA3a9+U8oXU3Dv1wJf8g0A7HjCRZAXc
 Y8E4OLOdye5aUssxifCE05qTPVqHMXo6cnCYcfroMdURhjQlswyTGtjQybgUnXjp
 pchw+V4D1DkN0ThErrMCh9ZFSykC0lUhQTRLESvbIb4Gal/HMAFAF5sj0GoOFi2H
 RRj7gpzBIU3xAgMBAAGjggFXMIIBUzBUBgNVHSMETTBLoSekJTAjMQswCQYDVQQG
 EwJVUzEUMBIGA1UEChMLUkNBMTAxMTE4MjmCIGApUs14Ad7t9VTGq2PpV8DylPQ7
 aATM2mor7lc1fWvZMA4GA1UdDwEB/wQEAwIBBjAuBgNVHRABAf8EJDAigA8xOTk2
 MTAyMjAxMTAwMFqBDzE5OTYxMTIxMjM1OTU5WjAbBgNVHSABAf8EETAPMA0GC2CG
 SAGG+EUBBwEBMBIGA1UdEwEB/wQIMAYBAf8CAQAwDwYEho1vAwEB/wQEAwIEEDB5
 BgSGjW8HAQH/BG4wbDAkAgEAMAkGBSsOAwIaBQAEFDJmNzRiMWFmNGZjYzA2MGY3
 Njc2Ew90ZXJzZSBzdGF0ZW1lbnSAF2h0dHA6Ly93d3cudmVyaXNpZ24uY29tgRpn
 ZXRzZXQtY2VudGVyQHZlcmlzaWduLmNvbTANBgkqhkiG9w0BAQUFAAOBgQBteLaZ
 u/TASC64UWPfhxYAUdys9DQ1pG/J1qPWNTkjOmpXFvW+7l/3nkxyRPgUoFNwx1e7
 XVVPr6zhy8LaaXppwfIZvVryzAUdbtijiUf/MO0hvV3w7e9NlCVProdU5H9EvCXr
 +IV8rH8fdEkirIVyw0JGHkuWhkmtS1HEwai9vg==
 -----END CERTIFICATE-----
--- a/apps/set/set_d_ct.pem
+++ b/apps/set/set_d_ct.pem
@@ -1,21 +0,0 @@
 -----BEGIN CERTIFICATE-----
 MIIDdjCCAt+gAwIBAgIgRU5t24v72xVDpZ4iHpyoOAQaQmfio1yhTZAOkBfT2uUw
 DQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCVVMxFDASBgNVBAoTC0NDQTEwMjEx
 NjE2MSAwHgYDVQQDExdCcmFuZCBOYW1lOlByb2R1Y3QgVHlwZTAeFw05NjEwMjQw
 MDAwMDBaFw05NjExMjMyMzU5NTlaMG4xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdC
 cmFuZElEMSYwJAYDVQQLEx1Jc3N1aW5nIEZpbmFuY2lhbCBJbnN0aXR1dGlvbjEl
 MCMGA1UEAxMcR2lYb0t0VjViN1V0MHZKa2hkSG5RYmNzc2JrPTBcMA0GCSqGSIb3
 DQEBAQUAA0sAMEgCQQDIUxgpNB1aoSW585WErtN8WInCRWCqDj3RGT2mJye0F4SM
 /iT5ywdWMasmw18vpEpDlMypfZnRkUAdfyHcRABVAgMBAAGjggFwMIIBbDB2BgNV
 HSMEbzBtoUmkRzBFMQswCQYDVQQGEwJVUzEUMBIGA1UEChMLQkNBMTAxNzExMDQx
 IDAeBgNVBAMTF0JyYW5kIE5hbWU6UHJvZHVjdCBUeXBlgiA6eXwnqUBg0N1Na0ii
 NYIaeWg1/i58eM5ngWTHCDnE6zAOBgNVHQ8BAf8EBAMCB4AwLgYDVR0QAQH/BCQw
 IoAPMTk5NjEwMjQwMTA0MDBagQ8xOTk2MTEyMzIzNTk1OVowGAYDVR0gBBEwDzAN
 BgtghkgBhvhFAQcBATAMBgNVHRMBAf8EAjAAMA8GBIaNbwMBAf8EBAMCB4AweQYE
 ho1vBwEB/wRuMGwwJAIBADAJBgUrDgMCGgUABBQzOTgyMzk4NzIzNzg5MTM0OTc4
 MhMPdGVyc2Ugc3RhdGVtZW50gBdodHRwOi8vd3d3LnZlcmlzaWduLmNvbYEaZ2V0
 c2V0LWNlbnRlckB2ZXJpc2lnbi5jb20wDQYJKoZIhvcNAQEFBQADgYEAVHCjhxeD
 mIFSkm3DpQAq7pGfcAFPWvSM9I9bK8qeFT1M5YQ+5fbPqaWlNcQlGKIe3cHd4+0P
 ndL5lb6UBhhA0kTzEYA38+HtBxPe/lokCv0bYfyWY9asUmvfbUrTYta0yjN7ixnV
 UqvxxHQHOAwhf6bcc7xNHapOxloWzGUU0RQ=
 -----END CERTIFICATE-----
--- a/apps/set/set_root.pem
+++ b/apps/set/set_root.pem
@@ -1,21 +0,0 @@
 -----BEGIN CERTIFICATE-----
 MIIDZzCCAk+gAwIBAgIgVqenwCYvmmxUIvi9gUMCa+uJGJ60mZecw9HrISXnLaYw
 DQYJKoZIhvcNAQEFBQAwIzELMAkGA1UEBhMCVVMxFDASBgNVBAoTC1JDQTEwMTEx
 ODI5MB4XDTk2MTAxMjAwMDAwMFoXDTk2MTExMTIzNTk1OVowIzELMAkGA1UEBhMC
 VVMxFDASBgNVBAoTC1JDQTEwMTExODI5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
 MIIBCgKCAQEAukca0PVUGFIYX7EyrShi+dVi9GTNzG0V2Wtdw6DqFzKfedba/KpE
 zqnRDV/wRZlBn3oXPS6kNCFiBPRV9mEFXI7y2W+q8/vPurjRDIXMsqQ+dAhKwf4q
 rofJBTiET4NUN0YTtpx6aYuoVubjiOgKdbqnUArxAWWP2Dkco17ipEYyUtd4sTAe
 /xKR02AHpbYGYPSHjMDS/nzUJ7uX4d51phs0rt7If48ExJSnDV/KoHMfm42mdmH2
 g23005qdHKY3UXeh10tZmb3QtGTSvF6OqpRZ+e9/ALklu7ZcIjqbb944ci4QWemb
 ZNWiDFrWWUoO1k942BI/iZ8Fh8pETYSDBQIDAQABo4GGMIGDMA4GA1UdDwEB/wQE
 AwIBBjAuBgNVHRABAf8EJDAigA8xOTk2MTAxMjAxMzQwMFqBDzE5OTYxMTExMjM1
 OTU5WjAbBgNVHSABAf8EETAPMA0GC2CGSAGG+EUBBwEBMBIGA1UdEwEB/wQIMAYB
 Af8CAQIwEAYEho1vAwEB/wQFAwMHAIAwDQYJKoZIhvcNAQEFBQADggEBAK4tntea
 y+ws7PdULwfqAS5osaoNvw73uBn5lROTpx91uhQbJyf0oZ3XG9GUuHZBpqG9qmr9
 vIL40RsvRpNMYgaNHKTxF716yx6rZmruAYZsrE3SpV63tQJCckKLPSge2E5uDhSQ
 O8UjusG+IRT9fKMXUHLv4OmZPOQVOSl1qTCN2XoJFqEPtC3Y9P4YR4xHL0P2jb1l
 DLdIbruuh+6omH+0XUZd5fKnQZTTi6gjl0iunj3wGnkcqGZtwr3j87ONiB/8tDwY
 vz8ceII4YYdX12PrNzn+fu3R5rChvPW4/ah/SaYQ2VQ0AupaIF4xrNJ/gLYYw0YO
 bxCrVJLd8tu9WgA=
 -----END CERTIFICATE-----
--- a/apps/speed.c
+++ b/apps/speed.c
--- a/apps/stuff/pkcs7.ex1
+++ b/apps/stuff/pkcs7.ex1
@@ -1,25 +0,0 @@
 -----BEGIN xxx-----
 MIAGCSqGSIb3DQEHAqCAMIACAQExADCABgkqhkiG9w0BBwEAAKCAMIIB
 rTCCAUkCAgC2MA0GCSqGSIb3DQEBAgUAME0xCzAJBgNVBAYTAlVTMSAw
 HgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjEcMBoGA1UECxMT
 UGVyc29uYSBDZXJ0aWZpY2F0ZTAeFw05NDA0MDkwMDUwMzdaFw05NDA4
 MDIxODM4NTdaMGcxCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdSU0EgRGF0
 YSBTZWN1cml0eSwgSW5jLjEcMBoGA1UECxMTUGVyc29uYSBDZXJ0aWZp
 Y2F0ZTEYMBYGA1UEAxMPU2V0ZWMgQXN0cm9ub215MFwwDQYJKoZIhvcN
 AQEBBQADSwAwSAJBAMy8QcW7RMrB4sTdQ8Nmb2DFmJmkWn+el+NdeamI
 DElX/qw9mIQu4xNj1FfepfJNxzPvA0OtMKhy6+bkrlyMEU8CAwEAATAN
 BgkqhkiG9w0BAQIFAANPAAYn7jDgirhiIL4wnP8nGzUisGSpsFsF4/7z
 2P2wqne6Qk8Cg/Dstu3RyaN78vAMGP8d82H5+Ndfhi2mRp4YHiGHz0Hl
 K6VbPfnyvS2wdjCCAccwggFRAgUCQAAAFDANBgkqhkiG9w0BAQIFADBf
 MQswCQYDVQQGEwJVUzEgMB4GA1UEChMXUlNBIERhdGEgU2VjdXJpdHks
 IEluYy4xLjAsBgNVBAsTJUxvdyBBc3N1cmFuY2UgQ2VydGlmaWNhdGlv
 biBBdXRob3JpdHkwHhcNOTQwMTA3MDAwMDAwWhcNOTYwMTA3MjM1OTU5
 WjBNMQswCQYDVQQGEwJVUzEgMB4GA1UEChMXUlNBIERhdGEgU2VjdXJp
 dHksIEluYy4xHDAaBgNVBAsTE1BlcnNvbmEgQ2VydGlmaWNhdGUwaTAN
 BgkqhkiG9w0BAQEFAANYADBVAk4GqghQDa9Xi/2zAdYEqJVIcYhlLN1F
 pI9tXQ1m6zZ39PYXK8Uhoj0Es7kWRv8hC04vqkOKwndWbzVtvoHQOmP8
 nOkkuBi+AQvgFoRcgOUCAwEAATANBgkqhkiG9w0BAQIFAANhAD/5Uo7x
 Ddp49oZm9GoNcPhZcW1e+nojLvHXWAU/CBkwfcR+FSf4hQ5eFu1AjYv6
 Wqf430Xe9Et5+jgnMTiq4LnwgTdA8xQX4elJz9QzQobkE3XVOjVAtCFc
 miin80RB8AAAMYAAAAAAAAAAAA==
 -----END xxx-----
--- a/apps/stuff/pkcs7.ex2
+++ b/apps/stuff/pkcs7.ex2
@@ -1,11 +0,0 @@
 -----BEGIN PRIVACY-ENHANCED MESSAGE-----
 MIAGCSqGSIb3DQEHBqCAMIACAQAwgAYJKoZIhvcNAQcBMBEGBSsOAwIHBAifqtdy
 x6uIMYCCARgvFzJtOZBn773DtmXlx037ck3giqnV0WC0QAx5f+fesAiGaxMqWcir
 r9XvT0nT0LgSQ/8tiLCDBEKdyCNgdcJAduy3D0r2sb5sNTT0TyL9uydG3w55vTnW
 aPbCPCWLudArI1UHDZbnoJICrVehxG/sYX069M8v6VO8PsJS7//hh1yM+0nekzQ5
 l1p0j7uWKu4W0csrlGqhLvEJanj6dQAGSTNCOoH3jzEXGQXntgesk8poFPfHdtj0
 5RH4MuJRajDmoEjlrNcnGl/BdHAd2JaCo6uZWGcnGAgVJ/TVfSVSwN5nlCK87tXl
 nL7DJwaPRYwxb3mnPKNq7ATiJPf5u162MbwxrddmiE7e3sST7naSN+GS0ateY5X7
 AAAAAAAAAAA=
 -----END PRIVACY-ENHANCED MESSAGE-----
--- a/apps/stuff/pkcs7.ex3
+++ b/apps/stuff/pkcs7.ex3
@@ -1,12 +0,0 @@
 -----BEGIN PRIVACY-ENHANCED MESSAGE-----
 MIAGCSqGSIb3DQEHA6CAMIACAQAxgDCBqQIBADBTME0xCzAJBgNVBAYTAlVTMSAw
 HgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjEcMBoGA1UECxMTUGVyc29u
 YSBDZXJ0aWZpY2F0ZQICALYwDQYJKoZIhvcNAQEBBQAEQCU/R+YCJSUsV6XLilHG
 cNVzwqKcWzmT/rZ+duOv8Ggb7oO/d8H3xUVGQ2LsX4kYGq2szwj8Q6eWhsmhf4oz
 lvMAADCABgkqhkiG9w0BBwEwEQYFKw4DAgcECFif7BadXlw3oIAEgZBNcMexKe16
 +mNxx8YQPukBCL0bWqS86lvws/AgRkKPELmysBi5lco8MBCsWK/fCyrnxIRHs1oK
 BXBVlsAhKkkusk1kCf/GbXSAphdSgG+d6LxrNZwHbBFOX6A2hYS63Iczd5bOVDDW
 Op2gcgUtMJq6k2LFrs4L7HHqRPPlqNJ6j5mFP4xkzOCNIQynpD1rV6EECMIk/T7k
 1JLSAAAAAAAAAAAAAA==
 -----END PRIVACY-ENHANCED MESSAGE-----
--- a/apps/stuff/pkcs7.pem
+++ b/apps/stuff/pkcs7.pem
@@ -1,46 +0,0 @@
 -----BEGIN PKCS7-----
 MIIIEgYJKoZIhvcNAQcCMIIIAwIBATEAMAsGCSqGSIb3DQEHAaCCBDUwggIhMIIB
 jgIFAnIAAGcwDQYJKoZIhvcNAQECBQAwXzELMAkGA1UEBhMCVVMxIDAeBgNVBAoT
 F1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYDVQQLEyVTZWN1cmUgU2VydmVy
 IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk1MDUxNzAwMDAwMFoXDTk1MTEx
 NjIzNTk1OVowdzELMAkGA1UEBhMCVVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5h
 MRIwEAYDVQQHEwlDaGFybG90dGUxIzAhBgNVBAoTGlZuZXQgSW50ZXJuZXQgQWNj
 ZXNzLCBJbmMuMRYwFAYDVQQDFA13d3cqLnZuZXQubmV0MHwwDQYJKoZIhvcNAQEB
 BQADawAwaAJhAOngW+io4W1lAp1b2k4+KqICaLHatp6AWkPLpa3Li2mwmggSGeRD
 AmTI4FQB0EFrDMfKLOteHgGoDJ0vifmV5cKvevRt5Gn+xPn54Halu7i145iUldyv
 oViUNpWmLJhKTQIDAQABMA0GCSqGSIb3DQEBAgUAA34AQkyfJje6H8fxtN68TvXV
 RibnPpQol2jMbh0VnK9cP9ePvsXy+7JoGuWxj6zlgjZGwia49xITggZ+0b+wP51l
 5e8xEEc2K7eC5QVD0qh/NSqdPcVP+UG6UK/LT25w/yLuZgqJ3g87kGbOo9myLhkZ
 3jr3kXnsriBmwmqcjgUwggIMMIIBlgIFAkAAAEUwDQYJKoZIhvcNAQECBQAwXzEL
 MAkGA1UEBhMCVVMxIDAeBgNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4w
 LAYDVQQLEyVMb3cgQXNzdXJhbmNlIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4X
 DTk0MTEwOTIzMTk0NFoXDTk5MTIzMTIzMTk0NFowXzELMAkGA1UEBhMCVVMxIDAe
 BgNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYDVQQLEyVTZWN1cmUg
 U2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGbMA0GCSqGSIb3DQEBAQUA
 A4GJADCBhQJ+AJLOesGugz5aqomDV6wlAXYMra6OLDfO6zV4ZFQD5YRAUcm/jwji
 ioII0haGN1XpsSECrXZogZoFokvJSyVmIlZsiAeP94FZbYQHZXATcXY+m3dM41CJ
 VphIuR2nKRoTLkoRWZweFdVJVCxzOmmCsZc5nG1wZ0jl3S3WyB57AgMBAAEwDQYJ
 KoZIhvcNAQECBQADYQAjOCnuhWTdRq+8PhUBSzKbOhmafQQPQ8Ltw+49U8N1zgq9
 1ROaW46znUQykAPUdaAIflEfV2e0ULuyOWCwDJ2ME7NUmWL86SLkk6QLC9iItjva
 h+tdpLV/+TerjmrxCWChggOyMIICjTCCAfowDQYJKoZIhvcNAQECBQAwXzELMAkG
 A1UEBhMCVVMxIDAeBgNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYD
 VQQLEyVTZWN1cmUgU2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5Fw05NTA1
 MDIwMjEyMjZaFw05NTA2MDEwMDAxNDlaMIIBaDAWAgUCQQAABBcNOTUwMjAxMTcy
 NDI2WjAWAgUCQQAACRcNOTUwMjEwMDIxNjM5WjAWAgUCQQAADxcNOTUwMjI0MDAx
 MjQ5WjAWAgUCQQAADBcNOTUwMjI1MDA0NjQ0WjAWAgUCQQAAGxcNOTUwMzEzMTg0
 MDQ5WjAWAgUCQQAAFhcNOTUwMzE1MTkxNjU0WjAWAgUCQQAAGhcNOTUwMzE1MTk0
 MDQxWjAWAgUCQQAAHxcNOTUwMzI0MTk0NDMzWjAWAgUCcgAABRcNOTUwMzI5MjAw
 NzExWjAWAgUCcgAAERcNOTUwMzMwMDIzNDI2WjAWAgUCQQAAIBcNOTUwNDA3MDEx
 MzIxWjAWAgUCcgAAHhcNOTUwNDA4MDAwMjU5WjAWAgUCcgAAQRcNOTUwNDI4MTcx
 NzI0WjAWAgUCcgAAOBcNOTUwNDI4MTcyNzIxWjAWAgUCcgAATBcNOTUwNTAyMDIx
 MjI2WjANBgkqhkiG9w0BAQIFAAN+AHqOEJXSDejYy0UwxxrH/9+N2z5xu/if0J6q
 QmK92W0hW158wpJg+ovV3+wQwvIEPRL2rocL0tKfAsVq1IawSJzSNgxG0lrcla3M
 rJBnZ4GaZDu4FutZh72MR3GtJaAL3iTJHJD55kK2D/VoyY1djlsPuNh6AEgdVwFA
 yp0vMIIBHTCBqDANBgkqhkiG9w0BAQIFADBfMQswCQYDVQQGEwJVUzEgMB4GA1UE
 ChMXUlNBIERhdGEgU2VjdXJpdHksIEluYy4xLjAsBgNVBAsTJUxvdyBBc3N1cmFu
 Y2UgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkXDTk1MDUwMTE5MjcyOVoXDTk1MDYw
 MTA4MDAwMFowGDAWAgUCQAAAXhcNOTUwMjA4MDE0NjIyWjANBgkqhkiG9w0BAQIF
 AANhAF70VxEAKgGlS2otYkWSqYJ286MMDbdAIoEGCDTtVuLCOP3YKHOSTjFhbIhL
 5mBd+Q/W+lKSqdoyYhdObaBk4I4Wk+/BE2QK1x4QhtYG144spESXIRIKAbhffg1g
 rRe/ETEA
 -----END PKCS7-----
--- a/apps/test.ssl
+++ b/apps/test.ssl
@@ -1,16 +0,0 @@
 www.microsoft.com:443
 sectest.microsoft.com:443
 https://sectest.microsoft.com/ClientAuth/test.asp
 ssl3.netscape.com:443
 ssl3.netscape.com:444
 www.openmarket.com:443 - no session ID caching. - no swap
 Servers
 bad  www.openmarket.com	Open-Market-Secure-WebServer/V2.1
 bad  www.microsoft.com	Server: Microsoft-IIS/3.0
 good transact.netscape.com	Netscape-Enterprise/2.01
 clients
 good netscape
 hmm  MSIE
--- a/Show More
+++ b/Show More