This commit was manufactured by cvs2svn to create tag 'AFTER_COMPAQ_PATCH'.

Compaq sent a rather large patch, and here are the contents, adapted
where necessary to the main trunk (0.9.8-dev). This does not include rearrangements and work I've been doing, that'll come in the next bunch of commits to this branch. This set of changes can't be expected to work on any VMS system, there are changes in here that are very specific to Compaq's building system. This set of changes will be surrounded by the tags BEFORE_COMPAQ_PATCH and AFTER_COMPAQ_PATCH.
2002-05-22 11:27:43 +00:00 · 2002-05-22 11:27:42 +00:00 · 2002-05-21 08:59:58 +00:00 · 2002-05-21 08:59:57 +00:00 · 2002-05-19 16:31:10 +00:00 · 2002-05-19 12:03:05 +00:00
1912 changed files with 271227 additions and 145864 deletions
--- a/.cvsignore
+++ b/.cvsignore
@@ -0,0 +1,15 @@
+Makefile.ssl
+MINFO
+makefile.one
+tmp
+out
+outinc
+rehash.time
+testlog
+make.log
+maketest.log
+cctest
+cctest.c
+cctest.a
+libcrypto.so.*
+libssl.so.*
--- a/5951
+++ b/5951
--- a/CHANGES.SSLeay
+++ b/CHANGES.SSLeay
@@ -1,4 +1,529 @@
-SSLeay 0.6.5
+This file contains the changes for the SSLeay library up to version
+0.9.0b. For later changes, see the file "CHANGES".
+
+  SSLeay CHANGES
+  ______________
+
+Changes between 0.8.x and 0.9.0b
+
+10-Apr-1998
+
+I said the next version would go out at easter, and so it shall.
+I expect a 0.9.1 will follow with portability fixes in the next few weeks.
+
+This is a quick, meet the deadline.  Look to ssl-users for comments on what
+is new etc.
+
+eric (about to go bushwalking for the 4 day easter break :-)
+
+16-Mar-98
+    - Patch for Cray T90 from Wayne Schroeder <schroede@SDSC.EDU>
+    - Lots and lots of changes
+
+29-Jan-98
+    - ASN1_BIT_STRING_set_bit()/ASN1_BIT_STRING_get_bit() from
+      Goetz Babin-Ebell <babinebell@trustcenter.de>.
+    - SSL_version() now returns SSL2_VERSION, SSL3_VERSION or
+      TLS1_VERSION.
+
+7-Jan-98
+    - Finally reworked the cipher string to ciphers again, so it
+      works correctly
+    - All the app_data stuff is now ex_data with funcion calls to access.
+      The index is supplied by a function and 'methods' can be setup
+      for the types that are called on XXX_new/XXX_free.  This lets
+      applications get notified on creation and destruction.  Some of
+      the RSA methods could be implemented this way and I may do so.
+    - Oh yes, SSL under perl5 is working at the basic level.
+
+15-Dec-97
+    - Warning - the gethostbyname cache is not fully thread safe,
+      but it should work well enough.
+    - Major internal reworking of the app_data stuff.  More functions
+      but if you were accessing ->app_data directly, things will
+      stop working.
+    - The perlv5 stuff is working.  Currently on message digests,
+      ciphers and the bignum library.
+
+9-Dec-97
+    - Modified re-negotiation so that server initated re-neg
+      will cause a SSL_read() to return -1 should retry.
+      The danger otherwise was that the server and the
+      client could end up both trying to read when using non-blocking
+      sockets.
+
+4-Dec-97
+    - Lots of small changes
+    - Fix for binaray mode in Windows for the FILE BIO, thanks to
+      Bob Denny <rdenny@dc3.com>
+
+17-Nov-97
+    - Quite a few internal cleanups, (removal of errno, and using macros
+      defined in e_os.h).
+    - A bug in ca.c, pointed out by yasuyuki-ito@d-cruise.co.jp, where
+      the automactic naming out output files was being stuffed up.
+
+29-Oct-97
+    - The Cast5 cipher has been added.  MD5 and SHA-1 are now in assember
+      for x86.
+
+21-Oct-97
+    - Fixed a bug in the BIO_gethostbyname() cache.
+
+15-Oct-97
+    - cbc mode for blowfish/des/3des is now in assember.  Blowfish asm
+      has also been improved.  At this point in time, on the pentium,
+      md5 is %80 faster, the unoptimesed sha-1 is %79 faster,
+      des-cbc is %28 faster, des-ede3-cbc is %9 faster and blowfish-cbc
+      is %62 faster.
+
+12-Oct-97
+    - MEM_BUF_grow() has been fixed so that it always sets the buf->length
+      to the value we are 'growing' to.  Think of MEM_BUF_grow() as the
+      way to set the length value correctly.
+
+10-Oct-97
+    - I now hash for certificate lookup on the raw DER encoded RDN (md5).
+      This breaks things again :-(.  This is efficent since I cache
+      the DER encoding of the RDN.
+    - The text DN now puts in the numeric OID instead of UNKNOWN.
+    - req can now process arbitary OIDs in the config file.
+    - I've been implementing md5 in x86 asm, much faster :-).
+    - Started sha1 in x86 asm, needs more work.
+    - Quite a few speedups in the BN stuff.  RSA public operation
+      has been made faster by caching the BN_MONT_CTX structure.
+      The calulating of the Ai where A*Ai === 1 mod m was rather
+      expensive.  Basically a 40-50% speedup on public operations.
+      The RSA speedup is now 15% on pentiums and %20 on pentium
+      pro.
+
+30-Sep-97
+    - After doing some profiling, I added x86 adm for bn_add_words(),
+      which just adds 2 arrays of longs together.  A %10 speedup
+      for 512 and 1024 bit RSA on the pentium pro.
+
+29-Sep-97
+    - Converted the x86 bignum assembler to us the perl scripts
+      for generation.
+
+23-Sep-97
+    - If SSL_set_session() is passed a NULL session, it now clears the
+      current session-id.
+
+22-Sep-97
+    - Added a '-ss_cert file' to apps/ca.c.  This will sign selfsigned
+      certificates.
+    - Bug in crypto/evp/encode.c where by decoding of 65 base64
+      encoded lines, one line at a time (via a memory BIO) would report
+      EOF after the first line was decoded.
+    - Fix in X509_find_by_issuer_and_serial() from
+      Dr Stephen Henson <shenson@bigfoot.com>
+
+19-Sep-97
+    - NO_FP_API and NO_STDIO added.
+    - Put in sh config command.  It auto runs Configure with the correct
+      parameters.
+
+18-Sep-97
+    - Fix x509.c so if a DSA cert has different parameters to its parent,
+      they are left in place.  Not tested yet.
+
+16-Sep-97
+    - ssl_create_cipher_list() had some bugs, fixes from
+      Patrick Eisenacher <eisenach@stud.uni-frankfurt.de>
+    - Fixed a bug in the Base64 BIO, where it would return 1 instead
+      of -1 when end of input was encountered but should retry.
+      Basically a Base64/Memory BIO interaction problem.
+    - Added a HMAC set of functions in preporarion for TLS work.
+
+15-Sep-97
+    - Top level makefile tweak - Cameron Simpson <cs@zip.com.au>
+    - Prime generation spead up %25 (512 bit prime, pentium pro linux)
+      by using montgomery multiplication in the prime number test.
+
+11-Sep-97
+    - Ugly bug in ssl3_write_bytes().  Basically if application land
+      does a SSL_write(ssl,buf,len) where len > 16k, the SSLv3 write code
+      did not check the size and tried to copy the entire buffer.
+      This would tend to cause memory overwrites since SSLv3 has
+      a maximum packet size of 16k.  If your program uses
+      buffers <= 16k, you would probably never see this problem.
+    - Fixed a new errors that were cause by malloc() not returning
+      0 initialised memory..
+    - SSL_OP_NETSCAPE_CA_DN_BUG was being switched on when using
+      SSL_CTX_set_options(ssl_ctx,SSL_OP_ALL); which was a bad thing
+      since this flags stops SSLeay being able to handle client
+      cert requests correctly.
+
+08-Sep-97
+    - SSL_SESS_CACHE_NO_INTERNAL_LOOKUP option added.  When switched
+      on, the SSL server routines will not use a SSL_SESSION that is
+      held in it's cache.  This in intended to be used with the session-id
+      callbacks so that while the session-ids are still stored in the
+      cache, the decision to use them and how to look them up can be
+      done by the callbacks.  The are the 'new', 'get' and 'remove'
+      callbacks.  This can be used to determine the session-id
+      to use depending on information like which port/host the connection
+      is coming from.  Since the are also SSL_SESSION_set_app_data() and
+      SSL_SESSION_get_app_data() functions, the application can hold
+      information against the session-id as well.
+
+03-Sep-97
+    - Added lookup of CRLs to the by_dir method,
+      X509_load_crl_file() also added.  Basically it means you can
+      lookup CRLs via the same system used to lookup certificates.
+    - Changed things so that the X509_NAME structure can contain
+      ASN.1 BIT_STRINGS which is required for the unique
+      identifier OID.
+    - Fixed some problems with the auto flushing of the session-id
+      cache.  It was not occuring on the server side.
+
+02-Sep-97
+    - Added SSL_CTX_sess_cache_size(SSL_CTX *ctx,unsigned long size)
+      which is the maximum number of entries allowed in the
+      session-id cache.  This is enforced with a simple FIFO list.
+      The default size is 20*1024 entries which is rather large :-).
+      The Timeout code is still always operating.
+
+01-Sep-97
+    - Added an argument to all the 'generate private key/prime`
+      callbacks.  It is the last parameter so this should not
+      break existing code but it is needed for C++.
+    - Added the BIO_FLAGS_BASE64_NO_NL flag for the BIO_f_base64()
+      BIO.  This lets the BIO read and write base64 encoded data
+      without inserting or looking for '\n' characters.  The '-A'
+      flag turns this on when using apps/enc.c.
+    - RSA_NO_PADDING added to help BSAFE functionality.  This is a
+      very dangerous thing to use, since RSA private key
+      operations without random padding bytes (as PKCS#1 adds) can
+      be attacked such that the private key can be revealed.
+    - ASN.1 bug and rc2-40-cbc and rc4-40 added by
+      Dr Stephen Henson <shenson@bigfoot.com>
+
+31-Aug-97 (stuff added while I was away)    
+    - Linux pthreads by Tim Hudson (tjh@cryptsoft.com).
+    - RSA_flags() added allowing bypass of pub/priv match check
+      in ssl/ssl_rsa.c - Tim Hudson.
+    - A few minor bugs.
+
+SSLeay 0.8.1 released.
+
+19-Jul-97
+    - Server side initated dynamic renegotiation is broken.  I will fix
+      it when I get back from holidays.
+
+15-Jul-97
+    - Quite a few small changes.
+    - INVALID_SOCKET usage cleanups from Alex Kiernan <alex@hisoft.co.uk>
+
+09-Jul-97
+    - Added 2 new values to the SSL info callback.
+      SSL_CB_START which is passed when the SSL protocol is started
+      and SSL_CB_DONE when it has finished sucsessfully.
+
+08-Jul-97
+    - Fixed a few bugs problems in apps/req.c and crypto/asn1/x_pkey.c
+      that related to DSA public/private keys.
+    - Added all the relevent PEM and normal IO functions to support
+      reading and writing RSAPublic keys.
+    - Changed makefiles to use ${AR} instead of 'ar r'
+
+07-Jul-97
+    - Error in ERR_remove_state() that would leave a dangling reference
+      to a free()ed location - thanks to Alex Kiernan <alex@hisoft.co.uk>
+    - s_client now prints the X509_NAMEs passed from the server
+      when requesting a client cert.
+    - Added a ssl->type, which is one of SSL_ST_CONNECT or
+      SSL_ST_ACCEPT.  I had to add it so I could tell if I was
+      a connect or an accept after the handshake had finished.
+    - SSL_get_client_CA_list(SSL *s) now returns the CA names
+      passed by the server if called by a client side SSL.
+
+05-Jul-97
+    - Bug in X509_NAME_get_text_by_OBJ(), looking starting at index
+      0, not -1 :-(  Fix from Tim Hudson (tjh@cryptsoft.com).
+
+04-Jul-97
+    - Fixed some things in X509_NAME_add_entry(), thanks to
+      Matthew Donald <matthew@world.net>.
+    - I had a look at the cipher section and though that it was a
+      bit confused, so I've changed it.
+    - I was not setting up the RC4-64-MD5 cipher correctly.  It is
+      a MS special that appears in exported MS Money.
+    - Error in all my DH ciphers.  Section 7.6.7.3 of the SSLv3
+      spec.  I was missing the two byte length header for the
+      ClientDiffieHellmanPublic value.  This is a packet sent from
+      the client to the server.  The SSL_OP_SSLEAY_080_CLIENT_DH_BUG
+      option will enable SSLeay server side SSLv3 accept either
+      the correct or my 080 packet format.
+    - Fixed a few typos in crypto/pem.org.
+
+02-Jul-97
+    - Alias mapping for EVP_get_(digest|cipher)byname is now
+      performed before a lookup for actual cipher.  This means
+      that an alias can be used to 're-direct' a cipher or a
+      digest.
+    - ASN1_read_bio() had a bug that only showed up when using a
+      memory BIO.  When EOF is reached in the memory BIO, it is
+      reported as a -1 with BIO_should_retry() set to true.
+
+01-Jul-97
+    - Fixed an error in X509_verify_cert() caused by my
+      miss-understanding how 'do { contine } while(0);' works.
+      Thanks to Emil Sit <sit@mit.edu> for educating me :-)
+
+30-Jun-97
+    - Base64 decoding error.  If the last data line did not end with
+      a '=', sometimes extra data would be returned.
+    - Another 'cut and paste' bug in x509.c related to setting up the
+      STDout BIO.
+
+27-Jun-97
+    - apps/ciphers.c was not printing due to an editing error.
+    - Alex Kiernan <alex@hisoft.co.uk> send in a nice fix for
+      a library build error in util/mk1mf.pl
+
+26-Jun-97
+    - Still did not have the auto 'experimental' code removal
+      script correct.
+    - A few header tweaks for Watcom 11.0 under Win32 from
+      Rolf Lindemann <Lindemann@maz-hh.de>
+    - 0 length OCTET_STRING bug in asn1_parse
+    - A minor fix with an non-existent function in the MS .def files.
+    - A few changes to the PKCS7 stuff.
+
+25-Jun-97
+    SSLeay 0.8.0 finally it gets released.
+
+24-Jun-97
+    Added a SSL_OP_EPHEMERAL_RSA option which causes all SSLv3 RSA keys to
+    use a temporary RSA key.  This is experimental and needs some more work.
+    Fixed a few Win16 build problems.
+
+23-Jun-97
+    SSLv3 bug. I was not doing the 'lookup' of the CERT structure
+    correctly. I was taking the SSL->ctx->default_cert when I should
+    have been using SSL->cert. The bug was in ssl/s3_srvr.c
+
+20-Jun-97
+    X509_ATTRIBUTES were being encoded wrongly by apps/reg.c and the
+    rest of the library. Even though I had the code required to do
+    it correctly, apps/req.c was doing the wrong thing.  I have fixed
+    and tested everything.
+
+    Missing a few #ifdef FIONBIO sections in crypto/bio/bss_acpt.c.
+
+19-Jun-97
+    Fixed a bug in the SSLv2 server side first packet handling. When
+    using the non-blocking test BIO, the ssl->s2->first_packet flag
+    was being reset when a would-block failure occurred when reading
+    the first 5 bytes of the first packet. This caused the checking
+    logic to run at the wrong time and cause an error.
+
+    Fixed a problem with specifying cipher. If RC4-MD5 were used,
+    only the SSLv3 version would be picked up.  Now this will pick
+    up both SSLv2 and SSLv3 versions. This required changing the
+    SSL_CIPHER->mask values so that they only mask the ciphers,
+    digests, authentication, export type and key-exchange algorithms.
+
+    I found that when a SSLv23 session is established, a reused
+    session, of type SSLv3 was attempting to write the SSLv2 
+    ciphers, which were invalid. The SSL_METHOD->put_cipher_by_char 
+    method has been modified so it will only write out cipher which
+    that method knows about.  
+
+
+ Changes between 0.8.0 and 0.8.1
+
+  *) Mostly bug fixes. 
+     There is an Ephemeral DH cipher problem which is fixed.
+
+ SSLeay 0.8.0
+
+This version of SSLeay has quite a lot of things different from the
+previous version.
+
+Basically check all callback parameters, I will be producing documentation
+about how to use things in th future.  Currently I'm just getting 080 out
+the door.  Please not that there are several ways to do everything, and
+most of the applications in the apps directory are hybrids, some using old
+methods and some using new methods.
+
+Have a look in demos/bio for some very simple programs and
+apps/s_client.c and apps/s_server.c for some more advanced versions.
+Notes are definitly needed but they are a week or so away.
+
+Anyway, some quick nots from Tim Hudson (tjh@cryptsoft.com)
+---
+Quick porting notes for moving from SSLeay-0.6.x to SSLeay-0.8.x to
+get those people that want to move to using the new code base off to
+a quick start.
+
+Note that Eric has tidied up a lot of the areas of the API that were
+less than desirable and renamed quite a few things (as he had to break
+the API in lots of places anyrate). There are a whole pile of additional
+functions for making dealing with (and creating) certificates a lot
+cleaner.
+
+01-Jul-97
+Tim Hudson
+tjh@cryptsoft.com
+
+---8<---
+
+To maintain code that uses both SSLeay-0.6.x and SSLeay-0.8.x you could
+use something like the following (assuming you #include "crypto.h" which
+is something that you really should be doing).
+
+#if SSLEAY_VERSION_NUMBER >= 0x0800
+#define SSLEAY8
+#endif
+
+buffer.h -> splits into buffer.h and bio.h so you need to include bio.h
+            too if you are working with BIO internal stuff (as distinct
+        from simply using the interface in an opaque manner)
+
+#include "bio.h"    - required along with "buffer.h" if you write
+              your own BIO routines as the buffer and bio
+              stuff that was intermixed has been separated
+              out 
+            
+envelope.h -> evp.h  (which should have been done ages ago)
+
+Initialisation ... don't forget these or you end up with code that
+is missing the bits required to do useful things (like ciphers):
+
+SSLeay_add_ssl_algorithms()
+(probably also want SSL_load_error_strings() too but you should have
+ already had that call in place)
+
+SSL_CTX_new()   - requires an extra method parameter
+              SSL_CTX_new(SSLv23_method()) 
+              SSL_CTX_new(SSLv2_method()) 
+              SSL_CTX_new(SSLv3_method()) 
+
+          OR to only have the server or the client code
+              SSL_CTX_new(SSLv23_server_method()) 
+              SSL_CTX_new(SSLv2_server_method()) 
+              SSL_CTX_new(SSLv3_server_method()) 
+          or  
+              SSL_CTX_new(SSLv23_client_method()) 
+              SSL_CTX_new(SSLv2_client_method()) 
+              SSL_CTX_new(SSLv3_client_method()) 
+
+SSL_set_default_verify_paths() ... renamed to the more appropriate
+SSL_CTX_set_default_verify_paths()
+
+If you want to use client certificates then you have to add in a bit
+of extra stuff in that a SSLv3 server sends a list of those CAs that
+it will accept certificates from ... so you have to provide a list to
+SSLeay otherwise certain browsers will not send client certs.
+
+SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(s_cert_file));
+
+
+X509_NAME_oneline(X)    -> X509_NAME_oneline(X,NULL,0)  
+               or provide a buffer and size to copy the
+               result into
+
+X509_add_cert ->  X509_STORE_add_cert (and you might want to read the
+          notes on X509_NAME structure changes too)
+
+
+VERIFICATION CODE
+=================
+
+The codes have all be renamed from VERIFY_ERR_* to X509_V_ERR_* to
+more accurately reflect things.
+
+The verification callback args are now packaged differently so that
+extra fields for verification can be added easily in future without
+having to break things by adding extra parameters each release :-)
+
+X509_cert_verify_error_string -> X509_verify_cert_error_string
+
+
+BIO INTERNALS
+=============
+
+Eric has fixed things so that extra flags can be introduced in
+the BIO layer in future without having to play with all the BIO
+modules by adding in some macros.
+
+The ugly stuff using 
+    b->flags ~= (BIO_FLAGS_RW|BIO_FLAGS_SHOULD_RETRY)
+becomes
+    BIO_clear_retry_flags(b)
+
+    b->flags |= (BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY)
+becomes
+    BIO_set_retry_read(b)
+
+Also ... BIO_get_retry_flags(b), BIO_set_flags(b)
+
+
+
+OTHER THINGS
+============
+
+X509_NAME has been altered so that it isn't just a STACK ... the STACK
+is now in the "entries" field ... and there are a pile of nice functions
+for getting at the details in a much cleaner manner.
+
+SSL_CTX has been altered ... "cert" is no longer a direct member of this
+structure ... things are now down under "cert_store" (see x509_vfy.h) and
+things are no longer in a CERTIFICATE_CTX but instead in a X509_STORE.
+If your code "knows" about this level of detail then it will need some 
+surgery.
+
+If you depending on the incorrect spelling of a number of the error codes
+then you will have to change your code as these have been fixed.
+
+ENV_CIPHER "type" got renamed to "nid" and as that is what it actually
+has been all along so this makes things clearer.
+ify_cert_error_string(ctx->error));
+
+SSL_R_NO_CIPHER_WE_TRUST -> SSL_R_NO_CIPHER_LIST
+            and SSL_R_REUSE_CIPHER_LIST_NOT_ZERO
+
+
+
+ Changes between 0.7.x and 0.8.0
+  
+  *) There have been lots of changes, mostly the addition of SSLv3.
+     There have been many additions from people and amongst
+     others, C2Net has assisted greatly.
+ 
+ Changes between 0.7.x and 0.7.x
+
+  *) Internal development version only
+
+SSLeay 0.6.6 13-Jan-1997
+
+The main additions are
+
+- assember for x86 DES improvments.
+  From 191,000 per second on a pentium 100, I now get 281,000.  The inner
+  loop and the IP/FP modifications are from
+  Svend Olaf Mikkelsen <svolaf@inet.uni-c.dk>.  Many thanks for his
+  contribution.
+- The 'DES macros' introduced in 0.6.5 now have 3 types.
+  DES_PTR1, DES_PTR2 and 'normal'.  As per before, des_opts reports which
+  is best and there is a summery of mine in crypto/des/options.txt
+- A few bug fixes.
+- Added blowfish.  It is not used by SSL but all the other stuff that
+  deals with ciphers can use it in either ecb, cbc, cfb64 or ofb64 modes.
+  There are 3 options for optimising Blowfish.  BF_PTR, BF_PTR2 and 'normal'.
+  BF_PTR2 is pentium/x86 specific.  The correct option is setup in
+  the 'Configure' script.
+- There is now a 'get client certificate' callback which can be
+  'non-blocking'.  If more details are required, let me know.  It will
+  documented more in SSLv3 when I finish it.
+- Bug fixes from 0.6.5 including the infamous 'ca' bug.  The 'make test'
+  now tests the ca program.
+- Lots of little things modified and tweaked.
+
+ SSLeay 0.6.5

 After quite some time (3 months), the new release.  I have been very busy
 for the last few months and so this is mostly bug fixes and improvments.
--- a/65
+++ b/65
@@ -1,65 +0,0 @@
-Copyright (C) 1997 Eric Young (eay@cryptsoft.com)
-All rights reserved.
-
-This package is an SSL implementation written by Eric Young (eay@cryptsoft.com).
-The implementation was written so as to conform with Netscapes SSL.
-
-This library is free for commercial and non-commercial use as long as
-the following conditions are aheared to.  The following conditions
-apply to all code found in this distribution, be it the RC4, RSA,
-lhash, DES, etc., code; not just the SSL code.  The SSL documentation
-included with this distribution is covered by the same copyright terms
-except that the holder is Tim Hudson (tjh@cryptsoft.com).
-
-Please note that MD2, MD5 and IDEA are publically available standards
-that contain sample implementations, I have re-coded them in my own
-way but there is nothing special about those implementations.  The DES
-library is another mater :-).
-
-Copyright remains Eric Young's, and as such any Copyright notices in
-the code are not to be removed.
-If this package is used in a product, Eric Young should be given attribution
-as the author of the parts of the library used.
-This can be in the form of a textual message at program startup or
-in documentation (online or textual) provided with the package.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions
-are met:
-1. Redistributions of source code must retain the copyright
-   notice, this list of conditions and the following disclaimer.
-2. Redistributions in binary form must reproduce the above copyright
-   notice, this list of conditions and the following disclaimer in the
-   documentation and/or other materials provided with the distribution.
-3. All advertising materials mentioning features or use of this software
-   must display the following acknowledgement:
-   "This product includes cryptographic software written by
-    Eric Young (eay@cryptsoft.com)"
-   The word 'cryptographic' can be left out if the rouines from the library
-   being used are not cryptographic related :-).
-4. If you include any Windows specific code (or a derivative thereof) from 
-   the apps directory (application code) you must include an acknowledgement:
-   "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
-
-THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-SUCH DAMAGE.
-
-The licence and distribution terms for any publically available version or
-derivative of this code cannot be changed.  i.e. this code cannot simply be
-copied and put under another distribution licence
-[including the GNU Public Licence.]
-
-The reason behind this being stated in this direct manner is past
-experience in code simply being copied and the attribution removed
-from it and then being distributed as part of other packages. This
-implementation was a non-trivial and unpaid effort.
-
--- a/1669
+++ b/1669
--- a/628
+++ b/628
@@ -0,0 +1,628 @@
+OpenSSL  -  Frequently Asked Questions
+--------------------------------------
+
+[MISC] Miscellaneous questions
+
+* Which is the current version of OpenSSL?
+* Where is the documentation?
+* How can I contact the OpenSSL developers?
+* Where can I get a compiled version of OpenSSL?
+* Why aren't tools like 'autoconf' and 'libtool' used?
+* What is an 'engine' version?
+
+[LEGAL] Legal questions
+
+* Do I need patent licenses to use OpenSSL?
+* Can I use OpenSSL with GPL software? 
+
+[USER] Questions on using the OpenSSL applications
+
+* Why do I get a "PRNG not seeded" error message?
+* Why do I get an "unable to write 'random state'" error message?
+* How do I create certificates or certificate requests?
+* Why can't I create certificate requests?
+* Why does <SSL program> fail with a certificate verify error?
+* Why can I only use weak ciphers when I connect to a server using OpenSSL?
+* How can I create DSA certificates?
+* Why can't I make an SSL connection using a DSA certificate?
+* How can I remove the passphrase on a private key?
+* Why can't I use OpenSSL certificates with SSL client authentication?
+* Why does my browser give a warning about a mismatched hostname?
+* How do I install a CA certificate into a browser?
+* Why is OpenSSL x509 DN output not conformant to RFC2253?
+
+[BUILD] Questions about building and testing OpenSSL
+
+* Why does the linker complain about undefined symbols?
+* Why does the OpenSSL test fail with "bc: command not found"?
+* Why does the OpenSSL test fail with "bc: 1 no implemented"?
+* Why does the OpenSSL compilation fail on Alpha Tru64 Unix?
+* Why does the OpenSSL compilation fail with "ar: command not found"?
+* Why does the OpenSSL compilation fail on Win32 with VC++?
+
+[PROG] Questions about programming with OpenSSL
+
+* Is OpenSSL thread-safe?
+* I've compiled a program under Windows and it crashes: why?
+* How do I read or write a DER encoded buffer using the ASN1 functions?
+* I've tried using <M_some_evil_pkcs12_macro> and I get errors why?
+* I've called <some function> and it fails, why?
+* I just get a load of numbers for the error output, what do they mean?
+* Why do I get errors about unknown algorithms?
+* Why can't the OpenSSH configure script detect OpenSSL?
+* Can I use OpenSSL's SSL library with non-blocking I/O?
+* Why doesn't my server application receive a client certificate?
+
+===============================================================================
+
+[MISC] ========================================================================
+
+* Which is the current version of OpenSSL?
+
+The current version is available from <URL: http://www.openssl.org>.
+OpenSSL 0.9.6d was released on May 9, 2002.
+
+In addition to the current stable release, you can also access daily
+snapshots of the OpenSSL development version at <URL:
+ftp://ftp.openssl.org/snapshot/>, or get it by anonymous CVS access.
+
+
+* Where is the documentation?
+
+OpenSSL is a library that provides cryptographic functionality to
+applications such as secure web servers.  Be sure to read the
+documentation of the application you want to use.  The INSTALL file
+explains how to install this library.
+
+OpenSSL includes a command line utility that can be used to perform a
+variety of cryptographic functions.  It is described in the openssl(1)
+manpage.  Documentation for developers is currently being written.  A
+few manual pages already are available; overviews over libcrypto and
+libssl are given in the crypto(3) and ssl(3) manpages.
+
+The OpenSSL manpages are installed in /usr/local/ssl/man/ (or a
+different directory if you specified one as described in INSTALL).
+In addition, you can read the most current versions at
+<URL: http://www.openssl.org/docs/>.
+
+For information on parts of libcrypto that are not yet documented, you
+might want to read Ariel Glenn's documentation on SSLeay 0.9, OpenSSL's
+predecessor, at <URL: http://www.columbia.edu/~ariel/ssleay/>.  Much
+of this still applies to OpenSSL.
+
+There is some documentation about certificate extensions and PKCS#12
+in doc/openssl.txt
+
+The original SSLeay documentation is included in OpenSSL as
+doc/ssleay.txt.  It may be useful when none of the other resources
+help, but please note that it reflects the obsolete version SSLeay
+0.6.6.
+
+
+* How can I contact the OpenSSL developers?
+
+The README file describes how to submit bug reports and patches to
+OpenSSL.  Information on the OpenSSL mailing lists is available from
+<URL: http://www.openssl.org>.
+
+
+* Where can I get a compiled version of OpenSSL?
+
+Some applications that use OpenSSL are distributed in binary form.
+When using such an application, you don't need to install OpenSSL
+yourself; the application will include the required parts (e.g. DLLs).
+
+If you want to install OpenSSL on a Windows system and you don't have
+a C compiler, read the "Mingw32" section of INSTALL.W32 for information
+on how to obtain and install the free GNU C compiler.
+
+A number of Linux and *BSD distributions include OpenSSL.
+
+
+* Why aren't tools like 'autoconf' and 'libtool' used?
+
+autoconf will probably be used in future OpenSSL versions. If it was
+less Unix-centric, it might have been used much earlier.
+
+* What is an 'engine' version?
+
+With version 0.9.6 OpenSSL was extended to interface to external crypto
+hardware. This was realized in a special release '0.9.6-engine'. With
+version 0.9.7 (not yet released) the changes were merged into the main
+development line, so that the special release is no longer necessary.
+
+[LEGAL] =======================================================================
+
+* Do I need patent licenses to use OpenSSL?
+
+The patents section of the README file lists patents that may apply to
+you if you want to use OpenSSL.  For information on intellectual
+property rights, please consult a lawyer.  The OpenSSL team does not
+offer legal advice.
+
+You can configure OpenSSL so as not to use RC5 and IDEA by using
+ ./config no-rc5 no-idea
+
+
+* Can I use OpenSSL with GPL software?
+
+On many systems including the major Linux and BSD distributions, yes (the
+GPL does not place restrictions on using libraries that are part of the
+normal operating system distribution).
+
+On other systems, the situation is less clear. Some GPL software copyright
+holders claim that you infringe on their rights if you use OpenSSL with
+their software on operating systems that don't normally include OpenSSL.
+
+If you develop open source software that uses OpenSSL, you may find it
+useful to choose an other license than the GPL, or state explicitly that
+"This program is released under the GPL with the additional exemption that
+compiling, linking, and/or using OpenSSL is allowed."  If you are using
+GPL software developed by others, you may want to ask the copyright holder
+for permission to use their software with OpenSSL.
+
+
+[USER] ========================================================================
+
+* Why do I get a "PRNG not seeded" error message?
+
+Cryptographic software needs a source of unpredictable data to work
+correctly.  Many open source operating systems provide a "randomness
+device" that serves this purpose.  On other systems, applications have
+to call the RAND_add() or RAND_seed() function with appropriate data
+before generating keys or performing public key encryption.
+(These functions initialize the pseudo-random number generator, PRNG.)
+
+Some broken applications do not do this.  As of version 0.9.5, the
+OpenSSL functions that need randomness report an error if the random
+number generator has not been seeded with at least 128 bits of
+randomness.  If this error occurs, please contact the author of the
+application you are using.  It is likely that it never worked
+correctly.  OpenSSL 0.9.5 and later make the error visible by refusing
+to perform potentially insecure encryption.
+
+On systems without /dev/urandom and /dev/random, it is a good idea to
+use the Entropy Gathering Demon (EGD); see the RAND_egd() manpage for
+details.  Starting with version 0.9.7, OpenSSL will automatically look
+for an EGD socket at /var/run/egd-pool, /dev/egd-pool, /etc/egd-pool and
+/etc/entropy.
+
+Most components of the openssl command line utility automatically try
+to seed the random number generator from a file.  The name of the
+default seeding file is determined as follows: If environment variable
+RANDFILE is set, then it names the seeding file.  Otherwise if
+environment variable HOME is set, then the seeding file is $HOME/.rnd.
+If neither RANDFILE nor HOME is set, versions up to OpenSSL 0.9.6 will
+use file .rnd in the current directory while OpenSSL 0.9.6a uses no
+default seeding file at all.  OpenSSL 0.9.6b and later will behave
+similarly to 0.9.6a, but will use a default of "C:\" for HOME on
+Windows systems if the environment variable has not been set.
+
+If the default seeding file does not exist or is too short, the "PRNG
+not seeded" error message may occur.
+
+The openssl command line utility will write back a new state to the
+default seeding file (and create this file if necessary) unless
+there was no sufficient seeding.
+
+Pointing $RANDFILE to an Entropy Gathering Daemon socket does not work.
+Use the "-rand" option of the OpenSSL command line tools instead.
+The $RANDFILE environment variable and $HOME/.rnd are only used by the
+OpenSSL command line tools. Applications using the OpenSSL library
+provide their own configuration options to specify the entropy source,
+please check out the documentation coming the with application.
+
+For Solaris 2.6, Tim Nibbe <tnibbe@sprint.net> and others have suggested
+installing the SUNski package from Sun patch 105710-01 (Sparc) which
+adds a /dev/random device and make sure it gets used, usually through
+$RANDFILE.  There are probably similar patches for the other Solaris
+versions.  However, be warned that /dev/random is usually a blocking
+device, which may have some effects on OpenSSL.
+
+
+* Why do I get an "unable to write 'random state'" error message?
+
+
+Sometimes the openssl command line utility does not abort with
+a "PRNG not seeded" error message, but complains that it is
+"unable to write 'random state'".  This message refers to the
+default seeding file (see previous answer).  A possible reason
+is that no default filename is known because neither RANDFILE
+nor HOME is set.  (Versions up to 0.9.6 used file ".rnd" in the
+current directory in this case, but this has changed with 0.9.6a.)
+
+
+* How do I create certificates or certificate requests?
+
+Check out the CA.pl(1) manual page. This provides a simple wrapper round
+the 'req', 'verify', 'ca' and 'pkcs12' utilities. For finer control check
+out the manual pages for the individual utilities and the certificate
+extensions documentation (currently in doc/openssl.txt).
+
+
+* Why can't I create certificate requests?
+
+You typically get the error:
+
+	unable to find 'distinguished_name' in config
+	problems making Certificate Request
+
+This is because it can't find the configuration file. Check out the
+DIAGNOSTICS section of req(1) for more information.
+
+
+* Why does <SSL program> fail with a certificate verify error?
+
+This problem is usually indicated by log messages saying something like
+"unable to get local issuer certificate" or "self signed certificate".
+When a certificate is verified its root CA must be "trusted" by OpenSSL
+this typically means that the CA certificate must be placed in a directory
+or file and the relevant program configured to read it. The OpenSSL program
+'verify' behaves in a similar way and issues similar error messages: check
+the verify(1) program manual page for more information.
+
+
+* Why can I only use weak ciphers when I connect to a server using OpenSSL?
+
+This is almost certainly because you are using an old "export grade" browser
+which only supports weak encryption. Upgrade your browser to support 128 bit
+ciphers.
+
+
+* How can I create DSA certificates?
+
+Check the CA.pl(1) manual page for a DSA certificate example.
+
+
+* Why can't I make an SSL connection to a server using a DSA certificate?
+
+Typically you'll see a message saying there are no shared ciphers when
+the same setup works fine with an RSA certificate. There are two possible
+causes. The client may not support connections to DSA servers most web
+browsers (including Netscape and MSIE) only support connections to servers
+supporting RSA cipher suites. The other cause is that a set of DH parameters
+has not been supplied to the server. DH parameters can be created with the
+dhparam(1) command and loaded using the SSL_CTX_set_tmp_dh() for example:
+check the source to s_server in apps/s_server.c for an example.
+
+
+* How can I remove the passphrase on a private key?
+
+Firstly you should be really *really* sure you want to do this. Leaving
+a private key unencrypted is a major security risk. If you decide that
+you do have to do this check the EXAMPLES sections of the rsa(1) and
+dsa(1) manual pages.
+
+
+* Why can't I use OpenSSL certificates with SSL client authentication?
+
+What will typically happen is that when a server requests authentication
+it will either not include your certificate or tell you that you have
+no client certificates (Netscape) or present you with an empty list box
+(MSIE). The reason for this is that when a server requests a client
+certificate it includes a list of CAs names which it will accept. Browsers
+will only let you select certificates from the list on the grounds that
+there is little point presenting a certificate which the server will
+reject.
+
+The solution is to add the relevant CA certificate to your servers "trusted
+CA list". How you do this depends on the server software in uses. You can
+print out the servers list of acceptable CAs using the OpenSSL s_client tool:
+
+openssl s_client -connect www.some.host:443 -prexit
+
+If your server only requests certificates on certain URLs then you may need
+to manually issue an HTTP GET command to get the list when s_client connects:
+
+GET /some/page/needing/a/certificate.html
+
+If your CA does not appear in the list then this confirms the problem.
+
+
+* Why does my browser give a warning about a mismatched hostname?
+
+Browsers expect the server's hostname to match the value in the commonName
+(CN) field of the certificate. If it does not then you get a warning.
+
+
+* How do I install a CA certificate into a browser?
+
+The usual way is to send the DER encoded certificate to the browser as
+MIME type application/x-x509-ca-cert, for example by clicking on an appropriate
+link. On MSIE certain extensions such as .der or .cacert may also work, or you
+can import the certificate using the certificate import wizard.
+
+You can convert a certificate to DER form using the command:
+
+openssl x509 -in ca.pem -outform DER -out ca.der
+
+Occasionally someone suggests using a command such as:
+
+openssl pkcs12 -export -out cacert.p12 -in cacert.pem -inkey cakey.pem
+
+DO NOT DO THIS! This command will give away your CAs private key and
+reduces its security to zero: allowing anyone to forge certificates in
+whatever name they choose.
+
+* Why is OpenSSL x509 DN output not conformant to RFC2253?
+
+The ways to print out the oneline format of the DN (Distinguished Name) have
+been extended in version 0.9.7 of OpenSSL. Using the new X509_NAME_print_ex()
+interface, the "-nameopt" option could be introduded. See the manual
+page of the "openssl x509" commandline tool for details. The old behaviour
+has however been left as default for the sake of compatibility.
+
+[BUILD] =======================================================================
+
+* Why does the linker complain about undefined symbols?
+
+Maybe the compilation was interrupted, and make doesn't notice that
+something is missing.  Run "make clean; make".
+
+If you used ./Configure instead of ./config, make sure that you
+selected the right target.  File formats may differ slightly between
+OS versions (for example sparcv8/sparcv9, or a.out/elf).
+
+In case you get errors about the following symbols, use the config
+option "no-asm", as described in INSTALL:
+
+ BF_cbc_encrypt, BF_decrypt, BF_encrypt, CAST_cbc_encrypt,
+ CAST_decrypt, CAST_encrypt, RC4, RC5_32_cbc_encrypt, RC5_32_decrypt,
+ RC5_32_encrypt, bn_add_words, bn_div_words, bn_mul_add_words,
+ bn_mul_comba4, bn_mul_comba8, bn_mul_words, bn_sqr_comba4,
+ bn_sqr_comba8, bn_sqr_words, bn_sub_words, des_decrypt3,
+ des_ede3_cbc_encrypt, des_encrypt, des_encrypt2, des_encrypt3,
+ des_ncbc_encrypt, md5_block_asm_host_order, sha1_block_asm_data_order
+
+If none of these helps, you may want to try using the current snapshot.
+If the problem persists, please submit a bug report.
+
+
+* Why does the OpenSSL test fail with "bc: command not found"?
+
+You didn't install "bc", the Unix calculator.  If you want to run the
+tests, get GNU bc from ftp://ftp.gnu.org or from your OS distributor.
+
+
+* Why does the OpenSSL test fail with "bc: 1 no implemented"?
+
+On some SCO installations or versions, bc has a bug that gets triggered
+when you run the test suite (using "make test").  The message returned is
+"bc: 1 not implemented".
+
+The best way to deal with this is to find another implementation of bc
+and compile/install it.  GNU bc (see http://www.gnu.org/software/software.html
+for download instructions) can be safely used, for example.
+
+
+* Why does the OpenSSL compilation fail on Alpha Tru64 Unix?
+
+On some Alpha installations running Tru64 Unix and Compaq C, the compilation
+of crypto/sha/sha_dgst.c fails with the message 'Fatal:  Insufficient virtual
+memory to continue compilation.'  As far as the tests have shown, this may be
+a compiler bug.  What happens is that it eats up a lot of resident memory
+to build something, probably a table.  The problem is clearly in the
+optimization code, because if one eliminates optimization completely (-O0),
+the compilation goes through (and the compiler consumes about 2MB of resident
+memory instead of 240MB or whatever one's limit is currently).
+
+There are three options to solve this problem:
+
+1. set your current data segment size soft limit higher.  Experience shows
+that about 241000 kbytes seems to be enough on an AlphaServer DS10.  You do
+this with the command 'ulimit -Sd nnnnnn', where 'nnnnnn' is the number of
+kbytes to set the limit to.
+
+2. If you have a hard limit that is lower than what you need and you can't
+get it changed, you can compile all of OpenSSL with -O0 as optimization
+level.  This is however not a very nice thing to do for those who expect to
+get the best result from OpenSSL.  A bit more complicated solution is the
+following:
+
+----- snip:start -----
+  make DIRS=crypto SDIRS=sha "`grep '^CFLAG=' Makefile.ssl | \
+       sed -e 's/ -O[0-9] / -O0 /'`"
+  rm `ls crypto/*.o crypto/sha/*.o | grep -v 'sha_dgst\.o'`
+  make
+----- snip:end -----
+
+This will only compile sha_dgst.c with -O0, the rest with the optimization
+level chosen by the configuration process.  When the above is done, do the
+test and installation and you're set.
+
+
+* Why does the OpenSSL compilation fail with "ar: command not found"?
+
+Getting this message is quite usual on Solaris 2, because Sun has hidden
+away 'ar' and other development commands in directories that aren't in
+$PATH by default.  One of those directories is '/usr/ccs/bin'.  The
+quickest way to fix this is to do the following (it assumes you use sh
+or any sh-compatible shell):
+
+----- snip:start -----
+  PATH=${PATH}:/usr/ccs/bin; export PATH
+----- snip:end -----
+
+and then redo the compilation.  What you should really do is make sure
+'/usr/ccs/bin' is permanently in your $PATH, for example through your
+'.profile' (again, assuming you use a sh-compatible shell).
+
+
+* Why does the OpenSSL compilation fail on Win32 with VC++?
+
+Sometimes, you may get reports from VC++ command line (cl) that it
+can't find standard include files like stdio.h and other weirdnesses.
+One possible cause is that the environment isn't correctly set up.
+To solve that problem, one should run VCVARS32.BAT which is found in
+the 'bin' subdirectory of the VC++ installation directory (somewhere
+under 'Program Files').  This needs to be done prior to running NMAKE,
+and the changes are only valid for the current DOS session.
+
+
+[PROG] ========================================================================
+
+* Is OpenSSL thread-safe?
+
+Yes (with limitations: an SSL connection may not concurrently be used
+by multiple threads).  On Windows and many Unix systems, OpenSSL
+automatically uses the multi-threaded versions of the standard
+libraries.  If your platform is not one of these, consult the INSTALL
+file.
+
+Multi-threaded applications must provide two callback functions to
+OpenSSL.  This is described in the threads(3) manpage.
+
+
+* I've compiled a program under Windows and it crashes: why?
+
+This is usually because you've missed the comment in INSTALL.W32.
+Your application must link against the same version of the Win32
+C-Runtime against which your openssl libraries were linked.  The
+default version for OpenSSL is /MD - "Multithreaded DLL".
+
+If you are using Microsoft Visual C++'s IDE (Visual Studio), in
+many cases, your new project most likely defaulted to "Debug
+Singlethreaded" - /ML.  This is NOT interchangeable with /MD and your
+program will crash, typically on the first BIO related read or write
+operation.
+
+For each of the six possible link stage configurations within Win32,
+your application must link  against the same by which OpenSSL was
+built.  If you are using MS Visual C++ (Studio) this can be changed
+by:
+
+1.  Select Settings... from the Project Menu.
+2.  Select the C/C++ Tab.
+3.  Select "Code Generation from the "Category" drop down list box
+4.  Select the Appropriate library (see table below) from the "Use
+    run-time library" drop down list box.  Perform this step for both
+    your debug and release versions of your application (look at the
+    top left of the settings panel to change between the two)
+
+    Single Threaded           /ML        -  MS VC++ often defaults to
+                                            this for the release
+                                            version of a new project.
+    Debug Single Threaded     /MLd       -  MS VC++ often defaults to
+                                            this for the debug version
+                                            of a new project.
+    Multithreaded             /MT
+    Debug Multithreaded       /MTd
+    Multithreaded DLL         /MD        -  OpenSSL defaults to this.
+    Debug Multithreaded DLL   /MDd
+
+Note that debug and release libraries are NOT interchangeable.  If you
+built OpenSSL with /MD your application must use /MD and cannot use /MDd.
+
+
+* How do I read or write a DER encoded buffer using the ASN1 functions?
+
+You have two options. You can either use a memory BIO in conjunction
+with the i2d_XXX_bio() or d2i_XXX_bio() functions or you can use the
+i2d_XXX(), d2i_XXX() functions directly. Since these are often the
+cause of grief here are some code fragments using PKCS7 as an example:
+
+unsigned char *buf, *p;
+int len;
+
+len = i2d_PKCS7(p7, NULL);
+buf = OPENSSL_malloc(len); /* or Malloc, error checking omitted */
+p = buf;
+i2d_PKCS7(p7, &p);
+
+At this point buf contains the len bytes of the DER encoding of
+p7.
+
+The opposite assumes we already have len bytes in buf:
+
+unsigned char *p;
+p = buf;
+p7 = d2i_PKCS7(NULL, &p, len);
+
+At this point p7 contains a valid PKCS7 structure of NULL if an error
+occurred. If an error occurred ERR_print_errors(bio) should give more
+information.
+
+The reason for the temporary variable 'p' is that the ASN1 functions
+increment the passed pointer so it is ready to read or write the next
+structure. This is often a cause of problems: without the temporary
+variable the buffer pointer is changed to point just after the data
+that has been read or written. This may well be uninitialized data
+and attempts to free the buffer will have unpredictable results
+because it no longer points to the same address.
+
+
+* I've tried using <M_some_evil_pkcs12_macro> and I get errors why?
+
+This usually happens when you try compiling something using the PKCS#12
+macros with a C++ compiler. There is hardly ever any need to use the
+PKCS#12 macros in a program, it is much easier to parse and create
+PKCS#12 files using the PKCS12_parse() and PKCS12_create() functions
+documented in doc/openssl.txt and with examples in demos/pkcs12. The
+'pkcs12' application has to use the macros because it prints out 
+debugging information.
+
+
+* I've called <some function> and it fails, why?
+
+Before submitting a report or asking in one of the mailing lists, you
+should try to determine the cause. In particular, you should call
+ERR_print_errors() or ERR_print_errors_fp() after the failed call
+and see if the message helps. Note that the problem may occur earlier
+than you think -- you should check for errors after every call where
+it is possible, otherwise the actual problem may be hidden because
+some OpenSSL functions clear the error state.
+
+
+* I just get a load of numbers for the error output, what do they mean?
+
+The actual format is described in the ERR_print_errors() manual page.
+You should call the function ERR_load_crypto_strings() before hand and
+the message will be output in text form. If you can't do this (for example
+it is a pre-compiled binary) you can use the errstr utility on the error
+code itself (the hex digits after the second colon).
+
+
+* Why do I get errors about unknown algorithms?
+
+This can happen under several circumstances such as reading in an
+encrypted private key or attempting to decrypt a PKCS#12 file. The cause
+is forgetting to load OpenSSL's table of algorithms with
+OpenSSL_add_all_algorithms(). See the manual page for more information.
+
+
+* Why can't the OpenSSH configure script detect OpenSSL?
+
+Several reasons for problems with the automatic detection exist.
+OpenSSH requires at least version 0.9.5a of the OpenSSL libraries.
+Sometimes the distribution has installed an older version in the system
+locations that is detected instead of a new one installed. The OpenSSL
+library might have been compiled for another CPU or another mode (32/64 bits).
+Permissions might be wrong.
+
+The general answer is to check the config.log file generated when running
+the OpenSSH configure script. It should contain the detailed information
+on why the OpenSSL library was not detected or considered incompatible.
+
+* Can I use OpenSSL's SSL library with non-blocking I/O?
+
+Yes; make sure to read the SSL_get_error(3) manual page!
+
+A pitfall to avoid: Don't assume that SSL_read() will just read from
+the underlying transport or that SSL_write() will just write to it --
+it is also possible that SSL_write() cannot do any useful work until
+there is data to read, or that SSL_read() cannot do anything until it
+is possible to send data.  One reason for this is that the peer may
+request a new TLS/SSL handshake at any time during the protocol,
+requiring a bi-directional message exchange; both SSL_read() and
+SSL_write() will try to continue any pending handshake.
+
+
+* Why doesn't my server application receive a client certificate?
+
+Due to the TLS protocol definition, a client will only send a certificate,
+if explicitly asked by the server. Use the SSL_VERIFY_PEER flag of the
+SSL_CTX_set_verify() function to enable the use of client certificates.
+
+
+===============================================================================
+
--- a/316
+++ b/316
@@ -1,316 +0,0 @@
-16-Mar-98
-	- Patch for Cray T90 from Wayne Schroeder <schroede@SDSC.EDU>
-	- Lots and lots of changes
-
-29-Jan-98
-	- ASN1_BIT_STRING_set_bit()/ASN1_BIT_STRING_get_bit() from
-	  Goetz Babin-Ebell <babinebell@trustcenter.de>.
-	- SSL_version() now returns SSL2_VERSION, SSL3_VERSION or
-	  TLS1_VERSION.
-
-7-Jan-98
-	- Finally reworked the cipher string to ciphers again, so it
-	  works correctly
-	- All the app_data stuff is now ex_data with funcion calls to access.
-	  The index is supplied by a function and 'methods' can be setup
-	  for the types that are called on XXX_new/XXX_free.  This lets
-	  applications get notified on creation and destruction.  Some of
-	  the RSA methods could be implemented this way and I may do so.
-	- Oh yes, SSL under perl5 is working at the basic level.
-
-15-Dec-97
-	- Warning - the gethostbyname cache is not fully thread safe,
-	  but it should work well enough.
-	- Major internal reworking of the app_data stuff.  More functions
-	  but if you were accessing ->app_data directly, things will
-	  stop working.
-	- The perlv5 stuff is working.  Currently on message digests,
-	  ciphers and the bignum library.
-
-9-Dec-97
-	- Modified re-negotiation so that server initated re-neg
-	  will cause a SSL_read() to return -1 should retry.
-	  The danger otherwise was that the server and the
-	  client could end up both trying to read when using non-blocking
-	  sockets.
-
-4-Dec-97
-	- Lots of small changes
-	- Fix for binaray mode in Windows for the FILE BIO, thanks to
-	  Bob Denny <rdenny@dc3.com>
-
-17-Nov-97
-	- Quite a few internal cleanups, (removal of errno, and using macros
-	  defined in e_os.h).
-	- A bug in ca.c, pointed out by yasuyuki-ito@d-cruise.co.jp, where
-	  the automactic naming out output files was being stuffed up.
-
-29-Oct-97
-	- The Cast5 cipher has been added.  MD5 and SHA-1 are now in assember
-	  for x86.
-
-21-Oct-97
-	- Fixed a bug in the BIO_gethostbyname() cache.
-
-15-Oct-97
-	- cbc mode for blowfish/des/3des is now in assember.  Blowfish asm
-	  has also been improved.  At this point in time, on the pentium,
-	  md5 is %80 faster, the unoptimesed sha-1 is %79 faster,
-	  des-cbc is %28 faster, des-ede3-cbc is %9 faster and blowfish-cbc
-	  is %62 faster.
-
-12-Oct-97
-	- MEM_BUF_grow() has been fixed so that it always sets the buf->length
-	  to the value we are 'growing' to.  Think of MEM_BUF_grow() as the
-	  way to set the length value correctly.
-
-10-Oct-97
-	- I now hash for certificate lookup on the raw DER encoded RDN (md5).
-	  This breaks things again :-(.  This is efficent since I cache
-	  the DER encoding of the RDN.
-	- The text DN now puts in the numeric OID instead of UNKNOWN.
-	- req can now process arbitary OIDs in the config file.
-	- I've been implementing md5 in x86 asm, much faster :-).
-	- Started sha1 in x86 asm, needs more work.
-	- Quite a few speedups in the BN stuff.  RSA public operation
-	  has been made faster by caching the BN_MONT_CTX structure.
-	  The calulating of the Ai where A*Ai === 1 mod m was rather
-	  expensive.  Basically a 40-50% speedup on public operations.
-	  The RSA speedup is now 15% on pentiums and %20 on pentium
-	  pro.
-
-30-Sep-97
-	- After doing some profiling, I added x86 adm for bn_add_words(),
-	  which just adds 2 arrays of longs together.  A %10 speedup
-	  for 512 and 1024 bit RSA on the pentium pro.
-
-29-Sep-97
-	- Converted the x86 bignum assembler to us the perl scripts
-	  for generation.
-
-23-Sep-97
-	- If SSL_set_session() is passed a NULL session, it now clears the
-	  current session-id.
-
-22-Sep-97
-	- Added a '-ss_cert file' to apps/ca.c.  This will sign selfsigned
-	  certificates.
-	- Bug in crypto/evp/encode.c where by decoding of 65 base64
-	  encoded lines, one line at a time (via a memory BIO) would report
-	  EOF after the first line was decoded.
-	- Fix in X509_find_by_issuer_and_serial() from
-	  Dr Stephen Henson <shenson@bigfoot.com>
-
-19-Sep-97
-	- NO_FP_API and NO_STDIO added.
-	- Put in sh config command.  It auto runs Configure with the correct
-	  parameters.
-
-18-Sep-97
-	- Fix x509.c so if a DSA cert has different parameters to its parent,
-	  they are left in place.  Not tested yet.
-
-16-Sep-97
-	- ssl_create_cipher_list() had some bugs, fixes from
-	  Patrick Eisenacher <eisenach@stud.uni-frankfurt.de>
-	- Fixed a bug in the Base64 BIO, where it would return 1 instead
-	  of -1 when end of input was encountered but should retry.
-	  Basically a Base64/Memory BIO interaction problem.
-	- Added a HMAC set of functions in preporarion for TLS work.
-
-15-Sep-97
-	- Top level makefile tweak - Cameron Simpson <cs@zip.com.au>
-	- Prime generation spead up %25 (512 bit prime, pentium pro linux)
-	  by using montgomery multiplication in the prime number test.
-
-11-Sep-97
-	- Ugly bug in ssl3_write_bytes().  Basically if application land
-	  does a SSL_write(ssl,buf,len) where len > 16k, the SSLv3 write code
-	  did not check the size and tried to copy the entire buffer.
-	  This would tend to cause memory overwrites since SSLv3 has
-	  a maximum packet size of 16k.  If your program uses
-	  buffers <= 16k, you would probably never see this problem.
-	- Fixed a new errors that were cause by malloc() not returning
-	  0 initialised memory..
-	- SSL_OP_NETSCAPE_CA_DN_BUG was being switched on when using
-	  SSL_CTX_set_options(ssl_ctx,SSL_OP_ALL); which was a bad thing
-	  since this flags stops SSLeay being able to handle client
-	  cert requests correctly.
-
-08-Sep-97
-	- SSL_SESS_CACHE_NO_INTERNAL_LOOKUP option added.  When switched
-	  on, the SSL server routines will not use a SSL_SESSION that is
-	  held in it's cache.  This in intended to be used with the session-id
-	  callbacks so that while the session-ids are still stored in the
-	  cache, the decision to use them and how to look them up can be
-	  done by the callbacks.  The are the 'new', 'get' and 'remove'
-	  callbacks.  This can be used to determine the session-id
-	  to use depending on information like which port/host the connection
-	  is coming from.  Since the are also SSL_SESSION_set_app_data() and
-	  SSL_SESSION_get_app_data() functions, the application can hold
-	  information against the session-id as well.
-
-03-Sep-97
-	- Added lookup of CRLs to the by_dir method,
-	  X509_load_crl_file() also added.  Basically it means you can
-	  lookup CRLs via the same system used to lookup certificates.
-	- Changed things so that the X509_NAME structure can contain
-	  ASN.1 BIT_STRINGS which is required for the unique
-	  identifier OID.
-	- Fixed some problems with the auto flushing of the session-id
-	  cache.  It was not occuring on the server side.
-
-02-Sep-97
-	- Added SSL_CTX_sess_cache_size(SSL_CTX *ctx,unsigned long size)
-	  which is the maximum number of entries allowed in the
-	  session-id cache.  This is enforced with a simple FIFO list.
-	  The default size is 20*1024 entries which is rather large :-).
-	  The Timeout code is still always operating.
-
-01-Sep-97
-	- Added an argument to all the 'generate private key/prime`
-	  callbacks.  It is the last parameter so this should not
-	  break existing code but it is needed for C++.
-	- Added the BIO_FLAGS_BASE64_NO_NL flag for the BIO_f_base64()
-	  BIO.  This lets the BIO read and write base64 encoded data
-	  without inserting or looking for '\n' characters.  The '-A'
-	  flag turns this on when using apps/enc.c.
-	- RSA_NO_PADDING added to help BSAFE functionality.  This is a
-	  very dangerous thing to use, since RSA private key
-	  operations without random padding bytes (as PKCS#1 adds) can
-	  be attacked such that the private key can be revealed.
-	- ASN.1 bug and rc2-40-cbc and rc4-40 added by
-	  Dr Stephen Henson <shenson@bigfoot.com>
-
-31-Aug-97 (stuff added while I was away)	
-	- Linux pthreads by Tim Hudson (tjh@cryptsoft.com).
-	- RSA_flags() added allowing bypass of pub/priv match check
-	  in ssl/ssl_rsa.c - Tim Hudson.
-	- A few minor bugs.
-
-SSLeay 0.8.1 released.
-
-19-Jul-97
-	- Server side initated dynamic renegotiation is broken.  I will fix
-	  it when I get back from holidays.
-
-15-Jul-97
-	- Quite a few small changes.
-	- INVALID_SOCKET usage cleanups from Alex Kiernan <alex@hisoft.co.uk>
-
-09-Jul-97
-	- Added 2 new values to the SSL info callback.
-	  SSL_CB_START which is passed when the SSL protocol is started
-	  and SSL_CB_DONE when it has finished sucsessfully.
-
-08-Jul-97
-	- Fixed a few bugs problems in apps/req.c and crypto/asn1/x_pkey.c
-	  that related to DSA public/private keys.
-	- Added all the relevent PEM and normal IO functions to support
-	  reading and writing RSAPublic keys.
-	- Changed makefiles to use ${AR} instead of 'ar r'
-
-07-Jul-97
-	- Error in ERR_remove_state() that would leave a dangling reference
-	  to a free()ed location - thanks to Alex Kiernan <alex@hisoft.co.uk>
-	- s_client now prints the X509_NAMEs passed from the server
-	  when requesting a client cert.
-	- Added a ssl->type, which is one of SSL_ST_CONNECT or
-	  SSL_ST_ACCEPT.  I had to add it so I could tell if I was
-	  a connect or an accept after the handshake had finished.
-	- SSL_get_client_CA_list(SSL *s) now returns the CA names
-	  passed by the server if called by a client side SSL.
-
-05-Jul-97
-	- Bug in X509_NAME_get_text_by_OBJ(), looking starting at index
-	  0, not -1 :-(  Fix from Tim Hudson (tjh@cryptsoft.com).
-
-04-Jul-97
-	- Fixed some things in X509_NAME_add_entry(), thanks to
-	  Matthew Donald <matthew@world.net>.
-	- I had a look at the cipher section and though that it was a
-	  bit confused, so I've changed it.
-	- I was not setting up the RC4-64-MD5 cipher correctly.  It is
-	  a MS special that appears in exported MS Money.
-	- Error in all my DH ciphers.  Section 7.6.7.3 of the SSLv3
-	  spec.  I was missing the two byte length header for the
-	  ClientDiffieHellmanPublic value.  This is a packet sent from
-	  the client to the server.  The SSL_OP_SSLEAY_080_CLIENT_DH_BUG
-	  option will enable SSLeay server side SSLv3 accept either
-	  the correct or my 080 packet format.
-	- Fixed a few typos in crypto/pem.org.
-
-02-Jul-97
-	- Alias mapping for EVP_get_(digest|cipher)byname is now
-	  performed before a lookup for actual cipher.  This means
-	  that an alias can be used to 're-direct' a cipher or a
-	  digest.
-	- ASN1_read_bio() had a bug that only showed up when using a
-	  memory BIO.  When EOF is reached in the memory BIO, it is
-	  reported as a -1 with BIO_should_retry() set to true.
-
-01-Jul-97
-	- Fixed an error in X509_verify_cert() caused by my
-	  miss-understanding how 'do { contine } while(0);' works.
-	  Thanks to Emil Sit <sit@mit.edu> for educating me :-)
-
-30-Jun-97
-	- Base64 decoding error.  If the last data line did not end with
-	  a '=', sometimes extra data would be returned.
-	- Another 'cut and paste' bug in x509.c related to setting up the
-	  STDout BIO.
-
-27-Jun-97
-	- apps/ciphers.c was not printing due to an editing error.
-	- Alex Kiernan <alex@hisoft.co.uk> send in a nice fix for
-	  a library build error in util/mk1mf.pl
-
-26-Jun-97
-	- Still did not have the auto 'experimental' code removal
-	  script correct.
-	- A few header tweaks for Watcom 11.0 under Win32 from
-	  Rolf Lindemann <Lindemann@maz-hh.de>
-	- 0 length OCTET_STRING bug in asn1_parse
-	- A minor fix with an non-existent function in the MS .def files.
-	- A few changes to the PKCS7 stuff.
-
-25-Jun-97
-	SSLeay 0.8.0 finally it gets released.
-
-24-Jun-97
-	Added a SSL_OP_EPHEMERAL_RSA option which causes all SSLv3 RSA keys to
-	use a temporary RSA key.  This is experimental and needs some more work.
-	Fixed a few Win16 build problems.
-
-23-Jun-97
-	SSLv3 bug. I was not doing the 'lookup' of the CERT structure
-	correctly. I was taking the SSL->ctx->default_cert when I should
-	have been using SSL->cert. The bug was in ssl/s3_srvr.c
-
-20-Jun-97
-	X509_ATTRIBUTES were being encoded wrongly by apps/reg.c and the
-	rest of the library. Even though I had the code required to do
-	it correctly, apps/req.c was doing the wrong thing.  I have fixed
-	and tested everything.
-
-	Missing a few #ifdef FIONBIO sections in crypto/bio/bss_acpt.c.
-
-19-Jun-97
-	Fixed a bug in the SSLv2 server side first packet handling. When
-	using the non-blocking test BIO, the ssl->s2->first_packet flag
-	was being reset when a would-block failure occurred when reading
-	the first 5 bytes of the first packet. This caused the checking
-	logic to run at the wrong time and cause an error.
-
-	Fixed a problem with specifying cipher. If RC4-MD5 were used,
-	only the SSLv3 version would be picked up.  Now this will pick
-	up both SSLv2 and SSLv3 versions. This required changing the
-	SSL_CIPHER->mask values so that they only mask the ciphers,
-	digests, authentication, export type and key-exchange algorithms.
-
-	I found that when a SSLv23 session is established, a reused
-	session, of type SSLv3 was attempting to write the SSLv2 
-	ciphers, which were invalid. The SSL_METHOD->put_cipher_by_char 
-	method has been modified so it will only write out cipher which
-	that method knows about.  
-
--- a/HISTORY.090
+++ b/HISTORY.090
@@ -1,7 +0,0 @@
-	A minor bug in ssl/s3_clnt.c where there would always be 4 0 bytes
-	sent in the client random, thanks to 
-	Edward Bishop <ebishop@spyglass.com>
-	Changed some BIGNUM api stuff.
-
-	I Deleted the HISTORY.090 I was working on and when I found out, it was
-	permanently gone :-(
--- a/381
+++ b/381
@@ -1,133 +1,292 @@
-# Installation of SSLeay.
-# It depends on perl for a few bits but those steps can be skipped and
-# the top level makefile edited by hand

-# When bringing the SSLeay distribution back from the evil intel world
-# of Windows NT, do the following to make it nice again under unix :-)
-# You don't normally need to run this.
-sh util/fixNT.sh	# This only works for NT now - eay - 21-Jun-1996
+ INSTALLATION ON THE UNIX PLATFORM
+ ---------------------------------

-# If you have perl, and it is not in /usr/local/bin, you can run
-perl util/perlpath.pl /new/path
-# and this will fix the paths in all the scripts.  DO NOT put
-# /new/path/perl, just /new/path. The build
-# environment always run scripts as 'perl perlscript.pl' but some of the
-# 'applications' are easier to usr with the path fixed.
+ [Installation on Windows, OpenVMS and MacOS (before MacOS X) is described
+  in INSTALL.W32, INSTALL.VMS and INSTALL.MacOS.]

-# Edit crypto/cryptlib.h, tools/c_rehash, and Makefile.ssl
-# to set the install locations if you don't like
-# the default location of /usr/local/ssl
-# Do this by running
-perl util/ssldir.pl /new/ssl/home
-# if you have perl, or by hand if not.
+ To install OpenSSL, you will need:

-# If things have been stuffed up with the sym links, run
-make -f Makefile.ssl links
-# This will re-populate lib/include with symlinks and for each
-# directory, link Makefile to Makefile.ssl
+  * make
+  * Perl 5
+  * an ANSI C compiler
+  * a development environment in form of development libraries and C
+    header files
+  * a supported Unix operating system

-# Setup the machine dependent stuff for the top level makefile
-# and some select .h files
-# If you don't have perl, this will bomb, in which case just edit the
-# top level Makefile.ssl
-./Configure 'system type'
+ Quick Start
+ -----------

-# The 'Configure' command contains default configuration parameters
-# for lots of machines.  Configure edits 5 lines in the top level Makefile
-# It modifies the following values in the following files
-Makefile.ssl		CC CFLAG EX_LIBS BN_MULW
-crypto/des/des.h	DES_LONG
-crypto/des/des_locl.h	DES_PTR
-crypto/md2/md2.h	MD2_INT
-crypto/rc4/rc4.h	RC4_INT
-crypto/rc4/rc4_enc.c	RC4_INDEX
-crypto/rc2/rc2.h	RC2_INT
-crypto/bf/bf_locl.h	BF_INT
-crypto/idea/idea.h	IDEA_INT
-crypto/bn/bn.h		BN_LLONG (and defines one of SIXTY_FOUR_BIT,
-				  SIXTY_FOUR_BIT_LONG, THIRTY_TWO_BIT,
-				  SIXTEEN_BIT or EIGHT_BIT)
-Please remember that all these files are actually copies of the file with
-a .org extention.  So if you change crypto/des/des.h, the next time
-you run Configure, it will be runover by a 'configured' version of
-crypto/des/des.org.  So to make the changer the default, change the .org
-files.  The reason these files have to be edited is because most of
-these modifications change the size of fundamental data types.
-While in theory this stuff is optional, it often makes a big
-difference in performance and when using assember, it is importaint
-for the 'Bignum bits' match those required by the assember code.
-A warning for people using gcc with sparc cpu's.  Gcc needs the -mv8
-flag to use the hardware multiply instruction which was not present in
-earlier versions of the sparc CPU.  I define it by default.  If you
-have an old sparc, and it crashes, try rebuilding with this flag
-removed.  I am leaving this flag on by default because it makes
-things run 4 times faster :-)
+ If you want to just get on with it, do:

-# clean out all the old stuff
-make clean
+  $ ./config
+  $ make
+  $ make test
+  $ make install

-# Do a make depend only if you have the makedepend command installed
-# This is not needed but it does make things nice when developing.
-make depend
+ [If any of these steps fails, see section Installation in Detail below.]

-# make should build everything
-make
+ This will build and install OpenSSL in the default location, which is (for
+ historical reasons) /usr/local/ssl. If you want to install it anywhere else,
+ run config like this:

-# fix up the demo certificate hash directory if it has been stuffed up.
-make rehash
+  $ ./config --prefix=/usr/local --openssldir=/usr/local/openssl

-# test everything
-make test

-# install the lot
-make install
+ Configuration Options
+ ---------------------

-# It is worth noting that all the applications are built into the one
-# program, ssleay, which is then has links from the other programs
-# names to it.
-# The applicatons can be built by themselves, just don't define the
-# 'MONOLITH' flag.  So to build the 'enc' program stand alone,
-gcc -O2 -Iinclude apps/enc.c apps/apps.c libcrypto.a
+ There are several options to ./config (or ./Configure) to customize
+ the build:

-# Other useful make options are
-make makefile.one
-# which generate a 'makefile.one' file which will build the complete
-# SSLeay distribution with temp. files in './tmp' and 'installable' files
-# in './out'
+  --prefix=DIR  Install in DIR/bin, DIR/lib, DIR/include/openssl.
+	        Configuration files used by OpenSSL will be in DIR/ssl
+                or the directory specified by --openssldir.

-# Have a look at running
-perl util/mk1mf.pl help
-# this can be used to generate a single makefile and is about the only
-# way to generate makefiles for windows.
+  --openssldir=DIR Directory for OpenSSL files. If no prefix is specified,
+                the library files and binaries are also installed there.

-# There is actually a final way of building SSLeay.
-gcc -O2 -c -Icrypto -Iinclude crypto/crypto.c
-gcc -O2 -c -Issl -Iinclude ssl/ssl.c
-# and you now have the 2 libraries as single object files :-).
-# If you want to use the assember code for your particular platform
-# (DEC alpha/x86 are the main ones, the other assember is just the
-# output from gcc) you will need to link the assember with the above generated
-# object file and also do the above compile as
-gcc -O2 -DBN_ASM -c -Icrypto -Iinclude crypto/crypto.c
+  no-threads    Don't try to build with support for multi-threaded
+                applications.

-This last option is probably the best way to go when porting to another
-platform or building shared libraries.  It is not good for development so
-I don't normally use it.
+  threads       Build with support for multi-threaded applications.
+                This will usually require additional system-dependent options!
+                See "Note on multi-threading" below.

-To build shared libararies under unix, have a look in shlib, basically 
-you are on your own, but it is quite easy and all you have to do
-is compile 2 (or 3) files.
+  no-zlib       Don't try to build with support for zlib compression and
+                decompression.

-For mult-threading, have a read of doc/threads.doc.  Again it is quite
-easy and normally only requires some extra callbacks to be defined
-by the application.
-The examples for solaris and windows NT/95 are in the mt directory.
+  zlib          Build with support for zlib compression/decompression.

-have fun
+  zlib-dynamic  Like "zlib", but has OpenSSL load the zlib library dynamically
+                when needed.  This is only supported on systems where loading
+                of shared libraries is supported.  This is the default choice.

-eric 25-Jun-1997
+  no-shared     Don't try to create shared libraries.

-IRIX 5.x will build as a 32 bit system with mips1 assember.
-IRIX 6.x will build as a 64 bit system with mips3 assember.  It conforms
-to n32 standards. In theory you can compile the 64 bit assember under
-IRIX 5.x but you will have to have the correct system software installed.
+  shared        In addition to the usual static libraries, create shared
+                libraries on platforms where it's supported.  See "Note on
+                shared libraries" below.
+
+  no-asm        Do not use assembler code.
+
+  386           Use the 80386 instruction set only (the default x86 code is
+                more efficient, but requires at least a 486).
+
+  no-<cipher>   Build without the specified cipher (bf, cast, des, dh, dsa,
+                hmac, md2, md5, mdc2, rc2, rc4, rc5, rsa, sha).
+                The crypto/<cipher> directory can be removed after running
+                "make depend".
+
+  -Dxxx, -lxxx, -Lxxx, -fxxx, -Kxxx These system specific options will
+                be passed through to the compiler to allow you to
+                define preprocessor symbols, specify additional libraries,
+                library directories or other compiler options.
+
+
+ Installation in Detail
+ ----------------------
+
+ 1a. Configure OpenSSL for your operation system automatically:
+
+       $ ./config [options]
+
+     This guesses at your operating system (and compiler, if necessary) and
+     configures OpenSSL based on this guess. Run ./config -t to see
+     if it guessed correctly. If you want to use a different compiler, you
+     are cross-compiling for another platform, or the ./config guess was
+     wrong for other reasons, go to step 1b. Otherwise go to step 2.
+
+     On some systems, you can include debugging information as follows:
+
+       $ ./config -d [options]
+
+ 1b. Configure OpenSSL for your operating system manually
+
+     OpenSSL knows about a range of different operating system, hardware and
+     compiler combinations. To see the ones it knows about, run
+
+       $ ./Configure
+
+     Pick a suitable name from the list that matches your system. For most
+     operating systems there is a choice between using "cc" or "gcc".  When
+     you have identified your system (and if necessary compiler) use this name
+     as the argument to ./Configure. For example, a "linux-elf" user would
+     run:
+
+       $ ./Configure linux-elf [options]
+
+     If your system is not available, you will have to edit the Configure
+     program and add the correct configuration for your system. The
+     generic configurations "cc" or "gcc" should usually work on 32 bit
+     systems.
+
+     Configure creates the file Makefile.ssl from Makefile.org and
+     defines various macros in crypto/opensslconf.h (generated from
+     crypto/opensslconf.h.in).
+
+  2. Build OpenSSL by running:
+
+       $ make
+
+     This will build the OpenSSL libraries (libcrypto.a and libssl.a) and the
+     OpenSSL binary ("openssl"). The libraries will be built in the top-level
+     directory, and the binary will be in the "apps" directory.
+
+     If "make" fails, look at the output.  There may be reasons for
+     the failure that aren't problems in OpenSSL itself (like missing
+     standard headers).  If it is a problem with OpenSSL itself, please
+     report the problem to <openssl-bugs@openssl.org> (note that your
+     message will be forwarded to a public mailing list).  Include the
+     output of "make report" in your message.
+
+     [If you encounter assembler error messages, try the "no-asm"
+     configuration option as an immediate fix.]
+
+     Compiling parts of OpenSSL with gcc and others with the system
+     compiler will result in unresolved symbols on some systems.
+
+  3. After a successful build, the libraries should be tested. Run:
+
+       $ make test
+
+     If a test fails, look at the output.  There may be reasons for
+     the failure that isn't a problem in OpenSSL itself (like a missing
+     or malfunctioning bc).  If it is a problem with OpenSSL itself,
+     try removing any compiler optimization flags from the CFLAGS line
+     in Makefile.ssl and run "make clean; make". Please send a bug
+     report to <openssl-bugs@openssl.org>, including the output of
+     "make report".
+
+  4. If everything tests ok, install OpenSSL with
+
+       $ make install
+
+     This will create the installation directory (if it does not exist) and
+     then the following subdirectories:
+
+       certs           Initially empty, this is the default location
+                       for certificate files.
+       man/man1        Manual pages for the 'openssl' command line tool
+       man/man3        Manual pages for the libraries (very incomplete)
+       misc            Various scripts.
+       private         Initially empty, this is the default location
+                       for private key files.
+
+     If you didn't choose a different installation prefix, the
+     following additional subdirectories will be created:
+
+       bin             Contains the openssl binary and a few other 
+                       utility programs. 
+       include/openssl Contains the header files needed if you want to
+                       compile programs with libcrypto or libssl.
+       lib             Contains the OpenSSL library files themselves.
+
+     Package builders who want to configure the library for standard
+     locations, but have the package installed somewhere else so that
+     it can easily be packaged, can use
+
+       $ make INSTALL_PREFIX=/tmp/package-root install
+
+     (or specify "--install_prefix=/tmp/package-root" as a configure
+     option).  The specified prefix will be prepended to all
+     installation target filenames.
+
+
+  NOTE: The header files used to reside directly in the include
+  directory, but have now been moved to include/openssl so that
+  OpenSSL can co-exist with other libraries which use some of the
+  same filenames.  This means that applications that use OpenSSL
+  should now use C preprocessor directives of the form
+
+       #include <openssl/ssl.h>
+
+  instead of "#include <ssl.h>", which was used with library versions
+  up to OpenSSL 0.9.2b.
+
+  If you install a new version of OpenSSL over an old library version,
+  you should delete the old header files in the include directory.
+
+  Compatibility issues:
+
+  *  COMPILING existing applications
+
+     To compile an application that uses old filenames -- e.g.
+     "#include <ssl.h>" --, it will usually be enough to find
+     the CFLAGS definition in the application's Makefile and
+     add a C option such as
+
+          -I/usr/local/ssl/include/openssl
+
+     to it.
+
+     But don't delete the existing -I option that points to
+     the ..../include directory!  Otherwise, OpenSSL header files
+     could not #include each other.
+
+  *  WRITING applications
+
+     To write an application that is able to handle both the new
+     and the old directory layout, so that it can still be compiled
+     with library versions up to OpenSSL 0.9.2b without bothering
+     the user, you can proceed as follows:
+
+     -  Always use the new filename of OpenSSL header files,
+        e.g. #include <openssl/ssl.h>.
+
+     -  Create a directory "incl" that contains only a symbolic
+        link named "openssl", which points to the "include" directory
+        of OpenSSL.
+        For example, your application's Makefile might contain the
+        following rule, if OPENSSLDIR is a pathname (absolute or
+        relative) of the directory where OpenSSL resides:
+
+        incl/openssl:
+        	-mkdir incl
+        	cd $(OPENSSLDIR) # Check whether the directory really exists
+        	-ln -s `cd $(OPENSSLDIR); pwd`/include incl/openssl
+
+        You will have to add "incl/openssl" to the dependencies
+        of those C files that include some OpenSSL header file.
+
+     -  Add "-Iincl" to your CFLAGS.
+
+     With these additions, the OpenSSL header files will be available
+     under both name variants if an old library version is used:
+     Your application can reach them under names like <openssl/foo.h>,
+     while the header files still are able to #include each other
+     with names of the form <foo.h>.
+
+
+ Note on multi-threading
+ -----------------------
+
+ For some systems, the OpenSSL Configure script knows what compiler options
+ are needed to generate a library that is suitable for multi-threaded
+ applications.  On these systems, support for multi-threading is enabled
+ by default; use the "no-threads" option to disable (this should never be
+ necessary).
+
+ On other systems, to enable support for multi-threading, you will have
+ to specify at least two options: "threads", and a system-dependent option.
+ (The latter is "-D_REENTRANT" on various systems.)  The default in this
+ case, obviously, is not to include support for multi-threading (but
+ you can still use "no-threads" to suppress an annoying warning message
+ from the Configure script.)
+
+
+ Note on shared libraries
+ ------------------------
+
+ Shared library is currently an experimental feature.  The only reason to
+ have them would be to conserve memory on systems where several program
+ are using OpenSSL.  Binary backward compatibility can't be guaranteed
+ before OpenSSL version 1.0.
+
+ For some systems, the OpenSSL Configure script knows what is needed to
+ build shared libraries for libcrypto and libssl.  On these systems,
+ the shared libraries are currently not created by default, but giving
+ the option "shared" will get them created.  This method supports Makefile
+ targets for shared library creation, like linux-shared.  Those targets
+ can currently be used on their own just as well, but this is expected
+ to change in future versions of OpenSSL.
--- a/INSTALL.MacOS
+++ b/INSTALL.MacOS
@@ -0,0 +1,72 @@
+OpenSSL - Port To The Macintosh OS 9 or Earlier
+===============================================
+
+Thanks to Roy Wood <roy@centricsystems.ca> initial support for Mac OS (pre
+X) is now provided. "Initial" means that unlike other platforms where you
+get an SDK and a "swiss army" openssl application, on Macintosh you only
+get one sample application which fetches a page over HTTPS(*) and dumps it
+in a window. We don't even build the test applications so that we can't
+guarantee that all algorithms are operational.
+
+Required software:
+
+- StuffIt Expander 5.5 or later, alternatively MacGzip and SUNtar;
+- Scriptable Finder;
+- CodeWarrior Pro 5;
+
+Installation procedure:
+
+- fetch the source at ftp://ftp.openssl.org/ (well, you probably already
+  did, huh?)
+- unpack the .tar.gz file:
+	- if you have StuffIt Expander then just drag it over it;
+	- otherwise uncompress it with MacGzip and then unpack with SUNtar;
+- locate MacOS folder in OpenSSL source tree and open it;
+- unbinhex mklinks.as.hqx and OpenSSL.mcp.hqx if present (**), do it
+  "in-place", i.e. unpacked files should end-up in the very same folder;
+- execute mklinks.as;
+- open OpenSSL.mcp(***) and build 'GetHTTPS PPC' target(****);
+- that's it for now;
+
+(*)	URL is hardcoded into ./MacOS/GetHTTPS.src/GetHTTPS.cpp, lines 40
+        to 42, change appropriately.
+(**)	If you use SUNtar, then it might have already unbinhexed the files
+	in question.
+(***)	The project file was saved with CW Pro 5.3. If you have an earlier
+	version and it refuses to open it, then download
+	http://www.openssl.org/~appro/OpenSSL.mcp.xml and import it
+	overwriting the original OpenSSL.mcp.
+(****)	Other targets are works in progress. If you feel like giving 'em a
+	shot, then you should know that OpenSSL* and Lib* targets are
+	supposed to be built with the GUSI, MacOS library which mimics
+	BSD sockets and some other POSIX APIs. The GUSI distribution is
+	expected to be found in the same directory as the openssl source tree,
+	i.e., in the parent directory to the one where this very file,
+	namely INSTALL.MacOS, resides. For more information about GUSI, see
+	http://www.iis.ee.ethz.ch/~neeri/macintosh/gusi-qa.html
+
+Finally some essential comments from our generous contributor:-)
+
+"I've gotten OpenSSL working on the Macintosh. It's probably a bit of a
+hack, but it works for what I'm doing. If you don't like the way I've done
+it, then feel free to change what I've done. I freely admit that I've done
+some less-than-ideal things in my port, and if you don't like the way I've
+done something, then feel free to change it-- I won't be offended!
+
+... I've tweaked "bss_sock.c" a little to call routines in a "MacSocket"
+library I wrote. My MacSocket library is a wrapper around OpenTransport,
+handling stuff like endpoint creation, reading, writing, etc. It is not
+designed as a high-performance package such as you'd use in a webserver,
+but is fine for lots of other applications. MacSocket also uses some other
+code libraries I've written to deal with string manipulations and error
+handling. Feel free to use these things in your own code, but give me
+credit and/or send me free stuff in appreciation! :-)
+
+...
+
+If you have any questions, feel free to email me as the following:
+
+roy@centricsystems.ca
+
+-Roy Wood"
+
--- a/INSTALL.OS2
+++ b/INSTALL.OS2
@@ -0,0 +1,22 @@
+ 
+ Installation on OS/2
+ --------------------
+
+ You need to have the following tools installed:
+
+  * EMX GCC
+  * PERL
+  * GNU make
+
+
+ To build the makefile, run
+
+ > os2\os2-emx
+
+ This will configure OpenSSL and create OS2-EMX.mak which you then use to 
+ build the OpenSSL libraries & programs by running
+
+ > make -f os2-emx.mak
+
+ If that finishes successfully you will find the libraries and programs in the
+ "out" directory.
--- a/INSTALL.VMS
+++ b/INSTALL.VMS
@@ -0,0 +1,299 @@
+			VMS Installation instructions
+			written by Richard Levitte
+			<richard@levitte.org>
+
+
+Intro:
+======
+
+This file is divided in the following parts:
+
+  Requirements			- Mandatory reading.
+  Checking the distribution	- Mandatory reading.
+  Compilation			- Mandatory reading.
+  Logical names			- Mandatory reading.
+  Test				- Mandatory reading.
+  Installation			- Mandatory reading.
+  Backward portability		- Read if it's an issue.
+  Possible bugs or quirks	- A few warnings on things that
+				  may go wrong or may surprise you.
+  TODO				- Things that are to come.
+
+
+Requirements:
+=============
+
+To build and install OpenSSL, you will need:
+
+ * DEC C or some other ANSI C compiler.  VAX C is *not* supported.
+   [Note: OpenSSL has only been tested with DEC C.  Compiling with 
+    a different ANSI C compiler may require some work]
+
+Checking the distribution:
+==========================
+
+There have been reports of places where the distribution didn't quite get
+through, for example if you've copied the tree from a NFS-mounted Unix
+mount point.
+
+The easiest way to check if everything got through as it should is to check
+for one of the following files:
+
+	[.CRYPTO]OPENSSLCONF.H_IN
+	[.CRYPTO]OPENSSLCONF_H.IN
+
+They should never exist both at once, but one of them should (preferably
+the first variant).  If you can't find any of those two, something went
+wrong.
+
+The best way to get a correct distribution is to download the gzipped tar
+file from ftp://ftp.openssl.org/source/, use GUNZIP to uncompress it and
+use VMSTAR to unpack the resulting tar file.
+
+GUNZIP is available in many places on the net.  One of the distribution
+points is the WKU software archive, ftp://ftp.wku.edu/vms/fileserv/ .
+
+VMSTAR is also available in many places on the net.  The recommended place
+to find information about it is http://www.free.lp.se/vmstar/ .
+
+
+Compilation:
+============
+
+I've used the very good command procedures written by Robert Byer
+<byer@mail.all-net.net>, and just slightly modified them, making
+them slightly more general and easier to maintain.
+
+You can actually compile in almost any directory separately.  Look
+for a command procedure name xxx-LIB.COM (in the library directories)
+or MAKExxx.COM (in the program directories) and read the comments at
+the top to understand how to use them.  However, if you want to
+compile all you can get, the simplest is to use MAKEVMS.COM in the top
+directory.  The syntax is the following:
+
+  @MAKEVMS <option> <rsaref-p> <debug-p> [<compiler>]
+
+<option> must be one of the following:
+
+      ALL       Just build "everything".
+      CONFIG    Just build the "[.CRYPTO]OPENSSLCONF.H" file.
+      BUILDINF  Just build the "[.INCLUDE]BUILDINF.H" file.
+      SOFTLINKS Just copies some files, to simulate Unix soft links.
+      BUILDALL  Same as ALL, except CONFIG, BUILDINF and SOFTLINKS aren't done.
+      RSAREF    Just build the "[.xxx.EXE.RSAREF]LIBRSAGLUE.OLB" library.
+      CRYPTO    Just build the "[.xxx.EXE.CRYPTO]LIBCRYPTO.OLB" library.
+      SSL       Just build the "[.xxx.EXE.SSL]LIBSSL.OLB" library.
+      SSL_TASK  Just build the "[.xxx.EXE.SSL]SSL_TASK.EXE" program.
+      TEST      Just build the "[.xxx.EXE.TEST]" test programs for OpenSSL.
+      APPS      Just build the "[.xxx.EXE.APPS]" application programs for OpenSSL.
+
+<rsaref-p> must be one of the following:
+
+      RSAREF    compile using the RSAREF Library
+      NORSAREF  compile without using RSAREF
+
+Note 0: The RSAREF library IS NO LONGER NEEDED.  The RSA patent
+        expires September 20, 2000, and RSA Security chose to make
+        the algorithm public domain two weeks before that.
+
+Note 1: If you still want to use RSAREF, the library is NOT INCLUDED
+        and you have to download it.  RSA Security doesn't carry it
+        any more, but there are a number of places where you can find
+        it.  You have to get the ".tar-Z" file as the ".zip" file
+        doesn't have the directory structure stored.  You have to
+        extract the file into the [.RSAREF] directory as that is where
+        the scripts will look for the files.
+
+Note 2: I have never done this, so I've no idea if it works or not.
+
+<debug-p> must be one of the following:
+
+      DEBUG     compile with debugging info (will not optimize)
+      NODEBUG   compile without debugging info (will optimize)
+
+<compiler> must be one of the following:
+
+      DECC      For DEC C.
+      GNUC      For GNU C.
+
+
+You will find the crypto library in [.xxx.EXE.CRYPTO], called LIBCRYPTO.OLB,
+where xxx is VAX or AXP.  You will find the SSL library in [.xxx.EXE.SSL],
+named LIBSSL.OLB, and you will find a bunch of useful programs in
+[.xxx.EXE.APPS].  However, these shouldn't be used right off unless it's
+just to test them.  For production use, make sure you install first, see
+Installation below.
+
+Note 1: Some programs in this package require a TCP/IP library.
+
+Note 2: if you want to compile the crypto library only, please make sure
+        you have at least done a @MAKEVMS CONFIG, a @MAKEVMS BUILDINF and
+        a @MAKEVMS SOFTLINKS.  A lot of things will break if you don't.
+
+
+Logical names:
+==============
+
+There are a few things that can't currently be given through the command
+line.  Instead, logical names are used.
+
+Currently, the logical names supported are:
+
+      OPENSSL_NO_ASM    with value YES, the assembler parts of OpenSSL will
+                        not be used.  Instead, plain C implementations are
+                        used.  This is good to try if something doesn't work.
+      OPENSSL_NO_'alg'  with value YES, the corresponding crypto algorithm
+                        will not be implemented.  Supported algorithms to
+                        do this with are: RSA, DSA, DH, MD2, MD4, MD5, RIPEMD,
+                        SHA, DES, MDC2, CR2, RC4, RC5, IDEA, BF, CAST, HMAC,
+                        SSL2.  So, for example, having the logical name
+                        OPENSSL_NO_RSA with the value YES means that the
+                        LIBCRYPTO.OLB library will not contain an RSA
+                        implementation.
+
+
+Test:
+=====
+
+Testing is very simple, just do the following:
+
+  @[.TEST]TESTS
+
+If a test fails, try with defining the logical name OPENSSL_NO_ASM (yes,
+it's an ugly hack!) and rebuild. Please send a bug report to
+<openssl-bugs@openssl.org>, including the output of "openssl version -a"
+and of the failed test.
+
+
+Installation:
+=============
+
+Installation is easy, just do the following:
+
+  @INSTALL <root>
+
+<root> is the directory in which everything will be installed,
+subdirectories, libraries, header files, programs and startup command
+procedures.
+
+N.B.: INSTALL.COM builds a new directory structure, different from
+the directory tree where you have now build OpenSSL.
+
+In the [.VMS] subdirectory of the installation, you will find the
+following command procedures:
+
+  OPENSSL_STARTUP.COM
+
+        defines all needed logical names.  Takes one argument that
+        tells it in what logical name table to insert the logical
+        names.  If you insert if it SYS$MANAGER:SYSTARTUP_VMS.COM, the
+        call should look like this: 
+
+          @openssldev:[openssldir.VMS]OPENSSL_STARTUP "/SYSTEM"
+
+  OPENSSL_UTILS.COM
+
+        sets up the symbols to the applications.  Should be called
+        from for example SYS$MANAGER:SYLOGIN.COM 
+
+The logical names that are set up are the following:
+
+  SSLROOT       a dotted concealed logical name pointing at the
+                root directory.
+
+  SSLCERTS      Initially an empty directory, this is the default
+		location for certificate files.
+  SSLMISC	Various scripts.
+  SSLPRIVATE	Initially an empty directory, this is the default
+		location for private key files.
+
+  SSLEXE        Contains the openssl binary and a few other utility
+		programs.
+  SSLINCLUDE    Contains the header files needed if you want to
+		compile programs with libcrypto or libssl.
+  SSLLIB        Contains the OpenSSL library files (LIBCRYPTO.OLB
+		and LIBSSL.OLB) themselves.
+
+  OPENSSL	Same as SSLINCLUDE.  This is because the standard
+		way to include OpenSSL header files from version
+		0.9.3 and on is:
+
+			#include <openssl/header.h>
+
+		For more info on this issue, see the INSTALL. file
+		(the NOTE in section 4 of "Installation in Detail").
+		You don't need to "deleting old header files"!!!
+
+
+Backward portability:
+=====================
+
+One great problem when you build a library is making sure it will work
+on as many versions of VMS as possible.  Especially, code compiled on
+OpenVMS version 7.x and above tend to be unusable in version 6.x or
+lower, because some C library routines have changed names internally
+(the C programmer won't usually see it, because the old name is
+maintained through C macros).  One obvious solution is to make sure
+you have a development machine with an old enough version of OpenVMS.
+However, if you are stuck with a bunch of Alphas running OpenVMS version
+7.1, you seem to be out of luck.  Fortunately, the DEC C header files
+are cluttered with conditionals that make some declarations and definitions
+dependent on the OpenVMS version or the C library version, *and* you
+can use those macros to simulate older OpenVMS or C library versions,
+by defining the macros _VMS_V6_SOURCE, __VMS_VER and __CTRL_VER with
+correct values.  In the compilation scripts, I've provided the possibility
+for the user to influence the creation of such macros, through a bunch of
+symbols, all having names starting with USER_.  Here's the list of them:
+
+  USER_CCFLAGS		 - Used to give additional qualifiers to the
+			   compiler.  It can't be used to define macros
+			   since the scripts will do such things as well.
+			   To do such things, use USER_CCDEFS.
+  USER_CCDEFS		 - Used to define macros on the command line.  The
+			   value of this symbol will be inserted inside a
+			   /DEFINE=(...).
+  USER_CCDISABLEWARNINGS - Used to disable some warnings.  The value is
+			   inserted inside a /DISABLE=WARNING=(...).
+
+So, to maintain backward compatibility with older VMS versions, do the
+following before you start compiling:
+
+  $ USER_CCDEFS := _VMS_V6_SOURCE=1,__VMS_VER=60000000,__CRTL_VER=60000000
+  $ USER_CCDISABLEWARNINGS := PREOPTW
+
+The USER_CCDISABLEWARNINGS is there because otherwise, DEC C will complain
+that those macros have been changed.
+
+Note: Currently, this is only useful for library compilation.  The
+      programs will still be linked with the current version of the
+      C library shareable image, and will thus complain if they are
+      faced with an older version of the same C library shareable image.
+      This will probably be fixed in a future revision of OpenSSL.
+
+
+Possible bugs or quirks:
+========================
+
+I'm not perfectly sure all the programs will use the SSLCERTS:
+directory by default, it may very well be that you have to give them
+extra arguments.  Please experiment.
+
+
+TODO:
+=====
+
+There are a few things that need to be worked out in the VMS version of
+OpenSSL, still:
+
+- Description files. ("Makefile's" :-))
+- Script code to link an already compiled build tree.
+- A VMSINSTALlable version (way in the future, unless someone else hacks).
+- shareable images (DLL for you Windows folks).
+
+There may be other things that I have missed and that may be desirable.
+Please send mail to <openssl-users@openssl.org> or to me directly if you
+have any ideas.
+
+--
+Richard Levitte <richard@levitte.org>
+2000-02-27
--- a/INSTALL.W32
+++ b/INSTALL.W32
@@ -0,0 +1,266 @@
+ 
+ INSTALLATION ON THE WIN32 PLATFORM
+ ----------------------------------
+
+ Heres a few comments about building OpenSSL in Windows environments.  Most
+ of this is tested on Win32 but it may also work in Win 3.1 with some
+ modification.
+
+ You need Perl for Win32.  Unless you will build on Cygwin, you will need
+ ActiveState Perl, available from http://www.activestate.com/ActivePerl.
+ For Cygwin users, there's more info in the Cygwin section.
+
+ and one of the following C compilers:
+
+  * Visual C++
+  * Borland C
+  * GNU C (Mingw32 or Cygwin)
+
+ If you want to compile in the assembly language routines with Visual C++ then
+ you will need an assembler. This is worth doing because it will result in
+ faster code: for example it will typically result in a 2 times speedup in the
+ RSA routines. Currently the following assemblers are supported:
+
+  * Microsoft MASM (aka "ml")
+  * Free Netwide Assembler NASM.
+
+ MASM was at one point distributed with VC++. It is now distributed with some
+ Microsoft DDKs, for example the Windows NT 4.0 DDK and the Windows 98 DDK. If
+ you do not have either of these DDKs then you can just download the binaries
+ for the Windows 98 DDK and extract and rename the two files XXXXXml.exe and
+ XXXXXml.err, to ml.exe and ml.err and install somewhere on your PATH. Both
+ DDKs can be downloaded from the Microsoft developers site www.msdn.com.
+
+ NASM is freely available. Version 0.98 was used during testing: other versions
+ may also work. It is available from many places, see for example:
+ http://www.kernel.org/pub/software/devel/nasm/binaries/win32/
+ The NASM binary nasmw.exe needs to be installed anywhere on your PATH.
+
+ If you are compiling from a tarball or a CVS snapshot then the Win32 files
+ may well be not up to date. This may mean that some "tweaking" is required to
+ get it all to work. See the trouble shooting section later on for if (when?)
+ it goes wrong.
+
+ Visual C++
+ ----------
+
+ Firstly you should run Configure:
+
+ > perl Configure VC-WIN32
+
+ Next you need to build the Makefiles and optionally the assembly language
+ files:
+
+ - If you are using MASM then run:
+
+   > ms\do_masm
+
+ - If you are using NASM then run:
+
+   > ms\do_nasm
+
+ - If you don't want to use the assembly language files at all then run:
+
+   > ms\do_ms
+
+ If you get errors about things not having numbers assigned then check the
+ troubleshooting section: you probably won't be able to compile it as it
+ stands.
+
+ Then from the VC++ environment at a prompt do:
+
+ > nmake -f ms\ntdll.mak
+
+ If all is well it should compile and you will have some DLLs and executables
+ in out32dll. If you want to try the tests then do:
+ 
+ > cd out32dll
+ > ..\ms\test
+
+ Tweaks:
+
+ There are various changes you can make to the Win32 compile environment. By
+ default the library is not compiled with debugging symbols. If you add 'debug'
+ to the mk1mf.pl lines in the do_* batch file then debugging symbols will be
+ compiled in.
+
+ The default Win32 environment is to leave out any Windows NT specific
+ features.
+
+ If you want to enable the NT specific features of OpenSSL (currently only the
+ logging BIO) follow the instructions above but call the batch file do_nt.bat
+ instead of do_ms.bat.
+
+ You can also build a static version of the library using the Makefile
+ ms\nt.mak
+
+ Borland C++ builder 3 and 4
+ ---------------------------
+
+ * Setup PATH. First must be GNU make then bcb4/bin 
+
+ * Run ms\bcb4.bat
+
+ * Run make:
+   > make -f bcb.mak
+
+ GNU C (Mingw32)
+ ---------------
+
+ To build OpenSSL, you need the Mingw32 package and GNU make.
+
+ * Compiler installation:
+
+   Mingw32 is available from <ftp://ftp.xraylith.wisc.edu/pub/khan/
+   gnu-win32/mingw32/gcc-2.95.2/gcc-2.95.2-msvcrt.exe>. Extract it
+   to a directory such as C:\gcc-2.95.2 and add c:\gcc-2.95.2\bin to
+   the PATH environment variable in "System Properties"; or edit and
+   run C:\gcc-2.95.2\mingw32.bat to set the PATH.
+
+ * Compile OpenSSL:
+
+   > ms\mingw32
+
+   This will create the library and binaries in out. In case any problems
+   occur, try
+   > ms\mingw32 no-asm
+   instead.
+
+   libcrypto.a and libssl.a are the static libraries. To use the DLLs,
+   link with libeay32.a and libssl32.a instead.
+
+   See troubleshooting if you get error messages about functions not having
+   a number assigned.
+
+ * You can now try the tests:
+
+   > cd out
+   > ..\ms\test
+
+ GNU C (Cygwin)
+ --------------
+
+ Cygwin provides a bash shell and GNU tools environment running on
+ NT 4.0, Windows 9x and Windows 2000. Consequently, a make of OpenSSL
+ with Cygwin is closer to a GNU bash environment such as Linux rather
+ than other W32 makes that are based on a single makefile approach.
+ Cygwin implements Posix/Unix calls through cygwin1.dll, and is
+ contrasted to Mingw32 which links dynamically to msvcrt.dll or
+ crtdll.dll.
+
+ To build OpenSSL using Cygwin:
+
+ * Install Cygwin (see http://sourceware.cygnus.com/cygwin)
+
+ * Install Perl and ensure it is in the path (recent Cygwin perl 
+   (version 5.6.1-2 of the latter has been reported to work) or
+   ActivePerl)
+
+ * Run the Cygwin bash shell
+
+ * $ tar zxvf openssl-x.x.x.tar.gz
+   $ cd openssl-x.x.x
+   $ ./config
+   [...]
+   $ make
+   [...]
+   $ make test
+   $ make install
+
+ This will create a default install in /usr/local/ssl.
+
+ Cygwin Notes:
+
+ "make test" and normal file operations may fail in directories
+ mounted as text (i.e. mount -t c:\somewhere /home) due to Cygwin
+ stripping of carriage returns. To avoid this ensure that a binary
+ mount is used, e.g. mount -b c:\somewhere /home.
+
+ As of version 1.1.1 Cygwin is relatively unstable in its handling
+ of cr/lf issues. These make procedures succeeded with versions 1.1 and
+ the snapshot 20000524 (Slow!).
+
+ "bc" is not provided in the Cygwin distribution.  This causes a
+ non-fatal error in "make test" but is otherwise harmless.  If
+ desired, GNU bc can be built with Cygwin without change.
+
+
+ Installation
+ ------------
+
+ If you used the Cygwin procedure above, you have already installed and
+ can skip this section.  For all other procedures, there's currently no real
+ installation procedure for Win32.  There are, however, some suggestions:
+
+    - do nothing.  The include files are found in the inc32/ subdirectory,
+      all binaries are found in out32dll/ or out32/ depending if you built
+      dynamic or static libraries.
+
+    - do as is written in INSTALL.Win32 that comes with modssl:
+
+	$ md c:\openssl 
+	$ md c:\openssl\bin
+	$ md c:\openssl\lib
+	$ md c:\openssl\include
+	$ md c:\openssl\include\openssl
+	$ copy /b inc32\*               c:\openssl\include\openssl
+	$ copy /b out32dll\ssleay32.lib c:\openssl\lib
+	$ copy /b out32dll\libeay32.lib c:\openssl\lib
+	$ copy /b out32dll\ssleay32.dll c:\openssl\bin
+	$ copy /b out32dll\libeay32.dll c:\openssl\bin
+	$ copy /b out32dll\openssl.exe  c:\openssl\bin
+
+      Of course, you can choose another device than c:.  C: is used here
+      because that's usually the first (and often only) harddisk device.
+      Note: in the modssl INSTALL.Win32, p: is used rather than c:.
+
+
+ Troubleshooting
+ ---------------
+
+ Since the Win32 build is only occasionally tested it may not always compile
+ cleanly.  If you get an error about functions not having numbers assigned
+ when you run ms\do_ms then this means the Win32 ordinal files are not up to
+ date. You can do:
+
+ > perl util\mkdef.pl crypto ssl update
+
+ then ms\do_XXX should not give a warning any more. However the numbers that
+ get assigned by this technique may not match those that eventually get
+ assigned in the CVS tree: so anything linked against this version of the
+ library may need to be recompiled.
+
+ If you get errors about unresolved symbols there are several possible
+ causes.
+
+ If this happens when the DLL is being linked and you have disabled some
+ ciphers then it is possible the DEF file generator hasn't removed all
+ the disabled symbols: the easiest solution is to edit the DEF files manually
+ to delete them. The DEF files are ms\libeay32.def ms\ssleay32.def.
+
+ Another cause is if you missed or ignored the errors about missing numbers
+ mentioned above.
+
+ If you get warnings in the code then the compilation will halt.
+
+ The default Makefile for Win32 halts whenever any warnings occur. Since VC++
+ has its own ideas about warnings which don't always match up to other
+ environments this can happen. The best fix is to edit the file with the
+ warning in and fix it. Alternatively you can turn off the halt on warnings by
+ editing the CFLAG line in the Makefile and deleting the /WX option.
+
+ You might get compilation errors. Again you will have to fix these or report
+ them.
+
+ One final comment about compiling applications linked to the OpenSSL library.
+ If you don't use the multithreaded DLL runtime library (/MD option) your
+ program will almost certainly crash because malloc gets confused -- the
+ OpenSSL DLLs are statically linked to one version, the application must
+ not use a different one.  You might be able to work around such problems
+ by adding CRYPTO_malloc_init() to your program before any calls to the
+ OpenSSL libraries: This tells the OpenSSL libraries to use the same
+ malloc(), free() and realloc() as the application.  However there are many
+ standard library functions used by OpenSSL that call malloc() internally
+ (e.g. fopen()), and OpenSSL cannot change these; so in general you cannot
+ rely on CRYPTO_malloc_init() solving your problem, and you should
+ consistently use the multithreaded library.
--- a/crypto/des/supp.c
+++ b/crypto/des/supp.c
@@ -1,4 +1,73 @@
-/* crypto/des/supp.c */
+
+  LICENSE ISSUES
+  ==============
+
+  The OpenSSL toolkit stays under a dual license, i.e. both the conditions of
+  the OpenSSL License and the original SSLeay license apply to the toolkit.
+  See below for the actual license texts. Actually both licenses are BSD-style
+  Open Source licenses. In case of any license issues related to OpenSSL
+  please contact openssl-core@openssl.org.
+
+  OpenSSL License
+  ---------------
+
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+ Original SSLeay License
+ -----------------------
+
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -56,54 +125,3 @@
 * [including the GNU Public Licence.]
 */

-/*
- * Copyright (c) 1995
- *	Mark Murray.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by Mark Murray
- * 4. Neither the name of the author nor the names of any co-contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY MARK MURRAY AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * $Id: supp.c,v 1.1.1.2 1998/12/21 10:55:04 rse Exp $
- */
-
-#include <stdio.h>
-#include "des_locl.h"
-
-void des_cblock_print_file(cb, fp)
-	des_cblock *cb;
-	FILE *fp;
-{
-	int i;
-	unsigned int *p = (unsigned int *)cb;
-
-	fprintf(fp, " 0x { ");
-	for (i = 0; i < 8; i++) {
-		fprintf(fp, "%x", p[i]);
-		if (i != 7) fprintf(fp, ", ");
-	}
-	fprintf(fp, " }");
-}
--- a/146
+++ b/146
@@ -1,146 +0,0 @@
-The Microsoft World.
-
-The good news, to build SSLeay for the Microsft World
-
-Windows 3.1 DLL's
-perl Configure VC-WIN16
-nmake -f ms\w31dll.mak
-
-Windows NT/95 DLL's
-perl Configure VC-WIN32
-nmake -f ms\ntdll.mak
-
-Now the bad news
-All builds were done using Microsofts Visual C++ 1.52c and [45].x.
-If you are a borland person, you are probably going to have to help me
-finish the stuff in util/pl/BC*pl
-
-All builds were made under Windows NT - this means long filenames, so
-you may have problems under Windows 3.1 but probably not under 95.
-
-Because file pointers don't work in DLL's under Windows 3.1 (well at
-least stdin/stdout don't and I don't like having to differentiate
-between these and other file pointers), I now use the BIO file-pointer
-module, which needs to be linked into your application.  You can either
-use the memory buffer BIO for IO, or compile bss_file.c into your
-application, it is in the apps directory and is just a copy of
-crypto/buffer/bss_file.c with #define APPS_WIN16 added.
-I have not yet automated the makefile to automatically copy it into 'out'
-for a win 3.1 build....
-
-All callbacks passed into SSLeay for Windows 3.1 need to be of type
-_far _loadds.
-
-I don't support building with the pascal calling convention.
-
-The DLL and static builds are large memory model.
-
-To build static libraries for NT/95 or win 3.1
-
-perl util/mk1mf.pl VC-WIN32 > mf-stat.nt
-perl util/mk1mf.pl VC-WIN16 > mf-stat.w31
-for DLL's
-perl util/mk1mf.pl dll VC-WIN32	> mf-dll.nt
-perl util/mk1mf.pl dll VC-WIN16 > mf-dll.w31
-
-Again you will notice that if you dont have perl, you cannot do this.
-
-Now the next importaint issue.  Running Configure!
-I have small assember code files for critical big number library operation
-in crypto/bn/asm.  There is, asm code, object files and uuencode
-object files.  They are
-x86nt32.asm	- 32bit flat memory model assember - suitable Win32
-x86w16.asm	- 16bit assember - used in the msdos build.
-x86w32.asm	- 32bit assember, win 3.1 segments, used for win16 build.
-
-If you feel compelled to build the 16bit maths routines in the windows 3.1
-build,
-perl Configure VC-W31-16
-perl util/mk1mf.pl dll VC-W31-16 > mf-dll.w31
-
-If you hate assember and don't want anything to do with it,
-perl util/mk1mf.pl no-asm VC-WIN16 > mf-dll.w31
-will work for any of the makefile generations.
-
-There are more options to mk1mf.pl but these all leave the temporary
-files in 'tmp' and the output files in 'out' by default.
-
-The NT build is done for console mode.
-
-The Windows 3.1 version of SSLeay uses quickwin, the interface is ugly
-but it is better than nothing.  If you want ugly, try doing anything
-that involves getting a password.  I decided to be ugly instead of
-echoing characters.  For Windows 3.1 I would just sugest using the
-msdos version of the ssleay application for command line work.
-The QuickWin build is primarily for testing.
-
-For both NT and Windows 3.1, I have not written the code so that
-s_client, s_server can take input from the keyboard.  You can happily
-start applications up in separate windows, watch them handshake, and then sit
-there for-ever.  I have not had the time to get this working, and I've
-been able to test things from a unix box to the NT box :-).
-Try running ssleay s_server on the windows box
-(with either -cert ../apps/server.pem -www)
-and run ssleay s_time from another window.
-This often stuffs up on Windows 3.1, but I'm not worried since this is
-probably a problem with my demo applications, not the libraries.
-
-After a build of one of the version of microsoft SSLeay,
-'cd ms' and then run 'test'.  This should check everything out and
-even does a trial run of generating certificates.
-'test.bat' requires that perl be install, you be in the ms directory
-(not the test directory, thats for unix so stay out :-) and that the
-build output directory be ../out 
-
-On a last note, you will probably get division by zero errors and
-stuff after a build.  This is due to your own inability to follow
-instructions :-).
-
-The reasons for the problem is probably one of the following.
-
-1)	You did not run Configure.  This is critical for windows 3.1 when
-	using assember.  The values in crypto/bn/bn.h must match the
-	ones requred for the assember code.  (remember that if you
-	edit crypto/bn/bn.h by hand, it will be clobered the next time
-	you run Configure by the contents of crypto/bn/bn.org).
-	SSLeay version -o will list the compile options.
-	For VC-WIN32 you need bn(64,32) or bn(32,32)
-	For VC-W31-32/VC-WIN16 you need bn(32,32)
-	For VC-W31-16 you need bn(32,16) or bn(16,16)
-	For VC-MSDOS you need bn(32,16) or bn(16,16).
-
-	The first number will be 2 times bigger than the second if
-	BN_LLONG is defined in bn.h and the size of the second number
-	depends on the 'bits' defined at the start of bn.h.  Have a
-	look, it's all reasonably clear.
-	If you want to start messing with 8 bit builds and things like
-	that, build without the assember by re-generating a makefile
-	via 'perl util/mk1mf.pl no-asm'.
-2)	You tried to build under MS-DOS or Windows 3.1 using the /G3
-	option.  Don't.  It is buggy (thats why you just got that
-	error) and unless you want to work out which optimising flag
-	to turn off, I'm not going to help you :-).  I also noticed
-	that code often ran slower when compiled with /G3.
-3)	Under NT/95, malloc goes stupid.  You are probably linking with
-	the wrong library, there are problems if you mix the threaded
-	and non-threaded libraries (due to the DLL being staticly
-	linked with one and the applicaion using another.
-
-Well hopefully thats most of the MS issues handled, see you in ssl-users :-).
-
-eric 30-Aug-1996
-
-SSLeay 0.6.5
-For Windows 95/NT, add CRYPTO_malloc_init() to your program before any
-calls to the SSLeay libraries.  This function will insert callbacks so that
-the SSLeay libraries will use the same malloc(), free() and realloc() as
-your application so 'problem 3)' mentioned above will go away.
-
-There is now DES assember for Windows NT/95.  The file is
-crypto/des/asm/win32.asm and replaces crypto/des/des_enc.c in the build.
-
-There is also Blowfish assember for Windows NT/95.  The file is
-crypto/bf/asm/win32.asm and replaces crypto/bf/bf_enc.c in the build.
-
-eric 25-Jun-1997
-
--- a/1019
+++ b/1019
--- a/MacOS/GUSI_Init.cpp
+++ b/MacOS/GUSI_Init.cpp
@@ -0,0 +1,62 @@
+/**************** BEGIN GUSI CONFIGURATION ****************************
+ *
+ * GUSI Configuration section generated by GUSI Configurator
+ * last modified: Wed Jan  5 20:33:51 2000
+ *
+ * This section will be overwritten by the next run of Configurator.
+ */
+
+#define GUSI_SOURCE
+#include <GUSIConfig.h>
+#include <sys/cdefs.h>
+
+/* Declarations of Socket Factories */
+
+__BEGIN_DECLS
+void GUSIwithInetSockets();
+void GUSIwithLocalSockets();
+void GUSIwithMTInetSockets();
+void GUSIwithMTTcpSockets();
+void GUSIwithMTUdpSockets();
+void GUSIwithOTInetSockets();
+void GUSIwithOTTcpSockets();
+void GUSIwithOTUdpSockets();
+void GUSIwithPPCSockets();
+void GUSISetupFactories();
+__END_DECLS
+
+/* Configure Socket Factories */
+
+void GUSISetupFactories()
+{
+#ifdef GUSISetupFactories_BeginHook
+	GUSISetupFactories_BeginHook
+#endif
+	GUSIwithInetSockets();
+#ifdef GUSISetupFactories_EndHook
+	GUSISetupFactories_EndHook
+#endif
+}
+
+/* Declarations of File Devices */
+
+__BEGIN_DECLS
+void GUSIwithDConSockets();
+void GUSIwithNullSockets();
+void GUSISetupDevices();
+__END_DECLS
+
+/* Configure File Devices */
+
+void GUSISetupDevices()
+{
+#ifdef GUSISetupDevices_BeginHook
+	GUSISetupDevices_BeginHook
+#endif
+	GUSIwithNullSockets();
+#ifdef GUSISetupDevices_EndHook
+	GUSISetupDevices_EndHook
+#endif
+}
+
+/**************** END GUSI CONFIGURATION *************************/
--- a/MacOS/GetHTTPS.src/CPStringUtils.cpp
+++ b/MacOS/GetHTTPS.src/CPStringUtils.cpp
--- a/MacOS/GetHTTPS.src/CPStringUtils.hpp
+++ b/MacOS/GetHTTPS.src/CPStringUtils.hpp
@@ -0,0 +1,104 @@
+#pragma once
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+void CopyPStrToCStr(const unsigned char *thePStr,char *theCStr,const int maxCStrLength);
+void CopyPStrToPStr(const unsigned char *theSrcPStr,unsigned char *theDstPStr,const int maxDstStrLength);
+void CopyCStrToCStr(const char *theSrcCStr,char *theDstCStr,const int maxDstStrLength);
+void CopyCStrToPStr(const char *theSrcCStr,unsigned char *theDstPStr,const int maxDstStrLength);
+void ConcatPStrToCStr(const unsigned char *thePStr,char *theCStr,const int maxCStrLength);
+void ConcatPStrToPStr(const unsigned char *theSrcPStr,unsigned char *theDstPStr,const int maxDstStrLength);
+void ConcatCStrToPStr(const char *theSrcCStr,unsigned char *theDstPStr,const int maxDstStrLength);
+void ConcatCStrToCStr(const char *theSrcCStr,char *theDstCStr,const int maxCStrLength);
+
+void ConcatCharToCStr(const char theChar,char *theDstCStr,const int maxCStrLength);
+void ConcatCharToPStr(const char theChar,unsigned char *theDstPStr,const int maxPStrLength);
+
+int ComparePStrs(const unsigned char *theFirstPStr,const unsigned char *theSecondPStr,const Boolean ignoreCase = true);
+int CompareCStrs(const char *theFirstCStr,const char *theSecondCStr,const Boolean ignoreCase = true);
+int CompareCStrToPStr(const char *theCStr,const unsigned char *thePStr,const Boolean ignoreCase = true);
+
+Boolean CStrsAreEqual(const char *theFirstCStr,const char *theSecondCStr,const Boolean ignoreCase = true);
+Boolean PStrsAreEqual(const unsigned char *theFirstCStr,const unsigned char *theSecondCStr,const Boolean ignoreCase = true);
+
+void CopyLongIntToCStr(const long theNum,char *theCStr,const int maxCStrLength,const int numDigits = -1);
+void CopyUnsignedLongIntToCStr(const unsigned long theNum,char *theCStr,const int maxCStrLength);
+void ConcatLongIntToCStr(const long theNum,char *theCStr,const int maxCStrLength,const int numDigits = -1);
+void CopyCStrAndConcatLongIntToCStr(const char *theSrcCStr,const long theNum,char *theDstCStr,const int maxDstStrLength);
+
+void CopyLongIntToPStr(const long theNum,unsigned char *thePStr,const int maxPStrLength,const int numDigits = -1);
+void ConcatLongIntToPStr(const long theNum,unsigned char *thePStr,const int maxPStrLength,const int numDigits = -1);
+
+long CStrLength(const char *theCString);
+long PStrLength(const unsigned char *thePString);
+
+OSErr CopyCStrToExistingHandle(const char *theCString,Handle theHandle);
+OSErr CopyLongIntToExistingHandle(const long inTheLongInt,Handle theHandle);
+
+OSErr CopyCStrToNewHandle(const char *theCString,Handle *theHandle);
+OSErr CopyPStrToNewHandle(const unsigned char *thePString,Handle *theHandle);
+OSErr CopyLongIntToNewHandle(const long inTheLongInt,Handle *theHandle);
+
+OSErr AppendCStrToHandle(const char *theCString,Handle theHandle,long *currentLength = nil,long *maxLength = nil);
+OSErr AppendCharsToHandle(const char *theChars,const int numChars,Handle theHandle,long *currentLength = nil,long *maxLength = nil);
+OSErr AppendPStrToHandle(const unsigned char *thePString,Handle theHandle,long *currentLength = nil);
+OSErr AppendLongIntToHandle(const long inTheLongInt,Handle theHandle,long *currentLength = nil);
+
+void ZeroMem(void *theMemPtr,const unsigned long numBytes);
+
+char *FindCharInCStr(const char theChar,const char *theCString);
+long FindCharOffsetInCStr(const char theChar,const char *theCString,const Boolean inIgnoreCase = false);
+long FindCStrOffsetInCStr(const char *theCSubstring,const char *theCString,const Boolean inIgnoreCase = false);
+
+void CopyCSubstrToCStr(const char *theSrcCStr,const int maxCharsToCopy,char *theDstCStr,const int maxDstStrLength);
+void CopyCSubstrToPStr(const char *theSrcCStr,const int maxCharsToCopy,unsigned char *theDstPStr,const int maxDstStrLength);
+
+void InsertCStrIntoCStr(const char *theSrcCStr,const int theInsertionOffset,char *theDstCStr,const int maxDstStrLength);
+void InsertPStrIntoCStr(const unsigned char *theSrcPStr,const int theInsertionOffset,char *theDstCStr,const int maxDstStrLength);
+OSErr InsertCStrIntoHandle(const char *theCString,Handle theHandle,const long inInsertOffset);
+
+void CopyCStrAndInsertCStrIntoCStr(const char *theSrcCStr,const char *theInsertCStr,char *theDstCStr,const int maxDstStrLength);
+
+void CopyCStrAndInsertCStrsLongIntsIntoCStr(const char *theSrcCStr,const char **theInsertCStrs,const long *theLongInts,char *theDstCStr,const int maxDstStrLength);
+
+void CopyCStrAndInsert1LongIntIntoCStr(const char *theSrcCStr,const long theNum,char *theDstCStr,const int maxDstStrLength);
+void CopyCStrAndInsert2LongIntsIntoCStr(const char *theSrcCStr,const long long1,const long long2,char *theDstCStr,const int maxDstStrLength);
+void CopyCStrAndInsert3LongIntsIntoCStr(const char *theSrcCStr,const long long1,const long long2,const long long3,char *theDstCStr,const int maxDstStrLength);
+
+void CopyCStrAndInsertCStrLongIntIntoCStr(const char *theSrcCStr,const char *theInsertCStr,const long theNum,char *theDstCStr,const int maxDstStrLength);
+OSErr CopyCStrAndInsertCStrLongIntIntoHandle(const char *theSrcCStr,const char *theInsertCStr,const long theNum,Handle *theHandle);
+
+
+OSErr CopyIndexedWordToCStr(char *theSrcCStr,int whichWord,char *theDstCStr,int maxDstCStrLength);
+OSErr CopyIndexedWordToNewHandle(char *theSrcCStr,int whichWord,Handle *outTheHandle);
+
+OSErr CopyIndexedLineToCStr(const char *theSrcCStr,int inWhichLine,int *lineEndIndex,Boolean *gotLastLine,char *theDstCStr,const int maxDstCStrLength);
+OSErr CopyIndexedLineToNewHandle(const char *theSrcCStr,int inWhichLine,Handle *outNewHandle);
+
+OSErr ExtractIntFromCStr(const char *theSrcCStr,int *outInt,Boolean skipLeadingSpaces = true);
+OSErr ExtractIntFromPStr(const unsigned char *theSrcPStr,int *outInt,Boolean skipLeadingSpaces = true);
+
+
+void ConvertCStrToUpperCase(char *theSrcCStr);
+
+
+int CountOccurencesOfCharInCStr(const char inChar,const char *inSrcCStr);
+int CountWordsInCStr(const char *inSrcCStr);
+
+OSErr CountDigits(const char *inCStr,int *outNumIntegerDigits,int *outNumFractDigits);
+
+void ExtractCStrItemFromCStr(const char *inSrcCStr,const char inItemDelimiter,const int inItemNumber,Boolean *foundItem,char *outDstCharPtr,const int inDstCharPtrMaxLength,const Boolean inTreatMultipleDelimsAsSingleDelim = false);
+OSErr ExtractCStrItemFromCStrIntoNewHandle(const char *inSrcCStr,const char inItemDelimiter,const int inItemNumber,Boolean *foundItem,Handle *outNewHandle,const Boolean inTreatMultipleDelimsAsSingleDelim = false);
+
+
+OSErr ExtractFloatFromCStr(const char *inCString,extended80 *outFloat);
+OSErr CopyFloatToCStr(const extended80 *theFloat,char *theCStr,const int maxCStrLength,const int inMaxNumIntDigits = -1,const int inMaxNumFractDigits = -1);
+
+void SkipWhiteSpace(char **ioSrcCharPtr,const Boolean inStopAtEOL = false);
+
+
+#ifdef __cplusplus
+}
+#endif
--- a/MacOS/GetHTTPS.src/ErrorHandling.cpp
+++ b/MacOS/GetHTTPS.src/ErrorHandling.cpp
@@ -0,0 +1,170 @@
+/* ====================================================================
+ * Copyright (c) 1998-1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+ 
+ 
+ 
+ #include "ErrorHandling.hpp"
+#include "CPStringUtils.hpp"
+
+#ifdef __EXCEPTIONS_ENABLED__
+	#include "CMyException.hpp"
+#endif
+
+
+static char					gErrorMessageBuffer[512];
+
+char 						*gErrorMessage = gErrorMessageBuffer;
+int							gErrorMessageMaxLength = sizeof(gErrorMessageBuffer);
+
+
+
+void SetErrorMessage(const char *theErrorMessage)
+{
+	if (theErrorMessage != nil)
+	{
+		CopyCStrToCStr(theErrorMessage,gErrorMessage,gErrorMessageMaxLength);
+	}
+}
+
+
+void SetErrorMessageAndAppendLongInt(const char *theErrorMessage,const long theLongInt)
+{
+	if (theErrorMessage != nil)
+	{
+		CopyCStrAndConcatLongIntToCStr(theErrorMessage,theLongInt,gErrorMessage,gErrorMessageMaxLength);
+	}
+}
+
+void SetErrorMessageAndCStrAndLongInt(const char *theErrorMessage,const char * theCStr,const long theLongInt)
+{
+	if (theErrorMessage != nil)
+	{
+		CopyCStrAndInsertCStrLongIntIntoCStr(theErrorMessage,theCStr,theLongInt,gErrorMessage,gErrorMessageMaxLength);
+	}
+
+}
+
+void SetErrorMessageAndCStr(const char *theErrorMessage,const char * theCStr)
+{
+	if (theErrorMessage != nil)
+	{
+		CopyCStrAndInsertCStrLongIntIntoCStr(theErrorMessage,theCStr,-1,gErrorMessage,gErrorMessageMaxLength);
+	}
+}
+
+
+void AppendCStrToErrorMessage(const char *theErrorMessage)
+{
+	if (theErrorMessage != nil)
+	{
+		ConcatCStrToCStr(theErrorMessage,gErrorMessage,gErrorMessageMaxLength);
+	}
+}
+
+
+void AppendLongIntToErrorMessage(const long theLongInt)
+{
+	ConcatLongIntToCStr(theLongInt,gErrorMessage,gErrorMessageMaxLength);
+}
+
+
+
+char *GetErrorMessage(void)
+{
+	return gErrorMessage;
+}
+
+
+OSErr GetErrorMessageInNewHandle(Handle *inoutHandle)
+{
+OSErr		errCode;
+
+
+	errCode = CopyCStrToNewHandle(gErrorMessage,inoutHandle);
+	
+	return(errCode);
+}
+
+
+OSErr GetErrorMessageInExistingHandle(Handle inoutHandle)
+{
+OSErr		errCode;
+
+
+	errCode = CopyCStrToExistingHandle(gErrorMessage,inoutHandle);
+	
+	return(errCode);
+}
+
+
+
+OSErr AppendErrorMessageToHandle(Handle inoutHandle)
+{
+OSErr		errCode;
+
+
+	errCode = AppendCStrToHandle(gErrorMessage,inoutHandle,nil);
+	
+	return(errCode);
+}
+
+
+#ifdef __EXCEPTIONS_ENABLED__
+
+void ThrowErrorMessageException(void)
+{
+	ThrowDescriptiveException(gErrorMessage);
+}
+
+#endif
--- a/MacOS/GetHTTPS.src/ErrorHandling.hpp
+++ b/MacOS/GetHTTPS.src/ErrorHandling.hpp
@@ -0,0 +1,147 @@
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#ifndef kGenericError
+	#define kGenericError		-1
+#endif
+
+extern char	*gErrorMessage;
+
+
+void SetErrorMessage(const char *theErrorMessage);
+void SetErrorMessageAndAppendLongInt(const char *theErrorMessage,const long theLongInt);
+void SetErrorMessageAndCStrAndLongInt(const char *theErrorMessage,const char * theCStr,const long theLongInt);
+void SetErrorMessageAndCStr(const char *theErrorMessage,const char * theCStr);
+void AppendCStrToErrorMessage(const char *theErrorMessage);
+void AppendLongIntToErrorMessage(const long theLongInt);
+
+
+char *GetErrorMessage(void);
+OSErr GetErrorMessageInNewHandle(Handle *inoutHandle);
+OSErr GetErrorMessageInExistingHandle(Handle inoutHandle);
+OSErr AppendErrorMessageToHandle(Handle inoutHandle);
+
+
+#ifdef __EXCEPTIONS_ENABLED__
+	void ThrowErrorMessageException(void);
+#endif
+
+
+
+//	A bunch of evil macros that would be uneccessary if I were always using C++ !
+
+#define SetErrorMessageAndBailIfNil(theArg,theMessage)								\
+{																					\
+	if (theArg == nil)																\
+	{																				\
+		SetErrorMessage(theMessage);												\
+		errCode = kGenericError;													\
+		goto EXITPOINT;																\
+	}																				\
+}
+
+
+#define SetErrorMessageAndBail(theMessage)											\
+{																					\
+		SetErrorMessage(theMessage);												\
+		errCode = kGenericError;													\
+		goto EXITPOINT;																\
+}
+
+
+#define SetErrorMessageAndLongIntAndBail(theMessage,theLongInt)						\
+{																					\
+		SetErrorMessageAndAppendLongInt(theMessage,theLongInt);						\
+		errCode = kGenericError;													\
+		goto EXITPOINT;																\
+}
+
+
+#define SetErrorMessageAndLongIntAndBailIfError(theErrCode,theMessage,theLongInt)	\
+{																					\
+	if (theErrCode != noErr)														\
+	{																				\
+		SetErrorMessageAndAppendLongInt(theMessage,theLongInt);						\
+		errCode = theErrCode;														\
+		goto EXITPOINT;																\
+	}																				\
+}
+
+
+#define SetErrorMessageCStrLongIntAndBailIfError(theErrCode,theMessage,theCStr,theLongInt)	\
+{																					\
+	if (theErrCode != noErr)														\
+	{																				\
+		SetErrorMessageAndCStrAndLongInt(theMessage,theCStr,theLongInt);			\
+		errCode = theErrCode;														\
+		goto EXITPOINT;																\
+	}																				\
+}
+
+
+#define SetErrorMessageAndCStrAndBail(theMessage,theCStr)							\
+{																					\
+	SetErrorMessageAndCStr(theMessage,theCStr);										\
+	errCode = kGenericError;														\
+	goto EXITPOINT;																	\
+}
+
+
+#define SetErrorMessageAndBailIfError(theErrCode,theMessage)						\
+{																					\
+	if (theErrCode != noErr)														\
+	{																				\
+		SetErrorMessage(theMessage);												\
+		errCode = theErrCode;														\
+		goto EXITPOINT;																\
+	}																				\
+}
+
+
+#define SetErrorMessageAndLongIntAndBailIfNil(theArg,theMessage,theLongInt)			\
+{																					\
+	if (theArg == nil)																\
+	{																				\
+		SetErrorMessageAndAppendLongInt(theMessage,theLongInt);						\
+		errCode = kGenericError;													\
+		goto EXITPOINT;																\
+	}																				\
+}
+
+
+#define BailIfError(theErrCode)														\
+{																					\
+	if ((theErrCode) != noErr)														\
+	{																				\
+		goto EXITPOINT;																\
+	}																				\
+}
+
+
+#define SetErrCodeAndBail(theErrCode)												\
+{																					\
+	errCode = theErrCode;															\
+																					\
+	goto EXITPOINT;																	\
+}
+
+
+#define SetErrorCodeAndMessageAndBail(theErrCode,theMessage)						\
+{																					\
+	SetErrorMessage(theMessage);													\
+	errCode = theErrCode;															\
+	goto EXITPOINT;																	\
+}
+
+
+#define BailNow()																	\
+{																					\
+	errCode = kGenericError;														\
+	goto EXITPOINT;																	\
+}
+
+
+#ifdef __cplusplus
+}
+#endif
--- a/MacOS/GetHTTPS.src/GetHTTPS.cpp
+++ b/MacOS/GetHTTPS.src/GetHTTPS.cpp
@@ -0,0 +1,209 @@
+/*
+ *	An demo illustrating how to retrieve a URI from a secure HTTP server.
+ *
+ *	Author: 	Roy Wood
+ *	Date:		September 7, 1999
+ *	Comments:	This relies heavily on my MacSockets library.
+ *				This project is also set up so that it expects the OpenSSL source folder (0.9.4 as I write this)
+ *				to live in a folder called "OpenSSL-0.9.4" in this project's parent folder.  For example:
+ *
+ *					Macintosh HD:
+ *						Development:
+ *							OpenSSL-0.9.4:
+ *								(OpenSSL sources here)
+ *							OpenSSL Example:
+ *								(OpenSSL example junk here)
+ *
+ *
+ *				Also-- before attempting to compile this, make sure the aliases in "OpenSSL-0.9.4:include:openssl" 
+ *				are installed!  Use the AppleScript applet in the "openssl-0.9.4" folder to do this!
+ */
+/* modified to seed the PRNG */
+/* modified to use CRandomizer for seeding */
+
+
+//	Include some funky libs I've developed over time
+
+#include "CPStringUtils.hpp"
+#include "ErrorHandling.hpp"
+#include "MacSocket.h"
+#include "Randomizer.h"
+
+//	We use the OpenSSL implementation of SSL....
+//	This was a lot of work to finally get going, though you wouldn't know it by the results!
+
+#include <openssl/ssl.h>
+#include <openssl/err.h>
+
+#include <timer.h>
+
+//	Let's try grabbing some data from here:
+
+#define kHTTPS_DNS		"www.apache-ssl.org"
+#define kHTTPS_Port		443
+#define kHTTPS_URI		"/"
+
+
+//	Forward-declare this
+
+OSErr MyMacSocket_IdleWaitCallback(void *inUserRefPtr);
+
+//	My idle-wait callback.  Doesn't do much, does it?  Silly cooperative multitasking.
+
+OSErr MyMacSocket_IdleWaitCallback(void *inUserRefPtr)
+{
+#pragma unused(inUserRefPtr)
+
+EventRecord		theEvent;
+	::EventAvail(everyEvent,&theEvent);
+	
+	CRandomizer *randomizer = (CRandomizer*)inUserRefPtr;
+	if (randomizer)
+		randomizer->PeriodicAction();
+
+	return(noErr);
+}
+
+
+//	Finally!
+
+void main(void)
+{
+	OSErr				errCode;
+	int					theSocket = -1;
+	int					theTimeout = 30;
+
+	SSL_CTX				*ssl_ctx = nil;
+	SSL					*ssl = nil;
+
+	char				tempString[256];
+	UnsignedWide		microTickCount;
+
+
+	CRandomizer randomizer;
+	
+	printf("OpenSSL Demo by Roy Wood, roy@centricsystems.ca\n\n");
+	
+	BailIfError(errCode = MacSocket_Startup());
+
+
+
+	//	Create a socket-like object
+	
+	BailIfError(errCode = MacSocket_socket(&theSocket,false,theTimeout * 60,MyMacSocket_IdleWaitCallback,&randomizer));
+
+	
+	//	Set up the connect string and try to connect
+	
+	CopyCStrAndInsertCStrLongIntIntoCStr("%s:%ld",kHTTPS_DNS,kHTTPS_Port,tempString,sizeof(tempString));
+	
+	printf("Connecting to %s....\n",tempString);
+
+	BailIfError(errCode = MacSocket_connect(theSocket,tempString));
+	
+	
+	//	Init SSL stuff
+	
+	SSL_load_error_strings();
+	
+	SSLeay_add_ssl_algorithms();
+	
+	
+	//	Pick the SSL method
+	
+//	ssl_ctx = SSL_CTX_new(SSLv2_client_method());
+	ssl_ctx = SSL_CTX_new(SSLv23_client_method());
+//	ssl_ctx = SSL_CTX_new(SSLv3_client_method());
+			
+
+	//	Create an SSL thingey and try to negotiate the connection
+	
+	ssl = SSL_new(ssl_ctx);
+	
+	SSL_set_fd(ssl,theSocket);
+	
+	errCode = SSL_connect(ssl);
+	
+	if (errCode < 0)
+	{
+		SetErrorMessageAndLongIntAndBail("OpenSSL: Can't initiate SSL connection, SSL_connect() = ",errCode);
+	}
+	
+	//	Request the URI from the host
+	
+	CopyCStrToCStr("GET ",tempString,sizeof(tempString));
+	ConcatCStrToCStr(kHTTPS_URI,tempString,sizeof(tempString));
+	ConcatCStrToCStr(" HTTP/1.0\r\n\r\n",tempString,sizeof(tempString));
+
+	
+	errCode = SSL_write(ssl,tempString,CStrLength(tempString));
+	
+	if (errCode < 0)
+	{
+		SetErrorMessageAndLongIntAndBail("OpenSSL: Error writing data via ssl, SSL_write() = ",errCode);
+	}
+	
+
+	for (;;)
+	{
+	char	tempString[256];
+	int		bytesRead;
+		
+
+		//	Read some bytes and dump them to the console
+		
+		bytesRead = SSL_read(ssl,tempString,sizeof(tempString) - 1);
+		
+		if (bytesRead == 0 && MacSocket_RemoteEndIsClosing(theSocket))
+		{
+			break;
+		}
+		
+		else if (bytesRead < 0)
+		{
+			SetErrorMessageAndLongIntAndBail("OpenSSL: Error reading data via ssl, SSL_read() = ",bytesRead);
+		}
+		
+		
+		tempString[bytesRead] = '\0';
+		
+		printf("%s", tempString);
+	}
+	
+	printf("\n\n\n");
+	
+	//	All done!
+	
+	errCode = noErr;
+	
+	
+EXITPOINT:
+
+	//	Clean up and go home
+	
+	if (theSocket >= 0)
+	{
+		MacSocket_close(theSocket);
+	}
+	
+	if (ssl != nil)
+	{
+		SSL_free(ssl);
+	}
+	
+	if (ssl_ctx != nil)
+	{
+		SSL_CTX_free(ssl_ctx);
+	}
+	
+	
+	if (errCode != noErr)
+	{
+		printf("An error occurred:\n");
+		
+		printf("%s",GetErrorMessage());
+	}
+	
+	
+	MacSocket_Shutdown();
+}
--- a/MacOS/GetHTTPS.src/MacSocket.cpp
+++ b/MacOS/GetHTTPS.src/MacSocket.cpp
--- a/MacOS/GetHTTPS.src/MacSocket.h
+++ b/MacOS/GetHTTPS.src/MacSocket.h
@@ -0,0 +1,103 @@
+#pragma once
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+
+
+enum
+{
+	kMacSocket_TimeoutErr = -2
+};
+
+
+//	Since MacSocket does busy waiting, I do a callback while waiting
+
+typedef OSErr (*MacSocket_IdleWaitCallback)(void *);
+
+
+//	Call this before anything else!
+
+OSErr MacSocket_Startup(void);
+
+
+//	Call this to cleanup before quitting
+
+OSErr MacSocket_Shutdown(void);
+
+
+//	Call this to allocate a "socket" (reference number is returned in outSocketNum)
+//	Note that inDoThreadSwitching is pretty much irrelevant right now, since I ignore it
+//	The inTimeoutTicks parameter is applied during reads/writes of data
+//	The inIdleWaitCallback parameter specifies a callback which is called during busy-waiting periods
+//	The inUserRefPtr parameter is passed back to the idle-wait callback
+
+OSErr MacSocket_socket(int *outSocketNum,const Boolean inDoThreadSwitching,const long inTimeoutTicks,MacSocket_IdleWaitCallback inIdleWaitCallback,void *inUserRefPtr);
+
+
+//	Call this to connect to an IP/DNS address
+//	Note that inTargetAddressAndPort is in "IP:port" format-- e.g. 10.1.1.1:123
+
+OSErr MacSocket_connect(const int inSocketNum,char *inTargetAddressAndPort);
+
+
+//	Call this to listen on a port
+//	Since this a low-performance implementation, I allow a maximum of 1 (one!) incoming request when I listen
+
+OSErr MacSocket_listen(const int inSocketNum,const int inPortNum);
+
+
+//	Call this to close a socket
+
+OSErr MacSocket_close(const int inSocketNum);
+
+
+//	Call this to receive data on a socket
+//	Most parameters' purpose are obvious-- except maybe "inBlock" which controls whether I wait for data or return immediately
+
+int MacSocket_recv(const int inSocketNum,void *outBuff,int outBuffLength,const Boolean inBlock);
+
+
+//	Call this to send data on a socket
+
+int MacSocket_send(const int inSocketNum,void *inBuff,int inBuffLength);
+
+
+//	If zero bytes were read in a call to MacSocket_recv(), it may be that the remote end has done a half-close
+//	This function will let you check whether that's true or not
+
+Boolean MacSocket_RemoteEndIsClosing(const int inSocketNum);
+
+
+//	Call this to see if the listen has completed after a call to MacSocket_listen()
+
+Boolean MacSocket_ListenCompleted(const int inSocketNum);
+
+
+//	These really aren't very useful anymore
+
+Boolean MacSocket_LocalEndIsOpen(const int inSocketNum);
+Boolean MacSocket_RemoteEndIsOpen(const int inSocketNum);
+
+
+//	You may wish to change the userRefPtr for a socket callback-- use this to do it
+
+void MacSocket_SetUserRefPtr(const int inSocketNum,void *inNewRefPtr);
+
+
+//	Call these to get the socket's IP:port descriptor
+
+void MacSocket_GetLocalIPAndPort(const int inSocketNum,char *outIPAndPort,const int inIPAndPortLength);
+void MacSocket_GetRemoteIPAndPort(const int inSocketNum,char *outIPAndPort,const int inIPAndPortLength);
+
+
+//	Call this to get error info from a socket
+
+void MacSocket_GetSocketErrorInfo(const int inSocketNum,int *outSocketErrCode,char *outSocketErrString,const int inSocketErrStringMaxLength);
+
+
+#ifdef __cplusplus
+}
+#endif
--- a/MacOS/OpenSSL.mcp.hqx
+++ b/MacOS/OpenSSL.mcp.hqx
--- a/MacOS/Randomizer.cpp
+++ b/MacOS/Randomizer.cpp
@@ -0,0 +1,476 @@
+/* 
+------- Strong random data generation on a Macintosh (pre - OS X) ------
+		
+--	GENERAL: We aim to generate unpredictable bits without explicit
+	user interaction. A general review of the problem may be found
+	in RFC 1750, "Randomness Recommendations for Security", and some
+	more discussion, of general and Mac-specific issues has appeared
+	in "Using and Creating Cryptographic- Quality Random Numbers" by
+	Jon Callas (www.merrymeet.com/jon/usingrandom.html).
+
+	The data and entropy estimates provided below are based on my
+	limited experimentation and estimates, rather than by any
+	rigorous study, and the entropy estimates tend to be optimistic.
+	They should not be considered absolute.
+
+	Some of the information being collected may be correlated in
+	subtle ways. That includes mouse positions, timings, and disk
+	size measurements. Some obvious correlations will be eliminated
+	by the programmer, but other, weaker ones may remain. The
+	reliability of the code depends on such correlations being
+	poorly understood, both by us and by potential interceptors.
+
+	This package has been planned to be used with OpenSSL, v. 0.9.5.
+	It requires the OpenSSL function RAND_add. 
+
+--	OTHER WORK: Some source code and other details have been
+	published elsewhere, but I haven't found any to be satisfactory
+	for the Mac per se:
+
+	* The Linux random number generator (by Theodore Ts'o, in
+	  drivers/char/random.c), is a carefully designed open-source
+	  crypto random number package. It collects data from a variety
+	  of sources, including mouse, keyboard and other interrupts.
+	  One nice feature is that it explicitly estimates the entropy
+	  of the data it collects. Some of its features (e.g. interrupt
+	  timing) cannot be reliably exported to the Mac without using
+	  undocumented APIs.
+
+	* Truerand by Don P. Mitchell and Matt Blaze uses variations
+	  between different timing mechanisms on the same system. This
+	  has not been tested on the Mac, but requires preemptive
+	  multitasking, and is hardware-dependent, and can't be relied
+	  on to work well if only one oscillator is present.
+
+	* Cryptlib's RNG for the Mac (RNDMAC.C by Peter Gutmann),
+	  gathers a lot of information about the machine and system
+	  environment. Unfortunately, much of it is constant from one
+	  startup to the next. In other words, the random seed could be
+	  the same from one day to the next. Some of the APIs are
+	  hardware-dependent, and not all are compatible with Carbon (OS
+	  X). Incidentally, the EGD library is based on the UNIX entropy
+	  gathering methods in cryptlib, and isn't suitable for MacOS
+	  either.
+
+	* Mozilla (and perhaps earlier versions of Netscape) uses the
+	  time of day (in seconds) and an uninitialized local variable
+	  to seed the random number generator. The time of day is known
+	  to an outside interceptor (to within the accuracy of the
+	  system clock). The uninitialized variable could easily be
+	  identical between subsequent launches of an application, if it
+	  is reached through the same path.
+
+	* OpenSSL provides the function RAND_screen(), by G. van
+	  Oosten, which hashes the contents of the screen to generate a
+	  seed. This is not useful for an extension or for an
+	  application which launches at startup time, since the screen
+	  is likely to look identical from one launch to the next. This
+	  method is also rather slow.
+
+	* Using variations in disk drive seek times has been proposed
+	  (Davis, Ihaka and Fenstermacher, world.std.com/~dtd/;
+	  Jakobsson, Shriver, Hillyer and Juels,
+	  www.bell-labs.com/user/shriver/random.html). These variations
+	  appear to be due to air turbulence inside the disk drive
+	  mechanism, and are very strongly unpredictable. Unfortunately
+	  this technique is slow, and some implementations of it may be
+	  patented (see Shriver's page above.) It of course cannot be
+	  used with a RAM disk.
+
+--	TIMING: On the 601 PowerPC the time base register is guaranteed
+	to change at least once every 10 addi instructions, i.e. 10
+	cycles. On a 60 MHz machine (slowest PowerPC) this translates to
+	a resolution of 1/6 usec. Newer machines seem to be using a 10
+	cycle resolution as well.
+	
+	For 68K Macs, the Microseconds() call may be used. See Develop
+	issue 29 on the Apple developer site
+	(developer.apple.com/dev/techsupport/develop/issue29/minow.html)
+	for information on its accuracy and resolution. The code below
+	has been tested only on PowerPC based machines.
+
+	The time from machine startup to the launch of an application in
+	the startup folder has a variance of about 1.6 msec on a new G4
+	machine with a defragmented and optimized disk, most extensions
+	off and no icons on the desktop. This can be reasonably taken as
+	a lower bound on the variance. Most of this variation is likely
+	due to disk seek time variability. The distribution of startup
+	times is probably not entirely even or uncorrelated. This needs
+	to be investigated, but I am guessing that it not a majpor
+	problem. Entropy = log2 (1600/0.166) ~= 13 bits on a 60 MHz
+	machine, ~16 bits for a 450 MHz machine.
+
+	User-launched application startup times will have a variance of
+	a second or more relative to machine startup time. Entropy >~22
+	bits.
+
+	Machine startup time is available with a 1-second resolution. It
+	is predictable to no better a minute or two, in the case of
+	people who show up punctually to work at the same time and
+	immediately start their computer. Using the scheduled startup
+	feature (when available) will cause the machine to start up at
+	the same time every day, making the value predictable. Entropy
+	>~7 bits, or 0 bits with scheduled startup.
+
+	The time of day is of course known to an outsider and thus has 0
+	entropy if the system clock is regularly calibrated.
+
+--	KEY TIMING: A  very fast typist (120 wpm) will have a typical
+	inter-key timing interval of 100 msec. We can assume a variance
+	of no less than 2 msec -- maybe. Do good typists have a constant
+	rhythm, like drummers? Since what we measure is not the
+	key-generated interrupt but the time at which the key event was
+	taken off the event queue, our resolution is roughly the time
+	between process switches, at best 1 tick (17 msec). I  therefore
+	consider this technique questionable and not very useful for
+	obtaining high entropy data on the Mac.
+
+--	MOUSE POSITION AND TIMING: The high bits of the mouse position
+	are far from arbitrary, since the mouse tends to stay in a few
+	limited areas of the screen. I am guessing that the position of
+	the mouse is arbitrary within a 6 pixel square. Since the mouse
+	stays still for long periods of time, it should be sampled only
+	after it was moved, to avoid correlated data. This gives an
+	entropy of log2(6*6) ~= 5 bits per measurement.
+
+	The time during which the mouse stays still can vary from zero
+	to, say, 5 seconds (occasionally longer). If the still time is
+	measured by sampling the mouse during null events, and null
+	events are received once per tick, its resolution is 1/60th of a
+	second, giving an entropy of log2 (60*5) ~= 8 bits per
+	measurement. Since the distribution of still times is uneven,
+	this estimate is on the high side.
+
+	For simplicity and compatibility across system versions, the
+	mouse is to be sampled explicitly (e.g. in the event loop),
+	rather than in a time manager task.
+
+--	STARTUP DISK TOTAL FILE SIZE: Varies typically by at least 20k
+	from one startup to the next, with 'minimal' computer use. Won't
+	vary at all if machine is started again immediately after
+	startup (unless virtual memory is on), but any application which
+	uses the web and caches information to disk is likely to cause
+	this much variation or more. The variation is probably not
+	random, but I don't know in what way. File sizes tend to be
+	divisible by 4 bytes since file format fields are often
+	long-aligned. Entropy > log2 (20000/4) ~= 12 bits.
+	
+--	STARTUP DISK FIRST AVAILABLE ALLOCATION BLOCK: As the volume
+	gets fragmented this could be anywhere in principle. In a
+	perfectly unfragmented volume this will be strongly correlated
+	with the total file size on the disk. With more fragmentation
+	comes less certainty. I took the variation in this value to be
+	1/8 of the total file size on the volume.
+
+--	SYSTEM REQUIREMENTS: The code here requires System 7.0 and above
+	(for Gestalt and Microseconds calls). All the calls used are
+	Carbon-compatible.
+*/
+
+/*------------------------------ Includes ----------------------------*/
+
+#include "Randomizer.h"
+
+// Mac OS API
+#include <Files.h>
+#include <Folders.h>
+#include <Events.h>
+#include <Processes.h>
+#include <Gestalt.h>
+#include <Resources.h>
+#include <LowMem.h>
+
+// Standard C library
+#include <stdlib.h>
+#include <math.h>
+
+/*---------------------- Function declarations -----------------------*/
+
+// declared in OpenSSL/crypto/rand/rand.h
+extern "C" void RAND_add (const void *buf, int num, double entropy);
+
+unsigned long GetPPCTimer (bool is601);	// Make it global if needed
+					// elsewhere
+
+/*---------------------------- Constants -----------------------------*/
+
+#define kMouseResolution 6		// Mouse position has to differ
+					// from the last one by this
+					// much to be entered
+#define kMousePositionEntropy 5.16	// log2 (kMouseResolution**2)
+#define kTypicalMouseIdleTicks 300.0	// I am guessing that a typical
+					// amount of time between mouse
+					// moves is 5 seconds
+#define kVolumeBytesEntropy 12.0	// about log2 (20000/4),
+					// assuming a variation of 20K
+					// in total file size and
+					// long-aligned file formats.
+#define kApplicationUpTimeEntropy 6.0	// Variance > 1 second, uptime
+					// in ticks  
+#define kSysStartupEntropy 7.0		// Entropy for machine startup
+					// time
+
+
+/*------------------------ Function definitions ----------------------*/
+
+CRandomizer::CRandomizer (void)
+{
+	long	result;
+	
+	mSupportsLargeVolumes =
+		(Gestalt(gestaltFSAttr, &result) == noErr) &&
+		((result & (1L << gestaltFSSupports2TBVols)) != 0);
+	
+	if (Gestalt (gestaltNativeCPUtype, &result) != noErr)
+	{
+		mIsPowerPC = false;
+		mIs601 = false;
+	}
+	else
+	{
+		mIs601 = (result == gestaltCPU601);
+		mIsPowerPC = (result >= gestaltCPU601);
+	}
+	mLastMouse.h = mLastMouse.v = -10;	// First mouse will
+						// always be recorded
+	mLastPeriodicTicks = TickCount();
+	GetTimeBaseResolution ();
+	
+	// Add initial entropy
+	AddTimeSinceMachineStartup ();
+	AddAbsoluteSystemStartupTime ();
+	AddStartupVolumeInfo ();
+	AddFiller ();
+}
+
+void CRandomizer::PeriodicAction (void)
+{
+	AddCurrentMouse ();
+	AddNow (0.0);	// Should have a better entropy estimate here
+	mLastPeriodicTicks = TickCount();
+}
+
+/*------------------------- Private Methods --------------------------*/
+
+void CRandomizer::AddCurrentMouse (void)
+{
+	Point mouseLoc;
+	unsigned long lastCheck;	// Ticks since mouse was last
+					// sampled
+
+#if TARGET_API_MAC_CARBON
+	GetGlobalMouse (&mouseLoc);
+#else
+	mouseLoc = LMGetMouseLocation();
+#endif
+	
+	if (labs (mLastMouse.h - mouseLoc.h) > kMouseResolution/2 &&
+	    labs (mLastMouse.v - mouseLoc.v) > kMouseResolution/2)
+		AddBytes (&mouseLoc, sizeof (mouseLoc),
+				kMousePositionEntropy);
+	
+	if (mLastMouse.h == mouseLoc.h && mLastMouse.v == mouseLoc.v)
+		mMouseStill ++;
+	else
+	{
+		double entropy;
+		
+		// Mouse has moved. Add the number of measurements for
+		// which it's been still. If the resolution is too
+		// coarse, assume the entropy is 0.
+
+		lastCheck = TickCount() - mLastPeriodicTicks;
+		if (lastCheck <= 0)
+			lastCheck = 1;
+		entropy = log2l
+			(kTypicalMouseIdleTicks/(double)lastCheck);
+		if (entropy < 0.0)
+			entropy = 0.0;
+		AddBytes (&mMouseStill, sizeof (mMouseStill), entropy);
+		mMouseStill = 0;
+	}
+	mLastMouse = mouseLoc;
+}
+
+void CRandomizer::AddAbsoluteSystemStartupTime (void)
+{
+	unsigned long	now;		// Time in seconds since
+					// 1/1/1904
+	GetDateTime (&now);
+	now -= TickCount() / 60;	// Time in ticks since machine
+					// startup
+	AddBytes (&now, sizeof (now), kSysStartupEntropy);
+}
+
+void CRandomizer::AddTimeSinceMachineStartup (void)
+{
+	AddNow (1.5);			// Uncertainty in app startup
+					// time is > 1.5 msec (for
+					// automated app startup).
+}
+
+void CRandomizer::AddAppRunningTime (void)
+{
+	ProcessSerialNumber PSN;
+	ProcessInfoRec		ProcessInfo;
+	
+	ProcessInfo.processInfoLength = sizeof (ProcessInfoRec);
+	ProcessInfo.processName = nil;
+	ProcessInfo.processAppSpec = nil;
+	
+	GetCurrentProcess (&PSN);
+	GetProcessInformation (&PSN, &ProcessInfo);
+
+	// Now add the amount of time in ticks that the current process
+	// has been active
+
+	AddBytes (&ProcessInfo, sizeof (ProcessInfoRec),
+			kApplicationUpTimeEntropy);
+}
+
+void CRandomizer::AddStartupVolumeInfo (void)
+{
+	short			vRefNum;
+	long			dirID;
+	XVolumeParam	pb;
+	OSErr			err;
+	
+	if (!mSupportsLargeVolumes)
+		return;
+		
+	FindFolder (kOnSystemDisk, kSystemFolderType, kDontCreateFolder,
+			&vRefNum, &dirID);
+	pb.ioVRefNum = vRefNum;
+	pb.ioCompletion = 0;
+	pb.ioNamePtr = 0;
+	pb.ioVolIndex = 0;
+	err = PBXGetVolInfoSync (&pb);
+	if (err != noErr)
+		return;
+		
+	// Base the entropy on the amount of space used on the disk and
+	// on the next available allocation block. A lot else might be
+	// unpredictable, so might as well toss the whole block in. See
+	// comments for entropy estimate justifications.
+
+	AddBytes (&pb, sizeof (pb),
+		kVolumeBytesEntropy +
+		log2l (((pb.ioVTotalBytes.hi - pb.ioVFreeBytes.hi)
+				* 4294967296.0D +
+			(pb.ioVTotalBytes.lo - pb.ioVFreeBytes.lo))
+				/ pb.ioVAlBlkSiz - 3.0));
+}
+
+/*
+	On a typical startup CRandomizer will come up with about 60
+	bits of good, unpredictable data. Assuming no more input will
+	be available, we'll need some more lower-quality data to give
+	OpenSSL the 128 bits of entropy it desires. AddFiller adds some
+	relatively predictable data into the soup.
+*/
+
+void CRandomizer::AddFiller (void)
+{
+	struct
+	{
+		ProcessSerialNumber psn;	// Front process serial
+						// number
+		RGBColor	hiliteRGBValue;	// User-selected
+						// highlight color
+		long		processCount;	// Number of active
+						// processes
+		long		cpuSpeed;	// Processor speed
+		long		totalMemory;	// Total logical memory
+						// (incl. virtual one)
+		long		systemVersion;	// OS version
+		short		resFile;	// Current resource file
+	} data;
+	
+	GetNextProcess ((ProcessSerialNumber*) kNoProcess);
+	while (GetNextProcess (&data.psn) == noErr)
+		data.processCount++;
+	GetFrontProcess (&data.psn);
+	LMGetHiliteRGB (&data.hiliteRGBValue);
+	Gestalt (gestaltProcClkSpeed, &data.cpuSpeed);
+	Gestalt (gestaltLogicalRAMSize, &data.totalMemory);
+	Gestalt (gestaltSystemVersion, &data.systemVersion);
+	data.resFile = CurResFile ();
+	
+	// Here we pretend to feed the PRNG completely random data. This
+	// is of course false, as much of the above data is predictable
+	// by an outsider. At this point we don't have any more
+	// randomness to add, but with OpenSSL we must have a 128 bit
+	// seed before we can start. We just add what we can, without a
+	// real entropy estimate, and hope for the best.
+
+	AddBytes (&data, sizeof(data), 8.0 * sizeof(data));
+	AddCurrentMouse ();
+	AddNow (1.0);
+}
+
+//-------------------  LOW LEVEL ---------------------
+
+void CRandomizer::AddBytes (void *data, long size, double entropy)
+{
+	RAND_add (data, size, entropy * 0.125);	// Convert entropy bits
+						// to bytes
+}
+
+void CRandomizer::AddNow (double millisecondUncertainty)
+{
+	long time = SysTimer();
+	AddBytes (&time, sizeof (time), log2l (millisecondUncertainty *
+			mTimebaseTicksPerMillisec));
+}
+
+//----------------- TIMING SUPPORT ------------------
+
+void CRandomizer::GetTimeBaseResolution (void)
+{	
+#ifdef __powerc
+	long speed;
+	
+	// gestaltProcClkSpeed available on System 7.5.2 and above
+	if (Gestalt (gestaltProcClkSpeed, &speed) != noErr)
+		// Only PowerPCs running pre-7.5.2 are 60-80 MHz
+		// machines.
+		mTimebaseTicksPerMillisec =  6000.0D;
+	// Assume 10 cycles per clock update, as in 601 spec. Seems true
+	// for later chips as well.
+	mTimebaseTicksPerMillisec = speed / 1.0e4D;
+#else
+	// 68K VIA-based machines (see Develop Magazine no. 29)
+	mTimebaseTicksPerMillisec = 783.360D;
+#endif
+}
+
+unsigned long CRandomizer::SysTimer (void)	// returns the lower 32
+						// bit of the chip timer
+{
+#ifdef __powerc
+	return GetPPCTimer (mIs601);
+#else
+	UnsignedWide usec;
+	Microseconds (&usec);
+	return usec.lo;
+#endif
+}
+
+#ifdef __powerc
+// The timebase is available through mfspr on 601, mftb on later chips.
+// Motorola recommends that an 601 implementation map mftb to mfspr
+// through an exception, but I haven't tested to see if MacOS actually
+// does this. We only sample the lower 32 bits of the timer (i.e. a
+// few minutes of resolution)
+
+asm unsigned long GetPPCTimer (register bool is601)
+{
+	cmplwi	is601, 0	// Check if 601
+	bne	_601		// if non-zero goto _601
+	mftb  	r3		// Available on 603 and later.
+	blr			// return with result in r3
+_601:
+	mfspr r3, spr5  	// Available on 601 only.
+				// blr inserted automatically
+}
+#endif
--- a/MacOS/Randomizer.h
+++ b/MacOS/Randomizer.h
@@ -0,0 +1,43 @@
+
+//	Gathers unpredictable system data to be used for generating
+//	random bits
+
+#include <MacTypes.h>
+
+class CRandomizer
+{
+public:
+	CRandomizer (void);
+	void PeriodicAction (void);
+	
+private:
+
+	// Private calls
+
+	void		AddTimeSinceMachineStartup (void);
+	void		AddAbsoluteSystemStartupTime (void);
+	void		AddAppRunningTime (void);
+	void		AddStartupVolumeInfo (void);
+	void		AddFiller (void);
+
+	void		AddCurrentMouse (void);
+	void		AddNow (double millisecondUncertainty);
+	void		AddBytes (void *data, long size, double entropy);
+	
+	void		GetTimeBaseResolution (void);
+	unsigned long	SysTimer (void);
+
+	// System Info	
+	bool		mSupportsLargeVolumes;
+	bool		mIsPowerPC;
+	bool		mIs601;
+	
+	// Time info
+	double		mTimebaseTicksPerMillisec;
+	unsigned long	mLastPeriodicTicks;
+	
+	// Mouse info
+	long		mSamplePeriod;
+	Point		mLastMouse;
+	long		mMouseStill;
+};
--- a/MacOS/TODO
+++ b/MacOS/TODO
@@ -0,0 +1,18 @@
+-------------------------------------------------------------------
+Verify server certificate
+-------------------------------------------------------------------
+Currently omitted from the project:
+
+	crypto/tmdiff.c
+	crypto/bio/bss_conn.c
+	crypto/bio/b_sock.c
+	crypto/bio/bss_acpt.c
+	crypto/bio/bss_log.h
+
+-------------------------------------------------------------------
+Build libraries to link with...
+-------------------------------------------------------------------
+Port openssl application.
+-------------------------------------------------------------------
+BN optimizations (currently PPC version is compiled with BN_LLONG)
+-------------------------------------------------------------------
--- a/MacOS/_MWERKS_GUSI_prefix.h
+++ b/MacOS/_MWERKS_GUSI_prefix.h
@@ -0,0 +1,9 @@
+#include <MacHeaders.h>
+#define B_ENDIAN
+#ifdef __POWERPC__
+#pragma longlong on
+#endif
+#if 1
+#define MAC_OS_GUSI_SOURCE
+#endif
+#define MONOLITH
--- a/MacOS/_MWERKS_prefix.h
+++ b/MacOS/_MWERKS_prefix.h
@@ -0,0 +1,9 @@
+#include <MacHeaders.h>
+#define B_ENDIAN
+#ifdef __POWERPC__
+#pragma longlong on
+#endif
+#if 0
+#define MAC_OS_GUSI_SOURCE
+#endif
+#define MONOLITH
--- a/MacOS/buildinf.h
+++ b/MacOS/buildinf.h
@@ -0,0 +1,5 @@
+#ifndef MK1MF_BUILD
+#  define CFLAGS	"-DB_ENDIAN"
+#  define PLATFORM	"macos"
+#  define DATE		"Sun Feb 27 19:44:16 MET 2000"
+#endif
--- a/MacOS/mklinks.as.hqx
+++ b/MacOS/mklinks.as.hqx
@@ -0,0 +1,820 @@
+(This file must be converted with BinHex 4.0)
+
+:#QeVE'PZDh-ZBA-!39"36'&`E(3J!!!!!!!!!*LiI6m!!!!!!3!!!*G#!!#@3J!
+!!AChFQPd!!!!K3)"!3m(Fh9`F'pbG!!!!)B#!3%$"(0eFQ8!!!#(!J-%"!3("3C
+cGfPdBfJ!!!#)!J%"#39cH@jMD!!!!)N#"J%$!`-&"3-'FhPcG'9Y!!!!LJ)&"3)
+%!J8("!-#!`4dB@*X!!!!L`))!3-$!`-$!`-$"(4PE'`!!!#-!J)"#38$G'KP!!!
+!M3))(J)@!Ki#!J))!K)#!`)B!Kd%G'KPE3!!!)i#!J%&#`4dD'9j!!!!M`)#!J)
+#$3TdD(*[G@GSEh9d!!!!N!!#!3%&"(4TCQB!!!#4!J%"!`4dD@eP!!!!NJ)"!JS
+#!h4T!!!!'N!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!H!!!!!!!#!!!!!!
+!!!!!!!!!!!!!rrrrr`!!!$3!!!!N!!!!!#"[!!5JAb"[!!5K++!M6R9$9'mJFR9
+Z)(4SDA-JFf0bDA"d)'&`F'aTBf&dD@pZ,#"jEh8JEA9cG#"QDA*cG#"TER0dB@a
+X)%&`F'aP8f0bDA"d,J!!!)C8D'Pc)(0MFQP`G#"MFQ9KG'9c)#iZ,fPZBfaeC'8
+[Eh"PER0cE#"KEQ3JCQPXE(-JDA3JGfPdD#"ZC@0PFh0KFRNJB@aTBA0PFbi0$8P
+d)'eTCfKd)(4KDf8JB5"hD'PXC5"dEb"MEfe`E'9dC5"cEb"`E'9KFf8JBQ8JF'&
+dD@9ZG$SY+3!!!#S!!J!!!!!!$3!+!"!!!!!-!!!!!!!!!!!!63!0!!S!%!%!!!`
+!!!!!!!!!!!!B!!!!+!!!!!!!!!!)!!!!)!#N2c`!!DR`!!!!l!!!!!&19[ri,`0
+f!#m$-$bKVDG'*KmY52ri,`-`2+LITdBQ(b!ZrrLa`'FJ,`-J2'0`ER4"l[rm)NL
+KV5+)*Kp+3'B)5Ulrr'F#GJ%3!bBZrr41ANje6PB!!#m-@Bm[2%j29%Nr2!#!U"m
+SAb!-CJK`!cm!UFKJ+#m-UC)J9#!)d+J!'#&!!"JJ9#!)d+J!(#&!!"a9Mbm8)&q
+JAMk!9%mSE[rm6Pj1G8j@!!![$%kkre4+!'FU@Bm[2'&`E(3[2(0MF(4`)DJU+&m
+J$'F5@Bm[$#mm!!!!!A!!U#UTp&K26VVrG#KZrra1ANje!!!!('&`E(3!!!!"4P*
+&4J!!!!!!J%P$6L-!!!!!!*B!!!!"!!!!!!G"8&"-!!!!!!!"!!!"!!!!!S!!!!4
+!!!"i)!!!K"!!!3))!!)#"!!%"!)!#!J"!"!8!)!J)J"!3%%!)2#!J"#*!%!)KJ!
+J")3!)!*!!"!")!!3!K!!%!3)!"!)"!!J%!)!3#!"!)"!!S%!J!5#!3!)4!)!#%J
+%!!KB#!!%C"!!!m)J!!!"3!!!!)!!!!%!!!!$J!!!"m!!!(rJ!!$rm!!"rrJ!!rr
+m!!IrrJ!2rrm!(rrrJ$rrrm"rrrrJrrrrm2rrrrMrrrrmrrrrrRrrrrmrrrrq(rr
+rr!rrrrJ(rrr`!rrri!(rrm!$rrq!"rrr!!rrrJ!2rr`!$rri!!IRm!!$`q!!!!(
+!!!!!J!!!!!)!!!!!!!!!!!m!!!!!!!!!!!!!!!!!!!$`m!!!!!!!!!!!!!!!!!!
+2!!m!!!!!!!!!!!!!!!rrm!!!m!!!!!!!!!!!!!$`c0m!!!m!!!!!!!!!!!!2!!c
+-m!!!m!!!!!!!!!!!m!$-cI!!!!m!!!!!!!!!$`!-c0m!!!!!m!!!!!!!!2!!c-h
+`!!!!!!m!!!!!!!m!$-cIh`!!!!!!m!!!!!$`!-c0rGh`!!!!!!m!!!!2!!c-hph
+-h`!!!!!!m!!!rrr-cIhF`-h`!!!!!!m!!2lFr0rGc!`-h`!!!!!!m!$pc-rph-$
+!`-h`!!!!!!m!r-`2cF`-$!!-r3!!!!!!m!m!`-c!`-!!$0m!!!!!$-m!m!`-$!`
+!!-cI!!!!!-c`!!m!`-$!!!`-h`!!!!c2!!!!m!`-!!$!c0m!!!$-m!!!!!m!`!!
+-$-hm!!!-c`!!!!!!m!!!`-cIc!!!c2!!!!!!!!m!$!c0r-`!$-m!!!!!!!$pm-$
+-hmc!!-c`!!!!!!!2hI`-cIc-!!c2!!!!!!!!rGc2c0r-`!$-m!!!!!!!!2h-cmh
+mc!!-c`!!!!!!!!$mc!rIr-!!c2!!!!!!!!!!$m$2m!r-$-m!!!!!!!!!!!$rr`!
+!r-c`!!!!!!!!!!!!!!!!!!r2!!!!!!!!!!!!!!!!!!!!m!!!!!!!!!!!!!"!!B!
+13"%J)4"##18%Q)+3!%&!)5!L%%3BL#83*L!G3!#!!B!2`"rJ2r"rq2rmrrlrrhr
+r2riIr"ri2r!ri"h!!)!!!!#!!!!!$r!!!!!!!2r`$`!!!!!2$!m!m!!!!2$!c`!
+2!!!2$!c`!!$`!2r`cpm!!!m!rGrpc2!!!2$p$p`-c`!!$`m!`-$0m!$2!2!-$-h
+`$2!!$`$-hm$2!!!2m-hm$2!!!2h2hm$2!!!!r-rm$2!!!!!2r`r2!!!!!!!!!2!
+!!!!!!!#D8f0bDA"d)%&`F'aTBf&dD@pZ$3e8D'Pc)(0MFQP`G#"MFQ9KG'9c)#i
+Z,fPZBfaeC'8[Eh"PER0cE#"KEQ3JCQPXE(-JDA3JGfPdD#"ZC@0PFh0KFRNJB@a
+TBA0PFbi0$8Pd)'eTCfKd)(4KDf8JB5"hD'PXC5"dEb"MEfe`E'9dC5"cEb"`E'9
+KFf8JBQ8JF'&dD@9ZG$SY+3!!!")!!J!!!!!!!!!!!!%!"J!'%iN!!!!+@1!!!b!
+!!!-J!!!!!"3!+`!(!Cm#@!!V!!F"f!*B!!!!!3!!M`C'BA0N98&6)$%Z-6!a,M%
+`$J!!!!32rrm!!3!#!!-"rrm!!!d!!3!"D`!!!!!!!!!%!J!%!!)!"3!'$3!&!!*
+X!!)!!!U`!!IrrJd!"`!#6`!!!!!+X!!)!!N0!!J!!@X!!!!%#Um!#J)!#J!#!!X
+!$!d!#`!#E!!#!!3!"2rprr`"rrd!!!(rr!!!!J!-!!)!$3!1$3!0!!*X!!%!"!!
+%rrX!$`(rq`!!$!!2!&N!8b"(CA3JF'&dD#"dEb"dD'Pc)%&`F'aP8f0bDA"d)'&
+`F'aPG$XJGA0P)'Pd)(4[)'C[FQdJG'KP)("KG'JJG'mJG'KP)'PZBfaeC'8JCQp
+XC'9b!!)!!!)!$J!#!"!!%3d!%!!#E!!"!!3!"2rk!")"rrS!!!`!%J!Q!#!JB@j
+N)(4SC5"[G'KPFL"bC@aPGQ&ZG#"QEfaNCA*c,J!#!!!#!"%!!J!6!"30!"-!!R-
+!!!!%!"%!&3!@$3!9!!*M!!!!"!!1!"F!'!d!&`!#E!!&!!3!$!!CrrN0!"N!!Qi
+!!!!%!!`!'J!E$3!D!!)d!!!!"3!-rrJ!(!Vrq!!%#Q0[BQS0!"`!!Q`!"3!'!!X
+!(Irh$3!G!!0*!!)!"J!,rrB!([re#[rf!"JZC@&bFfCQC(*KE'Pc!!!!!!!!)!"
+KCQ4b$3!H!!"Q!!!!"J!(![re!!!"rrF!!!d!'`!"E3!!!!3!"3!I$`!I!6J)ER9
+XE!!!!!!!!Gq!rrm!!!!A"NCTEQ4PFJ!!(`*[Me!!ASfm!Qq,i!"HA[!!I&M!!!!
+!!!!!'mi!!JN#!Qq-1!!!Kb%#Ei`J!!!!!%C14&*038e"3e-!!"%!B@aTF`!!!!!
+!fJ!#!!!-6@&MD@jdEh0S)%K%!!!!!!!!!!!!!!!!!!!!XSA5h%*%!!!!!!!A"NC
+TEQ4PFJ!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!3rLc#@a!4Nj%8Ne"3e2rrrrr!!!!!!!!!!!!!!!!!!!
+!!!!!!!e6HA0dC@dJ4QpXC'9b!!!"!!3!!!!A!!)!)8eKBfPZG'pcD#")4$T6HA0
+dC@dJ4QpXC'9b1NCTEQ4PFJ$rr`!!!Irj!!!0!"J!!@d!!!!-!!hrp!Vrp!!%#Q0
+dH(30!"B!!@m!!!!!!!$rm`[rm`!5-!!(G'KPF'&dD!!(G'KP8'&dD!)!&!!#!#!
+!)3d!)!!#E!!#!")!%[rbrr%"rr)!!!(rm3!!!J!K!!)!)J!M$3!L!!*b!!!!%J!
+A!#3!*3d!*!!#EJ!$!")!&3!Q!#F0!#B!!6%!!!!6!"Arm!Vrm!!%#R4iC'`0!#F
+!!6%!!!!5!"2rl`Vrl`!%#Q&cBh)0!#8!!@m!!!!!!!$rlJ[rlJ!F-!!-G'KPEfa
+NC'9XD@ec!!adD'92E'4%C@aTEA-#!#-!!J!S!#N0!#J!!R)!!!!B!"d!+J!V$3!
+U!!&Y!!!!'!!C!#`-!#`!"`!"1J!#!!!0!#X!!Qi!!`!!!!!!,3!Z$3!Y!!%a!!!
+!'J!Frqd+rqd!"!TdH'4X$3!Z!!%a!!!!'3!Drq`+rq`!"!TKFf0b!J!T!!)!,`!
+`$3![!!*X!!)!(J!Hrq[rkJ(rk`!!!IrU!!!#!$!!!J!a!$)0!$%!!R)!!!!H!#X
+!-`!d$3!c!!*X!!8!(J!T!$Ark3d!03!#EJ!!!"i!+3!f!$F0!$B!!cF"!!!I!#R
+rk!!i!$N+rqJ!"!TMDA4Y$3!i!!&Y!!!!)`!PrqF$rqF!!3d!13!"E3!!!#B!+2r
+Q!rrQrrd0!$F!!@m!!!!H!"rrj3[rj3!5-!!(G'KPF'&dD!!(G'KP8'&dD!(rk3!
+!$3!d!!&[!!!!!!!!rq3,rq3!)$!!$R4SCA"bEfTPBh4`BA4S!!jdD'93FQpUC@0
+d8'&dD!)!-J!#!$S!1`d!1J!#FJ!!!#`!1`!m!$d0!$`!!Q-!!!!X!$N!2J!r$3!
+q!!*X!!8!,!!h!%$ri`d!3!!#EJ!!!#`!0`""!%)0!%%!!cF"!!!Y!$IriJ"$!%3
+rq)!"!TMDA4Y$3"$!!&Y!!!!-3!crq%$rq%!!3d!4!!"E3!!!$3!0[rJ!rrJrri
+0!%)!!@m!!!!X!#hrh`[rh`!5-!!(G'KPF'&dD!!(G'KP8'&dD!(ri`!!$3!r!!&
+Y!!!!0`!irpi+rpi!"!T849K8$3!p!!&[!!!!!!!!rpd,rpd!&M!!#A4SC@ePF'&
+dD!!*G'KP6@93BA4S!J!l!!)!43"'$3"&!!*X!!)!2!!mrpcrf`(rh!!!!IrE!!!
+#!%B!!J"(!%J0!%F!!R)!!!!m!%8!53"+$3"*!!*M!!!!2!""!%X!6!d!5`!#BJ!
+!!$`!2`"0!%i0!%d!!@m!!!!m!$hrfJ[rfJ!J-!!1G'KPF(*[DQ9MG("KG'J!$R4
+SC9"bEfTPBh43BA4S$3"1!!&Y!!!!23!q!%m-!%m!$3!(D@jME(9NC3!#!!!0!%`
+!!@d!!!!r!%$rf3Vrf3!%#P4&@&30!%S!!@m!!!!!!!$rf![rf!!Q-!!4D@jME(9
+NC@C[E'4PFR"KG'J!%@PZBfaeC'9'EfaNCA*3BA4S!J")!!)!8!"4$3"3!!*b!!!
+!4J"9!&)!8`d!8J!#B`!!!%B!83"8!&80!&3!!Q)!!!"'!%m!9J"A$3"@!!*L!!!
+!4J",!&J!@3d!@!!"E`!!!%B!4rrA#rrA!#!`!!jdD'9`FQpUC@0dF'&dD!!1G'K
+P8(*[DQ9MG&"KG'J0!&N!!@d!!!"(!%S!@J`!@J!0!!GTEQ0XG@4P!!)!!!d!9`!
+"E3!!!%X!6J"E$!"E!!d!"fp`C@jcFf`!!J!!$3"9!!&Y!!!!6`"3rpB+rpB!"!T
+849K8$3"6!!&[!!!!!!!!rp8,rp8!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&
+dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S!J"4!!)!A!"G$3"F!!*b!!!!9J"
+K!&i!A`d!AJ!#B`!!!&B!A3"J!'%0!'!!!Q)!!!"@!&X!BJ"M$3"L!!&[!!!!9J"
+Arp3,rp3!)$!!$R4SCA"bEfTPBh4`BA4S!!jdD'93FQpUC@0d8'&dD!d!B`!"E3!
+!!&F!@J"N$!"N!!`!"Q0bHA"dE`!#!!!0!'%!!@d!!!"E!&crd`Vrd`!%#P4&@&3
+0!&m!!@m!!!!!!!$rdJ[rdJ!N-!!3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4Qp
+XC'9b8'&dD!)!A3!#!'8!CJd!C3!#FJ!!!')!E3"R!'J0!'F!!Q-!!!"L!'N!D3"
+U$3"T!!*L!!!!BJ"R!'X!E!d!D`!"E`!!!')!Brr4#rr4!#!`!!jdD'9`FQpUC@0
+dF'&dD!!1G'KP8(*[DQ9MG&"KG'J0!'`!!@d!!!"M!'B!E3`!E3!*!!0cFf`!!J!
+!$3"U!!&Y!!!!C`"Srp!+rp!!"!T849K8$3"S!!&[!!!!!!!!rmm,rmm!(M!!$A0
+cE'C[E'4PFR"KG'J!$A0cE%C[E'4PFP"KG'J#!'B!!J"Z!'m0!'i!!R)!!!"Z!(8
+!F!"a$3"`!!*M!!!!EJ"a!()!F`d!FJ!"E`!!!'i!Err1#rr1!#!`!!jdD'9`FQp
+UC@0dF'&dD!!1G'KP8(*[DQ9MG&"KG'J0!(-!!@d!!!"[!($rc3Vrc3!%#P4&@&3
+0!(%!!@m!!!!!!!$rc![rc!!Q-!!4Eh"PER0cE'C[E'4PFR"KG'J!%@p`C@jcFfa
+'EfaNCA*3BA4S!J"[!!)!G!"e$3"d!!*X!!)!GJ"frm[rbJ(rb`!!!Ir+!!!#!(8
+!!J"f!(F0!(B!!R)!!!"f!(X!H!"j$3"i!!&[!!!!GJ"hrmN,rmN!($!!$(4SC@p
+XC'4PE'PYF`!-G'KP6faN4'9XD@ec$3"j!!*Z!!-!!!!!!(S!H`d!HJ!"-3!!!(J
+!H[r)#[r)!!3+G(KNE!d!H`!"-3!!!(F!H2r(#[r(!!3+BA0MFJ)!G`!#!(`!I3d
+!I!!#E!!#!(`!I2r'rm8"rmB!!!(ra3!!!J"p!!)!IJ"r$3"q!!*X!!%!I!"mrm3
+!J!(ra!!!$!#!!%!!1L"NC@aPG'8JEfaN)'PZBfaeC'8kEh"PER0cE#"QEfaNCA)
+JB@jN)(*PBh*PBA4P)'Pd)'0XC@&ZE(N!!J!!!J"r!!)!J3##$3#"!!*X!!)!I!"
+mrm2r`J(r``!!!Ir#!!!#!))!!J#$!)30!)-!!e%!!!"m!+8!K3#'!)F0!)8!!@X
+!!!"r!*`!L!)!L!!#!)N!LJd!L3!$53!#!(m!N[r"!)[r`!Vr`3!B,QeTFf0cE'0
+d+LSU+J!!!!!!!*!!!#SU+LS0!)X!!Qi!!!"r!)i!M!#0$3#-!!)d!!!!K`#1rlm
+!MJVr[`!%#Q0QEf`0!)i!!@d!!!#+!)d!M``!M`!0!!G[F'9ZFh0X!!)!!!d!M3!
+#0!!!!(m!Krqq!*!!#[qq!!3+BfC[E!d!N!!!!@m!!!#$!)Er[3[r[3!Q-!!4D@j
+ME(9NC@C[E'4PFR"KG'J!%@PZBfaeC'9'EfaNCA*3BA4S![r!!!!#!)S!!J#4rl`
+0!*%!!dN!!J#6!*crZ`#5rlS+rlX!'#jMEh*PC'9XEbSU+LS!!!!!!!#3!!!U+LS
+U$3#5!!%a!!!!N`#BrlN+rlN!"!TcC@aP![qk!!!#rl`!!!d!KJ!$8J!!!!!!!2q
+irlIrYJVrZ!!B,Q&cBh*PFR)J+LSU+J!!!!!!!*!!!#SU+LS"rlF!!!,rYJ!!$3#
+(!!*X!!%!T!#Nrl8!N`(rY3!!$!#6!"-!$5"TCfj[FQ8JCA*bEh)!!J!!!J#%!!)
+!P!#9$3#8!!*X!!)!TJ#Qrl6rX`(rY!!!!Iqc!!!#!*8!!J#@!*F0!*B!!dN!!J#
+Q!,lrX[qa!*J+rl)!'#jMEh*PBh*PE#SU+LS!!!!!!!#3!!"ZG@aX!Iqa!!!'!*J
+!!rq`!*N!QJVrX!!%#QY[Bf`0!*N!!@d!!!#U!+hrV`VrV`!%#Q0QEf`'!*S!!rq
+Z!*[rV3VrVJ!%#QPZFfJ0!*X!!M3!!!#`!,MrV!#F#[qX!!3+BfC[E!d!R!!"E`!
+!!,3!YrqV#rqV!#B`!"&TEQ0XG@4PCQpXC'9bF'&dD!!4D@jME(9NC8C[E'4PFP"
+KG'J'rkd!!!)!P`!#!*d!RJd!R3!#FJ!!!,m!aJ#I!+!0!*m!!Q`"!!#r!-)!SIq
+U$3#K!!%a!!!![`$#rkN+rkN!"!TbFfad!IqU!!!0!+!!!@m!!!!!!!$rU![rU!!
+Z-!!9G'KPEQ9hCQpXC'9bFQ9QCA*PEQ0P!"9dD'91CAG'EfaNCA*5C@CPFQ9ZBf8
+#!*i!!J#L!+-0!+)!!dN!!J$(!-lrT`#NrkB+rkF!'#jYDA0MFfaMG#SU+LS!!!!
+!!!#3!!!U+LSU$3#N!!&[!!!!a`$+rk8,rk8!,M!!&A4SC@jPGfC[E'4PFR*PCQ9
+bC@jMC3!9G'KP6Q9h4QpXC'9b8Q9QCA*PEQ0P![qQ!!!#!+-!!J#P!+B0!+8!!R)
+!!!$2!0`!T`#S$3#R!!&Y!!!!c`$5!+N-!+N!$3!(Eh"PER0cE!!#!!!0!+J!!Qi
+!!!!!!!!!UJ#V$3#U!!%a!!!!e`$Erk3+rk3!"!T`EQ&Y$3#V!!%a!!!!dJ$Ark-
+rk-!"!TcC@aP!J#Q!!)!V!#Y$3#X!!*X!!)!h3$Grk,rS3(rSJ!!!IqK!!!#!+d
+!!J#Z!+m0!+i!!Q`!!3$G!0hrS!#`!IqJ!!!-!,!!(`!C)&0dBA*d)'eKDfPZCb"
+dD'8JB@aTBA0PF`!#!!!#!+m!!J#a!,)0!,%!!dN!!J$G!3ArRrqH!,-+rjm!'#j
+MEh*PBh*PE#SU+LS!!!!!!!#3!!"ZG@aX!IqH!!!'!,-!!rqG!,3!Y3VrR3!%#QY
+[Bf`0!,3!!@d!!!$K!16rR!VrR!!%#Q&XD@%'!,8!!rqE!,B!Y`VrQ`!%#QPZFfJ
+0!,B!!M3!!!$R!1rrQJ#i#[qD!!3+BfC[E!d!Z!!"E`!!!1X!l[qC#rqC!$3`!"K
+[F'9ZFh0XD@jME(9NC@C[E'4PFR"KG'J!''p`C@j68da*EQ0XG@4P4QpXC'9b8'&
+dD!B!Y`!$rjJ!ZIqA#[qB!!3+G'mJ)!d!Z3!#EJ!!!2)!r`#k!,X0!,S!!M3!!!$
+i!2rrPJ#m#[q@!!3+CQPXC3d![!!"E3!!!2X!rJ#p$!#p!"-!$@p`C@jcFfaMEfj
+Q,QJ!!J!!$3#l!!)d!!!!mJ$irj8![JVrP3!%#Q0QEf`0!,i!!@m!!!$f!2IrP![
+rP!!@-!!*G'KPE@9`BA4S!!PdD'90C9"KG'J'rjF!!!)!XJ!#!,m!`!d![`!#E!!
+#!3B""[q6rj)"rj-!!!(rNJ!!!J$!!!)!`3$#$3$"!!*b!!!""J%4!--!a!d!``!
+#BJ!!!3B"$3$&!-B0!-8!!@m!!!%'!3RrN3[rN3!N-!!3Bh*jF(4[CQpXC'9bF'&
+dD!!3Bh*jF(4[4QpXC'9b8'&dD!d!aJ!"E3!!!3N"$!$($!$(!!X!"6TKFfia!!)
+!!!d!a!!"E`!!!!!!!2q3!![rN!!!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!)!`J!
+#!-J!b3d!b!!$53!#!4)"22q2rii!bJVrM`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!
+!!'jeE'`"rii!!!B!bJ!$rid!b`$-#[q0!!3+DfpME!d!b`!"E3!!!4B"'Iq-#[q
+-!!3+B@aTB3B!c!!$riX!c3$1#[q,!!3+D@jcD!d!c3!#0!!!!4`"*2q+!-m+riS
+!"!TMCQpX$3$2!!&[!!!")!%MriN,riN!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9
+bF'&dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J$1!!2rL!$3riF+riJ!"!T
+dEb!J$3$3!!*Z!!!"*`%f!0%!dJd!d3!#0!!!!5m"0[q'!0-+riB!"!TQD@aP$3$
+6!!&Y!!!"-J%e!03-!03!$!!'BA0Z-5jS!!)!!!d!dJ!#0!!!!5F",rq&!08+ri8
+!"!TMCQpX$3$9!!&[!!!"+`%Zri3,ri3!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!E
+rK`!!!J$*!!)!eJ$A$3$@!!0*!!)"23&Rri2rJJ$B#[q$!"JZBfpbC@0bC@`U+LS
+U!!!!!!!!N!!!ER9XE!(rJJ!!"J$B!!2rJ3$C!0S+ri%!"!TVEf0X$3$C!!&Y!!!
+"33&%ri!+ri!!"!TKE'PK"J$D!!2rI`$E!0`+rhm!"!TTER0S$3$E!!)d!!!"4`&
+2rhi!h3VrIJ!%#Q0QEf`0!0d!!@m!!!&,!8lrI3[rI3!d-!!BEh"PER0cE'PZBfa
+eC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'!0`!!rpm!0l
+rH`VrI!!%#R4[)#!0!0i!!Qi!!!&5!@%!h`$J$3$I!!)d!!!"@J&KrhS!i3VrHJ!
+%#QCTE'80!1%!!@d!!!&G!@!!iJ`!iJ!3!!TKFfiaAfeKBbjS!!)!!!d!i!!#0!!
+!!9)"@[pj!1-+rhN!"!TMCQpX$3$M!!&[!!!"9J&CrhJ,rhJ!&$!!#(4PEA"`BA4
+S!!KdC@e`8'&dD!ErH`!!!J$A!!)!j!$P$3$N!!*X!!)"D!&SrhIrGJ(rG`!!!Ip
+f!!!#!18!!J$Q!1F0!1B!!R)!!!&S!A-!k!$T$3$S!!*L!!!"D!&[!1S!k`d!kJ!
+"E`!!!@J"Drpe#rpe!#3`!""MFRP`G'pQEfaNCA*`BA4S!""MFRP`G'p'EfaNCA*
+3BA4S$3$V!!&Y!!!"D`&Z!1`-!1`!#J!%1Q*TE`!#!!!0!1N!!@m!!!!!!!$rG![
+rG!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S!J$R!!)!l3$Z$3$Y!!0*!!)"G!'Hrh2
+rFJ$[#[pc!"JZBfpbC@0bC@`U+LSU!!!!!!!!N!!!ER9XE!(rFJ!!"J$[!!2rF3$
+`!2%+rh%!"!TVEf0X$3$`!!&Y!!!"H!&lrh!+rh!!"!TKE'PK"J$a!!2rE`$b!2-
+rfm!"!TTER0S$3$b!!)d!!!"IJ''rfi!p!VrEJ!%#Q0QEf`0!23!!@m!!!'#!BA
+rE3[rE3!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9
+NC8C[E'4PFP"KG'J'!2-!!rpX!2ArD`VrE!!%#R4[)#!0!28!!Qi!!!'*!CJ!pJ$
+h$3$f!!)d!!!"N3'BrfS!q!VrDJ!%#QCTE'80!2J!!@d!!!'8!CF!q3`!q3!,!!9
+LD@mZD!!#!!!0!2F!!M3!!!'*!C(rD3$k#[pT!!3+BfC[E!d!qJ!"E`!!!Bd"N!$
+rD![rD!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S"[pV!!!#!1i!!J$l!2`0!2X!!Q`
+!!J'I!CrrCrpQ!IpR!!!"rfB!!!)!r!!#!2d!rJd!r3!#FJ!!!Cm"UJ$r!3!0!2m
+!!Q)!!!'I!DB"!3%#$3%"!!&[!!!"R`'Lrf8,rf8!*$!!%'0bHA"dEfC[E'4PFR"
+KG'J!%'0bHA"dEdC[E'4PFP"KG'J0!3)!!@d!!!'L!D8"!``"!`!*!!-kBQB!!J!
+!$3%!!!&[!!!!!!!!rf3,rf3!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!)!rJ!#!33
+""3d""!!$53!#!DX"eIpMrf)""JVrB`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'j
+eE'`"rf)!!!B""J!$rf%""`%)#[pK!!3+DfpME!d""`!"E3!!!Dm"X[pJ#[pJ!!3
+B@aTB3B"#!!$rem"#3%+#[pI!!3+D@jcD!d"#3!#0!!!!E8"[IpH!3X+rei!"!T
+MCQpX$3%,!!&[!!!"Z3'mred,red!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&
+dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J%+!!2rA!%-reX+re`!"!TdEb!
+J$3%-!!*Z!!!"`!(2!3d"$Jd"$3!#0!!!!FJ"crpD!3m+reS!"!TQD@aP$3%2!!&
+Y!!!"b`(1!4!-!4!!%!!+BQa[GfCTFfJZD!!#!!!0!3i!!M3!!!(!!FMr@3%4#[p
+C!!3+BfC[E!d"%3!"E`!!!F3"arpB#rpB!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J
+'reX!!!)""3!#!4)"%`d"%J!#E!!#!GB"e[pAreB"reF!!!(r9J!!!J%6!!)"&!%
+9$3%8!!*b!!!"eJ(K!4B"&`d"&J!#BJ!!!GB"h3%B!4N0!4J!!@m!!!(@!GRr93[
+r93!N-!!3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD!d"'3!"E3!
+!!GN"h!%D$!%D!!N!!cTLEJ!#!!!0!4F!!@m!!!!!!!$r9![r9!!8-!!)G'9YF("
+KG'J!#(4PEA"3BA4S!J%9!!)"'`%F$3%E!!0*!!)"iJ)-re2r8J%G#[p6!"JZBfp
+bC@0bC@`U+LSU!!!!!!!!N!!!ER9XE!(r8J!!"J%G!!2r83%H!4m+re%!"!TVEf0
+X$3%H!!&Y!!!"jJ(Tre!+re!!"!TKE'PK"J%I!!2r6`%J!5%+rdm!"!TTER0S$3%
+J!!)d!!!"l!(drdi")JVr6J!%#Q0QEf`0!5)!!@m!!!(`!I2r63[r63!d-!!BEh"
+PER0cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J
+'!5%!!rp-!52r5`Vr6!!%#R4[)#!0!5-!!Qi!!!(h!JB"*!%P$3%N!!)d!!!"r`)
+'rdS"*JVr5J!%#QCTE'80!5B!!@d!!!)#!J8"*``"*`!+!!4LELjS!!)!!!d"*3!
+#0!!!!IF"rrp*!5J+rdN!"!TMCQpX$3%S!!&[!!!"q`(qrdJ,rdJ!&$!!#(4PEA"
+`BA4S!!KdC@e`8'&dD!Er5`!!!J%F!!)"+3%U$3%T!!*X!!)#$3)0rdIr4J(r4`!
+!!Ip'!!!#!5S!!J%V!5`0!5X!!R)!!!)0!KJ",3%Z$3%Y!!*L!!!#$3)8!5m"-!d
+",`!"E`!!!Jd#%2p&#rp&!#3`!""MFRP`G'pQEfaNCA*`BA4S!""MFRP`G'p'Efa
+NCA*3BA4S$3%`!!&Y!!!#%!)6!6%-!6%!$3!(1Q*eCQCPFJ!#!!!0!5i!!@m!!!!
+!!!$r4![r4!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S!J%X!!)"-J%c$3%b!!0*!!)
+#'3*$rd2r3J%d#[p$!"JZBfpbC@0bC@`U+LSU!!!!!!!!N!!!ER9XE!(r3J!!"J%
+d!!2r33%e!6B+rd%!"!TVEf0X$3%e!!&Y!!!#(3)Jrd!+rd!!"!TKE'PK"J%f!!2
+r2`%h!6J+rcm!"!TTER0S$3%h!!)d!!!#)`)Vrci"13Vr2J!%#Q0QEf`0!6N!!@m
+!!!)R!LVr23[r23!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0
+-5@jME(9NC8C[E'4PFP"KG'J'!6J!!rmm!6Vr1`Vr2!!%#R4[)#!0!6S!!Qi!!!)
+Z!Md"1`%m$3%l!!)d!!!#0J)prcS"23Vr1J!%#QCTE'80!6d!!@d!!!)j!M`"2J`
+"2J!1!!KLG@CQCA)ZD!!#!!!0!6`!!M3!!!)Z!MEr13%r#[mj!!3+BfC[E!d"2`!
+"E`!!!M)#0Imi#rmi!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J'rcX!!!)"-`!#!8!
+"33d"3!!#E!!#!N3#42mhrcB"rcF!!!(r0J!!!J&"!!)"3J&$$3&#!!*b!!!#4!*
+2!83"43d"4!!#BJ!!!N3#5`&'!8F0!8B!!@m!!!*%!NIr03[r03!N-!!3Bh*jF(4
+[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD!d"4`!"E3!!!NF#5J&)$!&)!!X
+!"6TMBA0d!!)!!!d"43!"E`!!!!!!!2md#rmd!"3`!!KdC@e`F'&dD!!)G'9YF&"
+KG'J#!8-!!J&*!8S0!8N!!dN!!J*3!RVr-rmb!8X+rc-!'#jMEh*PBh*PE#SU+LS
+!!!!!!!#3!!"ZG@aX!Imb!!!'!8X!!rma!8`"63Vr-3!%#QY[Bf`0!8`!!@d!!!*
+8!PIr-!Vr-!!%#Q&XD@%'!8d!!rm[!8i"6`Vr,`!%#QPZFfJ0!8i!!M3!!!*D!Q,
+r,J&3#[mZ!!3+BfC[E!d"8!!"E`!!!Pi#BImY#rmY!$3`!"K[F'9ZFh0XD@jME(9
+NC@C[E'4PFR"KG'J!''p`C@j68da*EQ0XG@4P4QpXC'9b8'&dD!B"6`!$rb`"8Im
+V#[mX!!3+G'mJ)!d"83!#EJ!!!Q8#G!&5!9-0!9)!!M3!!!*Y!R6r+J&8#[mU!!3
+CQPXC3d"9!!"E3!!!R!#F`&9$!&9!!`!"Q0KFh3ZD!!#!!!0!9-!!M3!!!*P!Qh
+r+3&@#[mT!!3+BfC[E!d"9J!"E`!!!QN#E2mS#rmS!"3`!!KdC@e`F'&dD!!)G'9
+YF&"KG'J'rbX!!!)"5J!#!9F"@!d"9`!#E!!#!RX#HrmRrbB"rbF!!!(r*J!!!J&
+B!!)"@3&D$3&C!!*b!!!#H`+'!9X"A!d"@`!#BJ!!!RX#JJ&G!9i0!9d!!@m!!!*
+l!Rlr*3[r*3!N-!!3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD!d
+"AJ!"E3!!!Ri#J3&I$!&I!!X!"6TMEfe`!!)!!!d"A!!"E`!!!!!!!2mN#rmN!"3
+`!!KdC@e`F'&dD!!)G'9YF&"KG'J#!9S!!J&J!@%0!@!!!dN!!J+(!V(r)rmL!@)
+rb-!'#jMEh*PBh*PE#SU+LS!!!!!!!#3!!"ZG@aX!ImL!!!'!@)!!rmK!@-"C!V
+r)3!%#QY[Bf`0!@-!!@d!!!+,!Slr)!Vr)!!%#Q&XD@%'!@3!!rmI!@8"CJVr(`!
+%#QPZFfJ0!@8!!M3!!!+4!TRr(J&R#[mH!!3+BfC[E!d"C`!"E`!!!T8#Q2mG#rm
+G!$3`!"K[F'9ZFh0XD@jME(9NC@C[E'4PFR"KG'J!''p`C@j68da*EQ0XG@4P4Qp
+XC'9b8'&dD!B"CJ!$ra`"D2mE#[mF!!3+G'mJ)!d"D!!#EJ!!!T`#U`&T!@S0!@N
+!!M3!!!+N!U[r'J&V#[mD!!3+CQPXC3d"D`!"E3!!!UF#UJ&X$!&X!!`!"Q0[EA!
+ZD!!#!!!0!@S!!M3!!!+F!U6r'3&Y#[mC!!3+BfC[E!d"E3!"E`!!!U!#SrmB#rm
+B!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J'raX!!!)"B3!#!@i"E`d"EJ!#E!!#!V)
+#X[mAraB"raF!!!(r&J!!!J&[!!)"F!&a$3&`!!*b!!!#XJ+p!A)"F`d"FJ!#BJ!
+!!V)#Z3&d!A80!A3!!@m!!!+b!VAr&3[r&3!N-!!3Bh*jF(4[CQpXC'9bF'&dD!!
+3Bh*jF(4[4QpXC'9b8'&dD!d"G3!"E3!!!V8#Z!&f$!&f!!X!"6TMEfjQ!!)!!!d
+"F`!"E`!!!!!!!2m8#rm8!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J#!A%!!J&h!AJ
+0!AF!!dN!!J+q!ZMr%rm5!AN+ra-!'#jMEh*PBh*PE#SU+LS!!!!!!!#3!!"ZG@a
+X!Im5!!!'!AN!!rm4!AS"H`Vr%3!%#QY[Bf`0!AS!!@d!!!,#!XAr%!Vr%!!%#Q&
+XD@%'!AX!!rm2!A`"I3Vr$`!%#QPZFfJ0!A`!!M3!!!,)!Y$r$J&q#[m1!!3+BfC
+[E!d"IJ!"E`!!!X`#crm0#rm0!$3`!"K[F'9ZFh0XD@jME(9NC@C[E'4PFR"KG'J
+!''p`C@j68da*EQ0XG@4P4QpXC'9b8'&dD!B"I3!$r``"Irm,#[m-!!3+G'mJ)!d
+"I`!#EJ!!!Y-#iJ'!!B%0!B!!!M3!!!,E!Z,r#J'##[m+!!3+CQPXC3d"JJ!"E3!
+!!Yi#i3'$$!'$!!`!"Q0[EQBZD!!#!!!0!B%!!M3!!!,6!Y[r#3'%#[m*!!3+BfC
+[E!d"K!!"E`!!!YF#f[m)#rm)!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J'r`X!!!)
+"H!!#!B8"KJd"K3!#E!!#!ZN#kIm(r`B"r`F!!!(r"J!!!J''!!)"K`')$3'(!!*
+b!!!#k3,d!BN"LJd"L3!#BJ!!!ZN#m!',!B`0!BX!!@m!!!,T!Zcr"3[r"3!N-!!
+3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD!d"M!!"E3!!!Z`#l`'
+0$!'0!!S!"$TNCA-!!J!!$3'+!!&[!!!!!!!!r`3,r`3!&$!!#(4PEA"`BA4S!!K
+dC@e`8'&dD!)"L!!#!Bi"M`d"MJ!$53!#![8$(rm$r`)"N!!+r`-!'#jMEh*PBh*
+PE#SU+LS!!!!!!!#3!!"ZG@aX!Im#!!!'!C!!!!2r!3'4!C)+r`%!"!TVEf0X$3'
+4!!&Y!!!#q3,mr`!+r`!!"!TKE'PK"J'5!!2qr`'6!C3+r[m!"!TTER0S$3'6!!)
+d!!!#r`-(r[i"P3VqrJ!%#Q0QEf`0!C8!!@m!!!-$!`Eqr3[qr3!d-!!BEh"PER0
+cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'!C3
+!!rlm!CEqq`Vqr!!%#R4[)#!0!CB!!Qi!!!-+!aN"P`'B$3'A!!)d!!!$%J-Cr[S
+"Q3VqqJ!%#QCTE'80!CN!!@d!!!-9!aJ"QJ`"QJ!,!!9NCA-ZD!!#!!!0!CJ!!M3
+!!!-+!a,qq3'E#[lj!!3+BfC[E!d"Q`!"E`!!!`i$%Ili#rli!"3`!!KdC@e`F'&
+dD!!)G'9YF&"KG'J'r[X!!!)"M`!#!C`"R3d"R!!#E!!#!b!$)2lhr[B"r[F!!!(
+qpJ!!!J'G!!)"RJ'I$3'H!!*b!!!$)!-V!D!"S3d"S!!#BJ!!!b!$*`'L!D-0!D)
+!!@m!!!-J!b2qp3[qp3!N-!!3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9
+b8'&dD!d"S`!"E3!!!b-$*J'N$!'N!!N!!cTND!!#!!!0!D%!!@m!!!!!!!$qp![
+qp!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S!J'I!!)"T3'Q$3'P!!0*!!)$,!0@r[2
+qmJ'R#[lc!"JZBfpbC@0bC@`U+LSU!!!!!!!!N!!!ER9XE!(qmJ!!"J'R!!2qm3'
+S!DN+r[%!"!TVEf0X$3'S!!&Y!!!$-!-cr[!+r[!!"!TKE'PK"J'T!!2ql`'U!DX
+rZm!"!TTER0S$3'U!!)d!!!$0J-qrZi"V!VqlJ!%#Q0QEf`0!D`!!@m!!!-k!ch
+ql3[ql3!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9
+NC8C[E'4PFP"KG'J'!DX!!rlX!Dhqk`Vql!!%#R4[)#!0!Dd!!Qi!!!0"!e!"VJ'
+[$3'Z!!)d!!!$5303rZS"X!VqkJ!%#QCTE'80!E!!!@d!!!0-!dm"X3`"X3!+!!4
+ND#jS!!)!!!d"V`!#0!!!!d%$5IlT!E)+rZN!"!TMCQpX$3'b!!&[!!!$430)rZJ
+,rZJ!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!Eqk`!!!J'Q!!)"X`'d$3'c!!*X!!)
+$9`0ArZIqjJ(qj`!!!IlQ!!!#!E3!!J'e!EB0!E8!!R)!!!0A!f)"Y`'i$3'h!!*
+L!!!$9`0H!EN"ZJd"Z3!"E`!!!eF$@[lP#rlP!#3`!""MFRP`G'pQEfaNCA*`BA4
+S!""MFRP`G'p'EfaNCA*3BA4S$3'k!!&Y!!!$@J0G!EX-!EX!#J!%1Q4cB3!#!!!
+0!EJ!!@m!!!!!!!$qj![qj!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S!J'f!!)"[!'
+p$3'm!!0*!!)$B`10rZ2qiJ'q#[lM!"JZBfpbC@0bC@`U+LSU!!!!!!!!N!!!ER9
+XE!(qiJ!!"J'q!!2qi3'r!F!+rZ%!"!TVEf0X$3'r!!&Y!!!$C`0UrZ!+rZ!!"!T
+KE'PK"J(!!!2qh`("!F)+rYm!"!TTER0S$3("!!)d!!!$E30erYi"``VqhJ!%#Q0
+QEf`0!F-!!@m!!!0a!h6qh3[qh3!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4
+S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'!F)!!rlF!F6qf`Vqh!!%#R4[)#!
+0!F3!!Qi!!!0i!iF"a3('$3(&!!)d!!!$J!1(rYS"a`VqfJ!%#QCTE'80!FF!!@d
+!!!1$!iB"b!`"b!!,!!9NFf%ZD!!#!!!0!FB!!M3!!!0i!i$qf3(*#[lC!!3+BfC
+[E!d"b3!"E`!!!h`$IrlB#rlB!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J'rYX!!!)
+"[3!#!FS"b`d"bJ!#E!!#!ii$M[lArYB"rYF!!!(qeJ!!!J(,!!)"c!(0$3(-!!*
+b!!!$MJ1C!Fi"c`d"cJ!#BJ!!!ii$P3(3!G%0!G!!!@m!!!11!j(qe3[qe3!N-!!
+3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD!d"d3!"E3!!!j%$P!(
+5$!(5!!S!"$TPFR)!!J!!$3(2!!&[!!!!!!!!rY3,rY3!&$!!#(4PEA"`BA4S!!K
+dC@e`8'&dD!)"c3!#!G-"e!d"d`!$53!#!jS$a2l6rY)"e3Vqd`!B,Q0[FQ9MFQ9
+X+LSU+J!!!!!!!*!!!'jeE'`"rY)!!!B"e3!$rY%"eJ(A#[l4!!3+DfpME!d"eJ!
+"E3!!!ji$SIl3#[l3!!3+B@aTB3B"e`!$rXm"f!(C#[l2!!3+D@jcD!d"f!!#0!!
+!!k3$V2l1!GS+rXi!"!TMCQpX$3(D!!&[!!!$U!1VrXd,rXd!0$!!''p`C@jcFfa
+TEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J(C!!2
+qc!(ErXX+rX`!"!TdEb!J$3(E!!*Z!!!$V`1q!G`"h3d"h!!#0!!!!lF$[[l+!Gi
+rXS!"!TQD@aP$3(H!!&Y!!!$ZJ1p!Gm-!Gm!#`!&CA*b,QJ!!J!!$3(G!!)d!!!
+$V`1hrXN"i!Vqb3!%#Q0QEf`0!H!!!@m!!!1c!lEqb![qb!!8-!!)G'9YF("KG'J
+!#(4PEA"3BA4S"[l,!!!#!G3!!J(K!H)0!H%!!Q`!!J2&!mAqarl'!Il(!!!"rXB
+!!!)"iJ!#!H-"j!d"i`!#FJ!!!m8$d!(P!HB0!H8!!Q)!!!2&!m`"j`(S$3(R!!&
+[!!!$a32)rX8,rX8!*$!!%'0bHA"dEfC[E'4PFR"KG'J!%'0bHA"dEdC[E'4PFP"
+KG'J0!HJ!!@d!!!2)!mX"k3`"k3!+!!3kCAC`!!)!!!d"jJ!"E`!!!!!!!2l%#rl
+%!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J#!H3!!J(U!HX0!HS!!dN!!J24!r[q`rl
+#!H`+rX-!'#jMEh*PBh*PE#SU+LS!!!!!!!#3!!"ZG@aX!Il#!!!'!H`!!rl"!Hd
+"lJVq`3!%#QY[Bf`0!Hd!!@d!!!29!pMq`!Vq`!!%#Q&XD@%'!Hi!!rkr!Hm"m!V
+q[`!%#QPZFfJ0!Hm!!M3!!!2E!q2q[J(a#[kq!!3+BfC[E!d"m3!"E`!!!pm$i[k
+p#rkp!$3`!"K[F'9ZFh0XD@jME(9NC@C[E'4PFR"KG'J!''p`C@j68da*EQ0XG@4
+P4QpXC'9b8'&dD!B"m!!$rV`"m[kl#[km!!3+G'mJ)!d"mJ!#EJ!!!qB$p3(c!I3
+0!I-!!M3!!!2Z!rAqZJ(e#[kk!!3+CQPXC3d"p3!"E3!!!r%$p!(f$!(f!!X!"@9
+fF#jS!!)!!!d"p!!#0!!!!qB$l[kj!IF+rVN!"!TMCQpX$3(h!!&[!!!$kJ2YrVJ
+,rVJ!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!EqZ`!!!J(V!!)"q!(j$3(i!!*X!!)
+$r!2mrVIqYJ(qY`!!!Ikf!!!#!IN!!J(k!IX0!IS!!R)!!!2m"!F"r!(p$3(m!!*
+L!!!$r!3$!Ii"r`d"rJ!"E`!!!r`$rrke#rke!#3`!""MFRP`G'pQEfaNCA*`BA4
+S!""MFRP`G'p'EfaNCA*3BA4S$3(r!!&Y!!!$r`3#!J!-!J!!#`!&1QKYB@-!!J!
+!$3(p!!&[!!!!!!!!rV3,rV3!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!)"q`!#!J%
+#!Jd#!3!$53!#"!J%-[kcrV)#!`VqX`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'j
+eE'`"rV)!!!B#!`!$rV%#"!)&#[ka!!3+DfpME!d#"!!"E3!!"!`%$rk`#[k`!!3
+B@aTB3B#"3!$rUm#"J)(#[k[!!3+D@jcD!d#"J!#0!!!"")%'[kZ!JJ+rUi!"!T
+MCQpX$3))!!&[!!!%&J3CrUd,rUd!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&
+dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J)(!!2qV!)*rUX+rU`!"!TdEb!
+J$3)*!!*Z!!!%(33X!JS##`d##J!#0!!!"#8%,2kU!J`+rUS!"!TQD@aP$3)-!!&
+Y!!!%+!3V!Jd-!Jd!$!!'D'eKBbjS!!)!!!d##`!#0!!!""d%*IkT!Ji+rUN!"!T
+MCQpX$3)1!!&[!!!%)33NrUJ,rUJ!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!EqU`!
+!!J)#!!)#$`)3$3)2!!*X!!)%-`3crUIqTJ(qT`!!!IkQ!!!#!K!!!J)4!K)0!K%
+!!R)!!!3c"$i#%`)8$3)6!!*L!!!%-`3k!K8#&Jd#&3!"E`!!"$-%0[kP#rkP!#3
+`!""MFRP`G'pQEfaNCA*`BA4S!""MFRP`G'p'EfaNCA*3BA4S$3)@!!&Y!!!%0J3
+j!KF-!KF!#`!&1QPNC@%!!J!!$3)8!!&[!!!!!!!!rU3,rU3!&$!!#(4PEA"`BA4
+S!!KdC@e`8'&dD!)#%J!#!KJ#'3d#'!!$53!#"$m%DIkMrU)#'JVqS`!B,Q0[FQ9
+MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"rU)!!!B#'J!$rU%#'`)F#[kK!!3+DfpME!d
+#'`!"E3!!"%-%4[kJ#[kJ!!3+B@aTB3B#(!!$rTm#(3)H#[kI!!3+D@jcD!d#(3!
+#0!!!"%N%8IkH!Km+rTi!"!TMCQpX$3)I!!&[!!!%6343rTd,rTd!0$!!''p`C@j
+cFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J)
+H!!2qR!)JrTX+rT`!"!TdEb!J$3)J!!*Z!!!%9!4M!L%#)Jd#)3!#0!!!"&`%Brk
+D!L-+rTS!"!TQD@aP$3)M!!&Y!!!%A`4L!L3-!L3!$!!'D@4PB5jS!!)!!!d#)J!
+#0!!!"&3%A2kC!L8+rTN!"!TMCQpX$3)P!!&[!!!%@!4ErTJ,rTJ!&$!!#(4PEA"
+`BA4S!!KdC@e`8'&dD!EqQ`!!!J)C!!)#*J)R$3)Q!!*X!!)%DJ4UrTIqPJ(qP`!
+!!Ik@!!!#!LF!!J)S!LN0!LJ!!R)!!!4U"(8#+J)V$3)U!!*L!!!%DJ4a!L`#,3d
+#,!!"E`!!"'S%EIk9#rk9!#3`!""MFRP`G'pQEfaNCA*`BA4S!""MFRP`G'p'Efa
+NCA*3BA4S$3)Y!!&Y!!!%E34`!Li-!Li!$!!'1QaSBA0S!!)!!!d#+`!"E`!!!!!
+!!2k8#rk8!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J#!LN!!J)[!M!0!Lm!!dN!!J4
+f"+$qNrk5!M%+rT-!'#jMEh*PBh*PE#SU+LS!!!!!!!#3!!"ZG@aX!Ik5!!!'!M%
+!!rk4!M)#-`VqN3!%#QY[Bf`0!M)!!@d!!!4k"(hqN!!+rT!!!!3+B@aTB3B#-`!
+$rSm#0!)e#[k2!!3+D@jcD!d#0!!#0!!!")!%L2k1!MB+rSi!"!TMCQpX$3)f!!&
+[!!!%K!5(rSd,rSd!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP0
+66%PZBfaeC'9'EfaNCA*3BA4S"J)e!!2qM!)hrSX+rS`!"!TdEb!J$3)h!!*Z!!!
+%L`5D!MJ#13d#1!!#0!!!"*-%Q[k+!MS+rSS!"!TQD@aP$3)k!!&Y!!!%PJ5C!MX
+-!MX!$3!(E'KKFfJZD!!#!!!0!MN!!M3!!!5,"*2qL3)m#[k*!!3+BfC[E!d#2!!
+"E`!!")m%N[k)#rk)!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J'rSX!!!)#-!!#!Md
+#2Jd#23!#E!!#"+%%SIk(rSB"rSF!!!(qKJ!!!J)q!!)#2`*!$3)r!!*b!!!%S35
+X!N%#3Jd#33!#BJ!!"+%%U!*$!N30!N-!!@m!!!5K"+6qK3[qK3!N-!!3Bh*jF(4
+[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD!d#4!!"E3!!"+3%T`*&$!*&!!S
+!"$TYC$)!!J!!$3*#!!&[!!!!!!!!rS3,rS3!&$!!#(4PEA"`BA4S!!KdC@e`8'&
+dD!)#3!!#!NB#4`d#4J!$53!#"+d%erk$rS)#5!VqJ`!B,Q0[FQ9MFQ9X+LSU+J!
+!!!!!!*!!!'jeE'`"rS)!!!B#5!!$rS%#53*+#[k"!!3+DfpME!d#53!"E3!!",%
+%Y2k!#[k!!!3+B@aTB3B#5J!$rRm#5`*-#[jr!!3+D@jcD!d#5`!#0!!!",F%[rj
+q!Nd+rRi!"!TMCQpX$3*0!!&[!!!%Z`5qrRd,rRd!0$!!''p`C@jcFfaTEQ0XG@4
+PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J*-!!2qI!*1rRX
+rR`!"!TdEb!J$3*1!!*Z!!!%`J64!Nm#8!d#6`!#0!!!"-S%dIjk!P%+rRS!"!T
+QD@aP$3*4!!&Y!!!%c363!P)-!P)!#`!&E@3b,QJ!!J!!$3*3!!)d!!!%`J6+rRN
+#8`VqH3!%#Q0QEf`0!P-!!@m!!!6'"-RqH![qH!!8-!!)G'9YF("KG'J!#(4PEA"
+3BA4S"[jl!!!#!NF!!J*8!P80!P3!!Q`!!J6B"0MqGrjf!Ijh!!!"rRB!!!)#93!
+#!PB#9`d#9J!#FJ!!"0J%i`*B!PN0!PJ!!Q)!!!6B"0m#@J*E$3*D!!&[!!!%f!6
+ErR8,rR8!*$!!%'0bHA"dEfC[E'4PFR"KG'J!%'0bHA"dEdC[E'4PFP"KG'J0!PX
+!!@d!!!6E"0i#A!`#A!!+!!3kE@3e!!)!!!d#@3!"E`!!!!!!!2jd#rjd!"3`!!K
+dC@e`F'&dD!!)G'9YF&"KG'J#!PF!!J*G!Pi0!Pd!!dN!!J6N"3lqFrjb!Pm+rR-
+!'#jMEh*PBh*PE#SU+LS!!!!!!!#3!!"ZG@aX!Ijb!!!'!Pm!!rja!Q!#B3VqF3!
+%#QY[Bf`0!Q!!!@d!!!6S"1[qF!VqF!!%#Q&XD@%'!Q%!!rj[!Q)#B`VqE`!%#QP
+ZFfJ0!Q)!!M3!!!6Z"2EqEJ*N#[jZ!!3+BfC[E!d#C!!"E`!!"2)%pIjY#rjY!$3
+`!"K[F'9ZFh0XD@jME(9NC@C[E'4PFR"KG'J!''p`C@j68da*EQ0XG@4P4QpXC'9
+b8'&dD!B#B`!$rQ`#CIjV#[jX!!3+G'mJ)!d#C3!#EJ!!"2N&#!*Q!QF0!QB!!M3
+!!!8""3MqDJ*S#[jU!!3+CQPXC3d#D!!"E3!!"33&"`*T$!*T!!X!"@eN05jS!!)
+!!!d#C`!#0!!!"2N&!IjT!QS+rQN!"!TMCQpX$3*U!!&[!!!%r38!rQJ,rQJ!&$!
+!#(4PEA"`BA4S!!KdC@e`8'&dD!EqD`!!!J*H!!)#D`*X$3*V!!*X!!)&$`82rQI
+qCJ(qC`!!!IjQ!!!#!Q`!!J*Y!Qi0!Qd!!R)!!!82"4S#E`*`$3*[!!*L!!!&$`8
+@!R%#FJd#F3!"E`!!"3m&%[jP#rjP!#3`!""MFRP`G'pQEfaNCA*`BA4S!""MFRP
+`G'p'EfaNCA*3BA4S$3*b!!&Y!!!&%J89!R--!R-!#`!&1QeNBc)!!J!!$3*`!!&
+[!!!!!!!!rQ3,rQ3!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!)#EJ!#!R3#G3d#G!!
+$53!#"4X&4IjMrQ)#GJVqB`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"rQ)
+!!!B#GJ!$rQ%#G`*i#[jK!!3+DfpME!d#G`!"E3!!"4m&)[jJ#[jJ!!3+B@aTB3B
+#H!!$rPm#H3*k#[jI!!3+D@jcD!d#H3!#0!!!"58&,IjH!RX+rPi!"!TMCQpX$3*
+l!!&[!!!&+38XrPd,rPd!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"
+PEP066%PZBfaeC'9'EfaNCA*3BA4S"J*k!!2qA!*mrPX+rP`!"!TdEb!J$3*m!!*
+Z!!!&-!8r!Rd#IJd#I3!#0!!!"6J&2rjD!Rm+rPS!"!TQD@aP$3*r!!&Y!!!&1`8
+q!S!-!S!!$!!'E@4M-LjS!!)!!!d#IJ!#0!!!"6!&12jC!S%+rPN!"!TMCQpX$3+
+"!!&[!!!&0!8hrPJ,rPJ!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!Eq@`!!!J*e!!)
+#JJ+$$3+#!!*X!!)&4J9'rPIq9J(q9`!!!Ij@!!!#!S-!!J+%!S80!S3!!R)!!!9
+'"9%#KJ+($3+'!!*L!!!&4J90!SJ#L3d#L!!"E`!!"8B&5Ij9#rj9!#3`!""MFRP
+`G'pQEfaNCA*`BA4S!""MFRP`G'p'EfaNCA*3BA4S$3+*!!&Y!!!&539-!SS-!SS
+!$J!)1QpLDQ9MG(-!!J!!$3+(!!&[!!!!!!!!rP3,rP3!&$!!#(4PEA"`BA4S!!K
+dC@e`8'&dD!)#K3!#!SX#M!d#L`!$53!#"9)&I2j6rP)#M3Vq8`!B,Q0[FQ9MFQ9
+X+LSU+J!!!!!!!*!!!'jeE'`"rP)!!!B#M3!$rP%#MJ+2#[j4!!3+DfpME!d#MJ!
+"E3!!"9B&@Ij3#[j3!!3+B@aTB3B#M`!$rNm#N!!#N3Vq6`!%#QPZFfJ0!T!!!!)
+d!!!&A!9NrNi#NJVq6J!%#Q0QEf`0!T)!!@m!!!9J"@2q63[q63!d-!!BEh"PER0
+cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'!T%
+!!rj-!T2q5`Vq6!!%#R4[)#!0!T-!!Qi!!!9R"AB#P!+9$3+8!!)d!!!&E`9frNS
+#PJVq5J!%#QCTE'80!TB!!@d!!!9b"A8#P``#P`!2!!P[BQTPBh4c,QJ!!J!!$3+
+9!!)d!!!&C`9[rNN#Q!Vq53!%#Q0QEf`0!TJ!!@m!!!9V"@lq5![q5!!8-!!)G'9
+YF("KG'J!#(4PEA"3BA4S"[j,!!!#!S`!!J+C!TS0!TN!!Q`!!J9p"Ahq4rj'!Ij
+(!!!"rNB!!!)#QJ!#!TX#R!d#Q`!#FJ!!"Ad&L!+G!Ti0!Td!!Q)!!!9p"B3#R`+
+J$3+I!!&[!!!&I3@!rN8,rN8!*$!!%'0bHA"dEfC[E'4PFR"KG'J!%'0bHA"dEdC
+[E'4PFP"KG'J0!U!!!@d!!!@!"B-#S3`#S3!+!!3kF'9Y!!)!!!d#RJ!"E`!!!!!
+!!2j%#rj%!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J#!T`!!J+L!U-0!U)!!dN!!J@
+*"E2q3rj#!U3+rN-!'#jMEh*PBh*PE#SU+LS!!!!!!!#3!!"ZG@aX!Ij#!!!'!U3
+!!rj"!U8#TJVq33!%#QY[Bf`0!U8!!@d!!!@0"C!!rN!+rN!!"!TKE'PK"J+Q!!2
+q2`+R!UJ+rMm!"!TTER0S$3+R!!)d!!!&N`@ErMi#U3Vq2J!%#Q0QEf`0!UN!!@m
+!!!@A"CVq23[q23!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0
+-5@jME(9NC8C[E'4PFP"KG'J'!UJ!!rim!UVq1`Vq2!!%#R4[)#!0!US!!Qi!!!@
+H"Dd#U`+X$3+V!!)d!!!&TJ@YrMS#V3Vq1J!%#QCTE'80!Ud!!@d!!!@T"D`#VJ`
+#VJ!,!!9`C@dZD!!#!!!0!U`!!M3!!!@H"DEq13+[#[ij!!3+BfC[E!d#V`!"E`!
+!"D)&TIii#rii!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J'rMX!!!)#S`!#!V!#X3d
+#X!!$53!#"E3&h[ihrMB#XJVq0`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`
+"rMB!!!B#XJ!$rM8#X`+d#[ie!!3+DfpME!d#X`!"E3!!"EJ&Zrid#[id!!3+B@a
+TB3B#Y!!$rM-#Y3+f#[ic!!3+D@jcD!d#Y3!#0!!!"Ei&a[ib!VF+rM)!"!TMCQp
+X$3+h!!&[!!!&`JA&rM%,rM%!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!
+BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J+f!!2q-!+irLm+rM!!"!TdEb!J$3+
+i!!*Z!!!&b3AB!VN#ZJd#Z3!#0!!!"G%&f2iZ!VX+rLi!"!TQD@aP$3+l!!&Y!!!
+&e!AA!V`-!V`!$!!'F'9Y-LjS!!)!!!d#ZJ!#0!!!"FN&dIiY!Vd+rLd!"!TMCQp
+X$3+p!!&[!!!&c3A3rL`,rL`!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!Eq,`!!!J+
+a!!)#[J+r$3+q!!*X!!)&h`AIrL[q+J(q+`!!!IiU!!!#!Vm!!J,!!X%0!X!!!R)
+!!!AI"HS#`J,$$3,#!!*L!!!&h`AQ!X3#a3d#a!!"E`!!"Gm&i[iT#riT!#3`!""
+MFRP`G'pQEfaNCA*`BA4S!""MFRP`G'p'EfaNCA*3BA4S$3,&!!&Y!!!&iJAP!XB
+-!XB!$3!(1R"VBh-a-J!#!!!0!X-!!@m!!!!!!!$q+![q+!!8-!!)G'9YF("KG'J
+!#(4PEA"3BA4S!J,"!!)#a`,)$3,(!!0*!!)&k`B9rLIq*J,*#[iR!"JZBfpbC@0
+bC@`U+LSU!!!!!!!!N!!!ER9XE!(q*J!!"J,*!!2q*3,+!XX+rL8!"!TVEf0X$3,
+!!&Y!!!&l`AbrL3+rL3!"!TKE'PK"J,,!!2q)`,-!Xd+rL-!"!TTER0S$3,-!!)
+d!!!&p3AprL)#cJVq)J!%#Q0QEf`0!Xi!!@m!!!Aj"Icq)3[q)3!d-!!BEh"PER0
+cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'!Xd
+!!riJ!Xrq(`Vq)!!%#R4[)#!0!Xm!!Qi!!!B!"Jm#d!,4$3,3!!)d!!!'#!B2rKi
+#dJVq(J!%#QCTE'80!Y)!!@d!!!B,"Ji#d``#d`!1!!K`Df0c-6)ZD!!#!!!0!Y%
+!!M3!!!B!"JMq(3,8#[iG!!3+BfC[E!d#e!!"E`!!"J3'"riF#riF!"3`!!KdC@e
+`F'&dD!!)G'9YF&"KG'J'rKm!!!)#b!!#!Y8#eJd#e3!#E!!#"KB'&[iErKS"rKX
+!!!(q'J!!!J,@!!)#e`,B$3,A!!*b!!!'&JBK!YN#fJd#f3!#BJ!!"KB'(3,E!Y`
+0!YX!!@m!!!B@"KRq'3[q'3!N-!!3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4Qp
+XC'9b8'&dD!d#h!!"E3!!"KN'(!,G$!,G!!`!"MT`Df0c0`!#!!!0!YS!!@m!!!!
+!!!$q'![q'!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S!J,B!!)#hJ,I$3,H!!0*!!)
+')JC-rKIq&J,J#[iA!"JZBfpbC@0bC@`U+LSU!!!!!!!!N!!!ER9XE!(q&J!!"J,
+J!!2q&3,K!Z)+rK8!"!TVEf0X$3,K!!&Y!!!'*JBTrK3+rK3!"!TKE'PK"J,L!!2
+q%`,M!Z3+rK-!"!TTER0S$3,M!!)d!!!',!BdrK)#j3Vq%J!%#Q0QEf`0!Z8!!@m
+!!!B`"M2q%3[q%3!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0
+-5@jME(9NC8C[E'4PFP"KG'J'!Z3!!ri3!ZEq$`Vq%!!%#R4[)#!0!ZB!!Qi!!!B
+h"NB#j`,S$3,R!!)d!!!'2`C'rJi#k3Vq$J!%#QCTE'80!ZN!!@d!!!C#"N8#kJ`
+#kJ!0!!G`Df0c0bjS!!)!!!d#k!!#0!!!"MF'2ri0!ZX+rJd!"!TMCQpX$3,V!!&
+[!!!'1`BqrJ`,rJ`!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!Eq$`!!!J,I!!)#l!,
+Y$3,X!!*X!!)'63C0rJ[q#J(q#`!!!Ii+!!!#!Zd!!J,Z!Zm0!Zi!!R)!!!C0"PJ
+#m!,a$3,`!!*L!!!'63C8![)#m`d#mJ!"E`!!"Nd'82i*#ri*!#3`!""MFRP`G'p
+QEfaNCA*`BA4S!""MFRP`G'p'EfaNCA*3BA4S$3,c!!&Y!!!'8!C6![3-![3!#`!
+&1R*KEQ3!!J!!$3,a!!&[!!!!!!!!rJJ,rJJ!&$!!#(4PEA"`BA4S!!KdC@e`8'&
+dD!)#l`!#![8#pJd#p3!$53!#"PN'Jri(rJB#p`Vq"`!B,Q0[FQ9MFQ9X+LSU+J!
+!!!!!!*!!!'jeE'`"rJB!!!B#p`!$rJ8#q!,j#[i&!!3+DfpME!d#q!!"E3!!"Pd
+'B2i%#[i%!!3+B@aTB3B#q3!$rJ-#qJ,l#[i$!!3+D@jcD!d#qJ!#0!!!"Q-'Dri
+#![`+rJ)!"!TMCQpX$3,m!!&[!!!'C`CUrJ%,rJ%!0$!!''p`C@jcFfaTEQ0XG@4
+PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J,l!!2q!!,prIm
+rJ!!"!TdEb!J$3,p!!*Z!!!'EJCp![i#r`d#rJ!#0!!!"RB'IIhq!`!+rIi!"!T
+QD@aP$3-!!!&Y!!!'H3Cm!`%-!`%!$!!'FQ&ZC#jS!!)!!!d#r`!#0!!!"Qi'G[h
+p!`)+rId!"!TMCQpX$3-#!!&[!!!'FJCerI`,rI`!&$!!#(4PEA"`BA4S!!KdC@e
+`8'&dD!Epr`!!!J,f!!)$!`-%$3-$!!*X!!)'K!D%rI[pqJ(pq`!!!Ihk!!!#!`3
+!!J-&!`B0!`8!!R)!!!D%"Sm$"`-)$3-(!!*L!!!'K!D,!`N$#Jd$#3!"E`!!"S3
+'Krhj#rhj!#3`!""MFRP`G'pQEfaNCA*`BA4S!""MFRP`G'p'EfaNCA*3BA4S$3-
+!!&Y!!!'K`D+!`X-!`X!#J!%1R*M-J!#!!!0!`J!!@m!!!!!!!$pq![pq!!8-!!
+)G'9YF("KG'J!#(4PEA"3BA4S!J-'!!)$$!-0$3--!!0*!!)'N!!'Z[hhrIB$$JV
+pp`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"rIB!!!B$$J!$rI8$$`-3#[h
+e!!3+DfpME!d$$`!"E3!!"T3'Prhd#[hd!!3+B@aTB3B$%!!$rI-$%3-5#[hc!!3
+D@jcD!d$%3!#0!!!"TS'S[hb!a-+rI)!"!TMCQpX$3-6!!&[!!!'RJDKrI%,rI%
+!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'Efa
+NCA*3BA4S"J-5!!2pm!-8rHm+rI!!"!TdEb!J$3-8!!*Z!!!'T3Dd!a8$&Jd$&3!
+#0!!!"Ud'Y2hZ!aF+rHi!"!TQD@aP$3-A!!&Y!!!'X!Dc!aJ-!aJ!#`!&FQ-b,QJ
+!!J!!$3-@!!)d!!!'T3DYrHd$'3Vpl3!%#Q0QEf`0!aN!!@m!!!DT"Ucpl![pl!!
+8-!!)G'9YF("KG'J!#(4PEA"3BA4S"[h[!!!#!`d!!J-D!aX0!aS!!Q`!!JDl"V[
+pkrhU!IhV!!!"rHS!!!)$'`!#!a`$(3d$(!!#FJ!!"VX'aJ-H!am0!ai!!Q)!!!D
+l"X)$)!-K$3-J!!&[!!!'Z`DqrHN,rHN!*$!!%'0bHA"dEfC[E'4PFR"KG'J!%'0
+bHA"dEdC[E'4PFP"KG'J0!b%!!@d!!!Dq"X%$)J`$)J!+!!3kFQ-d!!)!!!d$(`!
+"E`!!!!!!!2hS#rhS!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J#!ad!!J-M!b30!b-
+!!dN!!JE("[(pjrhQ!b8+rHF!'#jMEh*PBh*PE#SU+LS!!!!!!!#3!!"ZG@aX!Ih
+Q!!!'!b8!!rhP!bB$*`Vpj3!%#QY[Bf`0!bB!!@d!!!E,"Xlpj!Vpj!!%#Q&XD@%
+'!bF!!rhM!bJ$+3Vpi`!%#QPZFfJ0!bJ!!M3!!!E4"YRpiJ-U#[hL!!3+BfC[E!d
+$+J!"E`!!"Y8'f2hK#rhK!$3`!"K[F'9ZFh0XD@jME(9NC@C[E'4PFR"KG'J!''p
+`C@j68da*EQ0XG@4P4QpXC'9b8'&dD!B$+3!$rH!$+rhI#[hJ!!3+G'mJ)!d$+`!
+#EJ!!"Y`'k`-X!bd0!b`!!M3!!!EN"Z[phJ-Z#[hH!!3+CQPXC3d$,J!"E3!!"ZF
+'kJ-[$!-[!!X!"A*M0#jS!!)!!!d$,3!#0!!!"Y`'j2hG!c!+rGd!"!TMCQpX$3-
+`!!&[!!!'i!EMrG`,rG`!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!Eph`!!!J-N!!)
+$-3-b$3-a!!*X!!)'mJEbrG[pfJ(pf`!!!IhD!!!#!c)!!J-c!c30!c-!!R)!!!E
+b"[d$03-f$3-e!!*L!!!'mJEj!cF$1!d$0`!"E`!!"[)'pIhC#rhC!#3`!""MFRP
+`G'pQEfaNCA*`BA4S!""MFRP`G'p'EfaNCA*3BA4S$3-i!!&Y!!!'p3Ei!cN-!cN
+!#J!%1R*M03!#!!!0!cB!!@m!!!!!!!$pf![pf!!8-!!)G'9YF("KG'J!#(4PEA"
+3BA4S!J-d!!)$1J-l$3-k!!0*!!)'rJFSrGIpeJ-m#[hA!"JZBfpbC@0bC@`U+LS
+U!!!!!!!!N!!!ER9XE!(peJ!!"J-m!!2pe3-p!ci+rG8!"!TVEf0X$3-p!!&Y!!!
+(!JF&rG3+rG3!"!TKE'PK"J-q!!2pd`-r!d!+rG-!"!TTER0S$3-r!!)d!!!(#!F
+3rG)$33VpdJ!%#Q0QEf`0!d%!!@m!!!F-"`rpd3[pd3!d-!!BEh"PER0cE'PZBfa
+eC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'!d!!!rh3!d,
+pc`Vpd!!%#R4[)#!0!d)!!Qi!!!F6"b)$3`0%$30$!!)d!!!('`FLrFi$43VpcJ!
+%#QCTE'80!d8!!@d!!!FH"b%$4J`$4J!,!!9bBc8ZD!!#!!!0!d3!!M3!!!F6"a[
+pc30(#[h0!!3+BfC[E!d$4`!"E`!!"aF('[h-#rh-!"3`!!KdC@e`F'&dD!!)G'9
+YF&"KG'J'rFm!!!)$1`!#!dJ$53d$5!!#E!!#"bN(+Ih,rFS"rFX!!!(pbJ!!!J0
+*!!)$5J0,$30+!!*b!!!(+3Fd!d`$63d$6!!#BJ!!"bN(-!01!dm0!di!!@m!!!F
+T"bcpb3[pb3!N-!!3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD!d
+$6`!"E3!!"b`(,`03$!03!!d!"cTbDA"PE@3!!J!!$300!!&[!!!!!!!!rFJ,rFJ
+!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!)$5`!#!e%$8Jd$83!$53!#"c8(Arh(rFB
+$8`Vpa`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"rFB!!!B$8`!$rF8$9!0
+9#[h&!!3+DfpME!d$9!!"E3!!"cN(22h%#[h%!!3+B@aTB3B$93!$rF-$9J0A#[h
+$!!3+D@jcD!d$9J!#0!!!"cm(4rh#!eJ+rF)!"!TMCQpX$30B!!&[!!!(3`G'rF%
+,rF%!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9
+'EfaNCA*3BA4S"J0A!!2p`!0CrEm+rF!!"!TdEb!J$30C!!*Z!!!(5JGC!eS$@`d
+$@J!#0!!!"e)(@Ifq!e`+rEi!"!TQD@aP$30F!!&Y!!!(93GB!ed-!ed!$J!)FQP
+`C@eN,QJ!!J!!$30E!!)d!!!(5JG5rEd$AJVp[3!%#Q0QEf`0!ei!!@m!!!G1"e(
+p[![p[!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S"[fr!!!#!e)!!J0I!f!0!em!!Q`
+!!JGJ"f$pZrfk!Ifl!!!"rES!!!)$B!!#!f%$BJd$B3!#FJ!!"f!(D`0M!f30!f-
+!!Q)!!!GJ"fF$C30Q$30P!!&[!!!(B!GMrEN,rEN!*$!!%'0bHA"dEfC[E'4PFR"
+KG'J!%'0bHA"dEdC[E'4PFP"KG'J0!fB!!@d!!!GM"fB$C``$C`!+!!3kFR0K!!)
+!!!d$C!!"E`!!!!!!!2fi#rfi!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J#!f)!!J0
+S!fN0!fJ!!dN!!JGX"jEpYrff!fS+rEF!'#jMEh*PBh*PE#SU+LS!!!!!!!#3!!"
+ZG@aX!Iff!!!'!fS!!rfe!fX$E!VpY3!%#QY[Bf`0!fX!!@d!!!G`"h2pY!VpY!!
+%#Q&XD@%'!f`!!rfc!fd$EJVpX`!%#QPZFfJ0!fd!!M3!!!Gf"hlpXJ0[#[fb!!3
+BfC[E!d$E`!"E`!!"hS(IIfa#rfa!$3`!"K[F'9ZFh0XD@jME(9NC@C[E'4PFR"
+KG'J!''p`C@j68da*EQ0XG@4P4QpXC'9b8'&dD!B$EJ!$rE!$F2f[#[f`!!3+G'm
+J)!d$F!!#EJ!!"i%(N!!$F30b$30a!!)d!!!(L3H3!2fZ!h-+rDi!"!TQD@aP$30
+c!!&Y!!!(M!H2!h3-!h3!#`!&FR0K,QJ!!J!!$30b!!)d!!!(J3H*rDd$G3VpV3!
+%#Q0QEf`0!h8!!@m!!!H&"iMpV![pV!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S"[f
+[!!!#!fN!!J0f!hF0!hB!!Q`!!JHA"jIpUrfU!IfV!!!"rDS!!!)$G`!#!hJ$H3d
+$H!!#FJ!!"jF(SJ0k!hX0!hS!!Q)!!!HA"ji$I!0p$30m!!&[!!!(P`HDrDN,rDN
+!*$!!%'0bHA"dEfC[E'4PFR"KG'J!%'0bHA"dEdC[E'4PFP"KG'J0!hd!!@d!!!H
+D"jd$IJ`$IJ!-!!BkFh4KBfX!!J!!$30l!!&[!!!!!!!!rDJ,rDJ!&$!!#(4PEA"
+`BA4S!!KdC@e`8'&dD!)$H3!#!hm$J!d$I`!$53!#"k-(cIfRrDB$J3VpT`!B,Q0
+[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"rDB!!!B$J3!$rD8$JJ1$#[fP!!3+Dfp
+ME!d$JJ!"E3!!"kF(U[fN#[fN!!3+B@aTB3B$J`!$rD-$K!1&#[fM!!3+D@jcD!d
+$K!!#0!!!"kd(YIfL!iB+rD)!"!TMCQpX$31'!!&[!!!(X3HdrD%,rD%!0$!!''p
+`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4
+S"J1&!!2pS!1(rCm+rD!!"!TdEb!J$31(!!*Z!!!(Z!I(!iJ$L3d$L!!#0!!!"m!
+(arfH!iS+rCi!"!TQD@aP$31+!!&Y!!!(``I'!iX-!iX!$3!(Fh4KBfXZD!!#!!!
+0!iN!!M3!!!Hi"m$pR31-#[fG!!3+BfC[E!d$M!!"E`!!"l`([rfF#rfF!"3`!!K
+dC@e`F'&dD!!)G'9YF&"KG'J'rCm!!!)$J!!#!id$MJd$M3!$53!#"mi(q2fErCS
+$M`VpQ`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"rCS!!!B$M`!$rCN$N!!
+$N3VpQ3!%#QY[Bf`0!j!!!!&Y!!!(dJI9rCJ+rCJ!"!TKE'PK"J14!!2pP`15!j-
+rCF!"!TTER0S$315!!)d!!!(f!IJrCB$P!VpPJ!%#Q0QEf`0!j3!!@m!!!IF"pr
+pP3[pP3!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9
+NC8C[E'4PFP"KG'J'!j-!!rf8!jApN`VpP!!%#R4[)#!0!j8!!Qi!!!IM"r)$PJ1
+A$31@!!)d!!!(k`IbrC)$Q!VpNJ!%#QCTE'80!jJ!!@d!!!IZ"r%$Q3`$Q3!4!!Y
+cB@CPFh4KBfXZD!!#!!!0!jF!!M3!!!IM"q[pN31D#[f4!!3+BfC[E!d$QJ!"E`!
+!"qF(k[f3!![pN!!!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!EpN`!!!J11!!)$Q`1
+F$31E!!*X!!)(q3IjrBrpMJ(pM`!!!If1!!!#!j`!!J1G!ji0!jd!!R)!!!Ij#!3
+$R`1J$31I!!*L!!!(q3J!!k%$SJd$S3!"E`!!"rN(r2f0#rf0!#3`!""MFRP`G'p
+QEfaNCA*`BA4S!""MFRP`G'p'EfaNCA*3BA4S$31L!!&Y!!!(r!Ir!k--!k-!#J!
+%1R0SB3!#!!!0!k!!!@m!!!!!!!$pM![pM!!8-!!)G'9YF("KG'J!#(4PEA"3BA4
+S!J1H!!)$T!1P$31N!!0*!!))"3J[rB[pLJ1Q#[f,!"JZBfpbC@0bC@`U+LSU!!!
+!!!!!N!!!ER9XE!(pLJ!!"J1Q!!2pL31R!kJ+rBN!"!TVEf0X$31R!!&Y!!!)#3J
+-rBJ+rBJ!"!TKE'PK"J1S!!2pK`1T!kS+rBF!"!TTER0S$31T!!)d!!!)$`JArBB
+$U`VpKJ!%#Q0QEf`0!kX!!@m!!!J6#"EpK3[pK3!d-!!BEh"PER0cE'PZBfaeC'9
+QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'!kS!!rf%!kcpJ`V
+pK!!%#R4[)#!0!k`!!Qi!!!JD##N$V31Z$31Y!!)d!!!))JJTrB)$V`VpJJ!%#QC
+TE'80!km!!@d!!!JP##J$X!`$X!!,!!9cD'%ZD!!#!!!0!ki!!M3!!!JD##,pJ31
+a#[f"!!3+BfC[E!d$X3!"E`!!#"i))If!#rf!!"3`!!KdC@e`F'&dD!!)G'9YF&"
+KG'J'rB-!!!)$T3!#!l)$X`d$XJ!#E!!##$!)-2errAi"rAm!!!(pIJ!!!J1c!!)
+$Y!1e$31d!!*b!!!)-!Jl!lB$Y`d$YJ!#BJ!!#$!)0`1i!lN0!lJ!!@m!!!J`#$2
+pI3[pI3!N-!!3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD!d$Z3!
+"E3!!#$-)0J1k$!1k!!d!"cTdH(4IC')!!J!!$31h!!&[!!!!!!!!rA`,rA`!&$!
+!#(4PEA"`BA4S!!KdC@e`8'&dD!)$Y3!#!lX$[!d$Z`!$53!##$`)C[elrAS$[3V
+pH`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"rAS!!!B$[3!$rAN$[J1r#[e
+j!!3+DfpME!d$[J!"E3!!#%!)3rei#[ei!!3+B@aTB3B$[`!$rAF$`!2"#[eh!!3
+D@jcD!d$`!!#0!!!#%B)6[ef!m)+rAB!"!TMCQpX$32#!!&[!!!)5JK0rA8,rA8
+!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'Efa
+NCA*3BA4S"J2"!!2pG!2$rA-+rA3!"!TdEb!J$32$!!*Z!!!)83KJ!m3$a3d$a!!
+#0!!!#&N)B2eb!mB+rA)!"!TQD@aP$32'!!&Y!!!)A!KI!mF-!mF!$J!)G(KdAf4
+L,QJ!!J!!$32&!!)d!!!)83KCrA%$b!VpF3!%#Q0QEf`0!mJ!!@m!!!K9#&MpF![
+pF!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S"[ec!!!#!l`!!J2*!mS0!mN!!Q`!!JK
+R#'IpEreZ!Ie[!!!"r@i!!!)$bJ!#!mX$c!d$b`!#FJ!!#'F)FJ20!mi0!md!!Q)
+!!!KR#'i$c`23$322!!&[!!!)C`KUr@d,r@d!*$!!%'0bHA"dEfC[E'4PFR"KG'J
+!%'0bHA"dEdC[E'4PFP"KG'J0!p!!!@d!!!KU#'d$d3`$d3!,!!8kH$8`13!#!!!
+0!mi!!@m!!!!!!!$pE![pE!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S!J2-!!)$dJ2
+6$325!!0*!!))F`LGr@[pDJ28#[eV!"JZBfpbC@0bC@`U+LSU!!!!!!!!N!!!ER9
+XE!(pDJ!!"J28!!2pD329!pB+r@N!"!TVEf0X$329!!&Y!!!)G`Kkr@J+r@J!"!T
+KE'PK"J2@!!2pC`2A!pJ+r@F!"!TTER0S$32A!!)d!!!)I3L&r@B$f3VpCJ!%#Q0
+QEf`0!pN!!@m!!!L"#)6pC3[pC3!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4
+S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'!pJ!!reN!pVpB`VpC!!%#R4[)#!
+0!pS!!Qi!!!L)#*F$f`2F$32E!!)d!!!)N!!)PreL!pd+r@)!"!TQD@aP$32G!!&
+Y!!!)N`L@!pi-!pi!$!!'H$8`15jS!!)!!!d$h!!#0!!!#)J)N!$pB32I#[eK!!3
+BfC[E!d$h`!"E`!!#)`)MreJ#reJ!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J'r@-
+!!!)$d`!#!q!$i3d$i!!$53!##*i)b2eIr9i$iJVpA`!B,Q0[FQ9MFQ9X+LSU+J!
+!!!!!!*!!!'jeE'`"r9i!!!B$iJ!$r9d$i`2N#[eG!!3+DfpME!d$i`!"E3!!#+)
+)TIeF#[eF!!3+B@aTB3B$j!!$r9X$j32Q#[eE!!3+D@jcD!d$j3!#0!!!#+J)X2e
+D!qF+r9S!"!TMCQpX$32R!!&[!!!)V!L[r9N,r9N!0$!!''p`C@jcFfaTEQ0XG@4
+PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J2Q!!2p@!2Sr9F
+r9J!"!TdEb!J$32S!!*Z!!!)X`M#!qN$kJd$k3!#0!!!#,X)`[e@!qX+r9B!"!T
+QD@aP$32V!!&Y!!!)[JM"!q`-!q`!%!!+H$8`19pfCRNZD!!#!!!0!qS!!M3!!!L
+c#,[p932Y#[e9!!3+BfC[E!d$l3!"E`!!#,F)Z[e8#re8!"3`!!KdC@e`F'&dD!!
+)G'9YF&"KG'J'r9F!!!)$i3!#!qi$l`d$lJ!#E!!##-N)bIe6r9)"r9-!!!(p8J!
+!!J2[!!)$m!2a$32`!!*b!!!)b3M8!r)$m`d$mJ!#BJ!!#-N)d!2d!r80!r3!!@m
+!!!M*#-cp83[p83!N-!!3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&
+dD!d$p3!"E3!!#-`)c`2f$!2f!!d!"cTi06!jGM-!!J!!$32c!!&[!!!!!!!!r9!
+,r9!!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!)$m3!#!rF$q!d$p`!$53!##08)rre
+2r8i$q3Vp6`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"r8i!!!B$q3!$r8d
+$qJ2l#[e0!!3+DfpME!d$qJ!"E3!!#0N)h2e-#[e-!!3+B@aTB3B$q`!$r8X$r!2
+p#[e,!!3+D@jcD!d$r!!#0!!!#0m)jre+!ri+r8S!"!TMCQpX$32q!!&[!!!)i`M
+Qr8N,r8N!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%PZBfa
+eC'9'EfaNCA*3BA4S"J2p!!2p5!2rr8F+r8J!"!TdEb!J$32r!!*Z!!!)kJMj"!!
+%!3d%!!!#0!!!#2))qIe'"!)+r8B!"!TQD@aP$33#!!&Y!!!)p3Mi"!--"!-!$J!
+)H$8`1ABc,QJ!!J!!$33"!!)d!!!)kJMbr88%"!Vp43!%#Q0QEf`0"!3!!@m!!!M
+Z#2(p4![p4!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S"[e(!!!#!rJ!!J3&"!B0"!8
+!!Q`!!JN!#3$p3re#!Ie$!!!"r8)!!!)%"J!#"!F%#!d%"`!$53!##3!*+[e"r8!
+%#3Vp33!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"r8!!!!B%#3!$r6m%#J3
+,#[dr!!3+DfpME!d%#J!"E3!!#33*"rdq#[dq!!3+B@aTB3B%#`!$r6d%$!30#[d
+p!!3+D@jcD!d%$!!#0!!!#3S*%[dm"!i+r6`!"!TMCQpX$331!!&[!!!*$JN4r6X
+,r6X!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9
+'EfaNCA*3BA4S"J30!!2p1J32r6N+r6S!"!TdEb!J$332!!*Z!!!*&3NN""!%%3d
+%%!!#0!!!#4d**2di"")+r6J!"!TQD@aP$335!!&Y!!!*)!NM""--""-!#`!&Fh0
+X,QJ!!J!!$334!!)d!!!*&3NGr6F%&!Vp0`!%#Q0QEf`0""3!!@m!!!NC#4cp0J[
+p0J!H-!!0Fh0XCQpXC'9bF'&dD!!0Fh0X4QpXC'9b8'&dD!Ep13!!!J3)!!)%&33
+@$339!!0*!!)*+`P9r6Ap0!3A#[de!"JZBfpbC@0bC@`U+LSU!!!!!!!!N!!!ER9
+XE!(p0!!!"J3A!!2p-`3B""N+r6-!"!TVEf0X$33B!!&Y!!!*,`Nbr6)+r6)!"!T
+KE'PK"J3C!!2p-33D""X+r6%!"!TTER0S$33D!!)d!!!*03Npr6!%(!Vp-!!%#Q0
+QEf`0""`!!@m!!!Nj#6cp,`[p,`!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4
+S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'""X!!rdZ""hp,3Vp,J!%#R4[)#!
+0""d!!Qi!!!P!#8m%(J3I$33H!!)d!!!*5!P2r5`%)!Vp,!!%#QCTE'80"#!!!@d
+!!!P,#8i%)3`%)3!-!!CcFf`b,QJ!!J!!$33I!!)d!!!*3!P)r5X%)JVp+`!%#Q0
+QEf`0"#)!!@m!!!P%#8Ip+J[p+J!H-!!0Fh0XCQpXC'9bF'&dD!!0Fh0X4QpXC'9
+b8'&dD!Ep,3!!!J3@!!)%)`3N$33M!!0*!!)*9JQ!r5Rp+!3P#[dT!"JZBfpbC@0
+bC@`U+LSU!!!!!!!!N!!!ER9XE!(p+!!!"J3P!!2p*`3Q"#F+r5F!"!TVEf0X$33
+Q!!&Y!!!*@JPGr5B+r5B!"!TKE'PK"J3R!!2p*33S"#N+r58!"!TTER0S$33S!!)
+d!!!*B!PSr53%+JVp*!!%#Q0QEf`0"#S!!@m!!!PN#@Ip)`[p)`!d-!!BEh"PER0
+cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'"#N
+!!rdL"#[p)3Vp)J!%#R4[)#!0"#X!!Qi!!!PV#AS%,!3Y$33X!!)d!!!*F`Pkr5!
+%,JVp)!!%#QCTE'80"#i!!@d!!!Pf#AN%,``%,`!0!!GcFf`b-bjS!!)!!!d%,3!
+#0!!!#@X*FrdI"$!+r4m!"!TMCQpX$33`!!&[!!!*E`Pbr4i,r4i!(M!!$A0cE'C
+[E'4PFR"KG'J!$A0cE%C[E'4PFP"KG'J'r5%!!!)%*!!#"$%%-Jd%-3!$53!##B%
+*UrdGr4`%-`Vp(3!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"r4`!!!B%-`!
+$r4X%0!3e#[dE!!3+DfpME!d%0!!"E3!!#B8*L2dD#[dD!!3+B@aTB3B%03!$r4N
+%0J3h#[dC!!3+D@jcD!d%0J!#0!!!#BX*NrdB"$J+r4J!"!TMCQpX$33i!!&[!!!
+*M`Q5r4F,r4F!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%P
+ZBfaeC'9'EfaNCA*3BA4S"J3h!!2p&J3jr48+r4B!"!TdEb!J$33j!!*Z!!!*PJQ
+P"$S%1`d%1J!#0!!!#Ci*TId8"$`+r43!"!TQD@aP$33m!!&Y!!!*S3QN"$d-"$d
+!$!!'Fh0X-bjS!!)!!!d%1`!#0!!!#CB*R[d6"$i+r4-!"!TMCQpX$33q!!&[!!!
+*QJQGr4),r4)!(M!!$A0cE'C[E'4PFR"KG'J!$A0cE%C[E'4PFP"KG'J'r48!!!)
+%-J!#"$m%3!d%2`!$53!##D`*e[d4r4!%33Vp%3!B,Q0[FQ9MFQ9X+LSU+J!!!!!
+!!*!!!'jeE'`"r4!!!!B%33!$r3m%3J4$#[d2!!3+DfpME!d%3J!"E3!!#E!*Xrd
+1#[d1!!3+B@aTB3B%3`!$r3d%4!4&#[d0!!3+D@jcD!d%4!!#0!!!#EB*[[d-"%B
+r3`!"!TMCQpX$34'!!&[!!!*ZJQpr3X,r3X!0$!!''p`C@jcFfaTEQ0XG@4PCQp
+XC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J4&!!2p#J4(r3N+r3S
+!"!TdEb!J$34(!!*Z!!!*`3R3"%J%53d%5!!#0!!!#FN*d2d)"%S+r3J!"!TQD@a
+P$34+!!&Y!!!*c!R2"%X-"%X!$!!'G'ac-5jS!!)!!!d%53!#0!!!#F%*bId("%`
+r3F!"!TMCQpX$34-!!&[!!!*a3R)r3B,r3B!(M!!$A0cE'C[E'4PFR"KG'J!$A0
+cE%C[E'4PFP"KG'J'r3N!!!)%3!!#"%d%6Jd%63!#E!!##GF*erd&r33"r38!!!(
+p"!!!!J41!!)%6`43$342!!0*!!)*e`S"r32p!J44#[d$!"JZBfpbC@0bC@`U+LS
+U!!!!!!!!N!!!ER9XE!(p!J!!"J44!!2p!345"&-+r3%!"!TVEf0X$345!!&Y!!!
+*f`RHr3!+r3!!"!TKE'PK"J46!!2mr`48"&8+r2m!"!TTER0S$348!!)d!!!*i3R
+Tr2i%9JVmrJ!%#Q0QEf`0"&B!!@m!!!RP#HMmr3[mr3!d-!!BEh"PER0cE'PZBfa
+eC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'"&8!!rcm"&I
+mq`Vmr!!%#R4[)#!0"&F!!Qi!!!RX#IX%@!4C$34B!!)d!!!*p!Rlr2S%@JVmqJ!
+%#QCTE'80"&S!!@d!!!Rh#IS%@``%@`!1!!KMFRP`G'mZD!!#!!!0"&N!!M3!!!R
+X#I6mq34F#[cj!!3+BfC[E!d%A!!"E`!!#I!*mrci#rci!#3`!""MFRP`G'pQEfa
+NCA*`BA4S!""MFRP`G'p'EfaNCA*3BA4S"[cl!!!#"&!!!J4G"&i0"&d!!Q`!!JS
+##J,mprcf!Ich!!!"r2B!!!)%AJ!#"&m%B!d%A`!$53!##J)+,2cer23%B3Vmp3!
+B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"r23!!!B%B3!$r2-%BJ4M#[cc!!3
+DfpME!d%BJ!"E3!!#JB+#Icb#[cb!!3+B@aTB3B%B`!$r2%%C!4P#[ca!!3+D@j
+cD!d%C!!#0!!!#J`+&2c`"'B+r2!!"!TMCQpX$34Q!!&[!!!+%!S6r1m,r1m!0$!
+!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*
+3BA4S"J4P!!2mlJ4Rr1d+r1i!"!TdEb!J$34R!!*Z!!!+&`SQ"'J%D3d%D!!#0!!
+!#Km+*[cX"'S+r1`!"!TQD@aP$34U!!&Y!!!+)JSP"'X-"'X!%!!+Eh"PER0cE(B
+ZD!!#!!!0"'N!!M3!!!SA#Krmk`4X#[cV!!3+BfC[E!d%E!!"E`!!#KX+([cU#rc
+U!#3`!""MFRP`G'pQEfaNCA*`BA4S!""MFRP`G'p'EfaNCA*3BA4S"[cY!!!#"'!
+!!J4Y"'i0"'d!!dN!!JSY#PImkIcS"'m+r1N!'#jMEh*PBh*PE#SU+LS!!!!!!!#
+3!!"ZG@aX!IcS!!!'"'m!!rcR"(!%F3Vmj`!%#QY[Bf`0"(!!!@d!!!Sa#M6mjJV
+mjJ!%#Q&XD@%'"(%!!rcP"()%F`Vmj3!%#QPZFfJ0"()!!M3!!!Sh#Mrmj!4d#[c
+N!!3+BfC[E!d%G!!"E`!!#MX+2[cM#rcM!$3`!"K[F'9ZFh0XD@jME(9NC@C[E'4
+PFR"KG'J!''p`C@j68da*EQ0XG@4P4QpXC'9b8'&dD!B%F`!$r1)%GIcK#[cL!!3
+G'mJ)!d%G3!#EJ!!#N)+834f"(F0"(B!!M3!!!T+#P(mi!4i#[cJ!!3+CQPXC3d
+%H!!"E3!!#Nd+8!4j$!4j!!i!#(4YC'PQCLjS!!)!!!d%G`!#0!!!#N)+5[cI"(S
+r0m!"!TMCQpX$34k!!&[!!!+4JT*r0i,r0i!*$!!%'0bHA"dEfC[E'4PFR"KG'J
+!%'0bHA"dEdC[E'4PFP"KG'J'r1%!!!)%EJ!#"(X%I!d%H`!#E!!##PJ+@2cGr0`
+"r0d!!!(mh!!!!J4m!!)%I34q$34p!!*X!!)+@!TBr0[mfJ(mf`!!!IcD!!!#"(i
+!!J4r")!0"(m!!dN!!JTB#S,mfIcB")%+r0N!'#jMEh*PBh*PE#SU+LS!!!!!!!#
+3!!"ZG@aX!IcB!!!'")%!!rcA"))%J`Vme`!%#QY[Bf`0"))!!@d!!!TF#PrmeJV
+meJ!%#Q&XD@%'")-!!rc9")3%K3Vme3!%#QPZFfJ0")3!!M3!!!TL#QVme!5'#[c
+8!!3+BfC[E!d%KJ!"E`!!#QB+DIc6#rc6!$3`!"K[F'9ZFh0XD@jME(9NC@C[E'4
+PFR"KG'J!''p`C@j68da*EQ0XG@4P4QpXC'9b8'&dD!B%K3!$r0)%Krc4#[c5!!3
+G'mJ)!d%K`!#EJ!!#Qd+I!5)")N0")J!!M3!!!Te#Rcmd!5+#[c3!!3+CQPXC3d
+%LJ!"E3!!#RJ+H`5,$!5,!!`!"Q9IEh-ZD!!#!!!0")N!!M3!!!TY#RAmc`5-#[c
+2!!3+BfC[E!d%M!!"E`!!#R%+G2c1#rc1!#B`!"&[F'9ZFh0XCQpXC'9bF'&dD!!
+4Eh"PER0cE%C[E'4PFP"KG'J'r0%!!!)%J!!#")d%MJd%M3!$53!##S-+VIc0r-`
+%M`Vmc3!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"r-`!!!B%M`!$r-X%N!!
+%N3Vmb`!%#QY[Bf`0"*!!!!&Y!!!+K`U+r-S+r-S!"!TKE'PK"J54!!2mb355"*-
+r-N!"!TTER0S$355!!)d!!!+M3U9r-J%P!Vmb!!%#Q0QEf`0"*3!!@m!!!U4#T6
+ma`[ma`!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9
+NC8C[E'4PFP"KG'J'"*-!!rc'"*Ama3VmaJ!%#R4[)#!0"*8!!Qi!!!UB#UF%PJ5
+A$35@!!)d!!!+S!URr-3%Q!Vma!!%#QCTE'80"*J!!@d!!!UM#UB%Q3`%Q3!0!!G
+PAfpc-LjS!!)!!!d%P`!#0!!!#TJ+S2c$"*S+r--!"!TMCQpX$35D!!&[!!!+R!U
+Ir-),r-)!*M!!%@p`C@jcFfaQEfaNCA*`BA4S!"&[F'9ZFh0X4QpXC'9b8'&dD!E
+ma3!!!J51!!)%Qrc"$35E!!*X!!)+VJUZr-$m[`(m`!!!!Ibr!!!#r-%!!!d!#3!
+"E3!!!!!!!3!I!Irq!!!#!!B!!J5F"*d0"*`!!Q`!!J!!!!$m[[bp!Ibq!!!"r,d
+!!!)%R3!#"*i%R`d%RJ!#E!!##V%+b!5Jr,`0"+!!!dN!!JUa#XMmZ`5K"+)+r,X
+!'#jcHA0[C'a[Cf&cDh)!!!!!!!!!!&4&@&30"+%!!@d!!!Ua#V3%S``%S`!'!!!
+!!J!!"J5L!!2mZJ5N"+8+r,S!"!TLG'jc$35N!!&+!!!+Y`Um"+B#"+B!!J5Rr,N
+0"+F!!@d!!!Uh#VS%U!`%U!!+!!4%EfjP!!)!!!,mZ3!!"J5P!!2mZ!5Tr,F+r,J
+!"!TRDACe$35T!!&Y!!!+[`V#r,B$r,B!"3EmY`!!!Ibm!!!#"*m!!J5Ur,80"+S
+!!Q`!!J!!!!$mY2bc!Ibd!!!"r,-!!!,mY3!!$J!#!!!2%!!$!",mXJ5V"+`%V35
+Z"+m%X!5a",)%X`5d",8%YJ5hr,(mX2b[r+i"r,)!!"!%U`!3r+hmV2bVr+VmUIb
+Sr+ImT[bPr+6mSrbLr+(mS2bIr*i+r+d!'#jKCACdEf&`F'jeE'`!!)!!!!#3!!!
+U+LSU#rbX!")`!!GdD'9`BA4S!!GdD'93BA4S#rbV!"``!!adD'9[E'4NC@aTEA-
+!$(4SC8pXC%4PE'PYF`[mUJ!J-!!1G'KPF(*[DQ9MG("KG'J!$R4SC9"bEfTPBh4
+3BA4S#rbT!"B`!!PdD'9YCA"KG'J!#A4SC8eP8'&dD![mU!!Q-!!4D@jME(9NC@C
+[E'4PFR"KG'J!%@PZBfaeC'9'EfaNCA*3BA4S#rbR!$3`!"K[F'9ZFh0XD@jME(9
+NC@C[E'4PFR"KG'J!''p`C@j68da*EQ0XG@4P4QpXC'9b8'&dD![mTJ!N-!!3Bh*
+jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD![mT3!H-!!0Fh0XCQpXC'9
+bF'&dD!!0Fh0X4QpXC'9b8'&dD![mT!!Q-!!4Eh"PER0cE'C[E'4PFR"KG'J!%@p
+`C@jcFfa'EfaNCA*3BA4S#rbM!#i`!"9dD'9ZCAGQEfaNCA*bC@CPFQ9ZBf8!&A4
+SC8jPGdC[E'4PFP*PCQ9bC@jMC3[mSJ!8-!!)G'9YF("KG'J!#(4PEA"3BA4S!Ib
+K!!!"r+!!!!(mR`!!!IbH!!!1"+`!"a$mR35ir*cmQ`5j",VmQJVmR3!B,Q&PGR4
+[BA"`ER9XE!!!J!!!!*!!!#SU+LS0",J!!@X!!!!!#XJ%Z`)%Z`!#!!8%[!)%[!!
+#"*lmQ3,mQ3!!!IbF!!!#r*X!!"!%Z3!!%!5k!)B!(rbBr*ImP[b9r*6mNrb5!#c
+mNIb3!2b2r)lmMIb-!%rmL`"D!&[mLJ"Nr)N!EIb)r)ImKJ#2r)AmK2b$r),mJIb
+!r(rmI[apr(cmH`#Tr(VmHIair(F![Iaf!-ImG3$8!1)!l!$j!3-"%!%D!5F"-3%
+q!8J"93&I!@`"GJ'$!Bd"QJ'N!E%"Z`()!G)"h`(T!IB#!!)0!KF#*!)Z!MX#43*
+5!P`#D3*c!S!#LJ+A!U%#VJ+m!XB#d`,G!ZS#p!-"!`X$'!-L!bm$130'!e!$A30
+R!h3$IJ1,!jN$S`1`!lS$a`24!pi$l!2f"!-%%`3K"#m%234,"&X%D`4j")X%Q35
+Mr(3%U2acr(,mF3VmQ!!%#Q0[BQS+r*F!'#jPBA*cCQCNFQ&XDA-!!!!!!!!J!'&
+QC()+r*B!"!TMG(Kd#rb9!")`!!GdD'9`BA4S!!GdD'93BA4S#[b8!!3+BA0MFJV
+mN`!%#R4iC'`,r*)!($!!$(4SC@pXC'4PE'PYF`!-G'KP6faN4'9XD@ec#[b4!!3
+BfPdE32mN!$rr3[mM`!J-!!1G'KPF(*[DQ9MG("KG'J!$R4SC9"bEfTPBh43BA4
+S!rb1rri+r)d!"!T849K8#rb-!"B`!!PdD'9YCA"KG'J!#A4SC8eP8'&dD![mL`!
+Q-!!4D@jME(9NC@C[E'4PFR"KG'J!%@PZBfaeC'9'EfaNCA*3BA4S#rb+!$3`!"K
+[F'9ZFh0XD@jME(9NC@C[E'4PFR"KG'J!''p`C@j68da*EQ0XG@4P4QpXC'9b8'&
+dD![mL3!N-!!3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD![mL!!
+H-!!0Fh0XCQpXC'9bF'&dD!!0Fh0X4QpXC'9b8'&dD![mK`!Q-!!4Eh"PER0cE'C
+[E'4PFR"KG'J!%@p`C@jcFfa'EfaNCA*3BA4S#[b'!!3+BfC[E!VmK3!B,QeTFf0
+cE'0d+LSU+J!!!!!!!*!!!#SU+LS+r)3!"!TcC@aP#[b$!"JZBfpbC@4PE'mU+LS
+U!!!!!!!!N!!!+LSU+J(mJJ!!![b"!!!+r)!!"!TVEf0X#[ar!!3+D@jcD!2mIJ!
+%#[ap!"JZBfpbC@0bC@`U+LSU!!!!!!!!N!!!ER9XE!VmI!!%#R*cE(3,r(X!,M!
+!&A4SC@jPGfC[E'4PFR*PCQ9bC@jMC3!9G'KP6Q9h4QpXC'9b8Q9QCA*PEQ0P#[a
+k!!3+F'jKE3VmH3!%#Q&XD@%+r(J!"!TdEb!J#[ah!!3+CQPXC32mGJ!'#rae!"3
+`!!KdC@e`F'&dD!!)G'9YF&"KG'J+r(3!"!TLG'jc#[ac!!3+CfPfG32mFJ!&#[a
+a!"JZFhPcEf4XEfGKFfYb!!!!!!!!!!"849K8%IbD#XRJ%JUYi1%TDJ`!!LrM*N9
+4e%r&jLa&edrSaHBX4Nr%@qPF@eTVA&VU-NAE6m4Ek9aE@QYF@Z`bl5C&hNr,lbA
+Y*N9J!""2bf%!%59K!")Pl5C&B!!66mYK!"3Pl5C&B!!96mYK!"BPl5C&B!!A6m[
+Y*N9J!"K2amAQ,%C2&!!L+Q%!'9m!%#pK!"PK!"S[DJ`!'dmUB3!F,'S-!"eA!!K
+B!"i!(fK2+Q%!)'%!'@%!)5TK!"PI!"![B3!L$!!M6em!*%9J!#92A`!PDJ`!'dp
+K!#BUB3!F,'%!*ba'6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"R1,f%!+Q%!+bp
+K!#`-!#02A`!9B3!Y*89J!#j2+Q%!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m!,Lp
+K!#TK!#m[B3!X$!!M6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"PI!#i[B3!UB3!
+`,f%!,!`!)dpI!"9K!$%P4@!!,NmUB3!JB3!SB3!K+Q%!'9m!%bpK!#NUB3!CA`!
+Z,f%!+Q%!-LpK!#`-!#02A`!9B3!c*89J!#j2+Q%!)'%!+'%!)5TK!"PI!"-[B3!
+T+Q%!'9m!,LpK!#TK!$3[B3!X$!!M6em!&@%!059&B!!Z6bTK!#"K!#KK!#%UB3!
+CA`!6,f%!+5TK!"PI!#i[B3!UB3!f,f%!,!`!)dpI!"9K!$FP4@!!,NmUB3!JB3!
+SB3!K+Q%!'9m!%bpK!#NUB3!CA`!Z,f%!+Q%!1#pK!#`-!#02A`!9B3!j*89J!#j
+2+Q%!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m!,LpK!#TK!$S[B3!X$!!M6em!&@%
+!1b9&B!!Z6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"PI!#i[B3!UB3!m,f%!,!`
+!)dpI!"9K!$dP4@!!,NmUB3!JB3!SB3!K+Q%!'9m!%bpK!#NUB3!CA`!Z,f%!+Q%
+!2LpK!#`-!#02A`!9B3!r*89J!#j2+Q%!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m
+!,LpK!#TK!%![B3!X$!!M6em!&@%!359&B!!Z6bTK!#"K!#KK!#%UB3!CA`!6,f%
+!+5TK!"PI!#i[B3!UB3"#,f%!,!`!)dpI!"9K!%-P4@!!,NmUB3!JB3!SB3!K+Q%
+!'9m!%bpK!#NUB3!CA`!Z,f%!+Q%!4#pK!#`-!#02A`!9B3"&*89J!#j2+Q%!)'%
+!+'%!)5TK!"PI!"-[B3!T+Q%!'9m!,LpK!#TK!%B[B3!X$!!M6em!&@%!4b9&B!!
+Z6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"PI!#i[B3!UB3"),f%!,!`!)dpI!"9
+K!%NP4@!!,NmUB3!JB3!SB3!K+Q%!'9m!%bpK!#NUB3!CA`!Z,f%!+Q%!5LpK!#`
+-!#02A`!9B3",*89J!#j2+Q%!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m!,LpK!#T
+K!%`[B3!X$!!M6em!&@%!659&B!!Z6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"P
+I!#i[B3!UB3"1,f%!,!`!)dpI!"9K!%mP4@!!,NmUB3!JB3!SB3!K+Q%!'9m!%bp
+K!#NUB3!CA`!Z,f%!+Q%!8#pK!#`-!#02A`!9B3"4*89J!#j2+Q%!)'%!+'%!)5T
+K!"PI!"-[B3!T+Q%!'9m!,LpK!#TK!&)[B3!X$!!M6em!&@%!8b9&B!!Z6bTK!#"
+K!#KK!#%UB3!CA`!6,f%!+5TK!"PI!#i[B3!UB3"8,f%!,!`!)dpI!"9K!&8P4@!
+!,NmUB3!JB3!SB3!K+Q%!'9m!%bpK!#NUB3!CA`!Z,f%!+Q%!9LpK!#`-!#02A`!
+9B3"A*89J!#j2+Q%!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m!,LpK!#TK!&J[B3!
+X$!!M6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"PI!#i[B3!UB3"C,f%!,!`!)dp
+I!"9K!&SP4@!!,NmUB3!JB3!SB3!K+Q%!'9m!%bpK!#NUB3!CA`!Z,f%!+Q%!@bp
+K!#`-!#02A`!9B3"F*89J!#j2+Q%!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m!,Lp
+K!#TK!&d[B3!X$!!M6em!&@%!AL9&B!!Z6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5T
+K!"PI!#i[B3!UB3"I,f%!,!`!)dpI!"9K!'!P4@!!,NmUB3!JB3!SB3!K+Q%!'9m
+!%bpK!#NUB3!CA`!Z,f%!+Q%!B5pK!#`-!#02A`!9B3"L*89J!#j2+Q%!)'%!+'%
+!)5TK!"PI!"-[B3!T+Q%!'9m!,LpK!#TK!'-[B3!X$!!M6em!&@%!C#9&B!!Z6bT
+K!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"PI!#i[B3!UB3"P,f%!,!`!)dpI!"9K!'B
+P4@!!,NmUB3!JB3!SB3!K+Q%!'9m!%bpK!#NUB3!CA`!Z,f%!+Q%!CbpK!#`-!#0
+2A`!9B3"S*89J!#j2+Q%!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m!,LpK!#TK!'N
+[B3!X$!!M6em!&@%!DL9&B!!Z6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"PI!#i
+[B3!UB3"V,f%!,!`!)dmUB3!JB3!SB3!K+Q%!'9m!%bpK!#NUB3!CA`!Z,f%!+Q%
+!E#pK!#`-!#02A`!9B3"Y*89J!#j2+Q%!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m
+!,LpK!#TK!'i[B3!X$!!M6em!&@%!Eb9&B!!Z6bTK!#"K!#KK!#%UB3!CA`!6,f%
+!+5TK!"PI!#i[B3!UB3"`,f%!,!`!)dpI!"9K!(%P4@!!,NmUB3!JB3!SB3!K+Q%
+!'9m!%bpK!#NUB3!CA`!Z,f%!+Q%!FLpK!#`-!#02+Q%!)'%!+'%!)5TK!"PI!"-
+[B3!T+Q%!'9m!,LpK!#TK!(-[B3!X$!!M6em!&@%!G#9&B!!Z6bTK!#"K!#KK!#%
+UB3!CA`!6,f%!+5TK!"PI!#i[B3!UB3"e,f%!,!`!)dmUB3!JB3!SB3!K+Q%!'9m
+!%bpK!#NUB3!CA`!A,f%!+Q%!GLpK!#`-!#02+Q%!)'%!+'%!)5TK!"PI!"-[B3!
+T+Q%!'9m!&bpK!#TK!(F[B3!X$!!M6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"P
+I!"F[B3!UB3"i,f%!,!`!)dmUB3!JB3!SB3!K+Q%!'9m!%bpK!#NUB3!CA`!A,f%
+!+Q%!H5pK!#`-!#02+Q%!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m!&bpK!#TK!(S
+[B3!X$!!M6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"PI!"8[B3!UB3"l,f%!,!`
+!)dmUB3!JB3!SB3!K+Q%!'9m!%bpK!#NUB3!CA`!9,f%!+Q%!I#pK!#`-!#02+Q%
+!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m!&5pK!#TK!(d[B3!X$!!M6bTK!#"K!#K
+K!#%UB3!CA`!6,f%!+5TK!"PI!"J[B3!UB3"q,f%!,!`!)dmUB3!JB3!SB3!K+Q%
+!'9m!%bpK!#NUB3!CA`!B,f%!+Q%!IbpK!#`-!#028&92B3#!B3#"B3##DhCK!)0
+K!)4K!#)-!)82$!5Y!&%!5deKBfPZG'pcD#")4$T%CA0VG'p`)%C[E'4PFMT*EQ0
+[E@PZCcT[F'9ZFh0X,90139!Y-6Nj16%b-6%k6@&M6e-kE@YXD@jVFbjKF`!#!!!
+1"+i!!J6mF!5p!ra`!!%1",d!!3!%[J`%[J!'!!!!!J!!$J5[!!)%r'm%[`2mE`!
+%$J5r!!3!"-!%`36#"---"-!!%J!-6@&MD@jdEh0S)%K%!!)!!!`%`3!8!!j%CA0
+VG'p`)%C[E'4PFJ!#!!!-"-)!$J!)5@jMEfeTEQF!!J!!$!6$!"X!&@p`C@jcFf`
+Y8dj"8#da16Nj-6)a-3!#!!!-",!!4J"!6@&MD@jdEh0S)%K%1N4PFfYdEh!J4Qp
+XC'9b1NPZBfpYD@jR1Qp`C@jcFf`Y8dj"8#da16Nj-6)a-6T0B@028`!#!!!-",%
+!5!"#6@&MD@jdEh0S)%K%1N4PFfYdEh!J4QpXC'9b1NPZBfpYD@jR1Qp`C@jcFf`
+Y8dj"8#da16Nj-6)a-6TTEQ0XG@4P!!)!!!`%XJ"3!%T0B@0TER4[FfJJ5%3k4'9
+cDh4[F#"'EfaNCA)k5@jMEfeTEQFkEh"PER0cE#e66N&3,6%j16Na-M%a1QPZBfa
+eC'8kEh"PER0cE!!#!!!-",-!4`""6@&MD@jdEh0S)%K%1N4PFfYdEh!J4QpXC'9
+b1NPZBfpYD@jR1Qp`C@jcFf`Y8dj"8#da16Nj-6)a-6TMFRP`G'm!!J!!$!5d!%3
+!2NeKBfPZG'pcD#")4$T%CA0VG'p`)%C[E'4PFMT*EQ0[E@PZCcT[F'9ZFh0X,90
+139!Y-6Nj16%b-6%kFh0X!!)!!!`%Y3"!!$T0B@0TER4[FfJJ5%3k4'9cDh4[F#"
+'EfaNCA)k5@jMEfeTEQFkEh"PER0cE#e66N&3,6%j16Na-M%a!!)!!!i%YJ!"&!6
+%$J6%!!-B"-AmEJ6'$J6&!!-B"-ImE36)$J6(!!-B"-RmE!6+$J6*!!-B!"rmD`6
+,#[aV!!3+BfC[E!`%b`!1!!K*EQ0[E@PZC`!#!!!+r'`!"!TMCQpX$!6+!"X!&@p
+`C@jcFf`Y8dj"8#da16Nj-6)a-3!#!!!+r'd!"!TMCQpX$!6)!!d!"fPZBfaeC'8
+!!J!!#[aZ!!3+BfC[E!`%aJ!9!!peER4TG'aPC#"QEfaNCA)!!J!!$!5h!%i!5%e
+KBfPZG'pcD#")4$T%CA0VG'p`)%C[E'4PFMT*EQ0[E@PZCcT[F'9ZFh0X,90139!
+Y-6Nj16%b-6%kBh*jF(4[1RJe-$Pf-`!#!!!"r,%!!!(mX!!!!Ib[!!!"r+i!!'&
+cBh)!!3!-qYlHV3!!!3!!!*G#!!#@3J!!!AB!!$-8-0J!!!!F!AB!$h0MFhS!!!#
+#6Np853!!!)jcBh"d!!!!QP4&@&3!!3#QFh4jE!!!!,j$6d4&!!%!bN*14%`!!!$
+LBA"XG!!!!1j'8N9'!!!!qNP$6L-!!!%'D@0X0!!!!4*TBh-M!!!"(QPMFc3!!!%
+UD'CNFJ!!!6C659T&!!!"3PG3Eh-!!!&1!!$rr`!!!!!!!!!!!)$rre!!!"i!!!!
+!!)$rr`!!"cJ#DH#m"'Mrr`!!!*S!!!!!%iRrr`!!"Pi!!!!!"'Mrr`!!!53!!!!
+!!!$rrb!!!9)!!!!!!!(rra3!!@i#DG`%!)$rr`!!!Pi#DH"X!!$rr`!!!Ri!!!!
+!!)$rr`!!!S-#DH"d!*Err`!!!Si!!!!!!*Err`!!!j)!!!!!!*Err`!!"CB#DH%
+i!*Err`!!"GS#DH%dkF$rr`!!"[`!!!!!rrrrr`!!"a)!!!!!!)$rr`!!"b!!!!!
+!*4S:
--- a/MacOS/opensslconf.h
+++ b/MacOS/opensslconf.h
@@ -0,0 +1,116 @@
+/* MacOS/opensslconf.h */
+
+#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */
+#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
+#define OPENSSLDIR "/usr/local/ssl"
+#endif
+#endif
+
+#if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
+#define IDEA_INT unsigned int
+#endif
+
+#if defined(HEADER_MD2_H) && !defined(MD2_INT)
+#define MD2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC2_H) && !defined(RC2_INT)
+/* I need to put in a mod for the alpha - eay */
+#define RC2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC4_H)
+#if !defined(RC4_INT)
+/* using int types make the structure larger but make the code faster
+ * on most boxes I have tested - up to %20 faster. */
+/*
+ * I don't know what does "most" mean, but declaring "int" is a must on:
+ * - Intel P6 because partial register stalls are very expensive;
+ * - elder Alpha because it lacks byte load/store instructions;
+ */
+#define RC4_INT unsigned char
+#endif
+#if !defined(RC4_CHUNK)
+/*
+ * This enables code handling data aligned at natural CPU word
+ * boundary. See crypto/rc4/rc4_enc.c for further details.
+ */
+#define RC4_CHUNK unsigned long
+#endif
+#endif
+
+#if defined(HEADER_DES_H) && !defined(DES_LONG)
+/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
+ * %20 speed up (longs are 8 bytes, int's are 4). */
+#ifndef DES_LONG
+#define DES_LONG unsigned long
+#endif
+#endif
+
+#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
+#define CONFIG_HEADER_BN_H
+#if __option(longlong)
+#  define BN_LLONG
+#else
+#  undef BN_LLONG
+#endif
+
+/* Should we define BN_DIV2W here? */
+
+/* Only one for the following should be defined */
+/* The prime number generation stuff may not work when
+ * EIGHT_BIT but I don't care since I've only used this mode
+ * for debuging the bignum libraries */
+#undef SIXTY_FOUR_BIT_LONG
+#undef SIXTY_FOUR_BIT
+#define THIRTY_TWO_BIT
+#undef SIXTEEN_BIT
+#undef EIGHT_BIT
+#endif
+
+#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
+#define CONFIG_HEADER_RC4_LOCL_H
+/* if this is defined data[i] is used instead of *data, this is a %20
+ * speedup on x86 */
+#undef RC4_INDEX
+#endif
+
+#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
+#define CONFIG_HEADER_BF_LOCL_H
+#define BF_PTR
+#endif /* HEADER_BF_LOCL_H */
+
+#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
+#define CONFIG_HEADER_DES_LOCL_H
+/* the following is tweaked from a config script, that is why it is a
+ * protected undef/define */
+#ifndef DES_PTR
+#define DES_PTR
+#endif
+
+/* This helps C compiler generate the correct code for multiple functional
+ * units.  It reduces register dependancies at the expense of 2 more
+ * registers */
+#ifndef DES_RISC1
+#define DES_RISC1
+#endif
+
+#ifndef DES_RISC2
+#undef DES_RISC2
+#endif
+
+#if defined(DES_RISC1) && defined(DES_RISC2)
+YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
+#endif
+
+/* Unroll the inner loop, this sometimes helps, sometimes hinders.
+ * Very mucy CPU dependant */
+#ifndef DES_UNROLL
+#define DES_UNROLL
+#endif
+
+#endif /* HEADER_DES_LOCL_H */
+
+#ifndef __POWERPC__
+#define MD32_XARRAY
+#endif
--- a/Makefile.org
+++ b/Makefile.org
@@ -0,0 +1,750 @@
+##
+## Makefile for OpenSSL
+##
+
+VERSION=
+MAJOR=
+MINOR=
+SHLIB_VERSION_NUMBER=
+SHLIB_VERSION_HISTORY=
+SHLIB_MAJOR=
+SHLIB_MINOR=
+SHLIB_EXT=
+PLATFORM=dist
+OPTIONS=
+CONFIGURE_ARGS=
+SHLIB_TARGET=
+
+# INSTALL_PREFIX is for package builders so that they can configure
+# for, say, /usr/ and yet have everything installed to /tmp/somedir/usr/.
+# Normally it is left empty.
+INSTALL_PREFIX=
+INSTALLTOP=/usr/local/ssl
+
+# Do not edit this manually. Use Configure --openssldir=DIR do change this!
+OPENSSLDIR=/usr/local/ssl
+
+# NO_IDEA - Define to build without the IDEA algorithm
+# NO_RC4  - Define to build without the RC4 algorithm
+# NO_RC2  - Define to build without the RC2 algorithm
+# THREADS - Define when building with threads, you will probably also need any
+#           system defines as well, i.e. _REENTERANT for Solaris 2.[34]
+# TERMIO  - Define the termio terminal subsystem, needed if sgtty is missing.
+# TERMIOS - Define the termios terminal subsystem, Silicon Graphics.
+# LONGCRYPT - Define to use HPUX 10.x's long password modification to crypt(3).
+# DEVRANDOM - Give this the value of the 'random device' if your OS supports
+#           one.  32 bytes will be read from this when the random
+#           number generator is initalised.
+# SSL_FORBID_ENULL - define if you want the server to be not able to use the
+#           NULL encryption ciphers.
+#
+# LOCK_DEBUG - turns on lots of lock debug output :-)
+# REF_CHECK - turn on some xyz_free() assertions.
+# REF_PRINT - prints some stuff on structure free.
+# CRYPTO_MDEBUG - turns on my 'memory leak' detecting stuff
+# MFUNC - Make all Malloc/Free/Realloc calls call
+#       CRYPTO_malloc/CRYPTO_free/CRYPTO_realloc which can be setup to
+#       call application defined callbacks via CRYPTO_set_mem_functions()
+# MD5_ASM needs to be defined to use the x86 assembler for MD5
+# SHA1_ASM needs to be defined to use the x86 assembler for SHA1
+# RMD160_ASM needs to be defined to use the x86 assembler for RIPEMD160
+# Do not define B_ENDIAN or L_ENDIAN if 'unsigned long' == 8.  It must
+# equal 4.
+# PKCS1_CHECK - pkcs1 tests.
+
+CC= gcc
+#CFLAG= -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized -DSHA1_ASM -DMD5_ASM -DRMD160_ASM
+CFLAG= -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall -DSHA1_ASM -DMD5_ASM -DRMD160_ASM
+DEPFLAG= 
+PEX_LIBS= 
+EX_LIBS= 
+EXE_EXT= 
+AR=ar r
+RANLIB= ranlib
+PERL= perl
+TAR= tar
+TARFLAGS= --no-recursion
+MAKEDEPPROG=makedepend
+
+# Set BN_ASM to bn_asm.o if you want to use the C version
+BN_ASM= bn_asm.o
+#BN_ASM= bn_asm.o
+#BN_ASM= asm/bn86-elf.o	# elf, linux-elf
+#BN_ASM= asm/bn86-sol.o # solaris
+#BN_ASM= asm/bn86-out.o # a.out, FreeBSD
+#BN_ASM= asm/bn86bsdi.o # bsdi
+#BN_ASM= asm/alpha.o    # DEC Alpha
+#BN_ASM= asm/pa-risc2.o # HP-UX PA-RISC
+#BN_ASM= asm/r3000.o    # SGI MIPS cpu
+#BN_ASM= asm/sparc.o    # Sun solaris/SunOS
+#BN_ASM= asm/bn-win32.o # Windows 95/NT
+#BN_ASM= asm/x86w16.o   # 16 bit code for Windows 3.1/DOS
+#BN_ASM= asm/x86w32.o   # 32 bit code for Windows 3.1
+
+# For x86 assembler: Set PROCESSOR to 386 if you want to support
+# the 80386.
+PROCESSOR=
+
+# Set DES_ENC to des_enc.o if you want to use the C version
+#There are 4 x86 assember options.
+DES_ENC= asm/dx86-out.o asm/yx86-out.o
+#DES_ENC= des_enc.o fcrypt_b.o          # C
+#DES_ENC= asm/dx86-elf.o asm/yx86-elf.o # elf
+#DES_ENC= asm/dx86-sol.o asm/yx86-sol.o # solaris
+#DES_ENC= asm/dx86-out.o asm/yx86-out.o # a.out, FreeBSD
+#DES_ENC= asm/dx86bsdi.o asm/yx86bsdi.o # bsdi
+
+# Set BF_ENC to bf_enc.o if you want to use the C version
+#There are 4 x86 assember options.
+BF_ENC= asm/bx86-out.o
+#BF_ENC= bf_enc.o
+#BF_ENC= asm/bx86-elf.o # elf
+#BF_ENC= asm/bx86-sol.o # solaris
+#BF_ENC= asm/bx86-out.o # a.out, FreeBSD
+#BF_ENC= asm/bx86bsdi.o # bsdi
+
+# Set CAST_ENC to c_enc.o if you want to use the C version
+#There are 4 x86 assember options.
+CAST_ENC= asm/cx86-out.o
+#CAST_ENC= c_enc.o
+#CAST_ENC= asm/cx86-elf.o # elf
+#CAST_ENC= asm/cx86-sol.o # solaris
+#CAST_ENC= asm/cx86-out.o # a.out, FreeBSD
+#CAST_ENC= asm/cx86bsdi.o # bsdi
+
+# Set RC4_ENC to rc4_enc.o if you want to use the C version
+#There are 4 x86 assember options.
+RC4_ENC= asm/rx86-out.o
+#RC4_ENC= rc4_enc.o
+#RC4_ENC= asm/rx86-elf.o # elf
+#RC4_ENC= asm/rx86-sol.o # solaris
+#RC4_ENC= asm/rx86-out.o # a.out, FreeBSD
+#RC4_ENC= asm/rx86bsdi.o # bsdi
+
+# Set RC5_ENC to rc5_enc.o if you want to use the C version
+#There are 4 x86 assember options.
+RC5_ENC= asm/r586-out.o
+#RC5_ENC= rc5_enc.o
+#RC5_ENC= asm/r586-elf.o # elf
+#RC5_ENC= asm/r586-sol.o # solaris
+#RC5_ENC= asm/r586-out.o # a.out, FreeBSD
+#RC5_ENC= asm/r586bsdi.o # bsdi
+
+# Also need MD5_ASM defined
+MD5_ASM_OBJ= asm/mx86-out.o
+#MD5_ASM_OBJ= asm/mx86-elf.o        # elf
+#MD5_ASM_OBJ= asm/mx86-sol.o        # solaris
+#MD5_ASM_OBJ= asm/mx86-out.o        # a.out, FreeBSD
+#MD5_ASM_OBJ= asm/mx86bsdi.o        # bsdi
+
+# Also need SHA1_ASM defined
+SHA1_ASM_OBJ= asm/sx86-out.o
+#SHA1_ASM_OBJ= asm/sx86-elf.o       # elf
+#SHA1_ASM_OBJ= asm/sx86-sol.o       # solaris
+#SHA1_ASM_OBJ= asm/sx86-out.o       # a.out, FreeBSD
+#SHA1_ASM_OBJ= asm/sx86bsdi.o       # bsdi
+
+# Also need RMD160_ASM defined
+RMD160_ASM_OBJ= asm/rm86-out.o
+#RMD160_ASM_OBJ= asm/rm86-elf.o       # elf
+#RMD160_ASM_OBJ= asm/rm86-sol.o       # solaris
+#RMD160_ASM_OBJ= asm/rm86-out.o       # a.out, FreeBSD
+#RMD160_ASM_OBJ= asm/rm86bsdi.o       # bsdi
+
+# KRB5 stuff
+KRB5_INCLUDES=
+LIBKRB5=
+
+# When we're prepared to use shared libraries in the programs we link here
+# we might set SHLIB_MARK to '$(SHARED_LIBS)'.
+SHLIB_MARK=
+
+DIRS=   crypto ssl $(SHLIB_MARK) apps test tools
+SHLIBDIRS= crypto ssl
+
+# dirs in crypto to build
+SDIRS=  \
+	md2 md4 md5 sha mdc2 hmac ripemd \
+	des rc2 rc4 rc5 idea bf cast \
+	bn ec rsa dsa ecdsa dh dso engine aes \
+	buffer bio stack lhash rand err objects \
+	evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5
+
+# tests to perform.  "alltests" is a special word indicating that all tests
+# should be performed.
+TESTS = alltests
+
+MAKEFILE= Makefile.ssl
+MAKE=     make -f Makefile.ssl
+
+MANDIR=$(OPENSSLDIR)/man
+MAN1=1
+MAN3=3
+SHELL=/bin/sh
+
+TOP=    .
+ONEDIRS=out tmp
+EDIRS=  times doc bugs util include certs ms shlib mt demos perl sf dep VMS
+WDIRS=  windows
+LIBS=   libcrypto.a libssl.a
+SHARED_CRYPTO=libcrypto$(SHLIB_EXT)
+SHARED_SSL=libssl$(SHLIB_EXT)
+SHARED_LIBS=
+SHARED_LIBS_LINK_EXTS=
+SHARED_LDFLAGS=
+
+GENERAL=        Makefile
+BASENAME=       openssl
+NAME=           $(BASENAME)-$(VERSION)
+TARFILE=        $(NAME).tar
+WTARFILE=       $(NAME)-win.tar
+EXHEADER=       e_os2.h
+HEADER=         e_os.h
+
+# When we're prepared to use shared libraries in the programs we link here
+# we might remove 'clean-shared' from the targets to perform at this stage
+
+all: Makefile.ssl sub_all
+
+sub_all:
+	@for i in $(DIRS); \
+	do \
+	if [ -d "$$i" ]; then \
+		(cd $$i && echo "making all in $$i..." && \
+		$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' all ) || exit 1; \
+	else \
+		$(MAKE) $$i; \
+	fi; \
+	done;
+
+libcrypto$(SHLIB_EXT): libcrypto.a
+	@if [ "$(SHLIB_TARGET)" != "" ]; then \
+		$(MAKE) SHLIBDIRS=crypto build-shared; \
+	else \
+		echo "There's no support for shared libraries on this platform" >&2; \
+	fi
+
+libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a
+	@if [ "$(SHLIB_TARGET)" != "" ]; then \
+		$(MAKE) SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \
+	else \
+		echo "There's no support for shared libraries on this platform" >&2; \
+	fi
+
+clean-shared:
+	@for i in $(SHLIBDIRS); do \
+		if [ -n "$(SHARED_LIBS_LINK_EXTS)" ]; then \
+			tmp="$(SHARED_LIBS_LINK_EXTS)"; \
+			for j in $${tmp:-x}; do \
+				( set -x; rm -f lib$$i$$j ); \
+			done; \
+		fi; \
+		( set -x; rm -f lib$$i$(SHLIB_EXT) ); \
+		if [ "$(PLATFORM)" = "Cygwin" ]; then \
+			( set -x; rm -f cyg$$i$(SHLIB_EXT) lib$$i$(SHLIB_EXT).a ); \
+		fi; \
+	done
+
+link-shared:
+	@if [ -n "$(SHARED_LIBS_LINK_EXTS)" ]; then \
+		tmp="$(SHARED_LIBS_LINK_EXTS)"; \
+		for i in $(SHLIBDIRS); do \
+			prev=lib$$i$(SHLIB_EXT); \
+			for j in $${tmp:-x}; do \
+				( set -x; ln -f -s $$prev lib$$i$$j ); \
+				prev=lib$$i$$j; \
+			done; \
+		done; \
+	fi
+
+build-shared: clean-shared do_$(SHLIB_TARGET) link-shared
+
+do_bsd-gcc-shared: do_gnu-shared
+do_linux-shared: do_gnu-shared
+do_gnu-shared:
+	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+	( set -x; ${CC} ${SHARED_LDFLAGS} \
+		-shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+		-Wl,-soname=lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+		-Wl,-Bsymbolic \
+		-Wl,--whole-archive lib$$i.a \
+		-Wl,--no-whole-archive $$libs ${EX_LIBS} -lc ) || exit 1; \
+	libs="$$libs -l$$i"; \
+	done
+
+DETECT_GNU_LD=${CC} -v 2>&1 | grep '^gcc' >/dev/null 2>&1 && \
+	collect2=`gcc -print-prog-name=collect2 2>&1` && \
+	[ -n "$$collect2" ] && \
+	my_ld=`$$collect2 --help 2>&1 | grep Usage: | sed 's/^Usage: *\([^ ][^ ]*\).*/\1/'` && \
+	[ -n "$$my_ld" ] && \
+	$$my_ld -v 2>&1 | grep 'GNU ld' >/dev/null 2>&1
+
+# For Darwin AKA Mac OS/X (dyld)
+do_darwin-shared: 
+	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+	( set -x ; ${CC} --verbose -dynamiclib -o lib$$i${SHLIB_EXT} \
+		lib$$i.a $$libs -all_load -current_version ${SHLIB_MAJOR}.${SHLIB_MINOR} \
+		-compatibility_version ${SHLIB_MAJOR}.`echo ${SHLIB_MINOR} | cut -d. -f1` \
+		-install_name ${INSTALLTOP}/lib/lib$$i${SHLIB_EXT} ) || exit 1; \
+	libs="$$libs -l`basename $$i${SHLIB_EXT} .dylib`"; \
+	echo "" ; \
+	done
+
+do_cygwin-shared:
+	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+	( set -x; ${CC}  -shared -o cyg$$i.dll \
+		-Wl,-Bsymbolic \
+		-Wl,--whole-archive lib$$i.a \
+		-Wl,--out-implib,lib$$i.dll.a \
+		-Wl,--no-whole-archive $$libs ) || exit 1; \
+	libs="$$libs -l$$i"; \
+	done
+
+# This assumes that GNU utilities are *not* used
+do_alpha-osf1-shared:
+	if ${DETECT_GNU_LD}; then \
+		$(MAKE) do_gnu-shared; \
+	else \
+		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+		( set -x; ${CC} ${SHARED_LDFLAGS} \
+			-shared -o lib$$i.so \
+			-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
+			-all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
+		libs="$$libs -l$$i"; \
+		done; \
+	fi
+
+# This assumes that GNU utilities are *not* used
+# The difference between alpha-osf1-shared and tru64-shared is the `-msym'
+# option passed to the linker.
+do_tru64-shared:
+	if ${DETECT_GNU_LD}; then \
+		$(MAKE) do_gnu-shared; \
+	else \
+		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+		( set -x; ${CC} ${SHARED_LDFLAGS} \
+			-shared -msym -o lib$$i.so \
+			-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
+			-all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
+		libs="$$libs -l$$i"; \
+		done; \
+	fi
+
+# This assumes that GNU utilities are *not* used
+# The difference between tru64-shared and tru64-shared-rpath is the
+# -rpath ${INSTALLTOP}/lib passed to the linker.
+do_tru64-shared-rpath:
+	if ${DETECT_GNU_LD}; then \
+		$(MAKE) do_gnu-shared; \
+	else \
+		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+		( set -x; ${CC} ${SHARED_LDFLAGS} \
+			-shared -msym -o lib$$i.so \
+			-rpath  ${INSTALLTOP}/lib \
+			-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
+			-all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
+		libs="$$libs -l$$i"; \
+		done; \
+	fi
+
+
+# This assumes that GNU utilities are *not* used
+do_solaris-shared:
+	if ${DETECT_GNU_LD}; then \
+		$(MAKE) do_gnu-shared; \
+	else \
+		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+		( PATH=/usr/ccs/bin:$$PATH ; export PATH; \
+		  set -x; ${CC} ${SHARED_LDFLAGS} \
+			-G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+			-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+			-z allextract lib$$i.a $$libs ${EX_LIBS} -lc ) || exit 1; \
+		libs="$$libs -l$$i"; \
+		done; \
+	fi
+
+# OpenServer 5 native compilers used
+do_svr3-shared:
+	if ${DETECT_GNU_LD}; then \
+		$(MAKE) do_gnu-shared; \
+	else \
+		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+		( PATH=/usr/ccs/bin:$$PATH ; export PATH; \
+		  find . -name "*.o" -print > allobjs ; \
+		  OBJS= ; export OBJS ; \
+		  for obj in `ar t lib$$i.a` ; do \
+		    OBJS="$${OBJS} `grep $$obj allobjs`" ; \
+		  done ; \
+		  set -x; ${CC}  -G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+			-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+			$${OBJS} $$libs ${EX_LIBS} ) || exit 1; \
+		libs="$$libs -l$$i"; \
+		done; \
+	fi
+
+# UnixWare 7 and OpenUNIX 8 native compilers used
+do_svr5-shared:
+	if ${DETECT_GNU_LD}; then \
+		$(MAKE) do_gnu-shared; \
+	else \
+		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+		( PATH=/usr/ccs/bin:$$PATH ; export PATH; \
+		  find . -name "*.o" -print > allobjs ; \
+		  OBJS= ; export OBJS ; \
+		  for obj in `ar t lib$$i.a` ; do \
+		    OBJS="$${OBJS} `grep $$obj allobjs`" ; \
+		  done ; \
+		  set -x; ${CC} ${SHARED_LDFLAGS} \
+			-G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+			-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+			$${OBJS} $$libs ${EX_LIBS} ) || exit 1; \
+		libs="$$libs -l$$i"; \
+		done; \
+	fi
+
+# This assumes that GNU utilities are *not* used
+do_irix-shared:
+	if ${DETECT_GNU_LD}; then \
+		$(MAKE) do_gnu-shared; \
+	else \
+		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+		( set -x; ${CC} ${SHARED_LDFLAGS} \
+			-shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+			-Wl,-soname,lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+			-all lib$$i.a $$libs ${EX_LIBS} -lc) || exit 1; \
+		libs="$$libs -l$$i"; \
+		done; \
+	fi
+
+# This assumes that GNU utilities are *not* used
+# HP-UX includes the full pathname of libs we depend on, so we would get
+# ./libcrypto (with ./ as path information) compiled into libssl, hence
+# we omit the SHLIBDEPS. Applications must be linked with -lssl -lcrypto
+# anyway.
+# The object modules are loaded from lib$i.a using the undocumented -Fl
+# option.
+#
+# WARNING: Until DSO is fixed to support a search path, we support SHLIB_PATH
+#          by temporarily specifying "+s"!
+#
+do_hpux-shared:
+	for i in ${SHLIBDIRS}; do \
+	( set -x; /usr/ccs/bin/ld ${SHARED_LDFLAGS} \
+ 		+vnocompatwarnings \
+		-b -z +s \
+		-o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+		+h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+		-Fl lib$$i.a -ldld -lc ) || exit 1; \
+	done
+
+# This assumes that GNU utilities are *not* used
+# HP-UX includes the full pathname of libs we depend on, so we would get
+# ./libcrypto (with ./ as path information) compiled into libssl, hence
+# we omit the SHLIBDEPS. Applications must be linked with -lssl -lcrypto
+# anyway.
+#
+# HP-UX in 64bit mode has "+s" enabled by default; it will search for
+# shared libraries along LD_LIBRARY_PATH _and_ SHLIB_PATH.
+#
+do_hpux64-shared:
+	for i in ${SHLIBDIRS}; do \
+	( set -x; /usr/ccs/bin/ld ${SHARED_LDFLAGS} \
+ 		-b -z \
+		-o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+		+h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+		+forceload lib$$i.a -ldl -lc ) || exit 1; \
+	done
+
+# The following method is said to work on all platforms.  Tests will
+# determine if that's how it's gong to be used.
+# This assumes that for all but GNU systems, GNU utilities are *not* used.
+# ALLSYMSFLAGS would be:
+#  GNU systems: --whole-archive
+#  Tru64 Unix:  -all
+#  Solaris:     -z allextract
+#  Irix:        -all
+#  HP/UX-32bit: -Fl
+#  HP/UX-64bit: +forceload
+#  AIX:		-bnogc
+# SHAREDFLAGS would be:
+#  GNU systems: -shared -Wl,-soname=lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR}
+#  Tru64 Unix:  -shared \
+#		-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}"
+#  Solaris:     -G -h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR}
+#  Irix:        -shared -Wl,-soname,lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR}
+#  HP/UX-32bit: +vnocompatwarnings -b -z +s \
+#		+h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR}
+#  HP/UX-64bit: -b -z +h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR}
+#  AIX:		-G -bE:lib$$i.exp -bM:SRE
+# SHAREDCMD would be:
+#  GNU systems: $(CC)
+#  Tru64 Unix:  $(CC)
+#  Solaris:     $(CC)
+#  Irix:        $(CC)
+#  HP/UX-32bit: /usr/ccs/bin/ld
+#  HP/UX-64bit: /usr/ccs/bin/ld
+#  AIX:		$(CC)
+ALLSYMSFLAG=-bnogc
+SHAREDFLAGS=${SHARED_LDFLAGS} -G -bE:lib$$i.exp -bM:SRE
+SHAREDCMD=$(CC)
+do_aix-shared:
+	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+	( set -x; \
+	  ld -r -o $$i.o $(ALLSYMSFLAG) lib$$i.a && \
+	  ( nm -Pg lib$$i.o | grep ' [BD] ' | cut -f1 -d' ' > lib$$i.exp; \
+	    $(SHAREDCMD) $(SHAREDFLAG) -o lib$$i.so lib$$i.o \
+		$$libs ${EX_LIBS} ) ) \
+	|| exit 1; \
+	libs="$$libs -l$$i"; \
+	done
+
+do_reliantunix-shared:
+	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+	tmpdir=/tmp/openssl.$$$$ ; rm -rf $$tmpdir ; \
+	( set -x; \
+	  ( Opwd=`pwd` ; mkdir $$tmpdir || exit 1; \
+	    cd $$tmpdir || exit 1 ; ar x $$Opwd/lib$$i.a ; \
+	    ${CC} -G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} *.o \
+	  ) || exit 1; \
+	  cp $$tmpdir/lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} . ; \
+	) || exit 1; \
+	rm -rf $$tmpdir ; \
+	libs="$$libs -l$$i"; \
+	done
+
+Makefile.ssl: Makefile.org
+	@echo "Makefile.ssl is older than Makefile.org."
+	@echo "Reconfigure the source tree (via './config' or 'perl Configure'), please."
+	@false
+
+libclean:
+	rm -f *.a */lib */*/lib
+
+clean:
+	rm -f shlib/*.o *.o core a.out fluff *.map rehash.time testlog make.log cctest cctest.c
+	@for i in $(DIRS) ;\
+	do \
+	if [ -d "$$i" ]; then \
+		(cd $$i && echo "making clean in $$i..." && \
+		$(MAKE) SDIRS='${SDIRS}' clean ) || exit 1; \
+		rm -f $(LIBS); \
+	fi; \
+	done;
+	rm -f *.a *.o speed.* *.map *.so .pure core
+	rm -f $(TARFILE)
+	@for i in $(ONEDIRS) ;\
+	do \
+	rm -fr $$i/*; \
+	done
+
+makefile.one: files
+	$(PERL) util/mk1mf.pl >makefile.one; \
+	sh util/do_ms.sh
+
+files:
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl > $(TOP)/MINFO
+	@for i in $(DIRS) ;\
+	do \
+	if [ -d "$$i" ]; then \
+		(cd $$i && echo "making 'files' in $$i..." && \
+		$(MAKE) SDIRS='${SDIRS}' PERL='${PERL}' files ) || exit 1; \
+	fi; \
+	done;
+
+links:
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mkdir-p.pl include/openssl
+	@$(PERL) $(TOP)/util/mklink.pl include/openssl $(EXHEADER)
+	@for i in $(DIRS); do \
+	if [ -d "$$i" ]; then \
+		(cd $$i && echo "making links in $$i..." && \
+		$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PERL='${PERL}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' links ) || exit 1; \
+	fi; \
+	done;
+
+dclean:
+	rm -f *.bak
+	@for i in $(DIRS) ;\
+	do \
+	if [ -d "$$i" ]; then \
+		(cd $$i && echo "making dclean in $$i..." && \
+		$(MAKE) SDIRS='${SDIRS}' PERL='${PERL}' dclean ) || exit 1; \
+	fi; \
+	done;
+
+rehash: rehash.time
+rehash.time: certs
+	@(OPENSSL="`pwd`/apps/openssl"; OPENSSL_DEBUG_MEMORY=on; \
+		export OPENSSL OPENSSL_DEBUG_MEMORY; \
+		LD_LIBRARY_PATH="`pwd`"; SHLIB_PATH="`pwd`"; LIBPATH="`pwd`"; \
+		export LD_LIBRARY_PATH SHLIB_PATH LIBPATH; \
+		$(PERL) tools/c_rehash certs)
+	touch rehash.time
+
+test:   tests
+
+tests: rehash
+	@(cd test && echo "testing..." && \
+	$(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SDIRS='${SDIRS}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PERL='${PERL}' TESTS='${TESTS}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' OPENSSL_DEBUG_MEMORY=on tests );
+	@LD_LIBRARY_PATH="`pwd`"; SHLIB_PATH="`pwd`"; LIBPATH="`pwd`"; \
+		export LD_LIBRARY_PATH SHLIB_PATH LIBPATH; \
+		apps/openssl version -a
+
+report:
+	@$(PERL) util/selftest.pl
+
+depend:
+	@for i in $(DIRS) ;\
+	do \
+	if [ -d "$$i" ]; then \
+		(cd $$i && echo "making dependencies $$i..." && \
+		$(MAKE) SDIRS='${SDIRS}' DEPFLAG='${DEPFLAG}' MAKEDEPPROG='${MAKEDEPPROG}' KRB5_INCLUDES='${KRB5_INCLUDES}' depend ) || exit 1; \
+	fi; \
+	done;
+
+lint:
+	@for i in $(DIRS) ;\
+	do \
+	if [ -d "$$i" ]; then \
+		(cd $$i && echo "making lint $$i..." && \
+		$(MAKE) SDIRS='${SDIRS}' lint ) || exit 1; \
+	fi; \
+	done;
+
+tags:
+	@for i in $(DIRS) ;\
+	do \
+	if [ -d "$$i" ]; then \
+		(cd $$i && echo "making tags $$i..." && \
+		$(MAKE) SDIRS='${SDIRS}' tags ) || exit 1; \
+	fi; \
+	done;
+
+errors:
+	$(PERL) util/mkerr.pl -recurse -write
+	(cd crypto/engine; $(MAKE) PERL=$(PERL) errors)
+
+stacks:
+	$(PERL) util/mkstack.pl -write
+
+util/libeay.num::
+	$(PERL) util/mkdef.pl crypto update
+
+util/ssleay.num::
+	$(PERL) util/mkdef.pl ssl update
+
+crypto/objects/obj_dat.h: crypto/objects/obj_dat.pl crypto/objects/obj_mac.h
+	$(PERL) crypto/objects/obj_dat.pl crypto/objects/obj_mac.h crypto/objects/obj_dat.h
+crypto/objects/obj_mac.h: crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num
+	$(PERL) crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num crypto/objects/obj_mac.h
+
+TABLE: Configure
+	(echo 'Output of `Configure TABLE'"':"; \
+	$(PERL) Configure TABLE) > TABLE
+
+update: depend errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h TABLE
+
+tar:
+	@$(TAR) $(TARFLAGS) -cvf - \
+		`find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE | sort` |\
+	tardy --user_number=0  --user_name=openssl \
+	      --group_number=0 --group_name=openssl \
+	      --prefix=openssl-$(VERSION) - |\
+	gzip --best >../$(TARFILE).gz; \
+	ls -l ../$(TARFILE).gz
+
+tar-snap:
+	@$(TAR) $(TARFLAGS) -cvf - \
+		`find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \! -name '*.so' \! -name '*.so.*'  \! -name 'openssl' \! -name '*test' \! -name '.#*' \! -name '*~' | sort` |\
+	tardy --user_number=0  --user_name=openssl \
+	      --group_number=0 --group_name=openssl \
+	      --prefix=openssl-$(VERSION) - > ../$(TARFILE);\
+	ls -l ../$(TARFILE)
+
+dist:   
+	$(PERL) Configure dist
+	@$(MAKE) dist_pem_h
+	@$(MAKE) SDIRS='${SDIRS}' clean
+	@$(MAKE) tar
+
+dist_pem_h:
+	(cd crypto/pem; $(MAKE) CC='${CC}' SDIRS='${SDIRS}' CFLAG='${CFLAG}' pem.h; $(MAKE) clean)
+
+install: all install_docs
+	@$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
+		$(INSTALL_PREFIX)$(INSTALLTOP)/lib \
+		$(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \
+		$(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
+		$(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
+		$(INSTALL_PREFIX)$(OPENSSLDIR)/private \
+		$(INSTALL_PREFIX)$(OPENSSLDIR)/lib
+	@for i in $(EXHEADER) ;\
+	do \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+	done;
+	@for i in $(DIRS) ;\
+	do \
+	if [ -d "$$i" ]; then \
+		(cd $$i; echo "installing $$i..."; \
+		$(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}' INSTALLTOP='${INSTALLTOP}' OPENSSLDIR='${OPENSSLDIR}' EX_LIBS='${EX_LIBS}' SDIRS='${SDIRS}' RANLIB='${RANLIB}' EXE_EXT='${EXE_EXT}' install ); \
+	fi; \
+	done
+	@for i in $(LIBS) ;\
+	do \
+		if [ -f "$$i" ]; then \
+		(       echo installing $$i; \
+			cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
+			$(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
+			chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
+		fi; \
+	done;
+	@if [ -n "$(SHARED_LIBS)" ]; then \
+		tmp="$(SHARED_LIBS)"; \
+		for i in $${tmp:-x}; \
+		do \
+			if [ -f "$$i" -o -f "$$i.a" ]; then \
+			(       echo installing $$i; \
+				if [ "$(PLATFORM)" != "Cygwin" ]; then \
+					cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
+					chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
+				else \
+					c=`echo $$i | sed 's/^lib/cyg/'`; \
+					cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
+					chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
+					cp $$i.a $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a; \
+					chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a; \
+				fi ); \
+			fi; \
+		done; \
+		(	here="`pwd`"; \
+			cd $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
+			make -f $$here/Makefile link-shared ); \
+	fi
+
+install_docs:
+	@$(PERL) $(TOP)/util/mkdir-p.pl \
+		$(INSTALL_PREFIX)$(MANDIR)/man1 \
+		$(INSTALL_PREFIX)$(MANDIR)/man3 \
+		$(INSTALL_PREFIX)$(MANDIR)/man5 \
+		$(INSTALL_PREFIX)$(MANDIR)/man7
+	@for i in doc/apps/*.pod; do \
+		fn=`basename $$i .pod`; \
+		if [ "$$fn" = "config" ]; then sec=5; else sec=1; fi; \
+		echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
+		(cd `dirname $$i`; \
+		$(PERL) ../../util/pod2man.pl --section=$$sec --center=OpenSSL \
+			 --release=$(VERSION) `basename $$i`) \
+			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
+	done
+	@for i in doc/crypto/*.pod doc/ssl/*.pod; do \
+		fn=`basename $$i .pod`; \
+		if [ "$$fn" = "des_modes" ]; then sec=7; else sec=3; fi; \
+		echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
+		(cd `dirname $$i`; \
+		$(PERL) ../../util/pod2man.pl --section=$$sec --center=OpenSSL \
+			--release=$(VERSION) `basename $$i`) \
+			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
+	done
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
--- a/Makefile.ssl
+++ b/Makefile.ssl
@@ -1,338 +0,0 @@
-#
-# Makefile for all the SSL related library routines and utilities
-VERSION = 0.9.1b
-PLATFORM=debug
-#
-# make install will install:
-#   libraries into $INSTALLTOP/lib
-#   headers   into $INSTALLTOP/include
-#   utilities into $INSTALLTOP/bin
-#
-# By default INSTALLTOP is set to /usr/local/ssl
-# If you want things install elsewere, consider running
-# perl util/ssldir.pl /new/path
-#
-# Interesting Mailing Lists:
-#     ssl-bugs@mincom.oz.au
-#     ssl-users@mincom.oz.au
-#
-# To join the Mailing Lists:
-#     ssl-bugs-request@mincom.oz.au
-#     ssl-users-request@mincom.oz.au
-#
-# If you must get hold of people directly (we much prefer the above
-# lists to be used if the question is of general interest!):
-#       Eric Young <eay@cryptsoft.com>
-#       Tim Hudson <tjh@cryptsoft.com>
-#       or both    <ssleay@cryptsoft.com>
-#
-# The primary distribution of SSLeay is from
-# ftp://ftp.psy.uq.oz.au/pub/Crypto/SSL
-#
-# NOCONST - Define for C compilers that don't like the const key word.
-# NOPROTO - Define in if your compiler does not support prototypes.
-# RSAref  - Define if we are to link with RSAref.
-# NO_IDEA - Define to build without the IDEA algorithm
-# NO_RC4  - Define to build without the RC4 algorithm
-# NO_RC2  - Define to build without the RC2 algorithm
-# THREADS - Define when building with threads, you will probably also need any
-#           system defines as well, i.e. _REENTERANT for Solaris 2.[34]
-# TERMIO  - Define the termio terminal subsystem, needed if sgtty is missing.
-# TERMIOS - Define the termios terminal subsystem, Silicon Graphics.
-# LONGCRYPT - Define to use HPUX 10.x's long password modification to crypt(3).
-# DEVRANDOM - Give this the value of the 'random device' if your OS supports
-#           one.  32 bytes will be read from this when the random
-#           number generator is initalised.
-# SSL_ALLOW_ADH - define if you want the server to be able to use the
-#           SSLv3 anon-DH ciphers.
-# SSL_ALLOW_ENULL - define if you want the server to be able to use the
-#           NULL encryption ciphers.
-#
-# LOCK_DEBUG - turns on lots of lock debug output :-)
-# REF_CHECK - turn on some xyz_free() assertions.
-# REF_PRINT - prints some stuff on structure free.
-# CRYPTO_MDEBUG - turns on my 'memory leak' detecting stuff
-# MFUNC - Make all Malloc/Free/Realloc calls call
-#       CRYPTO_malloc/CRYPTO_free/CRYPTO_realloc which can be setup to
-#       call application defined callbacks via CRYPTO_set_mem_functions()
-# MD5_ASM needs to be defined to use the x86 assembler for MD5
-# SHA1_ASM needs to be defined to use the x86 assembler for SHA1
-# RMD160_ASM needs to be defined to use the x86 assembler for RIPEMD160
-# Do not define B_ENDIAN or L_ENDIAN if 'unsigned long' == 8.  It must
-# equal 4.
-# PKCS1_CHECK - pkcs1 tests.
-
-CC= gcc
-#CFLAG= -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized -DSHA1_ASM -DMD5_ASM -DRMD160_ASM
-CFLAG= -DBN_DEBUG -DREF_CHECK -DCRYPTO_MDEBUG -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror
-PEX_LIBS= -L. -L.. -L../.. -L../../..
-EX_LIBS= -lefence
-AR=ar r
-
-# Set BN_ASM to bn_asm.o if you want to use the C version
-BN_ASM= bn_asm.o
-#BN_ASM= bn_asm.o
-#BN_ASM= asm/bn86-elf.o	# elf, linux-elf
-#BN_ASM= asm/bn86-sol.o # solaris
-#BN_ASM= asm/bn86-out.o # a.out, FreeBSD
-#BN_ASM= asm/bn86bsdi.o # bsdi
-#BN_ASM= asm/alpha.o    # DEC Alpha
-#BN_ASM= asm/pa-risc2.o # HP-UX PA-RISC
-#BN_ASM= asm/r3000.o    # SGI MIPS cpu
-#BN_ASM= asm/sparc.o    # Sun solaris/SunOS
-#BN_ASM= asm/bn-win32.o # Windows 95/NT
-#BN_ASM= asm/x86w16.o   # 16 bit code for Windows 3.1/DOS
-#BN_ASM= asm/x86w32.o   # 32 bit code for Windows 3.1
-
-# Set DES_ENC to des_enc.o if you want to use the C version
-#There are 4 x86 assember options.
-DES_ENC= des_enc.o fcrypt_b.o
-#DES_ENC= des_enc.o fcrypt_b.o          # C
-#DES_ENC= asm/dx86-elf.o asm/yx86-elf.o # elf
-#DES_ENC= asm/dx86-sol.o asm/yx86-sol.o # solaris
-#DES_ENC= asm/dx86-out.o asm/yx86-out.o # a.out, FreeBSD
-#DES_ENC= asm/dx86bsdi.o asm/yx86bsdi.o # bsdi
-
-# Set BF_ENC to bf_enc.o if you want to use the C version
-#There are 4 x86 assember options.
-BF_ENC= bf_enc.o
-#BF_ENC= bf_enc.o
-#BF_ENC= asm/bx86-elf.o # elf
-#BF_ENC= asm/bx86-sol.o # solaris
-#BF_ENC= asm/bx86-out.o # a.out, FreeBSD
-#BF_ENC= asm/bx86bsdi.o # bsdi
-
-# Set CAST_ENC to c_enc.o if you want to use the C version
-#There are 4 x86 assember options.
-CAST_ENC= c_enc.o
-#CAST_ENC= c_enc.o
-#CAST_ENC= asm/cx86-elf.o # elf
-#CAST_ENC= asm/cx86-sol.o # solaris
-#CAST_ENC= asm/cx86-out.o # a.out, FreeBSD
-#CAST_ENC= asm/cx86bsdi.o # bsdi
-
-# Set RC4_ENC to rc4_enc.o if you want to use the C version
-#There are 4 x86 assember options.
-RC4_ENC= rc4_enc.o
-#RC4_ENC= rc4_enc.o
-#RC4_ENC= asm/rx86-elf.o # elf
-#RC4_ENC= asm/rx86-sol.o # solaris
-#RC4_ENC= asm/rx86-out.o # a.out, FreeBSD
-#RC4_ENC= asm/rx86bsdi.o # bsdi
-
-# Set RC5_ENC to rc5_enc.o if you want to use the C version
-#There are 4 x86 assember options.
-RC5_ENC= rc5_enc.o
-#RC5_ENC= rc5_enc.o
-#RC5_ENC= asm/r586-elf.o # elf
-#RC5_ENC= asm/r586-sol.o # solaris
-#RC5_ENC= asm/r586-out.o # a.out, FreeBSD
-#RC5_ENC= asm/r586bsdi.o # bsdi
-
-# Also need MD5_ASM defined
-MD5_ASM_OBJ= 
-#MD5_ASM_OBJ= asm/mx86-elf.o        # elf
-#MD5_ASM_OBJ= asm/mx86-sol.o        # solaris
-#MD5_ASM_OBJ= asm/mx86-out.o        # a.out, FreeBSD
-#MD5_ASM_OBJ= asm/mx86bsdi.o        # bsdi
-
-# Also need SHA1_ASM defined
-SHA1_ASM_OBJ= 
-#SHA1_ASM_OBJ= asm/sx86-elf.o       # elf
-#SHA1_ASM_OBJ= asm/sx86-sol.o       # solaris
-#SHA1_ASM_OBJ= asm/sx86-out.o       # a.out, FreeBSD
-#SHA1_ASM_OBJ= asm/sx86bsdi.o       # bsdi
-
-# Also need RMD160_ASM defined
-RMD160_ASM_OBJ= 
-#RMD160_ASM_OBJ= asm/rm86-elf.o       # elf
-#RMD160_ASM_OBJ= asm/rm86-sol.o       # solaris
-#RMD160_ASM_OBJ= asm/rm86-out.o       # a.out, FreeBSD
-#RMD160_ASM_OBJ= asm/rm86bsdi.o       # bsdi
-
-DIRS=   crypto ssl rsaref apps test tools
-# dirs in crypto to build
-SDIRS=  \
-	md2 md5 sha mdc2 hmac ripemd \
-	des rc2 rc4 rc5 idea bf cast \
-	bn rsa dsa dh \
-	buffer bio stack lhash rand err objects \
-	evp pem asn1 x509 conf txt_db pkcs7 comp
-
-# If you change the INSTALLTOP, make sure to also change the values
-# in crypto/location.h
-INSTALLTOP=/usr/local/ssl
-
-MAKEFILE= Makefile.ssl
-MAKE=     make -f Makefile.ssl
-
-MAN1=1
-MAN3=3
-SHELL=/bin/sh
-
-TOP=    .
-ONEDIRS=out tmp
-EDIRS=  times doc bugs util include certs ms shlib mt demos perl sf dep
-MISC=   COPYRIGHT Configure HISTORY.090	HISTORY.066 INSTALL Makefile.ssl \
-	Makefile \
-	README TODO HISTORY README.066 README.080 README.090 \
-	VERSION PROBLEMS MINFO makefile.one e_os.h \
-	MICROSOFT makevms.com config PATENTS
-WDIRS=  windows
-LIBS=   libcrypto.a libssl.a 
-
-GENERAL=        Makefile
-BASENAME=       SSLeay
-NAME=           $(BASENAME)-$(VERSION)
-TARFILE=        $(NAME).tar
-WTARFILE=       $(NAME)-win.tar
-EXHEADER=       e_os.h
-HEADER=         e_os.h
-
-all:
-	@for i in $(DIRS) ;\
-	do \
-	(cd $$i; echo "making $$i..."; \
-	$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' SDIRS='${SDIRS}' AR='${AR}' all ); \
-	done;
-
-sub_all:
-	@for i in $(DIRS) ;\
-	do \
-	(cd $$i; echo "making $$i..."; \
-	$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' all ); \
-	done;
-
-libclean:
-	/bin/rm *.a */lib */*/lib
-
-clean:
-	/bin/rm -f shlib/*.o *.o core a.out fluff *.map
-	@for i in $(DIRS) ;\
-	do \
-	(cd $$i; echo "cleaning $$i..."; \
-	$(MAKE) SDIRS='${SDIRS}' clean ); \
-	/bin/rm -f $(LIBS); \
-	done;
-	/bin/rm -f *.a *.o speed.* *.map *.so .pure core
-	/bin/rm -f $(TARFILE)
-	@for i in $(ONEDIRS) ;\
-	do \
-	/bin/rm -fr $$i/*; \
-	done
-
-makefile.one: files
-	perl util/mk1mf.pl >makefile.one; \
-	sh util/do_ms.sh
-
-files:  MINFO
-	perl $(TOP)/util/files.pl Makefile.ssl > $(TOP)/MINFO
-	@for i in $(DIRS) ;\
-	do \
-	(cd $$i; echo "making 'files' in $$i..."; \
-	$(MAKE) SDIRS='${SDIRS}' files ); \
-	done;
-
-links:
-	/bin/rm -f Makefile;
-	./util/point.sh Makefile.ssl Makefile;
-	$(TOP)/util/mklink.sh include $(EXHEADER) ;
-	@for i in $(DIRS) ;\
-	do \
-	(cd $$i; echo "making links in $$i..."; \
-	$(MAKE) SDIRS='${SDIRS}' links ); \
-	done;
-	# @(cd apps; sh ./mklinks)
-	@( SSLEAY="`pwd`/apps/ssleay"; export SSLEAY; sh tools/c_rehash certs )
-
-dclean:
-	/bin/rm -f *.bak
-	@for i in $(DIRS) ;\
-	do \
-	(cd $$i; echo "undoing makedepend in $$i..."; \
-	$(MAKE) SDIRS='${SDIRS}' dclean ); \
-	done;
-
-rehash:
-	@(PATH="`pwd`/apps:${PATH}"; sh tools/c_rehash certs)
-
-test:   tests
-
-tests:
-	(cd test; echo "testing $$i..."; \
-	$(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SDIRS='${SDIRS}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' tests );
-	@apps/ssleay version -a
-
-depend:
-	@for i in $(DIRS) ;\
-	do \
-	(cd $$i; echo "making dependancies $$i..."; \
-	$(MAKE) SDIRS='${SDIRS}' depend ); \
-	done;
-
-lint:
-	@for i in $(DIRS) ;\
-	do \
-	(cd $$i; echo "making lint $$i..."; \
-	$(MAKE) SDIRS='${SDIRS}' lint ); \
-	done;
-
-tags:
-	@for i in $(DIRS) ;\
-	do \
-	(cd $$i; echo "making tags $$i..."; \
-	$(MAKE) SDIRS='${SDIRS}' tags ); \
-	done;
-
-errors:
-	@for i in $(DIRS) ;\
-	do \
-	(cd $$i; echo "making errors in $$i..."; \
-	$(MAKE) SDIRS='${SDIRS}' errors ); \
-	done;
-
-tar:
-	@(cd ..;\
-	mv $(BASENAME) $(NAME); \
-	export STUFF; \
-	for i in $(MISC) $(DIRS) $(EDIRS) $(ONEDIRS) ;\
-	do \
-		STUFF="$$STUFF $(NAME)/$$i"; \
-	done; \
-	tar cf $(NAME)/$(TARFILE) $$STUFF; \
-	mv $(NAME) $(BASENAME) ) 
-	gzip -f $(TARFILE)
-
-dist:   
-	perl Configure dist
-	perl util/up_ver.pl ${VERSION}
-	@$(MAKE) dist_pem_h
-	@$(MAKE) SDIRS='${SDIRS}' clean
-	@$(MAKE) SDIRS='${SDIRS}' dclean
-	@(cd apps; sh ./rmlinks)
-	@$(MAKE) makefile.one
-	@$(MAKE) tar
-
-dist_pem_h:
-	(cd crypto/pem; $(MAKE) SDIRS='${SDIRS}' CFLAG='${CFLAG}' pem.h; $(MAKE) clean)
-
-install: all
-	@-mkdir -p $(INSTALLTOP)/bin 2>/dev/null
-	@-mkdir -p $(INSTALLTOP)/lib 2>/dev/null
-	@-mkdir -p $(INSTALLTOP)/include 2>/dev/null
-	@-mkdir -p $(INSTALLTOP)/certs 2>/dev/null
-	@-mkdir -p $(INSTALLTOP)/private 2>/dev/null
-	@for i in $(DIRS) ;\
-	do \
-	(cd $$i; echo "installing $$i..."; \
-	$(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' EX_LIBS='${EX_LIBS}' SDIRS='${SDIRS}' install ); \
-	done
-	@for i in $(LIBS) ;\
-	do \
-	(       echo installing $$i; \
-		cp $$i $(INSTALLTOP)/lib; \
-		sh util/ranlib.sh $(INSTALLTOP)/lib/$$i; \
-		chmod 644 $(INSTALLTOP)/lib/$$i ); \
-	done
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
--- a/220
+++ b/220
@@ -0,0 +1,220 @@
+
+  NEWS
+  ====
+
+  This file gives a brief overview of the major changes between each OpenSSL
+  release. For more details please read the CHANGES file.
+
+  Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.7:
+
+      o New library section OCSP.
+      o Complete rewrite of ASN1 code.
+      o CRL checking in verify code and openssl utility.
+      o Extension copying in 'ca' utility.
+      o Flexible display options in 'ca' utility.
+      o Provisional support for international characters with UTF8.
+      o Support for external crypto devices ('engine') is no longer
+        a separate distribution.
+      o New elliptic curve library section.
+      o New AES (Rijndael) library section.
+      o Change DES API to clean up the namespace (some applications link also
+        against libdes providing similar functions having the same name).
+        Provide macros for backward compatibility (will be removed in the
+        future).
+      o Unifiy handling of cryptographic algorithms (software and
+        engine) to be available via EVP routines for asymmetric and
+        symmetric ciphers.
+      o NCONF: new configuration handling routines.
+      o Change API to use more 'const' modifiers to improve error checking
+        and help optimizers.
+      o Finally remove references to RSAref.
+      o Reworked parts of the BIGNUM code.
+      o Support for new engines: Broadcom ubsec, Accelerated Encryption
+        Processing, IBM 4758.
+      o PRNG: query at more locations for a random device, automatic query for
+        EGD style random sources at several locations.
+      o SSL/TLS: allow optional cipher choice according to server's preference.
+      o SSL/TLS: allow server to explicitly set new session ids.
+      o SSL/TLS: support Kerberos cipher suites (RFC2712).
+      o SSL/TLS: allow more precise control of renegotiations and sessions.
+      o SSL/TLS: add callback to retrieve SSL/TLS messages.
+      o SSL/TLS: add draft AES ciphersuites (disabled unless explicitly requested).
+
+  Major changes between OpenSSL 0.9.6c and OpenSSL 0.9.6d:
+
+      o Various SSL/TLS library bugfixes.
+      o Fix DH parameter generation for 'non-standard' generators.
+
+  Major changes between OpenSSL 0.9.6b and OpenSSL 0.9.6c:
+
+      o Various SSL/TLS library bugfixes.
+      o BIGNUM library fixes.
+      o RSA OAEP and random number generation fixes.
+      o Object identifiers corrected and added.
+      o Add assembler BN routines for IA64.
+      o Add support for OS/390 Unix, UnixWare with gcc, OpenUNIX 8,
+        MIPS Linux; shared library support for Irix, HP-UX.
+      o Add crypto accelerator support for AEP, Baltimore SureWare,
+        Broadcom and Cryptographic Appliance's keyserver
+        [in 0.9.6c-engine release].
+
+  Major changes between OpenSSL 0.9.6a and OpenSSL 0.9.6b:
+
+      o Security fix: PRNG improvements.
+      o Security fix: RSA OAEP check.
+      o Security fix: Reinsert and fix countermeasure to Bleichbacher's
+        attack.
+      o MIPS bug fix in BIGNUM.
+      o Bug fix in "openssl enc".
+      o Bug fix in X.509 printing routine.
+      o Bug fix in DSA verification routine and DSA S/MIME verification.
+      o Bug fix to make PRNG thread-safe.
+      o Bug fix in RAND_file_name().
+      o Bug fix in compatibility mode trust settings.
+      o Bug fix in blowfish EVP.
+      o Increase default size for BIO buffering filter.
+      o Compatibility fixes in some scripts.
+
+  Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.6a:
+
+      o Security fix: change behavior of OpenSSL to avoid using
+        environment variables when running as root.
+      o Security fix: check the result of RSA-CRT to reduce the
+        possibility of deducing the private key from an incorrectly
+        calculated signature.
+      o Security fix: prevent Bleichenbacher's DSA attack.
+      o Security fix: Zero the premaster secret after deriving the
+        master secret in DH ciphersuites.
+      o Reimplement SSL_peek(), which had various problems.
+      o Compatibility fix: the function des_encrypt() renamed to
+        des_encrypt1() to avoid clashes with some Unixen libc.
+      o Bug fixes for Win32, HP/UX and Irix.
+      o Bug fixes in BIGNUM, SSL, PKCS#7, PKCS#12, X.509, CONF and
+        memory checking routines.
+      o Bug fixes for RSA operations in threaded enviroments.
+      o Bug fixes in misc. openssl applications.
+      o Remove a few potential memory leaks.
+      o Add tighter checks of BIGNUM routines.
+      o Shared library support has been reworked for generality.
+      o More documentation.
+      o New function BN_rand_range().
+      o Add "-rand" option to openssl s_client and s_server.
+
+  Major changes between OpenSSL 0.9.5a and OpenSSL 0.9.6:
+
+      o Some documentation for BIO and SSL libraries.
+      o Enhanced chain verification using key identifiers.
+      o New sign and verify options to 'dgst' application.
+      o Support for DER and PEM encoded messages in 'smime' application.
+      o New 'rsautl' application, low level RSA utility.
+      o MD4 now included.
+      o Bugfix for SSL rollback padding check.
+      o Support for external crypto devices [1].
+      o Enhanced EVP interface.
+
+    [1] The support for external crypto devices is currently a separate
+        distribution.  See the file README.ENGINE.
+
+  Major changes between OpenSSL 0.9.5 and OpenSSL 0.9.5a:
+
+      o Bug fixes for Win32, SuSE Linux, NeXTSTEP and FreeBSD 2.2.8 
+      o Shared library support for HPUX and Solaris-gcc
+      o Support of Linux/IA64
+      o Assembler support for Mingw32
+      o New 'rand' application
+      o New way to check for existence of algorithms from scripts
+
+  Major changes between OpenSSL 0.9.4 and OpenSSL 0.9.5:
+
+      o S/MIME support in new 'smime' command
+      o Documentation for the OpenSSL command line application
+      o Automation of 'req' application
+      o Fixes to make s_client, s_server work under Windows
+      o Support for multiple fieldnames in SPKACs
+      o New SPKAC command line utilty and associated library functions
+      o Options to allow passwords to be obtained from various sources
+      o New public key PEM format and options to handle it
+      o Many other fixes and enhancements to command line utilities
+      o Usable certificate chain verification
+      o Certificate purpose checking
+      o Certificate trust settings
+      o Support of authority information access extension
+      o Extensions in certificate requests
+      o Simplified X509 name and attribute routines
+      o Initial (incomplete) support for international character sets
+      o New DH_METHOD, DSA_METHOD and enhanced RSA_METHOD
+      o Read only memory BIOs and simplified creation function
+      o TLS/SSL protocol bugfixes: Accept TLS 'client hello' in SSL 3.0
+        record; allow fragmentation and interleaving of handshake and other
+        data
+      o TLS/SSL code now "tolerates" MS SGC
+      o Work around for Netscape client certificate hang bug
+      o RSA_NULL option that removes RSA patent code but keeps other
+        RSA functionality
+      o Memory leak detection now allows applications to add extra information
+        via a per-thread stack
+      o PRNG robustness improved
+      o EGD support
+      o BIGNUM library bug fixes
+      o Faster DSA parameter generation
+      o Enhanced support for Alpha Linux
+      o Experimental MacOS support
+
+  Major changes between OpenSSL 0.9.3 and OpenSSL 0.9.4:
+
+      o Transparent support for PKCS#8 format private keys: these are used
+        by several software packages and are more secure than the standard
+        form
+      o PKCS#5 v2.0 implementation
+      o Password callbacks have a new void * argument for application data
+      o Avoid various memory leaks
+      o New pipe-like BIO that allows using the SSL library when actual I/O
+        must be handled by the application (BIO pair)
+
+  Major changes between OpenSSL 0.9.2b and OpenSSL 0.9.3:
+      o Lots of enhancements and cleanups to the Configuration mechanism
+      o RSA OEAP related fixes
+      o Added `openssl ca -revoke' option for revoking a certificate
+      o Source cleanups: const correctness, type-safe stacks and ASN.1 SETs
+      o Source tree cleanups: removed lots of obsolete files
+      o Thawte SXNet, certificate policies and CRL distribution points
+        extension support
+      o Preliminary (experimental) S/MIME support
+      o Support for ASN.1 UTF8String and VisibleString
+      o Full integration of PKCS#12 code
+      o Sparc assembler bignum implementation, optimized hash functions
+      o Option to disable selected ciphers
+
+  Major changes between OpenSSL 0.9.1c and OpenSSL 0.9.2b:
+      o Fixed a security hole related to session resumption
+      o Fixed RSA encryption routines for the p < q case
+      o "ALL" in cipher lists now means "everything except NULL ciphers"
+      o Support for Triple-DES CBCM cipher
+      o Support of Optimal Asymmetric Encryption Padding (OAEP) for RSA
+      o First support for new TLSv1 ciphers
+      o Added a few new BIOs (syslog BIO, reliable BIO)
+      o Extended support for DSA certificate/keys.
+      o Extended support for Certificate Signing Requests (CSR)
+      o Initial support for X.509v3 extensions
+      o Extended support for compression inside the SSL record layer
+      o Overhauled Win32 builds
+      o Cleanups and fixes to the Big Number (BN) library
+      o Support for ASN.1 GeneralizedTime
+      o Splitted ASN.1 SETs from SEQUENCEs
+      o ASN1 and PEM support for Netscape Certificate Sequences
+      o Overhauled Perl interface
+      o Lots of source tree cleanups.
+      o Lots of memory leak fixes.
+      o Lots of bug fixes.
+
+  Major changes between SSLeay 0.9.0b and OpenSSL 0.9.1c:
+      o Integration of the popular NO_RSA/NO_DSA patches
+      o Initial support for compression inside the SSL record layer
+      o Added BIO proxy and filtering functionality
+      o Extended Big Number (BN) library
+      o Added RIPE MD160 message digest
+      o Addeed support for RC2/64bit cipher
+      o Extended ASN.1 parser routines
+      o Adjustations of the source tree for CVS
+      o Support for various new platforms
+
--- a/13
+++ b/13
@@ -1,13 +0,0 @@
-RSA Data Security holds software patents on the RSA and RC5 algorithms.
-If there ciphers are used used inside the USA (and Japan?), you must contact
-RSA Data Security for licencing conditions.  Their web page is
-http://www.rsa.com
-
-RC4 is a trademark of RSA Data Security, so use of this label should perhaps
-only me used with RSA Data Security's permission. 
-
-The IDEA algorithm is patented by Ascom in Austria, France, Germany,
-Italy, Japan, Netherlands, Spain, Sweden, Switzerland, UK and the USA.
-They should be contacted if that algorithm is to be used, their web page is
-http://www.ascom.ch
-
--- a/50
+++ b/50
@@ -1,50 +0,0 @@
-If you have any problems with SSLeay then please take the following 
-steps:
-
-    Remove the ASM version of the BN routines (edit Configure)
-    Remove the compiler optimisation flags
-    Add in the compiler debug flags (-g)
-
-Note: if using gcc then remove -fomit-frame-pointer before you try
-      to debug things.
-
-If you wish to report a bug then please include the following information
-in any bug report:
-
-    SSLeay Details
-	- Version, most of these details can be got from the
-	  'ssleay version -a' command.
-    Operating System Details
-	- OS Name
-	- OS Version
-	- Hardware platform
-    Compiler Details
-	- Name
-	- Version
-    Application Details 
-	- Name 
-	- Version 
-    Problem Description
-	- include steps that will reproduce the problem (if known)
-    Stack Traceback (if the application dumps core)
-
-For example:
-
-    SSLeay-0.5.1a
-    SunOS 5.3, SPARC, SunC 3.0
-    SSLtelnet-0.7
-
-    Core dumps when using telnet with SSL support in bn_mul() with 
-    the following stack trackback 
-	...
-
-
-Report the bug to either
-    ssleay@mincom.oz.au (Eric and Tim)
-or
-    ssl-bugs@mincom.oz.au (mailing list of active developers)
-
-
-Tim Hudson
-tjh@mincom.oz.au
-
--- a/259
+++ b/259
@@ -1,49 +1,47 @@
-		SSLeay 0.9.1a 06-Jul-1998
-		Copyright (c) 1997, Eric Young
+
+ OpenSSL 0.9.8-dev XX xxx XXXX
+
+ Copyright (c) 1998-2002 The OpenSSL Project
+ Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
 All rights reserved.

-This directory contains Eric Young's (eay@cryptsoft.com) implementation
-of SSL and supporting libraries.
+ DESCRIPTION
+ -----------

-The current version of this library is available from
-    ftp://ftp.psy.uq.oz.au/pub/Crypto/SSL/SSLeay-x.x.x.tar.gz
+ The OpenSSL Project is a collaborative effort to develop a robust,
+ commercial-grade, fully featured, and Open Source toolkit implementing the
+ Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)
+ protocols as well as a full-strength general purpose cryptography library.
+ The project is managed by a worldwide community of volunteers that use the
+ Internet to communicate, plan, and develop the OpenSSL toolkit and its
+ related documentation. 

-There are patches to a number of internet applications which can be found in
-    ftp://ftp.psy.uq.oz.au/pub/Crypto/SSLapps/
+ OpenSSL is based on the excellent SSLeay library developed from Eric A. Young
+ and Tim J. Hudson.  The OpenSSL toolkit is licensed under a dual-license (the
+ OpenSSL license plus the SSLeay license) situation, which basically means
+ that you are free to get and use it for commercial and non-commercial
+ purposes as long as you fulfill the conditions of both licenses. 

-A Web page containing the SSLeay FAQ written by Tim Hudson <tjh@cryptsoft.com> 
-can be found at 
-    http://www.psy.uq.oz.au/~ftp/Crypto
+ OVERVIEW
+ --------

-Additional documentation is being slowly written by Eric Young, and is being
-added to http://www.cryptsoft.com/ssleay/doc.  It will normally also be
-available on http://www.psy.uq.oz.au/~ftp/Crypto/ssleay
+ The OpenSSL toolkit includes:

-This Library and programs are FREE for commercial and non-commercial
-usage.  The only restriction is that I must be attributed with the
-development of this code.  See the COPYRIGHT file for more details.
-Donations would still be accepted :-).
+ libssl.a:
+     Implementation of SSLv2, SSLv3, TLSv1 and the required code to support
+     both SSLv2, SSLv3 and TLSv1 in the one server and client.

-THIS LIBRARY IS NOT %100 COMPATABLE WITH SSLeay 0.6.6
-
-The package includes
-
-libssl.a:
-	My implementation of SSLv2, SSLv3 and the required code to support
-	both SSLv2 and SSLv3 in the one server.
-
-libcrypto.a:
-	General encryption and X509 stuff needed by SSL but not
+ libcrypto.a:
+     General encryption and X.509 v1/v3 stuff needed by SSL/TLS but not
     actually logically part of it. It includes routines for the following:

     Ciphers
-	libdes - My libdes DES encryption package which has been floating
+        libdes - EAY's libdes DES encryption package which has been floating
                 around the net for a few years.  It includes 15
                 'modes/variations' of DES (1, 2 and 3 key versions of ecb,
-		cbc, cfb and ofb; pcbc and a more general form of cfb and ofb)
-		including desx in cbc mode,
-		a fast crypt(3), and routines to read passwords from the
-		keyboard.
+                 cbc, cfb and ofb; pcbc and a more general form of cfb and
+                 ofb) including desx in cbc mode, a fast crypt(3), and
+                 routines to read passwords from the keyboard.
        RC4 encryption,
        RC2 encryption      - 4 different modes, ecb, cbc, cfb and ofb.
        Blowfish encryption - 4 different modes, ecb, cbc, cfb and ofb.
@@ -52,122 +50,127 @@ libcrypto.a:
     Digests
        MD5 and MD2 message digest algorithms, fast implementations,
        SHA (SHA-0) and SHA-1 message digest algorithms,
-	MDC2 message digest.  A DES based hash that is polular on smart cards.
+        MDC2 message digest. A DES based hash that is popular on smart cards.

     Public Key
-	RSA encryption/decryption/generation.  There is no limit
-		on the number of bits.
-	DSA encryption/decryption/generation.   There is no limit on the
-		number of bits.
-	Diffie-Hellman key-exchange/key generation.  There is no limit
-		on the number of bits.
+        RSA encryption/decryption/generation.  
+            There is no limit on the number of bits.
+        DSA encryption/decryption/generation.   
+            There is no limit on the number of bits.
+        Diffie-Hellman key-exchange/key generation.  
+            There is no limit on the number of bits.

-  X509v3 certificates
+     X.509v3 certificates
        X509 encoding/decoding into/from binary ASN1 and a PEM
-		based ascii-binary encoding which supports encryption with
-		a private key.
-	Program to generate RSA and DSA certificate requests and to
-		generate RSA and DSA certificates.
+             based ASCII-binary encoding which supports encryption with a
+             private key.  Program to generate RSA and DSA certificate
+             requests and to generate RSA and DSA certificates.

     Systems
-  	The normal digital envelope routines and base64 encoding.
-	Higher level access to ciphers and digests by name.  New ciphers can be
-		loaded at run time.
-	The BIO io system which is a simple non-blocking IO abstraction.
-		Current methods supported are file descriptors, sockets,
-		socket accept, socket connect, memory buffer, buffering,
-		SSL client/server, file pointer, encryption, digest,
-		non-blocking testing and null.
+        The normal digital envelope routines and base64 encoding.  Higher
+        level access to ciphers and digests by name.  New ciphers can be
+        loaded at run time.  The BIO io system which is a simple non-blocking
+        IO abstraction.  Current methods supported are file descriptors,
+        sockets, socket accept, socket connect, memory buffer, buffering, SSL
+        client/server, file pointer, encryption, digest, non-blocking testing
+        and null.
+
     Data structures
        A dynamically growing hashing system
        A simple stack.
        A Configuration loader that uses a format similar to MS .ini files.

-Programs in this package include
-	enc	- a general encryption program that can encrypt/decrypt using
-		one of 17 different cipher/mode combinations.  The
-		input/output can also be converted to/from base64
-		ascii encoding.
-	dgst	- a generate message digesting program that will generate
-		message digests for any of md2, md5, sha (sha-0 or sha-1)
-		or mdc2.
-	asn1parse - parse and display the structure of an asn1 encoded
-		binary file.
-	rsa	- Manipulate RSA private keys.
-	dsa	- Manipulate DSA private keys.
-	dh	- Manipulate Diffie-Hellman parameter files.
-	dsaparam- Manipulate and generate DSA parameter files.
-	crl	- Manipulate certificate revocation lists.
-	crt2pkcs7- Generate a pkcs7 object containing a crl and a certificate.
-	x509	- Manipulate x509 certificates, self-sign certificates.
-	req	- Manipulate PKCS#10 certificate requests and also
-		  generate certificate requests.
-	genrsa  - Generates an arbitrary sized RSA private key.
-	gendh	- Generates a set of Diffie-Hellman parameters, the prime
-		  will be a strong prime.
-	ca	- Create certificates from PKCS#10 certificate requests.
-		  This program also maintains a database of certificates
-		  issued.
-	verify	- Check x509 certificate signatures.
-	speed	- Benchmark SSLeay's ciphers.
-	s_server- A test SSL server.
-	s_client- A test SSL client.
-	s_time	- Benchmark SSL performance of SSL server programs.
-	errstr	- Convert from SSLeay hex error codes to a readable form.
+ openssl: 
+     A command line tool that can be used for:
+        Creation of RSA, DH and DSA key parameters
+        Creation of X.509 certificates, CSRs and CRLs 
+        Calculation of Message Digests
+        Encryption and Decryption with Ciphers
+        SSL/TLS Client and Server Tests
+        Handling of S/MIME signed or encrypted mail

-Documents avaliable are
-	A Postscript and html reference manual
-	(written by Tim Hudson tjh@cryptsoft.com).
        
-	A list of text protocol references I used.
-	An initial version of the library manual.
+ PATENTS
+ -------

-To install this package, read the INSTALL file.
-For the Microsoft word, read MICROSOFT
-This library has been compiled and tested on Solaris 2.[34] (sparc and x86),
-SunOS 4.1.3, DGUX, OSF1 Alpha, HPUX 9, AIX 3.5(?), IRIX 5.[23],
-LINUX, NeXT (intel), linux, Windows NT, Windows 3.1, MSDOS 6.22.
+ Various companies hold various patents for various algorithms in various
+ locations around the world. _YOU_ are responsible for ensuring that your use
+ of any algorithms is legal by checking if there are any patents in your
+ country.  The file contains some of the patents that we know about or are
+ rumored to exist. This is not a definitive list.

-Multithreading has been tested under Windows NT and Solaris 2.5.1
+ RSA Security holds software patents on the RC5 algorithm.  If you
+ intend to use this cipher, you must contact RSA Security for
+ licensing conditions. Their web page is http://www.rsasecurity.com/.

-Due to time constraints, the current release has only be rigorously tested
-on Solaris 2.[45], Linux and Windows NT.
+ RC4 is a trademark of RSA Security, so use of this label should perhaps
+ only be used with RSA Security's permission. 

-For people in the USA, it is possible to compile SSLeay to use RSA
-Inc.'s public key library, RSAref.  From my understanding, it is
-claimed by RSA Inc. to be illegal to use my public key routines inside the USA.
-Read doc/rsaref.doc on how to build with RSAref.
+ The IDEA algorithm is patented by Ascom in Austria, France, Germany, Italy,
+ Japan, the Netherlands, Spain, Sweden, Switzerland, UK and the USA.  They
+ should be contacted if that algorithm is to be used; their web page is
+ http://www.ascom.ch/.

-Read the documentation in the doc directory.  It is quite rough,
-but it lists the functions, you will probably have to look at
-the code to work out how to used them.  I will be working on
-documentation.  Look at the example programs.
+ INSTALLATION
+ ------------

-There should be a SSL reference manual which is being put together by
-Tim Hudson (tjh@cryptsoft.com) in the same location as this
-distribution.  This contains a lot more information that is very
-useful.  For a description of X509 Certificates, their use, and
-certification, read rfc1421, rfc1422, rfc1423 and rfc1424.  ssl/README
-also goes over the mechanism.
+ To install this package under a Unix derivative, read the INSTALL file.  For
+ a Win32 platform, read the INSTALL.W32 file.  For OpenVMS systems, read
+ INSTALL.VMS.

-We have setup some mailing lists for use by people that are interested
-in helping develop this code and/or ask questions.
-    ssl-bugs@mincom.oz.au
-    ssl-users@mincom.oz.au
-    ssl-bugs-request@mincom.oz.au
-    ssl-users-request@mincom.oz.au
+ Read the documentation in the doc/ directory.  It is quite rough, but it
+ lists the functions; you will probably have to look at the code to work out
+ how to use them. Look at the example programs.

-I have recently read about a new form of software, that which is in
-a permanent state of beta release.  Linux and Netscape are 2 good 
-examples of this, and I would also add SSLeay to this category.
-The Current stable release is 0.6.6.  It has a few minor problems.
-0.8.0 is not call compatable so make sure you have the correct version
-of SSLeay to link with.  
+ SUPPORT 
+ -------

-eric (Jun 1997)
+ If you have any problems with OpenSSL then please take the following steps
+ first:

-Eric Young (eay@cryptsoft.com)
-86 Taunton St.
-Annerley 4103.
-Australia.
+    - Download the current snapshot from ftp://ftp.openssl.org/snapshot/
+      to see if the problem has already been addressed
+    - Remove ASM versions of libraries
+    - Remove compiler optimisation flags 

+ If you wish to report a bug then please include the following information in
+ any bug report:
+
+    - On Unix systems:
+        Self-test report generated by 'make report'
+    - On other systems:
+        OpenSSL version: output of 'openssl version -a'
+        OS Name, Version, Hardware platform
+        Compiler Details (name, version)
+    - Application Details (name, version)
+    - Problem Description (steps that will reproduce the problem, if known)
+    - Stack Traceback (if the application dumps core)
+
+ Report the bug to the OpenSSL project at:
+
+    openssl-bugs@openssl.org
+
+ Note that mail to openssl-bugs@openssl.org is forwarded to a public
+ mailing list. Confidential mail may be sent to openssl-security@openssl.org
+ (PGP key available from the key servers).
+
+ HOW TO CONTRIBUTE TO OpenSSL
+ ----------------------------
+
+ Development is coordinated on the openssl-dev mailing list (see
+ http://www.openssl.org for information on subscribing). If you
+ would like to submit a patch, send it to openssl-dev@openssl.org with
+ the string "[PATCH]" in the subject. Please be sure to include a
+ textual explanation of what your patch does.
+
+ Note: For legal reasons, contributions from the US can be accepted only
+ if a copy of the patch is sent to crypt@bxa.doc.gov
+
+ The preferred format for changes is "diff -u" output. You might
+ generate it like this:
+
+ # cd openssl-work
+ # [your changes]
+ # ./Configure dist; make clean
+ # cd ..
+ # diff -ur openssl-orig openssl-work > mydiffs.patch
--- a/README.066
+++ b/README.066
@@ -1,27 +0,0 @@
-
-SSLeay 0.6.6 13-Jan-1997
-
-The main additions are
-
- assember for x86 DES improvments.
-  From 191,000 per second on a pentium 100, I now get 281,000.  The inner
-  loop and the IP/FP modifications are from
-  Svend Olaf Mikkelsen <svolaf@inet.uni-c.dk>.  Many thanks for his
-  contribution.
- The 'DES macros' introduced in 0.6.5 now have 3 types.
-  DES_PTR1, DES_PTR2 and 'normal'.  As per before, des_opts reports which
-  is best and there is a summery of mine in crypto/des/options.txt
- A few bug fixes.
- Added blowfish.  It is not used by SSL but all the other stuff that
-  deals with ciphers can use it in either ecb, cbc, cfb64 or ofb64 modes.
-  There are 3 options for optimising Blowfish.  BF_PTR, BF_PTR2 and 'normal'.
-  BF_PTR2 is pentium/x86 specific.  The correct option is setup in
-  the 'Configure' script.
- There is now a 'get client certificate' callback which can be
-  'non-blocking'.  If more details are required, let me know.  It will
-  documented more in SSLv3 when I finish it.
- Bug fixes from 0.6.5 including the infamous 'ca' bug.  The 'make test'
-  now tests the ca program.
- Lots of little things modified and tweaked.
-
-eric
--- a/README.080
+++ b/README.080
@@ -1,147 +0,0 @@
-This version of SSLeay has quite a lot of things different from the
-previous version.
-
-Basically check all callback parameters, I will be producing documentation
-about how to use things in th future.  Currently I'm just getting 080 out
-the door.  Please not that there are several ways to do everything, and
-most of the applications in the apps directory are hybrids, some using old
-methods and some using new methods.
-
-Have a look in demos/bio for some very simple programs and
-apps/s_client.c and apps/s_server.c for some more advanced versions.
-Notes are definitly needed but they are a week or so away.
-
-Anyway, some quick nots from Tim Hudson (tjh@cryptsoft.com)
---
-Quick porting notes for moving from SSLeay-0.6.x to SSLeay-0.8.x to
-get those people that want to move to using the new code base off to
-a quick start.
-
-Note that Eric has tidied up a lot of the areas of the API that were
-less than desirable and renamed quite a few things (as he had to break
-the API in lots of places anyrate). There are a whole pile of additional
-functions for making dealing with (and creating) certificates a lot
-cleaner.
-
-01-Jul-97
-Tim Hudson
-tjh@cryptsoft.com
-
---8<---
-
-To maintain code that uses both SSLeay-0.6.x and SSLeay-0.8.x you could
-use something like the following (assuming you #include "crypto.h" which
-is something that you really should be doing).
-
-#if SSLEAY_VERSION_NUMBER >= 0x0800
-#define SSLEAY8
-#endif
-
-buffer.h -> splits into buffer.h and bio.h so you need to include bio.h
-            too if you are working with BIO internal stuff (as distinct
-	    from simply using the interface in an opaque manner)
-
-#include "bio.h"	- required along with "buffer.h" if you write
-			  your own BIO routines as the buffer and bio
-			  stuff that was intermixed has been separated
-			  out 
-			
-envelope.h -> evp.h  (which should have been done ages ago)
-
-Initialisation ... don't forget these or you end up with code that
-is missing the bits required to do useful things (like ciphers):
-
-SSLeay_add_ssl_algorithms()
-(probably also want SSL_load_error_strings() too but you should have
- already had that call in place)
-
-SSL_CTX_new()	- requires an extra method parameter
-		      SSL_CTX_new(SSLv23_method()) 
-		      SSL_CTX_new(SSLv2_method()) 
-		      SSL_CTX_new(SSLv3_method()) 
-
-		  OR to only have the server or the client code
-		      SSL_CTX_new(SSLv23_server_method()) 
-		      SSL_CTX_new(SSLv2_server_method()) 
-		      SSL_CTX_new(SSLv3_server_method()) 
-		  or  
-		      SSL_CTX_new(SSLv23_client_method()) 
-		      SSL_CTX_new(SSLv2_client_method()) 
-		      SSL_CTX_new(SSLv3_client_method()) 
-
-SSL_set_default_verify_paths() ... renamed to the more appropriate
-SSL_CTX_set_default_verify_paths()
-
-If you want to use client certificates then you have to add in a bit
-of extra stuff in that a SSLv3 server sends a list of those CAs that
-it will accept certificates from ... so you have to provide a list to
-SSLeay otherwise certain browsers will not send client certs.
-
-SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(s_cert_file));
-
-
-X509_NAME_oneline(X)	-> X509_NAME_oneline(X,NULL,0)	
-			   or provide a buffer and size to copy the
-			   result into
-
-X509_add_cert ->  X509_STORE_add_cert (and you might want to read the
-		  notes on X509_NAME structure changes too)
-
-
-VERIFICATION CODE
-=================
-
-The codes have all be renamed from VERIFY_ERR_* to X509_V_ERR_* to
-more accurately reflect things.
-
-The verification callback args are now packaged differently so that
-extra fields for verification can be added easily in future without
-having to break things by adding extra parameters each release :-)
-
-X509_cert_verify_error_string -> X509_verify_cert_error_string
-
-
-BIO INTERNALS
-=============
-
-Eric has fixed things so that extra flags can be introduced in
-the BIO layer in future without having to play with all the BIO
-modules by adding in some macros.
-
-The ugly stuff using 
-	b->flags ~= (BIO_FLAGS_RW|BIO_FLAGS_SHOULD_RETRY)
-becomes
-	BIO_clear_retry_flags(b)
-
-	b->flags |= (BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY)
-becomes
-	BIO_set_retry_read(b)
-
-Also ... BIO_get_retry_flags(b), BIO_set_flags(b)
-
-
-
-OTHER THINGS
-============
-
-X509_NAME has been altered so that it isn't just a STACK ... the STACK
-is now in the "entries" field ... and there are a pile of nice functions
-for getting at the details in a much cleaner manner.
-
-SSL_CTX has been altered ... "cert" is no longer a direct member of this
-structure ... things are now down under "cert_store" (see x509_vfy.h) and
-things are no longer in a CERTIFICATE_CTX but instead in a X509_STORE.
-If your code "knows" about this level of detail then it will need some 
-surgery.
-
-If you depending on the incorrect spelling of a number of the error codes
-then you will have to change your code as these have been fixed.
-
-ENV_CIPHER "type" got renamed to "nid" and as that is what it actually
-has been all along so this makes things clearer.
-ify_cert_error_string(ctx->error));
-
-SSL_R_NO_CIPHER_WE_TRUST -> SSL_R_NO_CIPHER_LIST
-			and SSL_R_REUSE_CIPHER_LIST_NOT_ZERO
-
-
--- a/README.090
+++ b/README.090
@@ -1,8 +0,0 @@
-10-Apr-1998
-I said the next version would go out at easter, and so it shall.
-I expect a 0.9.1 will follow with portability fixes in the next few weeks.
-
-This is a quick, meet the deadline.  Look to ssl-users for comments on what
-is new etc.
-
-eric (about to go bushwalking for the 4 day easter break :-)
--- a/README.ASN1
+++ b/README.ASN1
@@ -0,0 +1,187 @@
+
+OpenSSL ASN1 Revision
+=====================
+
+This document describes some of the issues relating to the new ASN1 code.
+
+Previous OpenSSL ASN1 problems
+=============================
+
+OK why did the OpenSSL ASN1 code need revising in the first place? Well
+there are lots of reasons some of which are included below...
+
+1. The code is difficult to read and write. For every single ASN1 structure
+(e.g. SEQUENCE) four functions need to be written for new, free, encode and
+decode operations. This is a very painful and error prone operation. Very few
+people have ever written any OpenSSL ASN1 and those that have usually wish
+they hadn't.
+
+2. Partly because of 1. the code is bloated and takes up a disproportionate
+amount of space. The SEQUENCE encoder is particularly bad: it essentially
+contains two copies of the same operation, one to compute the SEQUENCE length
+and the other to encode it.
+
+3. The code is memory based: that is it expects to be able to read the whole
+structure from memory. This is fine for small structures but if you have a
+(say) 1Gb PKCS#7 signedData structure it isn't such a good idea...
+
+4. The code for the ASN1 IMPLICIT tag is evil. It is handled by temporarily
+changing the tag to the expected one, attempting to read it, then changing it
+back again. This means that decode buffers have to be writable even though they
+are ultimately unchanged. This gets in the way of constification.
+
+5. The handling of EXPLICIT isn't much better. It adds a chunk of code into 
+the decoder and encoder for every EXPLICIT tag.
+
+6. APPLICATION and PRIVATE tags aren't even supported at all.
+
+7. Even IMPLICIT isn't complete: there is no support for implicitly tagged
+types that are not OPTIONAL.
+
+8. Much of the code assumes that a tag will fit in a single octet. This is
+only true if the tag is 30 or less (mercifully tags over 30 are rare).
+
+9. The ASN1 CHOICE type has to be largely handled manually, there aren't any
+macros that properly support it.
+
+10. Encoders have no concept of OPTIONAL and have no error checking. If the
+passed structure contains a NULL in a mandatory field it will not be encoded,
+resulting in an invalid structure.
+
+11. It is tricky to add ASN1 encoders and decoders to external applications.
+
+Template model
+==============
+
+One of the major problems with revision is the sheer volume of the ASN1 code.
+Attempts to change (for example) the IMPLICIT behaviour would result in a
+modification of *every* single decode function. 
+
+I decided to adopt a template based approach. I'm using the term 'template'
+in a manner similar to SNACC templates: it has nothing to do with C++
+templates.
+
+A template is a description of an ASN1 module as several constant C structures.
+It describes in a machine readable way exactly how the ASN1 structure should
+behave. If this template contains enough detail then it is possible to write
+versions of new, free, encode, decode (and possibly others operations) that
+operate on templates.
+
+Instead of having to write code to handle each operation only a single
+template needs to be written. If new operations are needed (such as a 'print'
+operation) only a single new template based function needs to be written 
+which will then automatically handle all existing templates.
+
+Plans for revision
+==================
+
+The revision will consist of the following steps. Other than the first two
+these can be handled in any order.
+ 
+o Design and write template new, free, encode and decode operations, initially
+memory based. *DONE*
+
+o Convert existing ASN1 code to template form. *IN PROGRESS*
+
+o Convert an existing ASN1 compiler (probably SNACC) to output templates
+in OpenSSL form.
+
+o Add support for BIO based ASN1 encoders and decoders to handle large
+structures, initially blocking I/O.
+
+o Add support for non blocking I/O: this is quite a bit harder than blocking
+I/O.
+
+o Add new ASN1 structures, such as OCSP, CRMF, S/MIME v3 (CMS), attribute
+certificates etc etc.
+
+Description of major changes
+============================
+
+The BOOLEAN type now takes three values. 0xff is TRUE, 0 is FALSE and -1 is
+absent. The meaning of absent depends on the context. If for example the
+boolean type is DEFAULT FALSE (as in the case of the critical flag for
+certificate extensions) then -1 is FALSE, if DEFAULT TRUE then -1 is TRUE.
+Usually the value will only ever be read via an API which will hide this from
+an application.
+
+There is an evil bug in the old ASN1 code that mishandles OPTIONAL with
+SEQUENCE OF or SET OF. These are both implemented as a STACK structure. The
+old code would omit the structure if the STACK was NULL (which is fine) or if
+it had zero elements (which is NOT OK). This causes problems because an empty
+SEQUENCE OF or SET OF will result in an empty STACK when it is decoded but when
+it is encoded it will be omitted resulting in different encodings. The new code
+only omits the encoding if the STACK is NULL, if it contains zero elements it
+is encoded and empty. There is an additional problem though: because an empty
+STACK was omitted, sometimes the corresponding *_new() function would
+initialize the STACK to empty so an application could immediately use it, if
+this is done with the new code (i.e. a NULL) it wont work. Therefore a new
+STACK should be allocated first. One instance of this is the X509_CRL list of
+revoked certificates: a helper function X509_CRL_add0_revoked() has been added
+for this purpose.
+
+The X509_ATTRIBUTE structure used to have an element called 'set' which took
+the value 1 if the attribute value was a SET OF or 0 if it was a single. Due
+to the behaviour of CHOICE in the new code this has been changed to a field
+called 'single' which is 0 for a SET OF and 1 for single. The old field has
+been deleted to deliberately break source compatibility. Since this structure
+is normally accessed via higher level functions this shouldn't break too much.
+
+The X509_REQ_INFO certificate request info structure no longer has a field
+called 'req_kludge'. This used to be set to 1 if the attributes field was
+(incorrectly) omitted. You can check to see if the field is omitted now by
+checking if the attributes field is NULL. Similarly if you need to omit
+the field then free attributes and set it to NULL.
+
+The top level 'detached' field in the PKCS7 structure is no longer set when
+a PKCS#7 structure is read in. PKCS7_is_detached() should be called instead.
+The behaviour of PKCS7_get_detached() is unaffected.
+
+The values of 'type' in the GENERAL_NAME structure have changed. This is
+because the old code use the ASN1 initial octet as the selector. The new
+code uses the index in the ASN1_CHOICE template.
+
+The DIST_POINT_NAME structure has changed to be a true CHOICE type.
+
+typedef struct DIST_POINT_NAME_st {
+int type;
+union {
+	STACK_OF(GENERAL_NAME) *fullname;
+	STACK_OF(X509_NAME_ENTRY) *relativename;
+} name;
+} DIST_POINT_NAME;
+
+This means that name.fullname or name.relativename should be set
+and type reflects the option. That is if name.fullname is set then
+type is 0 and if name.relativename is set type is 1.
+
+With the old code using the i2d functions would typically involve:
+
+unsigned char *buf, *p;
+int len;
+/* Find length of encoding */
+len = i2d_SOMETHING(x, NULL);
+/* Allocate buffer */
+buf = OPENSSL_malloc(len);
+if(buf == NULL) {
+	/* Malloc error */
+}
+/* Use temp variable because &p gets updated to point to end of
+ * encoding.
+ */
+p = buf;
+i2d_SOMETHING(x, &p);
+
+
+Using the new i2d you can also do:
+
+unsigned char *buf = NULL;
+int len;
+len = i2d_SOMETHING(x, &buf);
+if(len < 0) {
+	/* Malloc error */
+}
+
+and it will automatically allocate and populate a buffer with the
+encoding. After this call 'buf' will point to the start of the
+encoding which is len bytes long.
--- a/README.ENGINE
+++ b/README.ENGINE
@@ -0,0 +1,289 @@
+  ENGINE
+  ======
+
+  With OpenSSL 0.9.6, a new component was added to support alternative
+  cryptography implementations, most commonly for interfacing with external
+  crypto devices (eg. accelerator cards). This component is called ENGINE,
+  and its presence in OpenSSL 0.9.6 (and subsequent bug-fix releases)
+  caused a little confusion as 0.9.6** releases were rolled in two
+  versions, a "standard" and an "engine" version. In development for 0.9.7,
+  the ENGINE code has been merged into the main branch and will be present
+  in the standard releases from 0.9.7 forwards.
+
+  There are currently built-in ENGINE implementations for the following
+  crypto devices:
+
+      o CryptoSwift
+      o Compaq Atalla
+      o nCipher CHIL
+      o Nuron
+      o Broadcom uBSec
+
+  In addition, dynamic binding to external ENGINE implementations is now
+  provided by a special ENGINE called "dynamic". See the "DYNAMIC ENGINE"
+  section below for details.
+
+  At this stage, a number of things are still needed and are being worked on:
+
+      1 Integration of EVP support.
+      2 Configuration support.
+      3 Documentation!
+
+1 With respect to EVP, this relates to support for ciphers and digests in
+  the ENGINE model so that alternative implementations of existing
+  algorithms/modes (or previously unimplemented ones) can be provided by
+  ENGINE implementations.
+
+2 Configuration support currently exists in the ENGINE API itself, in the
+  form of "control commands". These allow an application to expose to the
+  user/admin the set of commands and parameter types a given ENGINE
+  implementation supports, and for an application to directly feed string
+  based input to those ENGINEs, in the form of name-value pairs. This is an
+  extensible way for ENGINEs to define their own "configuration" mechanisms
+  that are specific to a given ENGINE (eg. for a particular hardware
+  device) but that should be consistent across *all* OpenSSL-based
+  applications when they use that ENGINE. Work is in progress (or at least
+  in planning) for supporting these control commands from the CONF (or
+  NCONF) code so that applications using OpenSSL's existing configuration
+  file format can have ENGINE settings specified in much the same way.
+  Presently however, applications must use the ENGINE API itself to provide
+  such functionality. To see first hand the types of commands available
+  with the various compiled-in ENGINEs (see further down for dynamic
+  ENGINEs), use the "engine" openssl utility with full verbosity, ie;
+       openssl engine -vvvv
+
+3 Documentation? Volunteers welcome! The source code is reasonably well
+  self-documenting, but some summaries and usage instructions are needed -
+  moreover, they are needed in the same POD format the existing OpenSSL
+  documentation is provided in. Any complete or incomplete contributions
+  would help make this happen.
+
+  STABILITY & BUG-REPORTS
+  =======================
+
+  What already exists is fairly stable as far as it has been tested, but
+  the test base has been a bit small most of the time. For the most part,
+  the vendors of the devices these ENGINEs support have contributed to the
+  development and/or testing of the implementations, and *usually* (with no
+  guarantees) have experience in using the ENGINE support to drive their
+  devices from common OpenSSL-based applications. Bugs and/or inexplicable
+  behaviour in using a specific ENGINE implementation should be sent to the
+  author of that implementation (if it is mentioned in the corresponding C
+  file), and in the case of implementations for commercial hardware
+  devices, also through whatever vendor support channels are available.  If
+  none of this is possible, or the problem seems to be something about the
+  ENGINE API itself (ie. not necessarily specific to a particular ENGINE
+  implementation) then you should mail complete details to the relevant
+  OpenSSL mailing list. For a definition of "complete details", refer to
+  the OpenSSL "README" file. As for which list to send it to;
+
+     openssl-users: if you are *using* the ENGINE abstraction, either in an
+          pre-compiled application or in your own application code.
+
+     openssl-dev: if you are discussing problems with OpenSSL source code.
+
+  USAGE
+  =====
+
+  The default "openssl" ENGINE is always chosen when performing crypto
+  operations unless you specify otherwise. You must actively tell the
+  openssl utility commands to use anything else through a new command line
+  switch called "-engine". Also, if you want to use the ENGINE support in
+  your own code to do something similar, you must likewise explicitly
+  select the ENGINE implementation you want.
+
+  Depending on the type of hardware, system, and configuration, "settings"
+  may need to be applied to an ENGINE for it to function as expected/hoped.
+  The recommended way of doing this is for the application to support
+  ENGINE "control commands" so that each ENGINE implementation can provide
+  whatever configuration primitives it might require and the application
+  can allow the user/admin (and thus the hardware vendor's support desk
+  also) to provide any such input directly to the ENGINE implementation.
+  This way, applications do not need to know anything specific to any
+  device, they only need to provide the means to carry such user/admin
+  input through to the ENGINE in question. Ie. this connects *you* (and
+  your helpdesk) to the specific ENGINE implementation (and device), and
+  allows application authors to not get buried in hassle supporting
+  arbitrary devices they know (and care) nothing about.
+
+  A new "openssl" utility, "openssl engine", has been added in that allows
+  for testing and examination of ENGINE implementations. Basic usage
+  instructions are available by specifying the "-?" command line switch.
+
+  DYNAMIC ENGINES
+  ===============
+
+  The new "dynamic" ENGINE provides a low-overhead way to support ENGINE
+  implementations that aren't pre-compiled and linked into OpenSSL-based
+  applications. This could be because existing compiled-in implementations
+  have known problems and you wish to use a newer version with an existing
+  application. It could equally be because the application (or OpenSSL
+  library) you are using simply doesn't have support for the ENGINE you
+  wish to use, and the ENGINE provider (eg. hardware vendor) is providing
+  you with a self-contained implementation in the form of a shared-library.
+  The other use-case for "dynamic" is with applications that wish to
+  maintain the smallest foot-print possible and so do not link in various
+  ENGINE implementations from OpenSSL, but instead leaves you to provide
+  them, if you want them, in the form of "dynamic"-loadable
+  shared-libraries. It should be possible for hardware vendors to provide
+  their own shared-libraries to support arbitrary hardware to work with
+  applications based on OpenSSL 0.9.7 or later. If you're using an
+  application based on 0.9.7 (or later) and the support you desire is only
+  announced for versions later than the one you need, ask the vendor to
+  backport their ENGINE to the version you need.
+
+  How does "dynamic" work?
+  ------------------------
+    The dynamic ENGINE has a special flag in its implementation such that
+    every time application code asks for the 'dynamic' ENGINE, it in fact
+    gets its own copy of it. As such, multi-threaded code (or code that
+    multiplexes multiple uses of 'dynamic' in a single application in any
+    way at all) does not get confused by 'dynamic' being used to do many
+    independent things. Other ENGINEs typically don't do this so there is
+    only ever 1 ENGINE structure of its type (and reference counts are used
+    to keep order). The dynamic ENGINE itself provides absolutely no
+    cryptographic functionality, and any attempt to "initialise" the ENGINE
+    automatically fails. All it does provide are a few "control commands"
+    that can be used to control how it will load an external ENGINE
+    implementation from a shared-library. To see these control commands,
+    use the command-line;
+
+       openssl engine -vvvv dynamic
+
+    The "SO_PATH" control command should be used to identify the
+    shared-library that contains the ENGINE implementation, and "NO_VCHECK"
+    might possibly be useful if there is a minor version conflict and you
+    (or a vendor helpdesk) is convinced you can safely ignore it.
+    "ENGINE_ID" is probably only needed if a shared-library implements
+    multiple ENGINEs, but if you know the engine id you expect to be using,
+    it doesn't hurt to specify it (and this provides a sanity check if
+    nothing else). "LIST_ADD" is only required if you actually wish the
+    loaded ENGINE to be discoverable by application code later on using the
+    ENGINE's "id". For most applications, this isn't necessary - but some
+    application authors may have nifty reasons for using it. The "LOAD"
+    command is the only one that takes no parameters and is the command
+    that uses the settings from any previous commands to actually *load*
+    the shared-library ENGINE implementation. If this command succeeds, the
+    (copy of the) 'dynamic' ENGINE will magically morph into the ENGINE
+    that has been loaded from the shared-library. As such, any control
+    commands supported by the loaded ENGINE could then be executed as per
+    normal. Eg. if ENGINE "foo" is implemented in the shared-library
+    "libfoo.so" and it supports some special control command "CMD_FOO", the
+    following code would load and use it (NB: obviously this code has no
+    error checking);
+
+       ENGINE *e = ENGINE_by_id("dynamic");
+       ENGINE_ctrl_cmd_string(e, "SO_PATH", "/lib/libfoo.so", 0);
+       ENGINE_ctrl_cmd_string(e, "ENGINE_ID", "foo", 0);
+       ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0);
+       ENGINE_ctrl_cmd_string(e, "CMD_FOO", "some input data", 0);
+
+    For testing, the "openssl engine" utility can be useful for this sort
+    of thing. For example the above code excerpt would achieve much the
+    same result as;
+
+       openssl engine dynamic \
+                 -pre SO_PATH:/lib/libfoo.so \
+                 -pre ENGINE_ID:foo \
+                 -pre LOAD \
+                 -pre "CMD_FOO:some input data"
+
+    Or to simply see the list of commands supported by the "foo" ENGINE;
+
+       openssl engine -vvvv dynamic \
+                 -pre SO_PATH:/lib/libfoo.so \
+                 -pre ENGINE_ID:foo \
+                 -pre LOAD
+
+    Applications that support the ENGINE API and more specifically, the
+    "control commands" mechanism, will provide some way for you to pass
+    such commands through to ENGINEs. As such, you would select "dynamic"
+    as the ENGINE to use, and the parameters/commands you pass would
+    control the *actual* ENGINE used. Each command is actually a name-value
+    pair and the value can sometimes be omitted (eg. the "LOAD" command).
+    Whilst the syntax demonstrated in "openssl engine" uses a colon to
+    separate the command name from the value, applications may provide
+    their own syntax for making that separation (eg. a win32 registry
+    key-value pair may be used by some applications). The reason for the
+    "-pre" syntax in the "openssl engine" utility is that some commands
+    might be issued to an ENGINE *after* it has been initialised for use.
+    Eg. if an ENGINE implementation requires a smart-card to be inserted
+    during initialisation (or a PIN to be typed, or whatever), there may be
+    a control command you can issue afterwards to "forget" the smart-card
+    so that additional initialisation is no longer possible. In
+    applications such as web-servers, where potentially volatile code may
+    run on the same host system, this may provide some arguable security
+    value. In such a case, the command would be passed to the ENGINE after
+    it has been initialised for use, and so the "-post" switch would be
+    used instead. Applications may provide a different syntax for
+    supporting this distinction, and some may simply not provide it at all
+    ("-pre" is almost always what you're after, in reality).
+
+  How do I build a "dynamic" ENGINE?
+  ----------------------------------
+    This question is trickier - currently OpenSSL bundles various ENGINE
+    implementations that are statically built in, and any application that
+    calls the "ENGINE_load_builtin_engines()" function will automatically
+    have all such ENGINEs available (and occupying memory). Applications
+    that don't call that function have no ENGINEs available like that and
+    would have to use "dynamic" to load any such ENGINE - but on the other
+    hand such applications would only have the memory footprint of any
+    ENGINEs explicitly loaded using user/admin provided control commands.
+    The main advantage of not statically linking ENGINEs and only using
+    "dynamic" for hardware support is that any installation using no
+    "external" ENGINE suffers no unnecessary memory footprint from unused
+    ENGINEs. Likewise, installations that do require an ENGINE incur the
+    overheads from only *that* ENGINE once it has been loaded.
+
+    Sounds good? Maybe, but currently building an ENGINE implementation as
+    a shared-library that can be loaded by "dynamic" isn't automated in
+    OpenSSL's build process. It can be done manually quite easily however.
+    Such a shared-library can either be built with any OpenSSL code it
+    needs statically linked in, or it can link dynamically against OpenSSL
+    if OpenSSL itself is built as a shared library. The instructions are
+    the same in each case, but in the former (statically linked any
+    dependencies on OpenSSL) you must ensure OpenSSL is built with
+    position-independent code ("PIC"). The default OpenSSL compilation may
+    already specify the relevant flags to do this, but you should consult
+    with your compiler documentation if you are in any doubt.
+
+    This example will show building the "atalla" ENGINE in the
+    crypto/engine/ directory as a shared-library for use via the "dynamic"
+    ENGINE.
+    1) "cd" to the crypto/engine/ directory of a pre-compiled OpenSSL
+       source tree.
+    2) Recompile at least one source file so you can see all the compiler
+       flags (and syntax) being used to build normally. Eg;
+           touch hw_atalla.c ; make
+       will rebuild "hw_atalla.o" using all such flags.
+    3) Manually enter the same compilation line to compile the
+       "hw_atalla.c" file but with the following two changes;
+         (a) add "-DENGINE_DYNAMIC_SUPPORT" to the command line switches,
+	 (b) change the output file from "hw_atalla.o" to something new,
+             eg. "tmp_atalla.o"
+    4) Link "tmp_atalla.o" into a shared-library using the top-level
+       OpenSSL libraries to resolve any dependencies. The syntax for doing
+       this depends heavily on your system/compiler and is a nightmare
+       known well to anyone who has worked with shared-library portability
+       before. 'gcc' on Linux, for example, would use the following syntax;
+          gcc -shared -o dyn_atalla.so tmp_atalla.o -L../.. -lcrypto
+    5) Test your shared library using "openssl engine" as explained in the
+       previous section. Eg. from the top-level directory, you might try;
+          apps/openssl engine -vvvv dynamic \
+              -pre SO_PATH:./crypto/engine/dyn_atalla.so -pre LOAD
+       If the shared-library loads successfully, you will see both "-pre"
+       commands marked as "SUCCESS" and the list of control commands
+       displayed (because of "-vvvv") will be the control commands for the
+       *atalla* ENGINE (ie. *not* the 'dynamic' ENGINE). You can also add
+       the "-t" switch to the utility if you want it to try and initialise
+       the atalla ENGINE for use to test any possible hardware/driver
+       issues.
+
+  PROBLEMS
+  ========
+
+  It seems like the ENGINE part doesn't work too well with CryptoSwift on Win32.
+  A quick test done right before the release showed that trying "openssl speed
+  -engine cswift" generated errors. If the DSO gets enabled, an attempt is made
+  to write at memory address 0x00000002.
+
--- a/104
+++ b/104
@@ -0,0 +1,104 @@
+
+  OpenSSL STATUS                           Last modified at
+  ______________                           $Date: 2002/05/16 10:01:53 $
+
+  DEVELOPMENT STATE
+
+    o  OpenSSL 0.9.7:  Under development...
+    o  OpenSSL 0.9.6d: Released on May        9th, 2002
+    o  OpenSSL 0.9.6c: Released on December  21st, 2001
+    o  OpenSSL 0.9.6b: Released on July       9th, 2001
+    o  OpenSSL 0.9.6a: Released on April      5th, 2001
+    o  OpenSSL 0.9.6:  Released on September 24th, 2000
+    o  OpenSSL 0.9.5a: Released on April      1st, 2000
+    o  OpenSSL 0.9.5:  Released on February  28th, 2000
+    o  OpenSSL 0.9.4:  Released on August    09th, 1999
+    o  OpenSSL 0.9.3a: Released on May       29th, 1999
+    o  OpenSSL 0.9.3:  Released on May       25th, 1999
+    o  OpenSSL 0.9.2b: Released on March     22th, 1999
+    o  OpenSSL 0.9.1c: Released on December  23th, 1998
+
+  [See also http://www.openssl.org/support/rt2.html]
+
+  RELEASE SHOWSTOPPERS
+
+    o BN_mod_mul verification fails for mips3-sgi-irix
+      unless configured with no-asm
+
+  AVAILABLE PATCHES
+
+    o 
+
+  IN PROGRESS
+
+    o Steve is currently working on (in no particular order):
+        ASN1 code redesign, butchery, replacement.
+        OCSP
+        EVP cipher enhancement.
+        Enhanced certificate chain verification.
+	Private key, certificate and CRL API and implementation.
+	Developing and bugfixing PKCS#7 (S/MIME code).
+        Various X509 issues: character sets, certificate request extensions.
+    o Geoff and Richard are currently working on:
+	ENGINE (the new code that gives hardware support among others).
+    o Richard is currently working on:
+	UI (User Interface)
+	UTIL (a new set of library functions to support some higher level
+	      functionality that is currently missing).
+	Shared library support for VMS.
+	Kerberos 5 authentication
+	Constification
+	OCSP
+
+  NEEDS PATCH
+
+    o  apps/ca.c: "Sign the certificate?" - "n" creates empty certificate file
+
+    o  "OpenSSL STATUS" is never up-to-date.
+
+  OPEN ISSUES
+
+    o  Do we want the EVP API changes in 0.9.7?
+       Can compatibility be improved?
+
+    o  The Makefile hierarchy and build mechanism is still not a round thing:
+
+       1. The config vs. Configure scripts
+          It's the same nasty situation as for Apache with APACI vs.
+          src/Configure. It confuses.
+          Suggestion: Merge Configure and config into a single configure
+                      script with a Autoconf style interface ;-) and remove
+                      Configure and config. Or even let us use GNU Autoconf
+                      itself. Then we can avoid a lot of those platform checks
+                      which are currently in Configure.
+
+    o  Support for Shared Libraries has to be added at least
+       for the major Unix platforms. The details we can rip from the stuff
+       Ralf has done for the Apache src/Configure script. Ben wants the
+       solution to be really simple.
+
+       Status: Ralf will look how we can easily incorporate the
+               compiler PIC and linker DSO flags from Apache
+               into the OpenSSL Configure script.
+
+               Ulf: +1 for using GNU autoconf and libtool (but not automake,
+                    which apparently is not flexible enough to generate
+                    libcrypto)
+
+  WISHES
+
+    o  Add variants of DH_generate_parameters() and BN_generate_prime() [etc?]
+       where the callback function can request that the function be aborted.
+       [Gregory Stark <ghstark@pobox.com>, <rayyang2000@yahoo.com>]
+
+    o  SRP in TLS.
+       [wished by:
+        Dj <derek@yo.net>, Tom Wu <tom@arcot.com>,
+        Tom Holroyd <tomh@po.crl.go.jp>]
+
+       See http://search.ietf.org/internet-drafts/draft-ietf-tls-srp-00.txt
+       as well as http://www-cs-students.stanford.edu/~tjw/srp/.
+
+       Tom Holroyd tells us there is a SRP patch for OpenSSH at
+       http://members.tripod.com/professor_tom/archives/, that could
+       be useful.
--- a/3912
+++ b/3912
--- a/28
+++ b/28
@@ -1,28 +0,0 @@
- The loading of the netscape RC4 encrypted key is a crock of pig pellets.
-  It will be reworked along with a nice general mechanism for encrypting
-  ASN.1 stuff. [ Jun 96 ] I've cleaned up private keys internally but
-  still have not done PKCS#8 support.
-
- Winsock support in s_client/s_server for windows nt/3.1 is a crock.
-  I will probably not get this fixed for a while, it is just there so
-  I could test things.
-
- Be able to generate DSS certificates.
-
- Add CRL to the X509 verification stuff, this will probably be added with
-  SSLv3.
-
-+ X509 callback.  I need to callback the application to retrieve certificates
-  and CRL.
-
-*<- designates the things I'm activly working on.
-+<- designates that which I have next in the queue.
-
-====
-
-X509v3 extensions
-verify certificate chains
-X509 cert lookup methods
-RSA/DSA/DH methods mostly for smart cards
-dsa cert generation
-
--- a/24
+++ b/24
@@ -1,24 +0,0 @@
-SSLeay 0.8.1
-	- Mostly bug fixes.  There is an Ephemeral DH cipher problem which
-	  is fixed.
-
-SSLeay 0.8.0
-	- New release, for those that are wondering what happend to
-	  0.7.x, call it our internal development version :-)
-	- There have been lots of changes, mostly the addition of SSLv3.
-	- There have been many additions from people and amongst
-	  others, C2Net has assisted greatly.
-
-SSLeay 0.6.6
-	SSLeay 0.8.0 is not upward compatable with SSLeay 0.6.6, so
-	if your application requires 0.6.6, use it.  There have been
-	lots of bug fixes to 0.8.x that have not been applied to 0.6.6
-	so use 0.8.0+ in preference.
-
-PORTING 0.6.6 to 0.8.0
-	I'll be documenting this over the next few weeks but as
-	pressures have been increasing for making SSLv3 support
-	available I'm shipping it without this documentation as I
-	basically have not had time to write it (too busy earning a
-	living :-)
-
--- a/VMS/TODO
+++ b/VMS/TODO
@@ -0,0 +1,18 @@
+TODO:
+=====
+
+There are a few things that need to be worked out in the VMS version of
+OpenSSL, still:
+
+- Description files. ("Makefile's" :-))
+- Script code to link an already compiled build tree.
+- A VMSINSTALlable version (way in the future, unless someone else hacks).
+- shareable images (DLL for you Windows folks).
+
+There may be other things that I have missed and that may be desirable.
+Please send mail to <openssl-users@openssl.org> or to me directly if you
+have any ideas.
+
+--
+Richard Levitte <richard@levitte.org>
+1999-05-24
--- a/VMS/WISHLIST.TXT
+++ b/VMS/WISHLIST.TXT
@@ -0,0 +1,4 @@
+* Have the building procedure contain a LINK-only possibility.
+  Wished by Mark Daniel <mark.daniel@dsto.defence.gov.au>
+
+  One way to enable that is also to go over to DESCRIP.MMS files.
--- a/VMS/cert_tool/hostaddr.c
+++ b/VMS/cert_tool/hostaddr.c
@@ -0,0 +1,477 @@
+
+#ifdef VMS
+#pragma module HOSTADDR "X-1"
+
+/*
+**
+** Copyright (c) 2000 Compaq Computer Corporation
+** COMPAQ Registered in U.S. Patent and Trademark Office.
+**
+** Confidential computer software. Valid license from Compaq or
+** authorized sublicensor required for possession, use or copying.
+** Consistent with FAR 12.211 and 12.212, Commercial Computer Software,
+** Computer Software Documentation, and Technical Data for Commercial
+** Items are licensed to the U.S. Government under vendor's standard
+** commercial license.
+**
+*/
+
+/*
+**++
+**
+**  FACILITY:  Apache Web Server
+**
+**  ABSTRACT:
+**
+**	This program determine the hostaddr of the default node or of
+**	a given hostname.
+**
+**	The command line syntax is:
+**
+**	    HOSTADDR [-l log-name] [-s sym-name] [host-name]
+**
+**	where:
+**
+**	    -l log-name	    specifies an optional logical name to receive hostname.
+**
+**	    -c sym-name	    specifies an optional symbol name to receive hostname.
+**
+**	    host-name	    specifies an optional host name to resolve.
+**
+**  AUTHOR:  Matthew Doremus			CREATION DATE:  07-Jul-2000
+**
+**  Modification History:
+**
+**	X-1	Matthew Doremus				07-Jul-2000
+**		Initial development
+**
+**--
+**
+**  Compile/Link instructions:
+**
+**	OpenVMS Alpha/VAX:
+**	    $ CC HOSTADDR+SYS$LIBRARY:SYS$LIB_C/LIBRARY
+**	    $ LINK HOSTADDR
+**
+*/
+
+/*
+** Define __NEW_STARLET if it's not already defined
+*/
+#ifndef __NEW_STARLET
+#define __NEW_STARLET
+#define __NEW_STARLET_SET
+#endif
+
+/*
+** Include the necessary header files
+*/
+#include <lib$routines>
+#include <libclidef>
+#include <descrip>
+#include <stdlib>
+#include <string>
+#include <stdio>
+#include <netdb>
+#include <in>
+
+/*
+** Undefine __NEW_STARLET if we had defined it
+*/
+#ifndef __NEW_STARLET_SET
+#undef  __NEW_STARLET_SET
+#undef  __NEW_STARLET
+#endif
+
+/*
+** Option Data Structure
+*/
+typedef struct _opt_data {
+    char		*log_name;
+    char		*sym_name;
+    char		*host_name; 
+    } OPT_DATA;
+
+/*
+** Local Routine Prototypes
+*/
+static void 
+ParseCmdLine (
+    int,
+    char *[],
+    OPT_DATA *);
+
+static void
+SetLogName (
+    char *,
+    char *);
+
+static void
+SetSymName (
+    char *,
+    char *);
+
+static void 
+Usage ();
+
+/*
+**
+**  main - Main processing routine for the HOSTADDR utility
+**
+**  Functional Description:
+**
+**	This routine controls overall program execution.
+**
+**  Usage:
+**
+**      main argc, argv, envp
+**
+**  Formal parameters:
+**
+**      argc 		- (IN) argument count
+**      argv         	- (IN) address of an argument array 
+**      envp         	- (IN) address of an environment string 
+**
+**  Implicit Parameters:
+**
+**      None
+**
+**  Routine Value:
+**
+**      None
+**
+**  Side Effects:
+**
+**      None
+**
+*/
+int
+main (
+    int		argc,
+    char	*argv[],
+    char	*envp[]
+    )
+{
+struct in_addr *addr_ptr;
+char hostname[512+1];
+struct hostent *hp;
+OPT_DATA OptData;
+char *hostaddr;
+int addr_max,
+    i;
+
+/*
+** Parse the command line
+*/
+ParseCmdLine (argc, argv, &OptData);
+
+/*
+** If no host name was given, then use gethostname otherwise
+** use the host name given.
+*/
+if (! OptData.host_name)
+    {
+    if (gethostname (hostname, sizeof (hostname) - 1))
+        {
+        perror ("gethostname");
+        exit (1);
+        }
+    }
+else
+    strcpy (hostname, OptData.host_name);
+
+/*
+** Get the host address using gethostbyname
+*/
+if (! (hp = gethostbyname (hostname)))
+    {
+    perror ("gethostbyname");
+    exit (1);
+    }
+
+/*
+** Format the host address(es) into a comma separated list
+*/
+addr_max = hp->h_length / sizeof (struct in_addr);
+hostaddr = malloc ((addr_max * (15 + 1)) + 1);
+addr_ptr = (struct in_addr *) hp->h_addr;
+for (i = 0; i < addr_max; i++)
+    {
+    if (i > 0)
+	strcat (hostaddr, ",");
+    addr_ptr = addr_ptr + (i * sizeof (struct in_addr));
+    sprintf (hostaddr + strlen (hostaddr), "%d.%d.%d.%d",
+	addr_ptr->s_net, addr_ptr->s_host, 
+	addr_ptr->s_lh, addr_ptr->s_impno);
+    }
+
+/*
+** Define a logical name if one was provided
+*/
+if (OptData.log_name)
+    SetLogName (OptData.log_name, hostaddr);
+
+/*
+** Define a symbol name if one was provided
+*/
+if (OptData.sym_name)
+    SetSymName (OptData.sym_name, hostaddr);
+
+/*
+** print the host address if no logical or symbol name was provided
+*/
+if (! OptData.log_name && ! OptData.sym_name)
+    printf ("%s\n", hostaddr);
+
+}
+
+/*
+**
+**  ParseCmdLine - Parse the command line options
+**
+**  Functional Description:
+**
+**      This routine parses the command line options.
+**
+**  Usage:
+**
+**      ParseCmdLine argc, argv, OptData
+**
+**  Formal parameters:
+**
+**      argc 		- (IN) argument count
+**      argv         	- (IN) address of an argument array 
+**      OptData		- (OUT) address of command option data structure 
+**			  which will contain the parsed input.
+**
+**  Implicit Parameters:
+**
+**      None
+**
+**  Routine Value:
+**
+**      None
+**
+**  Side Effects:
+**
+**      None
+**
+*/
+static void
+ParseCmdLine (
+    int			argc,
+    char		*argv[],
+    OPT_DATA		*OptData
+    )
+{
+int option,
+    i;
+
+/*
+** Initialize the option data
+*/
+OptData->log_name = NULL;
+OptData->sym_name = NULL;
+OptData->host_name = NULL;
+
+/*
+** Process the command line options
+*/
+while ((option = getopt (argc, argv, "l:s:?")) != EOF) 
+    {
+    switch (option) 
+	{
+	/* 
+	** Output to logical name ?
+	*/
+	case 'l':
+	    OptData->log_name = strdup (optarg);
+	    break;
+
+	/* 
+	** Output to symbol name ?
+	*/
+	case 's':
+	    OptData->sym_name = strdup (optarg);
+	    break;
+
+	/* 
+	** Invalid argument ?
+	*/
+	case '?':
+	default:
+	    Usage ();
+	    exit (1);
+	    break;
+	}
+    }
+
+/*
+** Are the number of parameters correct ?
+*/
+if (argc - optind > 1)
+    {
+    Usage ();
+    exit (1);
+    }
+
+/*
+** Host Name provided ?
+*/
+if (argc - optind == 1)
+    OptData->host_name = strdup (argv[optind]);
+
+}
+
+/*
+**
+**  SetLogName - Set a logical name & value
+**
+**  Functional Description:
+**
+**      This routine sets a logical name & value.
+**
+**  Usage:
+**
+**      SetLogName LogName, LogValue
+**
+**  Formal parameters:
+**
+**      LogName		- (IN) address of the logical name
+**      LogValue       	- (IN) address of the logical value
+**
+**  Implicit Parameters:
+**
+**      None
+**
+**  Routine Value:
+**
+**      None
+**
+**  Side Effects:
+**
+**      None
+**
+*/
+static void
+SetLogName (
+    char 		*LogName,
+    char		*LogValue
+    )
+{
+struct dsc$descriptor_s log_nam_desc = {0, DSC$K_DTYPE_T, DSC$K_CLASS_S, 0};
+struct dsc$descriptor_s log_val_desc = {0, DSC$K_DTYPE_T, DSC$K_CLASS_S, 0};
+int status;
+
+/*
+** Setup the logical name & value descriptors
+*/
+log_nam_desc.dsc$w_length = strlen (LogName);
+log_nam_desc.dsc$a_pointer = LogName;
+log_val_desc.dsc$w_length = strlen (LogValue);
+log_val_desc.dsc$a_pointer = LogValue;
+
+/*
+** Set the logical name & value
+*/
+status = lib$set_logical (&log_nam_desc, &log_val_desc, 0, 0, 0);
+if (! (status & 1))
+    exit (status);
+
+}
+
+/*
+**
+**  SetSymName - Set a symbol name & value
+**
+**  Functional Description:
+**
+**      This routine sets a symbol name & value.
+**
+**  Usage:
+**
+**      SetSymName SymName, SymValue
+**
+**  Formal parameters:
+**
+**      SymName		- (IN) address of the symbol name
+**      SymValue       	- (IN) address of the Symbol value
+**
+**  Implicit Parameters:
+**
+**      None
+**
+**  Routine Value:
+**
+**      None
+**
+**  Side Effects:
+**
+**      None
+**
+*/
+static void
+SetSymName (
+    char 		*SymName,
+    char		*SymValue
+    )
+{
+struct dsc$descriptor_s sym_nam_desc = {0, DSC$K_DTYPE_T, DSC$K_CLASS_S, 0};
+struct dsc$descriptor_s sym_val_desc = {0, DSC$K_DTYPE_T, DSC$K_CLASS_S, 0};
+int status;
+
+/*
+** Setup the symbol name & value descriptors
+*/
+sym_nam_desc.dsc$w_length = strlen (SymName);
+sym_nam_desc.dsc$a_pointer = SymName;
+sym_val_desc.dsc$w_length = strlen (SymValue);
+sym_val_desc.dsc$a_pointer = SymValue;
+
+/*
+** Set the symbol name & value
+*/
+status = lib$set_symbol (&sym_nam_desc, &sym_val_desc, &LIB$K_CLI_LOCAL_SYM);
+if (! (status & 1))
+    exit (status);
+
+}
+
+/*
+**
+**  Usage - Display the acceptable unix style command usage
+**
+**  Functional Description:
+**
+**      This routine displays to standard output the appropriate unix style 
+**	command usage.
+**
+**  Usage:
+**
+**      Usage 
+**
+**  Formal parameters:
+**
+**      None
+**
+**  Implicit Parameters:
+**
+**      None
+**
+**  Routine Value:
+**
+**      None
+**
+**  Side Effects:
+**
+**      None
+**
+*/
+static void
+Usage ()
+{
+
+fprintf (stdout, "Usage: HOSTADDR [-l log-name] [-s sym-name] [host-name]\n");
+
+}
+#endif    /* #ifdef VMS */
--- a/VMS/cert_tool/hostname.c
+++ b/VMS/cert_tool/hostname.c
@@ -0,0 +1,513 @@
+
+#ifdef VMS
+#pragma module HOSTNAME "X-1"
+
+/*
+**
+** Copyright (c) 2000 Compaq Computer Corporation
+** COMPAQ Registered in U.S. Patent and Trademark Office.
+**
+** Confidential computer software. Valid license from Compaq or
+** authorized sublicensor required for possession, use or copying.
+** Consistent with FAR 12.211 and 12.212, Commercial Computer Software,
+** Computer Software Documentation, and Technical Data for Commercial
+** Items are licensed to the U.S. Government under vendor's standard
+** commercial license.
+**
+*/
+
+/*
+**++
+**
+**  FACILITY:  Apache Web Server
+**
+**  ABSTRACT:
+**
+**	This program determine the hostname of the default node or of
+**	a given hostaddr.
+**
+**	The command line syntax is:
+**
+**	    HOSTNAME [-l log-name] [-s sym-name] [host-addr]
+**
+**	where:
+**
+**	    -l log-name	    specifies an optional logical name to receive hostname.
+**
+**	    -c sym-name	    specifies an optional symbol name to receive hostname.
+**
+**	    host-addr	    specifies an optional host address to resolve.
+**
+**  AUTHOR:  Matthew Doremus			CREATION DATE:  07-Jul-2000
+**
+**  Modification History:
+**
+**	X-1	Matthew Doremus				07-Jul-2000
+**		Initial development
+**
+**--
+**
+**  Compile/Link instructions:
+**
+**	OpenVMS Alpha/VAX:
+**	    $ CC HOSTNAME+SYS$LIBRARY:SYS$LIB_C/LIBRARY
+**	    $ LINK HOSTNAME
+**
+*/
+
+/*
+** Define __NEW_STARLET if it's not already defined
+*/
+#ifndef __NEW_STARLET
+#define __NEW_STARLET
+#define __NEW_STARLET_SET
+#endif
+
+/*
+** Include the necessary header files
+*/
+#include <lib$routines>
+#include <libclidef>
+#include <descrip>
+#include <stdlib>
+#include <string>
+#include <stdio>
+#include <netdb>
+#include <in>
+#include <socket>
+
+/*
+** Undefine __NEW_STARLET if we had defined it
+*/
+#ifndef __NEW_STARLET_SET
+#undef  __NEW_STARLET_SET
+#undef  __NEW_STARLET
+#endif
+
+/*
+** Option Data Structure
+*/
+typedef struct _opt_data {
+    char		*log_name;
+    char		*sym_name;
+    unsigned char	host_addr[4]; 
+    } OPT_DATA;
+
+/*
+** Local Routine Prototypes
+*/
+static void 
+ParseCmdLine (
+    int,
+    char *[],
+    OPT_DATA *);
+
+static void
+SetLogName (
+    char *,
+    char *);
+
+static void
+SetSymName (
+    char *,
+    char *);
+
+static void 
+Usage ();
+
+/*
+**
+**  main - Main processing routine for the HOSTNAME utility
+**
+**  Functional Description:
+**
+**	This routine controls overall program execution.
+**
+**  Usage:
+**
+**      main argc, argv, envp
+**
+**  Formal parameters:
+**
+**      argc 		- (IN) argument count
+**      argv         	- (IN) address of an argument array 
+**      envp         	- (IN) address of an environment string 
+**
+**  Implicit Parameters:
+**
+**      None
+**
+**  Routine Value:
+**
+**      None
+**
+**  Side Effects:
+**
+**      None
+**
+*/
+int
+main (
+    int		argc,
+    char	*argv[],
+    char	*envp[]
+    )
+{
+struct in_addr host_addr;
+char hostname[512+1];
+struct hostent *hp;
+OPT_DATA OptData;
+int i;
+
+/*
+** Parse the command line
+*/
+ParseCmdLine (argc, argv, &OptData);
+
+/*
+** If no host address was given, then use gethostname otherwise
+** use gethostbyaddr.
+*/
+if (! OptData.host_addr[0] && ! OptData.host_addr[1] && 
+    ! OptData.host_addr[2] && ! OptData.host_addr[3])
+    {
+    if (gethostname (hostname, sizeof (hostname) - 1))
+        {
+        perror ("gethostname");
+        exit (1);
+        }
+
+    if (! (hp = gethostbyname (hostname)))
+	{
+        perror ("gethostbyname");
+	exit (1);
+	}
+    }
+else
+    {
+    host_addr.s_net = OptData.host_addr[0];
+    host_addr.s_host = OptData.host_addr[1];
+    host_addr.s_lh = OptData.host_addr[2];
+    host_addr.s_impno = OptData.host_addr[3];
+    	
+    if (! (hp = gethostbyaddr (&host_addr, sizeof (host_addr), AF_INET)))
+	{
+        perror ("gethostbyaddr");
+	exit (1);
+	}
+    }
+
+/*
+** Let's try to determine the best available fully qualified hostname.
+*/
+if (hp->h_name)
+    {
+    strcpy (hostname, hp->h_name);
+    if (! strchr (hostname, '.'))
+	{
+	for (i = 0; hp->h_aliases[i]; i++)
+	    {
+	    if (strchr (hp->h_aliases[i], '.') && 
+	        ! strncasecmp (hp->h_aliases[i], hostname, strlen (hostname)))
+		{     
+		strcpy (hostname, hp->h_aliases[i]);
+		break;
+		}
+	    }
+	}
+    }
+else
+    strcpy (hostname, "(unavailable)");
+
+/*
+** Define a logical name if one was provided
+*/
+if (OptData.log_name)
+    SetLogName (OptData.log_name, hostname);
+
+/*
+** Define a symbol name if one was provided
+*/
+if (OptData.sym_name)
+    SetSymName (OptData.sym_name, hostname);
+
+/*
+** print the host name if no logical or symbol name was provided
+*/
+if (! OptData.log_name && ! OptData.sym_name)
+    printf ("%s\n", hostname);
+
+}
+
+/*
+**
+**  ParseCmdLine - Parse the command line options
+**
+**  Functional Description:
+**
+**      This routine parses the command line options.
+**
+**  Usage:
+**
+**      ParseCmdLine argc, argv, OptData
+**
+**  Formal parameters:
+**
+**      argc 		- (IN) argument count
+**      argv         	- (IN) address of an argument array 
+**      OptData		- (OUT) address of command option data structure 
+**			  which will contain the parsed input.
+**
+**  Implicit Parameters:
+**
+**      None
+**
+**  Routine Value:
+**
+**      None
+**
+**  Side Effects:
+**
+**      None
+**
+*/
+static void
+ParseCmdLine (
+    int			argc,
+    char		*argv[],
+    OPT_DATA		*OptData
+    )
+{
+int option,
+    i;
+
+/*
+** Initialize the option data
+*/
+OptData->log_name = NULL;
+OptData->sym_name = NULL;
+OptData->host_addr[0] = 0;
+OptData->host_addr[1] = 0;
+OptData->host_addr[2] = 0;
+OptData->host_addr[3] = 0;
+
+/*
+** Process the command line options
+*/
+while ((option = getopt (argc, argv, "l:s:?")) != EOF) 
+    {
+    switch (option) 
+	{
+	/* 
+	** Output to logical name ?
+	*/
+	case 'l':
+	    OptData->log_name = strdup (optarg);
+	    break;
+
+	/* 
+	** Output to symbol name ?
+	*/
+	case 's':
+	    OptData->sym_name = strdup (optarg);
+	    break;
+
+	/* 
+	** Invalid argument ?
+	*/
+	case '?':
+	default:
+	    Usage ();
+	    exit (1);
+	    break;
+	}
+    }
+
+/*
+** Are the number of parameters correct ?
+*/
+if (argc - optind > 1)
+    {
+    Usage ();
+    exit (1);
+    }
+
+/*
+** Host Address provided ?
+*/
+if (argc - optind == 1)
+    {
+    char *addr_ptr = argv[optind],
+         *addr_sep;
+
+    for (i = 0; i < 4; i++)
+	{
+        if ((addr_sep = strchr (addr_ptr, '.')) && (i < 3))
+	    *addr_sep = '\0';
+
+	if (strlen (addr_ptr) == 0 || atoi (addr_ptr) > 255 ||
+	    strspn (addr_ptr, "0123456789") != strlen (addr_ptr))
+	    {
+	    printf ("Invalid TCP/IP address format.\n");
+	    exit (1);
+	    }
+
+	OptData->host_addr[i] = atoi (addr_ptr);
+	if (addr_sep)
+	    addr_ptr = addr_sep + 1;
+	}    
+    }
+}
+
+/*
+**
+**  SetLogName - Set a logical name & value
+**
+**  Functional Description:
+**
+**      This routine sets a logical name & value.
+**
+**  Usage:
+**
+**      SetLogName LogName, LogValue
+**
+**  Formal parameters:
+**
+**      LogName		- (IN) address of the logical name
+**      LogValue       	- (IN) address of the logical value
+**
+**  Implicit Parameters:
+**
+**      None
+**
+**  Routine Value:
+**
+**      None
+**
+**  Side Effects:
+**
+**      None
+**
+*/
+static void
+SetLogName (
+    char 		*LogName,
+    char		*LogValue
+    )
+{
+struct dsc$descriptor_s log_nam_desc = {0, DSC$K_DTYPE_T, DSC$K_CLASS_S, 0};
+struct dsc$descriptor_s log_val_desc = {0, DSC$K_DTYPE_T, DSC$K_CLASS_S, 0};
+int status;
+
+/*
+** Setup the logical name & value descriptors
+*/
+log_nam_desc.dsc$w_length = strlen (LogName);
+log_nam_desc.dsc$a_pointer = LogName;
+log_val_desc.dsc$w_length = strlen (LogValue);
+log_val_desc.dsc$a_pointer = LogValue;
+
+/*
+** Set the logical name & value
+*/
+status = lib$set_logical (&log_nam_desc, &log_val_desc, 0, 0, 0);
+if (! (status & 1))
+    exit (status);
+
+}
+
+/*
+**
+**  SetSymName - Set a symbol name & value
+**
+**  Functional Description:
+**
+**      This routine sets a symbol name & value.
+**
+**  Usage:
+**
+**      SetSymName SymName, SymValue
+**
+**  Formal parameters:
+**
+**      SymName		- (IN) address of the symbol name
+**      SymValue       	- (IN) address of the Symbol value
+**
+**  Implicit Parameters:
+**
+**      None
+**
+**  Routine Value:
+**
+**      None
+**
+**  Side Effects:
+**
+**      None
+**
+*/
+static void
+SetSymName (
+    char 		*SymName,
+    char		*SymValue
+    )
+{
+struct dsc$descriptor_s sym_nam_desc = {0, DSC$K_DTYPE_T, DSC$K_CLASS_S, 0};
+struct dsc$descriptor_s sym_val_desc = {0, DSC$K_DTYPE_T, DSC$K_CLASS_S, 0};
+int status;
+
+/*
+** Setup the symbol name & value descriptors
+*/
+sym_nam_desc.dsc$w_length = strlen (SymName);
+sym_nam_desc.dsc$a_pointer = SymName;
+sym_val_desc.dsc$w_length = strlen (SymValue);
+sym_val_desc.dsc$a_pointer = SymValue;
+
+/*
+** Set the symbol name & value
+*/
+status = lib$set_symbol (&sym_nam_desc, &sym_val_desc, &LIB$K_CLI_LOCAL_SYM);
+if (! (status & 1))
+    exit (status);
+
+}
+
+/*
+**
+**  Usage - Display the acceptable unix style command usage
+**
+**  Functional Description:
+**
+**      This routine displays to standard output the appropriate unix style 
+**	command usage.
+**
+**  Usage:
+**
+**      Usage 
+**
+**  Formal parameters:
+**
+**      None
+**
+**  Implicit Parameters:
+**
+**      None
+**
+**  Routine Value:
+**
+**      None
+**
+**  Side Effects:
+**
+**      None
+**
+*/
+static void
+Usage ()
+{
+
+fprintf (stdout, "Usage: HOSTNAME [-l log-name] [-s sym-name] [host-addr]\n");
+
+}
+#endif      /* #ifdef VMS */
--- a/VMS/cert_tool/ssl$auth_cert.com
+++ b/VMS/cert_tool/ssl$auth_cert.com
@@ -0,0 +1,639 @@
+$!
+$!------------------------------------------------------------------------------
+$! SSL$AUTH_CERT.COM - SSL Certificate Authority procedure
+$!------------------------------------------------------------------------------
+$!
+$ Verify = F$VERIFY (0)
+$ Set NoOn
+$ Set NoControl=Y
+$!
+$!------------------------------------------------------------------------------
+$! Description 
+$!------------------------------------------------------------------------------
+$!
+$! This procedure prompts the user through creating a Server Certificate.
+$!
+$! There are no parameters used.
+$!
+$!------------------------------------------------------------------------------
+$! Define symbols
+$!------------------------------------------------------------------------------
+$!
+$ DELETE := DELETE
+$ SAY := WRITE SYS$OUTPUT
+$ ASK := READ SYS$COMMAND /END_OF_FILE=EXIT /PROMPT=
+$ PID = F$GETJPI ("","PID")
+$ TT_NOECHO = F$GETDVI ("TT:","TT_NOECHO")
+$ On Control_Y THEN GOTO EXIT
+$ Set Control=Y
+$!
+$ TT_ROWS = F$GETDVI ("TT:","TT_PAGE")
+$ TT_COLS = F$GETDVI ("TT:","DEVBUFSIZ")
+$!
+$ GET_USER_DATA := CALL GET_USER_DATA
+$ SET_USER_DATA := CALL SET_USER_DATA
+$ DEL_USER_DATA := CALL DEL_USER_DATA
+$ INIT_TERM := @SSL$COM:SSL$INIT_TERM
+$ SHOW_FILE := @SSL$COM:SSL$SHOW_FILE 
+$ SSL_CONF_FILE = F$TRNLMN ("SSL$CA_CONF")
+$ GET_CONF_DATA := @SSL$COM:SSL$CONF_UTIL 'SSL_CONF_FILE' GET
+$ SET_CONF_DATA := @SSL$COM:SSL$CONF_UTIL 'SSL_CONF_FILE' SET
+$!
+$ ESC[0,8] = 27 	! Set the Escape Character
+$ BELL[0,8] = 7 	! Ring the terminal Bell
+$ RED = 1		! Color - Red
+$ FGD = 30		! Foreground
+$ BGD = 0		! Background
+$ CSCR = ESC + "[2J"	! Clear the Screen 
+$ CEOS = ESC + "[0J"	! Clear to the End of the Screen 
+$ CEOL = ESC + "[0K"	! Clear to the End of the Line
+$ NORM = ESC + "[0m"	! Turn Attributes off
+$ BLNK = ESC + "[5m"    ! Turn on BLINK Attribute
+$ WIDE = ESC + "#6"     ! Turn on WIDE Attribute
+$!
+$!------------------------------------------------------------------------------
+$! Run the SSL setup if it hasn't been run yet
+$!------------------------------------------------------------------------------
+$!
+$ IF F$TRNLNM ("SSL$CA_CONF") .EQS. ""
+$ THEN
+$     IF F$SEARCH ("SSL$COM:SSL$INIT_ENV.COM") .NES. ""
+$     THEN 
+$         @SSL$COM:SSL$INIT_ENV.COM
+$     ELSE
+$         SAY BELL, "Unable to locate SSL$COM:SSL$INIT_ENV.COM ..."
+$	  GOTO EXIT
+$     ENDIF
+$ ENDIF
+$!
+$!------------------------------------------------------------------------------
+$! Display the Page Header
+$!------------------------------------------------------------------------------
+$!
+$ INIT_TERM
+$ BCOLOR = BGD
+$ FCOLOR = FGD + RED
+$ COLOR = ESC + "[''BCOLOR';''FCOLOR'm"
+$!
+$ TEXT = "SSL Certificate Tool"
+$ COL = (TT_COLS - (F$LENGTH (TEXT) * 2)) / 4
+$!
+$ SAY ESC + "[01;01H", CSCR
+$ SAY ESC + "[02;''COL'H", COLOR, WIDE, TEXT, NORM
+$!
+$ TEXT = "Create Certification Authority"
+$ COL = (TT_COLS - F$LENGTH (TEXT)) / 2
+$!
+$ SAY ESC + "[04;01H"
+$ SAY ESC + "[04;''COL'H", COLOR, TEXT, NORM
+$!
+$ ROW = 6
+$ COL = 2
+$ TOP_ROW = ROW
+$ MSG_ROW = TT_ROWS - 1
+$!
+$!------------------------------------------------------------------------------
+$! Initialize the Request Data
+$!------------------------------------------------------------------------------
+$!
+$ IF F$SEARCH ("''SSL_CONF_FILE'") .NES. ""
+$ THEN 
+$     SAY ESC + "[''MSG_ROW';01H", BLNK, " Reading Configuration ...", NORM
+$ ELSE
+$     SAY ESC + "[''MSG_ROW';01H", BLNK, " Initializing Configuration ...", NORM
+$ ENDIF
+$!
+$ _request_name = "req"
+$!
+$ _distinguished_name = "CA_distinguished_name"
+$ _distinguished_name_upd = "Y"
+$!
+$ _default_bits = "1024"
+$ _default_bits_upd = "Y"
+$!
+$ _default_days = "1825"
+$ _default_days_upd = "Y"
+$!
+$ _default_keyfile = "SSL$KEY:SERVER_CA.KEY"
+$ _default_keyfile_upd = "Y"
+$!
+$ _default_crtfile = "SSL$CRT:SERVER_CA.CRT"
+$ _default_crtfile_upd = "Y"
+$!
+$ _countryName_prompt = "Country Name ?"
+$ _countryName_min = "2"
+$ _countryName_max = "2"
+$ _countryName_default = "US"
+$ _countryName_upd = "Y"
+$ _countryName_cnt = 4
+$!
+$ _0organizationName_prompt = "Organization Name ?"
+$ _0organizationName_default = ""
+$ _0organizationName_upd = "Y"
+$ _0organizationName_cnt = 2
+$!
+$ _organizationalUnitName_prompt = "Organization Unit Name ?"
+$ _organizationalUnitName_default = ""
+$ _organizationalUnitName_upd = "Y"
+$ _organizationalUnitName_cnt = 2
+$!
+$ _commonName_prompt = "Common Name ?"
+$ _commonName_max = "64"
+$ _commonName_default = "CA Authority"
+$ _commonName_upd = "Y"
+$ _commonName_cnt = 3
+$!
+$ IF F$SEARCH ("''SSL_CONF_FILE'") .NES. ""
+$ THEN 
+$     GET_CONF_DATA "[''_request_name']#distinguished_name"
+$     IF SSL_CONF_DATA .NES. ""
+$     THEN 
+$         _distinguished_name = SSL_CONF_DATA
+$         _distinguished_name_upd = "N"
+$     ENDIF
+$!
+$     GET_CONF_DATA "[''_request_name']#default_bits"
+$     IF SSL_CONF_DATA .NES. ""
+$     THEN
+$         _default_bits = SSL_CONF_DATA
+$         _default_bits_upd = "N"
+$     ENDIF
+$!
+$     GET_CONF_DATA "[''_request_name']#default_days"
+$     IF SSL_CONF_DATA .NES. ""
+$     THEN
+$         _default_days = SSL_CONF_DATA
+$         _default_days_upd = "N"
+$     ENDIF
+$!
+$     GET_CONF_DATA "[''_request_name']#default_keyfile"
+$     IF SSL_CONF_DATA .NES. ""
+$     THEN
+$         _default_keyfile = F$PARSE (SSL_CONF_DATA,"SSL$ROOT:",,"DEVICE") + -
+ 		             F$PARSE (SSL_CONF_DATA,"[KEY]",,"DIRECTORY") + -
+ 		             F$PARSE (SSL_CONF_DATA,"SERVER",,"NAME") + -
+ 		             F$PARSE (SSL_CONF_DATA,".KEY",,"TYPE") 
+$         _default_keyfile_upd = "N"
+$     ENDIF
+$!
+$     GET_CONF_DATA "[''_request_name']#default_crtfile"
+$     IF SSL_CONF_DATA .NES. ""
+$     THEN
+$         _default_crtfile = F$PARSE (SSL_CONF_DATA,"SSL$ROOT:",,"DEVICE") + -
+ 		             F$PARSE (SSL_CONF_DATA,"[CRT]",,"DIRECTORY") + -
+ 		             F$PARSE (SSL_CONF_DATA,"SERVER",,"NAME") + -
+ 		             F$PARSE (SSL_CONF_DATA,".CRT",,"TYPE") 
+$         _default_crtfile_upd = "N"
+$     ENDIF
+$!
+$     CTR = 0
+$     GET_CONF_DATA "[''_distinguished_name']#countryName"
+$     IF SSL_CONF_DATA .NES. ""
+$     THEN
+$         _countryName_prompt = SSL_CONF_DATA
+$	  CTR = CTR + 1
+$     ENDIF
+$     GET_CONF_DATA "[''_distinguished_name']#countryName_min"
+$     IF SSL_CONF_DATA .NES. ""
+$     THEN
+$         _countryName_min = SSL_CONF_DATA
+$	  CTR = CTR + 1
+$     ENDIF
+$     GET_CONF_DATA "[''_distinguished_name']#countryName_max"
+$     IF SSL_CONF_DATA .NES. ""
+$     THEN
+$         _countryName_max = SSL_CONF_DATA
+$	  CTR = CTR + 1
+$     ENDIF
+$     GET_CONF_DATA "[''_distinguished_name']#countryName_default"
+$     IF SSL_CONF_DATA .NES. ""
+$     THEN
+$         _countryName_default = SSL_CONF_DATA
+$	  CTR = CTR + 1
+$     ENDIF
+$     IF _countryName_cnt .EQ. CTR THEN _countryName_upd = "N"
+$!
+$     CTR = 0
+$     GET_CONF_DATA "[''_distinguished_name']#0.organizationName"
+$     IF SSL_CONF_DATA .NES. ""
+$     THEN
+$         _0organizationName_prompt = SSL_CONF_DATA
+$	  CTR = CTR + 1
+$     ENDIF
+$     GET_CONF_DATA "[''_distinguished_name']#0.organizationName_default"
+$     IF SSL_CONF_DATA .NES. ""
+$     THEN
+$         _0organizationName_default = SSL_CONF_DATA
+$	  CTR = CTR + 1
+$     ENDIF
+$     IF _0organizationName_cnt .EQ. CTR THEN _0organizationName_upd = "N"
+$!
+$     CTR = 0
+$     GET_CONF_DATA "[''_distinguished_name']#organizationalUnitName"
+$     IF SSL_CONF_DATA .NES. ""
+$     THEN
+$         _organizationalUnitName_prompt = SSL_CONF_DATA
+$	  CTR = CTR + 1
+$     ENDIF
+$     GET_CONF_DATA "[''_distinguished_name']#organizationalUnitName_default"
+$     IF SSL_CONF_DATA .NES. ""
+$     THEN
+$         _organizationalUnitName_default = SSL_CONF_DATA
+$	  CTR = CTR + 1
+$     ENDIF
+$     IF _organizationalUnitName_cnt .EQ. CTR THEN _organizationalUnitName_upd = "N"
+$!
+$     CTR = 0
+$     GET_CONF_DATA "[''_distinguished_name']#commonName"
+$     IF SSL_CONF_DATA .NES. "" 
+$     THEN
+$         _commonName_prompt = SSL_CONF_DATA
+$	  CTR = CTR + 1
+$     ENDIF
+$     GET_CONF_DATA "[''_distinguished_name']#commonName_max"
+$     IF SSL_CONF_DATA .NES. ""
+$     THEN
+$         _commonName_max = SSL_CONF_DATA
+$	  CTR = CTR + 1
+$     ENDIF
+$     GET_CONF_DATA "[''_distinguished_name']#commonName_default"
+$     IF SSL_CONF_DATA .NES. ""
+$     THEN
+$         _commonName_default = SSL_CONF_DATA
+$	  CTR = CTR + 1
+$     ENDIF
+$     IF _commonName_cnt .EQ. CTR THEN _commonName_upd = "N"
+$ ENDIF
+$!
+$ SET_USER_DATA "[]#pem_pass_phrase#-##PEM Pass Phrase ?#P#1###Y#Y"
+$ SET_USER_DATA "[''_request_name']#default_bits#D#''_default_bits'#Encryption Bits ?#I###''_default_bits_upd'#Y#N"
+$ SET_USER_DATA "[''_request_name']#default_days#D#''_default_days'#Default Days ?#I###''_default_days_upd'#Y#N"
+$ SET_USER_DATA "[''_request_name']#default_keyfile#D#''_default_keyfile'#CA certificate Key File ?#F###''_default_keyfile_upd'#Y#N"
+$ SET_USER_DATA "[''_request_name']#default_crtfile#D#''_default_crtfile'#CA certificate File ?#F###''_default_crtfile_upd'#Y#N"
+$ SET_USER_DATA "[''_request_name']#distinguished_name#D#''_distinguished_name'##S###''_distinguished_name_upd'#N#N"
+$ SET_USER_DATA "[''_distinguished_name']#countryName#P#''_countryName_default'#''_countryName_prompt'#S#''_countryName_min'#''_countryName_max'#''_countryName_upd'#Y#N"
+$ SET_USER_DATA "[''_distinguished_name']#0.organizationName#P#''_0organizationName_default'#''_0organizationName_prompt'#S###''_0organizationName_upd'#Y#N"
+$ SET_USER_DATA "[''_distinguished_name']#organizationalUnitName#P#''_organizationalUnitName_default'#''_organizationalUnitName_prompt'#S###''_organizationUnitName_upd'#Y#N"
+$ SET_USER_DATA "[''_distinguished_name']#commonName#P#''_commonName_default'#''_commonName_prompt'#S##''_commonName_max'#''_commonName_upd'#Y#N"
+$ SET_USER_DATA "[]#display_certificate#-#N#Display the CA certificate ?#S##1##Y#N"
+$!
+$ SAY ESC + "[''MSG_ROW';01H", CEOS
+$!
+$!------------------------------------------------------------------------------
+$! Confirm/Update the SSL Configuration Data
+$!------------------------------------------------------------------------------
+$!
+$ CTR = 1
+$!
+$PROMPT_LOOP:
+$!
+$ IF CTR .LE. SSL_USER_DATA_MAX
+$ THEN 
+$     KEY = F$ELEMENT (0,"#",SSL_USER_DATA_'CTR') ! Key Name
+$     ITM = F$ELEMENT (1,"#",SSL_USER_DATA_'CTR') ! Item Name
+$     VAL = F$ELEMENT (2,"#",SSL_USER_DATA_'CTR') ! Item Value Contains Default or Prompt
+$     DEF = F$ELEMENT (3,"#",SSL_USER_DATA_'CTR') ! Default Value
+$     PRM = F$ELEMENT (4,"#",SSL_USER_DATA_'CTR') ! Prompt Value
+$     TYP = F$ELEMENT (5,"#",SSL_USER_DATA_'CTR') ! Value Type
+$     MIN = F$ELEMENT (6,"#",SSL_USER_DATA_'CTR') ! Value Minimum Length
+$     MAX = F$ELEMENT (7,"#",SSL_USER_DATA_'CTR') ! Value Maximum Length
+$     UPD = F$ELEMENT (8,"#",SSL_USER_DATA_'CTR') ! Entry Updated ?
+$     REQ = F$ELEMENT (9,"#",SSL_USER_DATA_'CTR') ! Entry Required for Input ?
+$     CFM = F$ELEMENT (10,"#",SSL_USER_DATA_'CTR')! Confirm Input  ?
+$     CONFIRMED = 0
+$     IF REQ .EQS. "N"
+$     THEN 
+$         CTR = CTR + 1
+$         GOTO PROMPT_LOOP
+$     ENDIF
+$     IF ROW .GT. MSG_ROW - 2
+$     THEN 
+$         SAY ESC + "[''TOP_ROW';01H", CEOS
+$	  ROW = TOP_ROW
+$     ENDIF
+$!
+$CONFIRM_LOOP:
+$!
+$     IF PRM .EQS. "" 
+$     THEN 
+$         PROMPT = ESC + "[''ROW';''COL'H''ITM' ? [''DEF'] ''CEOL'"
+$     ELSE
+$         PROMPT = ESC + "[''ROW';''COL'H''PRM' [''DEF'] ''CEOL'"
+$     ENDIF
+$     IF TYP .EQS. "P" THEN SET TERMINAL /NOECHO
+$     ASK "''PROMPT'" ANS /END_OF_FILE=EXIT
+$     IF TYP .EQS. "P" THEN SET TERMINAL /ECHO
+$     ANS = F$EDIT (ANS,"TRIM")
+$     IF ANS .EQS. "" THEN ANS = DEF
+$     IF TYP .EQS. "F"
+$     THEN 
+$         ANS = F$PARSE ("''ANS'","''DEF'",,,"SYNTAX_ONLY")	  
+$     ENDIF
+$     IF TYP .EQS. "I" .AND. F$TYPE (ANS) .NES. "INTEGER"
+$     THEN 
+$         CALL INVALID_ENTRY
+$         SAY ESC + "[''ROW';01H", CEOS
+$         GOTO PROMPT_LOOP
+$     ENDIF
+$     IF (TYP .EQS. "S" .OR. TYP .EQS. "P") .AND. -
+         ((MIN .NES. "" .AND. F$LENGTH (ANS) .LT. F$INTEGER(MIN)) .OR. -
+          (MAX .NES. "" .AND. F$LENGTH (ANS) .GT. F$INTEGER(MAX)))
+$     THEN 
+$         CALL INVALID_ENTRY
+$         SAY ESC + "[''ROW';01H", CEOS
+$	  IF TYP .EQS. "S" THEN GOTO PROMPT_LOOP
+$         IF TYP .EQS. "P" THEN GOTO CONFIRM_LOOP
+$     ENDIF
+$     ROW = ROW + 1
+$     IF CFM .EQS. "Y"
+$     THEN
+$         IF CONFIRMED .EQ. 0
+$	  THEN
+$	      CONFIRMED = 1
+$	      CONFIRMED_ANS = ANS
+$	      PRM = "Confirm ''PRM'"
+$	      GOTO CONFIRM_LOOP
+$         ELSE
+$	      IF ANS .NES. CONFIRMED_ANS
+$	      THEN 
+$                 CALL INVALID_ENTRY
+$		  ROW = ROW - 2
+$                 SAY ESC + "[''ROW';01H", CEOS
+$                 GOTO PROMPT_LOOP
+$	      ENDIF
+$         ENDIF
+$     ENDIF
+$     IF ANS .NES. DEF THEN SSL_USER_DATA_'CTR' = "''KEY'#''ITM'#''VAL'#''ANS'#''PRM'#''TYP'#''MIN'#''MAX'#Y#''REQ'#''CFM'"
+$     CTR = CTR + 1
+$     GOTO PROMPT_LOOP
+$ ENDIF
+$!
+$!------------------------------------------------------------------------------
+$! Save the SSL Configuration Data
+$!------------------------------------------------------------------------------
+$!
+$ CTR = 1
+$ SAY ESC + "[''MSG_ROW';01H", BLNK, " Saving Configuration ...", NORM
+$!
+$SAVE_CONF_LOOP:
+$!
+$ IF CTR .LE. SSL_USER_DATA_MAX
+$ THEN 
+$     KEY = F$ELEMENT (0,"#",SSL_USER_DATA_'CTR') ! Key Name
+$     ITM = F$ELEMENT (1,"#",SSL_USER_DATA_'CTR') ! Item Name
+$     VAL = F$ELEMENT (2,"#",SSL_USER_DATA_'CTR') ! Item Value Contains Default or Prompt
+$     DEF = F$ELEMENT (3,"#",SSL_USER_DATA_'CTR') ! Default Value
+$     PRM = F$ELEMENT (4,"#",SSL_USER_DATA_'CTR') ! Prompt Value
+$     TYP = F$ELEMENT (5,"#",SSL_USER_DATA_'CTR') ! Value Type
+$     MIN = F$ELEMENT (6,"#",SSL_USER_DATA_'CTR') ! Value Minimum Length
+$     MAX = F$ELEMENT (7,"#",SSL_USER_DATA_'CTR') ! Value Maximum Length
+$     UPD = F$ELEMENT (8,"#",SSL_USER_DATA_'CTR') ! Entry Updated ?
+$     REQ = F$ELEMENT (9,"#",SSL_USER_DATA_'CTR') ! Entry Required for Input ?
+$     CFM = F$ELEMENT (10,"#",SSL_USER_DATA_'CTR')! Confirm Input ?
+$     IF UPD .NES. "Y" .OR. VAL .EQS. "-"
+$     THEN 
+$         CTR = CTR + 1
+$         GOTO SAVE_CONF_LOOP
+$     ENDIF
+$     IF VAL .EQS. "D"
+$     THEN 
+$         SET_CONF_DATA "''KEY'#''ITM'" "''DEF'"
+$     ELSE
+$         SET_CONF_DATA "''KEY'#''ITM'" "''PRM'"
+$         SET_CONF_DATA "''KEY'#''ITM'_default" "''DEF'"
+$     ENDIF
+$     IF MIN .NES. "" THEN SET_CONF_DATA "''KEY'#''ITM'_min" "''MIN'"
+$     IF MAX .NES. "" THEN SET_CONF_DATA "''KEY'#''ITM'_max" "''MAX'"
+$     CTR = CTR + 1
+$     GOTO SAVE_CONF_LOOP
+$ ENDIF
+$!
+$ PURGE /NOLOG /NOCONFIRM 'SSL_CONF_FILE'
+$ RENAME 'SSL_CONF_FILE'; ;1
+$!
+$ SAY ESC + "[''MSG_ROW';01H", CEOS
+$!
+$!------------------------------------------------------------------------------
+$! Create the Certificiate Authority
+$!------------------------------------------------------------------------------
+$!
+$ SAY ESC + "[''MSG_ROW';01H", BLNK, " Creating Certificate Authority ...", NORM
+$!
+$ X1 = 2
+$ Y1 = TOP_ROW
+$ X2 = TT_COLS - 2
+$ Y2 = MSG_ROW - 1
+$!
+$ GET_USER_DATA "[''_request_name']#default_days"
+$ _default_days = SSL_USER_DATA
+$ GET_USER_DATA "[''_request_name']#default_keyfile"
+$ _default_keyfile = SSL_USER_DATA
+$ GET_USER_DATA "[''_request_name']#default_crtfile"
+$ _default_crtfile = SSL_USER_DATA
+$ GET_USER_DATA "[]#pem_pass_phrase"
+$ _pem_pass_phrase = SSL_USER_DATA
+$ GET_USER_DATA "[]#display_certificate"
+$ _display_certificate = SSL_USER_DATA
+$!
+$ DEFINE /USER /NOLOG SYS$ERROR  NL:
+$ DEFINE /USER /NOLOG SYS$OUTPUT NL:
+$ SHOW SYSTEM /FULL /OUT=SYS$LOGIN:SSL_REQ_'PID'.RND
+$!
+$ OPEN /WRITE OFILE SYS$LOGIN:SSL_REQ_'PID'.COM
+$ WRITE OFILE "$ DEFINE /USER /NOLOG RANDFILE    SYS$LOGIN:SSL_REQ_''PID'.RND"
+$ WRITE OFILE "$ DEFINE /USER /NOLOG SYS$ERROR   SYS$LOGIN:SSL_REQ_''PID'.LOG"
+$ WRITE OFILE "$ DEFINE /USER /NOLOG SYS$OUTPUT  SYS$LOGIN:SSL_REQ_''PID'.LOG"
+$ WRITE OFILE "$ DEFINE /USER /NOLOG SYS$COMMAND SYS$INPUT"
+$ WRITE OFILE "$ OPENSSL req -config ''SSL_CONF_FILE' -new -x509 -days ''_default_days' -keyout ''_default_keyfile' -out ''_default_crtfile'"
+$ WRITE OFILE "''_pem_pass_phrase'"
+$ WRITE OFILE "''_pem_pass_phrase'"
+$ WRITE OFILE ""
+$ WRITE OFILE ""
+$ WRITE OFILE ""
+$ WRITE OFILE ""
+$ CLOSE OFILE
+$!
+$ @SYS$LOGIN:SSL_REQ_'PID'.COM
+$!
+$ DELETE/NOLOG/NOCONFIRM SYS$LOGIN:SSL_REQ_'PID'.RND;*
+$ DELETE/NOLOG/NOCONFIRM SYS$LOGIN:SSL_REQ_'PID'.COM;*
+$!
+$ DEFINE /USER /NOLOG SYS$ERROR  NL:
+$ DEFINE /USER /NOLOG SYS$OUTPUT NL:
+$ SEARCH SYS$LOGIN:SSL_REQ_'PID'.LOG /OUT=SYS$LOGIN:SSL_REQ_'PID'.ERR ":error:"
+$ IF F$SEARCH ("SYS$LOGIN:SSL_REQ_''PID'.ERR") .NES. "" 
+$ THEN 
+$     IF F$FILE_ATTRIBUTE ("SYS$LOGIN:SSL_REQ_''PID'.ERR","ALQ") .NE. 0
+$     THEN 
+$         DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_REQ_'PID'.ERR;*
+$         SAY ESC + "[''MSG_ROW';01H''BELL'''CEOS'"
+$         SHOW_FILE "SYS$LOGIN:SSL_REQ_''PID'.LOG" 'X1' 'Y1' 'X2' 'Y2' "< ERROR >" 
+$         DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_REQ_'PID'.LOG;*
+$         GOTO EXIT
+$     ENDIF
+$     DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_REQ_'PID'.ERR;*
+$ ENDIF
+$!
+$ DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_REQ_'PID'.LOG;*
+$! 
+$ IF F$EDIT (_display_certificate,"TRIM,UPCASE") .EQS. "Y"
+$ THEN 
+$     SAY ESC + "[''MSG_ROW';01H", BLNK, " Generating Output ...", NORM, CEOL
+$!
+$     OPEN /WRITE OFILE SYS$LOGIN:SSL_X509_'PID'.COM
+$     WRITE OFILE "$ DEFINE /USER /NOLOG SYS$ERROR   SYS$LOGIN:SSL_X509_''PID'.LOG"
+$     WRITE OFILE "$ DEFINE /USER /NOLOG SYS$OUTPUT  SYS$LOGIN:SSL_X509_''PID'.LOG"
+$     WRITE OFILE "$ DEFINE /USER /NOLOG SYS$COMMAND SYS$INPUT"
+$     WRITE OFILE "$ OPENSSL x509 -noout -text -in ''_default_crtfile'"
+$     CLOSE OFILE
+$!
+$     @SYS$LOGIN:SSL_X509_'PID'.COM
+$!
+$     DELETE/NOLOG/NOCONFIRM SYS$LOGIN:SSL_X509_'PID'.COM;*
+$!
+$     DEFINE /USER /NOLOG SYS$ERROR  NL:
+$     DEFINE /USER /NOLOG SYS$OUTPUT NL:
+$     SEARCH SYS$LOGIN:SSL_X509_'PID'.LOG /OUT=SYS$LOGIN:SSL_X509_'PID'.ERR ":error:"
+$     IF F$SEARCH ("SYS$LOGIN:SSL_X509_''PID'.ERR") .NES. "" 
+$     THEN 
+$         IF F$FILE_ATTRIBUTE ("SYS$LOGIN:SSL_X509_''PID'.ERR","ALQ") .NE. 0
+$         THEN 
+$             DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_X509_'PID'.ERR;*
+$             SAY ESC + "[''MSG_ROW';01H''BELL'''CEOS'"
+$             SHOW_FILE "SYS$LOGIN:SSL_X509_''PID'.LOG" 'X1' 'Y1' 'X2' 'Y2' "< ERROR >" 
+$             DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_X509_'PID'.LOG;*
+$             GOTO EXIT
+$         ENDIF
+$         DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_X509_'PID'.ERR;*
+$     ENDIF
+$!
+$     SAY ESC + "[''MSG_ROW';01H''CEOS'"
+$     SHOW_FILE "SYS$LOGIN:SSL_X509_''PID'.LOG" 'X1' 'Y1' 'X2' 'Y2' "< ''_default_crtfile' >" 
+$     DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_X509_'PID'.LOG;*
+$     GOTO EXIT
+$ ENDIF
+$!
+$ TEXT = "Press return to continue"
+$ COL = (TT_COLS - F$LENGTH (TEXT)) / 2
+$!
+$ SAY ESC + "[''MSG_ROW';01H", CEOS
+$ PROMPT = ESC + "[''MSG_ROW';''COL'H''TEXT'"
+$ ASK "''PROMPT'" OPT
+$!
+$GOTO EXIT
+$!
+$!------------------------------------------------------------------------------
+$! Set the User Data
+$!------------------------------------------------------------------------------
+$!
+$SET_USER_DATA: SUBROUTINE
+$!
+$ IF F$TYPE (SSL_USER_DATA_MAX) .EQS. ""
+$ THEN
+$     SSL_USER_DATA_MAX == 1
+$ ELSE
+$     SSL_USER_DATA_MAX == SSL_USER_DATA_MAX + 1
+$ ENDIF
+$!
+$ SSL_USER_DATA_'SSL_USER_DATA_MAX' == "''P1'"
+$!
+$ EXIT
+$!
+$ ENDSUBROUTINE
+$!
+$!------------------------------------------------------------------------------
+$! Get the User Data
+$!------------------------------------------------------------------------------
+$!
+$GET_USER_DATA: SUBROUTINE
+$!
+$ CTR = 1
+$ USER_KEY = F$ELEMENT (0,"#",P1)
+$ USER_ITM = F$ELEMENT (1,"#",P1)
+$!
+$GET_USER_DATA_LOOP:
+$!
+$ IF CTR .LE. SSL_USER_DATA_MAX
+$ THEN
+$     KEY = F$ELEMENT (0,"#",SSL_USER_DATA_'CTR') ! Key Name
+$     ITM = F$ELEMENT (1,"#",SSL_USER_DATA_'CTR') ! Item Name
+$     VAL = F$ELEMENT (2,"#",SSL_USER_DATA_'CTR') ! Item Value Contains Default or Prompt
+$     DEF = F$ELEMENT (3,"#",SSL_USER_DATA_'CTR') ! Default Value
+$     PRM = F$ELEMENT (4,"#",SSL_USER_DATA_'CTR') ! Prompt Value
+$     IF USER_KEY .NES. KEY .OR. USER_ITM .NES. ITM
+$     THEN 
+$         CTR = CTR + 1
+$         GOTO GET_USER_DATA_LOOP
+$     ENDIF
+$     IF VAL .EQS. "-" THEN SSL_USER_DATA == "''DEF'"
+$     IF VAL .EQS. "D" THEN SSL_USER_DATA == "''DEF'"
+$     IF VAL .EQS. "P" THEN SSL_USER_DATA == "''PRM'"
+$ ENDIF
+$!
+$ EXIT
+$!
+$ ENDSUBROUTINE
+$!
+$!------------------------------------------------------------------------------
+$! Delete the User Data
+$!------------------------------------------------------------------------------
+$!
+$DEL_USER_DATA: SUBROUTINE
+$!
+$ IF F$TYPE (SSL_USER_DATA_MAX) .EQS. "" THEN GOTO DEL_USER_DATA_END
+$!
+$DEL_USER_DATA_LOOP:
+$!
+$ IF F$TYPE (SSL_USER_DATA_'SSL_USER_DATA_MAX') .NES. "" 
+$ THEN
+$     DELETE /SYMBOL /GLOBAL SSL_USER_DATA_'SSL_USER_DATA_MAX'
+$     SSL_USER_DATA_MAX == SSL_USER_DATA_MAX - 1
+$     GOTO DEL_USER_DATA_LOOP
+$ ENDIF
+$!
+$ DELETE /SYMBOL /GLOBAL SSL_USER_DATA_MAX
+$!
+$DEL_USER_DATA_END:
+$!
+$ IF F$TYPE (SSL_USER_DATA) .NES. "" THEN DELETE /SYMBOL /GLOBAL SSL_USER_DATA
+$!
+$ EXIT
+$!
+$ ENDSUBROUTINE
+$!
+$!------------------------------------------------------------------------------
+$! Display the invalid entry 
+$!------------------------------------------------------------------------------
+$!
+$INVALID_ENTRY: SUBROUTINE
+$!
+$ SAY ESC + "[''MSG_ROW';01H", BELL, " Invalid Entry, Try again ...''CEOL'"
+$ Wait 00:00:01.5
+$ SAY ESC + "[''MSG_ROW';01H", CEOL
+$!
+$ EXIT
+$!
+$ ENDSUBROUTINE
+$!
+$!------------------------------------------------------------------------------
+$! Exit the procedure
+$!------------------------------------------------------------------------------
+$!
+$EXIT:
+$!
+$ DEFINE /USER /NOLOG SYS$ERROR  NL:
+$ DEFINE /USER /NOLOG SYS$OUTPUT NL:
+$ CLOSE OFILE
+$!
+$ DEL_USER_DATA
+$!
+$ IF F$TYPE (SSL_CONF_DATA) .NES. "" THEN DELETE /SYMBOL /GLOBAL SSL_CONF_DATA
+$!
+$ IF F$GETDVI ("TT:","TT_NOECHO") .AND. .NOT. TT_NOECHO THEN SET TERMINAL /ECHO
+$!
+$ IF F$SEARCH ("SYS$LOGIN:SSL_REQ_''PID'.%%%;*") .NES. "" THEN DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_REQ_'PID'.%%%;*
+$ IF F$SEARCH ("SYS$LOGIN:SSL_X509_''PID'.%%%;*") .NES. "" THEN DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_X509_'PID'.%%%;*
+$!
+$ Verify = F$VERIFY (Verify)
+$!
+$ EXIT
--- a/VMS/cert_tool/ssl$auto_cert.com
+++ b/VMS/cert_tool/ssl$auto_cert.com
@@ -0,0 +1,101 @@
+$!
+$!------------------------------------------------------------------------------
+$! SSL$AUTO_CERT.COM - SSL Automatic Self-Signed Certificate procedure
+$!------------------------------------------------------------------------------
+$!
+$ Verify = F$VERIFY (0)
+$!
+$ Set NoOn
+$ Set NoControl=Y
+$!
+$!------------------------------------------------------------------------------
+$! Define Symbols
+$!------------------------------------------------------------------------------
+$! 
+$ OPENSSL       :== $ SSL$EXE:OPENSSL
+$ HOSTNAME      :== $ SSL$EXE:SSL$HOSTNAME
+$!
+$ HOSTNAME -s HOST_NAME
+$ PID = F$GETJPI ("","PID")
+$ USER = F$EDIT (F$GETJPI ("","USERNAME"),"TRIM")
+$ KEY_FILE = "SSL$KEY:SERVER.KEY"
+$ CRT_FILE = "SSL$CRT:SERVER.CRT"
+$!
+$!------------------------------------------------------------------------------
+$! Create a Temporary SSL Configuration
+$!------------------------------------------------------------------------------
+$!
+$ OPEN /WRITE CFILE SYS$LOGIN:SSL_'PID'.CNF
+$ WRITE CFILE "[req]"
+$ WRITE CFILE "default_bits = 1024"
+$ WRITE CFILE "distinguished_name = REQ_distinguished_name"
+$ WRITE CFILE "[REQ_distinguished_name]"
+$ WRITE CFILE "countryName = Country Name ?"
+$ WRITE CFILE "countryName_default = "
+$ WRITE CFILE "stateOrProvinceName = State or Province Name ?"
+$ WRITE CFILE "stateOrProvinceName_default = "
+$ WRITE CFILE "localityName = City Name ?"
+$ WRITE CFILE "localityName_default = "
+$ WRITE CFILE "0.organizationName = Organization Name ?"
+$ WRITE CFILE "0.organizationName_default = "
+$ WRITE CFILE "organizationalUnitName = Organization Unit Name ?
+$ WRITE CFILE "organizationalUnitName_default = "
+$ WRITE CFILE "commonName = Common Name ?"
+$ WRITE CFILE "commonName_default = ''HOST_NAME'"
+$ WRITE CFILE "emailAddress = Email Address ?"
+$ WRITE CFILE "emailAddress_default = ''USER'@''HOST_NAME'"
+$ CLOSE CFILE
+$!
+$!------------------------------------------------------------------------------
+$! Create the Self-Signed Server Certificiate
+$!------------------------------------------------------------------------------
+$!
+$ DEFINE /USER /NOLOG SYS$ERROR  NL:
+$ DEFINE /USER /NOLOG SYS$OUTPUT NL:
+$ SHOW SYSTEM /FULL /OUT=SYS$LOGIN:SSL_'PID'.RND
+$!
+$ OPEN /WRITE OFILE SYS$LOGIN:SSL_'PID'.COM
+$ WRITE OFILE "$ DEFINE /USER /NOLOG RANDFILE    SYS$LOGIN:SSL_''PID'.RND"
+$ WRITE OFILE "$ DEFINE /USER /NOLOG SYS$ERROR   SYS$LOGIN:SSL_''PID'.LOG"
+$ WRITE OFILE "$ DEFINE /USER /NOLOG SYS$OUTPUT  SYS$LOGIN:SSL_''PID'.LOG"
+$ WRITE OFILE "$ DEFINE /USER /NOLOG SYS$COMMAND SYS$INPUT"
+$ WRITE OFILE "$ OPENSSL req -nodes -new -days 30 -x509 -config SYS$LOGIN:SSL_''PID'.CNF -keyout ''KEY_FILE' -out ''CRT_FILE'"
+$ WRITE OFILE ""
+$ WRITE OFILE ""
+$ WRITE OFILE ""
+$ WRITE OFILE ""
+$ WRITE OFILE ""
+$ WRITE OFILE ""
+$ WRITE OFILE ""
+$ CLOSE OFILE
+$!
+$ @SYS$LOGIN:SSL_'PID'.COM
+$!
+$ DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_'PID'.CNF;*
+$ DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_'PID'.RND;*
+$ DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_'PID'.COM;*
+$!
+$ DEFINE /USER /NOLOG SYS$ERROR  NL:
+$ DEFINE /USER /NOLOG SYS$OUTPUT NL:
+$ SEARCH SYS$LOGIN:SSL_'PID'.LOG /OUT=SYS$LOGIN:SSL_'PID'.ERR ":error:"
+$!
+$ IF F$SEARCH ("SYS$LOGIN:SSL_''PID'.ERR") .NES. "" 
+$ THEN 
+$     IF F$FILE_ATTRIBUTE ("SYS$LOGIN:SSL_''PID'.ERR","ALQ") .NE. 0
+$     THEN 
+$         TYPE SYS$LOGIN:SSL_'PID'.LOG
+$     ENDIF
+$     DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_'PID'.ERR;*
+$ ENDIF
+$!
+$ DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_'PID'.LOG;*
+$!
+$!------------------------------------------------------------------------------
+$! Exit
+$!------------------------------------------------------------------------------
+$!
+$EXIT:
+$!
+$ Verify = F$VERIFY (Verify)
+$!
+$ EXIT
--- a/VMS/cert_tool/ssl$cert_tool.com
+++ b/VMS/cert_tool/ssl$cert_tool.com
@@ -0,0 +1,231 @@
+$!
+$!------------------------------------------------------------------------------
+$! SSL$CERT_TOOL.COM - SSL Certificate Tool procedure
+$!------------------------------------------------------------------------------
+$!
+$ Verify = F$VERIFY (0)
+$ Set NoOn
+$ Set NoControl=Y
+$!
+$!------------------------------------------------------------------------------
+$! Description 
+$!------------------------------------------------------------------------------
+$!
+$! This procedure provides the user a menu from which they can choose desired 
+$! SSL Certificate processing.
+$!
+$! There are no parameters used.
+$!
+$!------------------------------------------------------------------------------
+$! Define symbols
+$!------------------------------------------------------------------------------
+$!
+$ DELETE := DELETE
+$ SAY := WRITE SYS$OUTPUT
+$ ASK := READ SYS$COMMAND /END_OF_FILE=EXIT /PROMPT=
+$ On Control_Y THEN GOTO EXIT
+$ Set Control=Y
+$!
+$ TT_ROWS = f$getdvi ("TT:","TT_PAGE")
+$ TT_COLS = f$getdvi ("TT:","DEVBUFSIZ")
+$!
+$ SET_MENU_DATA := CALL SET_MENU_DATA
+$ DEL_MENU_DATA := CALL DEL_MENU_DATA
+$!
+$ ESC[0,8] = 27 	! Set the Escape Character
+$ BELL[0,8] = 7 	! Ring the terminal Bell
+$ RED = 1		! Color - Red
+$ FGD = 30		! Foreground
+$ BGD = 0		! Background
+$ CSCR = ESC + "[2J"	! Clear the Screen 
+$ CEOS = ESC + "[0J"	! Clear to the End of the Screen 
+$ CEOL = ESC + "[0K"	! Clear to the End of the Line
+$ NORM = ESC + "[0m"	! Turn Attributes off
+$ BOLD = ESC + "[1m"    ! Turn on BOLD Attribute
+$ WIDE = ESC + "#6"     ! Turn on WIDE Attribute
+$!
+$!------------------------------------------------------------------------------
+$! Run the SSL setup if it hasn't been run yet
+$!------------------------------------------------------------------------------
+$!
+$ IF F$TRNLNM ("SSL$CA_CONF") .EQS. ""
+$ THEN
+$     IF F$SEARCH ("SSL$COM:SSL$INIT_ENV.COM") .NES. ""
+$     THEN 
+$         @SSL$COM:SSL$INIT_ENV.COM
+$     ELSE
+$         SAY BELL, "Unable to locate SSL$COM:SSL$INIT_ENV.COM ..."
+$	  GOTO EXIT
+$     ENDIF
+$ ENDIF
+$!
+$!------------------------------------------------------------------------------
+$! Initialize the Menu Items
+$!------------------------------------------------------------------------------
+$!
+$ SET_MENU_DATA "View a Certificate#@SSL$COM:SSL$VIEW_CERT.COM CRT"
+$ SET_MENU_DATA "View a Certificate Signing Request#@SSL$COM:SSL$VIEW_CERT.COM CSR"
+$ SET_MENU_DATA "Create a Certificate Signing Request#@SSL$COM:SSL$RQST_CERT.COM"
+$ SET_MENU_DATA "Create a Self-Signed Certificate#@SSL$COM:SSL$SELF_CERT.COM"
+$ SET_MENU_DATA "Create a CA (Certification Authority) Certificate#@SSL$COM:SSL$AUTH_CERT.COM"
+$ SET_MENU_DATA "Sign a Certificate Signing Request#@SSL$COM:SSL$SIGN_CERT.COM"
+$ SET_MENU_DATA "Hash Certificates#@SSL$COM:SSL$HASH_CERT.COM CRT"
+$ SET_MENU_DATA "Hash Certificate Revocations#@SSL$COM:SSL$HASH_CERT.COM CRL"
+$ SET_MENU_DATA "Exit#GOTO EXIT"
+$!
+$!------------------------------------------------------------------------------
+$! Display the Page Header
+$!------------------------------------------------------------------------------
+$!
+$PAGE_LOOP:
+$!
+$ BCOLOR = BGD 
+$ FCOLOR = FGD + RED
+$ COLOR = ESC + "[''BCOLOR';''FCOLOR'm"
+$!
+$ TEXT = "SSL Certificate Tool"
+$ COL = (TT_COLS - (F$LENGTH (TEXT) * 2)) / 4
+$!
+$ SAY ESC + "[01;01H", CSCR
+$ SAY ESC + "[02;''COL'H", COLOR, WIDE, TEXT, NORM
+$!
+$ TEXT = "Main Menu"
+$ COL = (TT_COLS - F$LENGTH (TEXT)) / 2
+$!
+$ SAY ESC + "[04;01H"
+$ SAY ESC + "[04;''COL'H", COLOR, TEXT, NORM
+$!
+$ CTR = 1
+$ ROW = 6
+$ COL = (TT_COLS - (SSL_MENU_ITEM_MAX + 4)) / 2
+$ TOP_ROW = ROW
+$ SEP_ROWS = 2
+$ MSG_ROW = TT_ROWS - 1
+$!
+$!------------------------------------------------------------------------------
+$! Process the menu options
+$!------------------------------------------------------------------------------
+$!
+$MENU_LOOP: 
+$!
+$ IF CTR .LE. SSL_MENU_DATA_MAX
+$ THEN
+$     OPT = F$ELEMENT (0,"#",SSL_MENU_DATA_'CTR') ! Option String
+$     CMD = F$ELEMENT (1,"#",SSL_MENU_DATA_'CTR') ! Command String
+$     IF ROW .GE. (MSG_ROW - (SEP_ROWS + 2)) .AND. SEP_ROWS .GT. 1
+$     THEN
+$         SAY ESC + "[''TOP_ROW';01H", CEOS
+$	  ROW = TOP_ROW
+$         SEP_ROWS = 1
+$         CTR = 1
+$     ELSE
+$	  NUM = F$FAO ("!2SL", CTR)
+$         SAY ESC + "[''ROW';''COL'H", BOLD, "''NUM'. ", NORM, "''OPT'"
+$         ROW = ROW + SEP_ROWS
+$         CTR = CTR + 1
+$     ENDIF	   
+$     GOTO MENU_LOOP
+$ ENDIF    
+$!
+$ ROW = ROW + 1
+$!
+$!------------------------------------------------------------------------------
+$! Prompt the user for input
+$!------------------------------------------------------------------------------
+$!
+$PROMPT_LOOP:
+$!
+$ PROMPT = ESC + "[''ROW';''COL'HEnter Option: ''CEOL'"
+$ ASK "''PROMPT'" OPT /END_OF_FILE=EXIT
+$ OPT = F$EDIT (OPT, "TRIM")
+$ IF OPT .EQS. ""  THEN GOTO PROMPT_LOOP
+$!
+$ IF F$TYPE (OPT) .NES. "INTEGER" .OR. -
+     F$INTEGER (OPT) .LE. 0 .OR. -
+     F$INTEGER (OPT) .GT. SSL_MENU_DATA_MAX
+$ THEN 
+$     CALL INVALID_OPTION
+$     GOTO PROMPT_LOOP
+$ ENDIF
+$!
+$ CMD = F$ELEMENT (1,"#",SSL_MENU_DATA_'OPT')
+$!
+$ 'CMD'
+$!
+$ GOTO PAGE_LOOP
+$!
+$!------------------------------------------------------------------------------
+$! Set the Menu Data
+$!------------------------------------------------------------------------------
+$!
+$SET_MENU_DATA: SUBROUTINE
+$!
+$ IF F$TYPE (SSL_MENU_DATA_MAX) .EQS. ""
+$ THEN
+$     SSL_MENU_DATA_MAX == 1
+$     SSL_MENU_ITEM_MAX == 0
+$ ELSE
+$     SSL_MENU_DATA_MAX == SSL_MENU_DATA_MAX + 1
+$ ENDIF
+$!
+$ SSL_MENU_DATA_'SSL_MENU_DATA_MAX' == "''P1'"
+$!
+$ MENU_ITEM = F$ELEMENT (0,"#",SSL_MENU_DATA_'SSL_MENU_DATA_MAX')
+$ IF F$LENGTH (MENU_ITEM) .GT. SSL_MENU_ITEM_MAX THEN SSL_MENU_ITEM_MAX == F$LENGTH (MENU_ITEM)
+$!
+$ EXIT
+$!
+$ ENDSUBROUTINE
+$!
+$!------------------------------------------------------------------------------
+$! Delete the Menu Data
+$!------------------------------------------------------------------------------
+$!
+$DEL_MENU_DATA: SUBROUTINE
+$!
+$ IF F$TYPE (SSL_MENU_DATA_MAX) .EQS. "" THEN GOTO DEL_MENU_DATA_END
+$!
+$DEL_MENU_DATA_LOOP:
+$!
+$ IF F$TYPE (SSL_MENU_DATA_'SSL_MENU_DATA_MAX') .NES. "" 
+$ THEN
+$     DELETE /SYMBOL /GLOBAL SSL_MENU_DATA_'SSL_MENU_DATA_MAX'
+$     SSL_MENU_DATA_MAX == SSL_MENU_DATA_MAX - 1
+$     GOTO DEL_MENU_DATA_LOOP
+$ ENDIF
+$!
+$ DELETE /SYMBOL /GLOBAL SSL_MENU_DATA_MAX
+$!
+$DEL_MENU_DATA_END:
+$!
+$ IF F$TYPE (SSL_MENU_ITEM_MAX) .NES. "" THEN DELETE /SYMBOL /GLOBAL SSL_MENU_ITEM_MAX
+$!
+$ EXIT
+$!
+$ ENDSUBROUTINE
+$!
+$!------------------------------------------------------------------------------
+$! Display the invalid entry 
+$!------------------------------------------------------------------------------
+$!
+$INVALID_OPTION: SUBROUTINE
+$!
+$ SAY ESC + "[''MSG_ROW';01H", BELL, " Invalid Option, Try again ...''CEOL'"
+$ Wait 00:00:01.5
+$ SAY ESC + "[''MSG_ROW';01H", CEOL
+$!
+$ EXIT
+$!
+$ ENDSUBROUTINE
+$!
+$!------------------------------------------------------------------------------
+$! Exit
+$!------------------------------------------------------------------------------
+$!
+$EXIT:
+$!
+$ DEL_MENU_DATA
+$!
+$ Verify = F$VERIFY (Verify)
+$!
+$ EXIT
--- a/VMS/cert_tool/ssl$conf_util.com
+++ b/VMS/cert_tool/ssl$conf_util.com
@@ -0,0 +1,220 @@
+$!
+$!------------------------------------------------------------------------------
+$! SSL$CONF_UTIL.COM - SSL Configuration Utility procedure
+$!------------------------------------------------------------------------------
+$!
+$ Verify = F$VERIFY (0)
+$ Set NoOn
+$ Set NoControl=Y
+$!
+$!------------------------------------------------------------------------------
+$! Description 
+$!------------------------------------------------------------------------------
+$!
+$! This procedure gets or sets a given key item in a SSL configuration file.
+$! The parameters used are:
+$!
+$! 	P1	- SSL Configuration File
+$! 	P2	- SSL Configuration Function (i.e. GET/SET)
+$! 	P3	- SSL Configuration Key/Item (delimited by '#')
+$! 	P4	- SSL Configuration Key/Item Value (for SET function only)
+$!
+$!------------------------------------------------------------------------------
+$! Define symbols
+$!------------------------------------------------------------------------------
+$!
+$ SSL_CONF_DATA == ""
+$ SAY := WRITE SYS$OUTPUT
+$ ASK := READ SYS$COMMAND /END_OF_FILE=EXIT /PROMPT=
+$ On Control_Y THEN GOTO EXIT
+$ Set Control=Y
+$!
+$!------------------------------------------------------------------------------
+$! Process parameters
+$!------------------------------------------------------------------------------
+$!
+$ KEY_FOUND = 0
+$ ITM_FOUND = 0
+$ P1 = F$EDIT (P1,"TRIM")
+$ P2 = F$EDIT (P2,"TRIM,UPCASE")
+$ KEY = F$ELEMENT (0,"#",P3)
+$ ITM = F$ELEMENT (1,"#",P3)
+$!
+$!------------------------------------------------------------------------------
+$! Process the configuration function
+$!------------------------------------------------------------------------------
+$!
+$ IF P2 .EQS. "GET" THEN GOSUB GET_CONF_DATA
+$ IF P2 .EQS. "SET" THEN GOSUB SET_CONF_DATA
+$!
+$ GOTO EXIT
+$!
+$!------------------------------------------------------------------------------
+$! Get the configuration data
+$!------------------------------------------------------------------------------
+$!
+$GET_CONF_DATA:
+$!
+$ OPEN /READ /ERROR=OPEN_ERROR IFILE 'P1'
+$!
+$GET_CONF_DATA_LOOP:
+$!
+$ READ /ERROR=READ_ERROR /END_OF_FILE=GET_CONF_DATA_END IFILE IREC
+$!
+$ SREC = IREC
+$ IPOS = F$LOCATE ("#",IREC)
+$ IF IPOS .NE. F$LENGTH (IREC) THEN IREC = F$EXTRACT (0,IPOS,IREC)
+$ IREC = F$EDIT (IREC,"COLLAPSE")
+
+$ IF IREC .EQS. "" THEN GOTO GET_CONF_DATA_LOOP
+$!
+$ IF IREC .EQS. KEY 
+$ THEN
+$     KEY_FOUND = 1
+$     GOTO GET_CONF_DATA_LOOP
+$ ENDIF
+$!
+$ IF KEY_FOUND .EQ. 1
+$ THEN 
+$     IF F$EXTRACT (0,1,IREC) .EQS. "[" .AND. F$EXTRACT (F$LENGTH (IREC)-1,1,IREC) .EQS. "]"
+$     THEN
+$         SSL_CONF_DATA == ""
+$         GOTO GET_CONF_DATA_END
+$     ENDIF
+$!
+$     IF ITM .EQS. F$EDIT (F$ELEMENT (0,"=",IREC),"TRIM")
+$     THEN 
+$         VAL = F$EDIT (F$ELEMENT (1,"=",SREC),"TRIM")
+$         SSL_CONF_DATA == "''VAL'"
+$         GOTO GET_CONF_DATA_END
+$     ENDIF
+$ ENDIF
+$!
+$ GOTO GET_CONF_DATA_LOOP
+$!
+$GET_CONF_DATA_END:
+$!
+$ CLOSE /ERROR=CLOSE_ERROR IFILE
+$!
+$ RETURN
+$!
+$!------------------------------------------------------------------------------
+$! Set the configuration data
+$!------------------------------------------------------------------------------
+$!
+$SET_CONF_DATA:
+$!
+$ IF F$SEARCH ("''P1'") .EQS. "" THEN CREATE /NOLOG 'P1'
+$!
+$ OPEN /READ  /ERROR=OPEN_ERROR IFILE 'P1'
+$ OPEN /WRITE /ERROR=OPEN_ERROR OFILE 'P1'
+$!
+$SET_CONF_DATA_LOOP:
+$!
+$ READ /ERROR=READ_ERROR /END_OF_FILE=SET_CONF_DATA_END IFILE IREC
+$!
+$ IF ITM_FOUND .EQ. 1
+$ THEN 
+$     WRITE /ERROR=WRITE_ERROR OFILE IREC
+$     GOTO SET_CONF_DATA_LOOP
+$ ENDIF
+$!
+$ SREC = IREC
+$ IPOS = F$LOCATE ("#",IREC)
+$ IF IPOS .NE. F$LENGTH (IREC) THEN IREC = F$EXTRACT (0,IPOS,IREC)
+$ IREC = F$EDIT (IREC,"COLLAPSE")
+$!
+$ IF IREC .EQS. ""
+$ THEN
+$     WRITE /ERROR=WRITE_ERROR OFILE SREC
+$     GOTO SET_CONF_DATA_LOOP
+$ ENDIF
+$!
+$ IF IREC .EQS. KEY 
+$ THEN
+$     KEY_FOUND = 1
+$     WRITE /ERROR=WRITE_ERROR OFILE SREC
+$     GOTO SET_CONF_DATA_LOOP
+$ ENDIF
+$!
+$ IF KEY_FOUND .EQ. 1
+$ THEN 
+$     IF F$EXTRACT (0,1,IREC) .EQS. "[" .AND. F$EXTRACT (F$LENGTH (IREC)-1,1,IREC) .EQS. "]"
+$     THEN
+$         WRITE /ERROR=WRITE_ERROR OFILE "''ITM' = ''P4'"
+$         WRITE /ERROR=WRITE_ERROR OFILE SREC
+$         ITM_FOUND = 1
+$         GOTO SET_CONF_DATA_LOOP
+$     ENDIF
+$!
+$     IF ITM .EQS. F$EDIT (F$ELEMENT (0,"=",IREC),"TRIM")
+$     THEN 
+$         WRITE /ERROR=WRITE_ERROR OFILE "''ITM' = ''P4'"
+$         ITM_FOUND = 1
+$         GOTO SET_CONF_DATA_LOOP
+$     ENDIF
+$ ENDIF
+$!
+$ WRITE /ERROR=WRITE_ERROR OFILE SREC
+$!
+$ GOTO SET_CONF_DATA_LOOP
+$!
+$SET_CONF_DATA_END:
+$!
+$ IF KEY_FOUND .EQ. 0 
+$ THEN
+$     WRITE /ERROR=WRITE_ERROR OFILE "''KEY'"
+$     WRITE /ERROR=WRITE_ERROR OFILE "''ITM' = ''P4'"
+$ ENDIF
+$!
+$ IF KEY_FOUND .EQ. 1 .AND. ITM_FOUND .EQ. 0
+$ THEN
+$     WRITE /ERROR=WRITE_ERROR OFILE "''ITM' = ''P4'"
+$ ENDIF
+$!
+$ CLOSE IFILE
+$ CLOSE OFILE
+$!
+$ RETURN
+$!
+$!------------------------------------------------------------------------------
+$! File Errors
+$!------------------------------------------------------------------------------
+$!
+$OPEN_ERROR:
+$!
+$ SAY "Open error for file ''P1' ... aborting ''P2'"
+$ GOTO EXIT
+$!
+$READ_ERROR:
+$!
+$ SAY "Read error for file ''P1' ... aborting ''P2'"
+$ GOTO EXIT
+$!
+$WRITE_ERROR:
+$!
+$ SAY "Write error for file ''P1' ... aborting ''P2'"
+$ GOTO EXIT
+$!
+$CLOSE_ERROR:
+$!
+$ SAY "Close error for file ''P1' ... aborting ''P2'"
+$ GOTO EXIT
+$!
+$!------------------------------------------------------------------------------
+$! Exit
+$!------------------------------------------------------------------------------
+$!
+$EXIT:
+$!
+$ DEFINE /USER /NOLOG SYS$ERROR  NL:
+$ DEFINE /USER /NOLOG SYS$OUTPUT NL:
+$ CLOSE IFILE
+$!
+$ DEFINE /USER /NOLOG SYS$ERROR  NL:
+$ DEFINE /USER /NOLOG SYS$OUTPUT NL:
+$ CLOSE OFILE
+$!
+$ Verify = F$VERIFY (Verify)
+$!
+$ EXIT 1
--- a/VMS/cert_tool/ssl$draw_box.com
+++ b/VMS/cert_tool/ssl$draw_box.com
@@ -0,0 +1,109 @@
+$!
+$!------------------------------------------------------------------------------
+$! SSL$DRAW_BOX.COM - SSL Draw Box procedure
+$!------------------------------------------------------------------------------
+$!
+$ Verify = F$VERIFY (0)
+$ Set NoOn
+$ Set NoControl=Y
+$!
+$!------------------------------------------------------------------------------
+$! Description 
+$!------------------------------------------------------------------------------
+$!
+$! This procedure draws a box with the specified coordinates.
+$!
+$! The parameters used are:
+$!
+$! 	P1	- X1 coordinate
+$! 	P2	- Y1 coordinate
+$! 	P3	- X2 coordinate
+$! 	P4	- Y3 coordinate
+$! 	P5	- Box Header (Optional)
+$! 	P6	- Box Footer (Optional)
+$! 	P7	- Fill Box (Optional)
+$!
+$!------------------------------------------------------------------------------
+$! Define symbols
+$!------------------------------------------------------------------------------
+$!
+$ SAY := WRITE SYS$OUTPUT
+$ On Control_Y THEN GOTO EXIT
+$ Set Control=Y
+$!
+$ FILL_BOX := @SSL$COM:SSL$FILL_BOX
+$!
+$ ESC[0,8] = 27 	! Set the Escape Character
+$ GRPH_ON[0,8] = 14	! Turn GRAPHICS mode On 
+$ GRPH_OFF[0,8] = 15	! Turn GRAPHICS mode Off
+$ NORM = ESC + "[0m"	! Turn Attributes off
+$ BOLD = ESC + "[1m"    ! Turn on BOLD Attribute
+$!
+$!------------------------------------------------------------------------------
+$! Draw the box
+$!------------------------------------------------------------------------------
+$!
+$ X1 = F$INTEGER (P1)
+$ Y1 = F$INTEGER (P2)
+$ X2 = F$INTEGER (P3)
+$ Y2 = F$INTEGER (P4)
+$!
+$ ROW = Y1 + 1
+$ COL = X1 + 1
+$ SIDE1 = X1
+$ SIDE2 = X2 + 1
+$ TOP = "l" + F$FAO("!#*q", x2 - x1) + "k"
+$ BOT = "m" + F$FAO("!#*q", x2 - x1) + "j"
+$!
+$ SAY ESC + "[''Y1';''X1'H", BOLD, GRPH_ON, TOP, GRPH_OFF, NORM
+$!
+$SIDES:
+$!
+$ SAY ESC + "[''ROW';''SIDE1'H",BOLD,GRPH_ON,"x",GRPH_OFF,NORM
+$ SAY ESC + "[''ROW';''SIDE2'H",BOLD,GRPH_ON,"x",GRPH_OFF,NORM
+$!
+$ IF ROW .LT. Y2
+$ THEN
+$     ROW = ROW + 1
+$     GOTO SIDES
+$ ENDIF  
+$!
+$ SAY ESC + "[''Y2';''X1'H", BOLD, GRPH_ON, BOT, GRPH_OFF, NORM
+$!
+$ IF P5 .NES. "" 
+$ THEN 
+$     IF F$LENGTH(P5) .GT. X2 - X1
+$     THEN 
+$	  HEADER = F$EXTRACT (0, (X2 - X1 - 4), P5)
+$     ELSE
+$	  HEADER = P5
+$     ENDIF
+$     COL = X1 + ((X2 - X1 - F$LENGTH(HEADER)) / 2)
+$     SAY ESC + "[''Y1';''COL'H''BOLD'''HEADER'''NORM'"
+$ ENDIF
+$!
+$ IF P6 .NES. "" 
+$ THEN 
+$     IF F$LENGTH(P6) .GT. X2 - X1
+$     THEN 
+$	  FOOTER = F$EXTRACT (0, (X2 - X1 - 4), P6)
+$     ELSE
+$	  FOOTER = P6
+$     ENDIF
+$     COL = X1 + ((X2 - X1 - F$LENGTH(FOOTER)) / 2)
+$     SAY ESC + "[''Y2';''COL'H''BOLD'''FOOTER'''NORM'"
+$ ENDIF
+$!
+$ IF P7 .EQS. "" .OR. P7 .EQS. "Y" THEN FILL_BOX 'X1' 'Y1' 'X2' 'Y2'
+$!
+$ GOTO EXIT
+$!
+$!------------------------------------------------------------------------------
+$! Exit 
+$!------------------------------------------------------------------------------
+$!
+$EXIT:
+$!
+$ Verify = F$VERIFY (Verify)
+$!
+$ EXIT
--- a/VMS/cert_tool/ssl$exit_cmd.tpu
+++ b/VMS/cert_tool/ssl$exit_cmd.tpu
@@ -0,0 +1 @@
+EXIT
--- a/VMS/cert_tool/ssl$fill_box.com
+++ b/VMS/cert_tool/ssl$fill_box.com
@@ -0,0 +1,65 @@
+$!
+$!------------------------------------------------------------------------------
+$! SSL$FILL_BOX.COM - SSL Fill Box procedure
+$!------------------------------------------------------------------------------
+$!
+$ Verify = F$VERIFY (0)
+$ Set NoOn
+$ Set NoControl=Y
+$!
+$!------------------------------------------------------------------------------
+$! Description 
+$!------------------------------------------------------------------------------
+$!
+$! This procedure draws a box with the specified coordinates.
+$!
+$! The parameters used are:
+$!
+$! 	P1	- X1 coordinate
+$! 	P2	- Y1 coordinate
+$! 	P3	- X2 coordinate
+$! 	P4	- Y2 coordinate
+$!
+$!------------------------------------------------------------------------------
+$! Define symbols
+$!------------------------------------------------------------------------------
+$!
+$ SAY := WRITE SYS$OUTPUT
+$ On Control_Y THEN GOTO EXIT
+$ Set Control=Y
+$!
+$ ESC[0,8] = 27 	! Set the Escape Character
+$!
+$!------------------------------------------------------------------------------
+$! Draw the box
+$!------------------------------------------------------------------------------
+$!
+$ X1 = F$INTEGER (P1)
+$ Y1 = F$INTEGER (P2)
+$ X2 = F$INTEGER (P3)
+$ Y2 = F$INTEGER (P4)
+$!
+$ ROW = Y1 + 1
+$ COL = X1 + 1
+$ FILL = F$FAO("!#* ", X2 - X1)
+$!
+$FILL_LOOP:
+$!
+$ IF ROW .LT. Y2
+$ THEN
+$     SAY ESC + "[''ROW';''COL'H",FILL
+$     ROW = ROW + 1
+$     GOTO FILL_LOOP
+$ ENDIF  
+$!
+$ GOTO EXIT
+$!
+$!------------------------------------------------------------------------------
+$! Exit 
+$!------------------------------------------------------------------------------
+$!
+$EXIT:
+$!
+$ Verify = F$VERIFY (Verify)
+$!
+$ EXIT
--- a/VMS/cert_tool/ssl$hash_cert.com
+++ b/VMS/cert_tool/ssl$hash_cert.com
@@ -0,0 +1,235 @@
+$!
+$!------------------------------------------------------------------------------
+$! SSL$HASH_CERT.COM - SSL Hash Certificate procedure
+$!------------------------------------------------------------------------------
+$!
+$ Verify = F$VERIFY (0)
+$ Set NoOn
+$ Set NoControl=Y
+$!
+$!------------------------------------------------------------------------------
+$! Description 
+$!------------------------------------------------------------------------------
+$!
+$! This procedure prompts the user through hashing Certificates.
+$!
+$! The parameters used are:
+$!
+$! 	P1	- Certificate or Certificate Revocation List (i.e. "CRT" or "CRL")
+$!
+$!------------------------------------------------------------------------------
+$! Define symbols
+$!------------------------------------------------------------------------------
+$!
+$ DELETE := DELETE
+$ SAY := WRITE SYS$OUTPUT
+$ ASK := READ SYS$COMMAND /END_OF_FILE=EXIT /PROMPT=
+$ On Control_Y THEN GOTO EXIT
+$ Set Control=Y
+$!
+$ TT_ROWS = F$GETDVI ("TT:","TT_PAGE")
+$ TT_COLS = F$GETDVI ("TT:","DEVBUFSIZ")
+$!
+$ INIT_TERM := @SSL$COM:SSL$INIT_TERM
+$!
+$ ESC[0,8] = 27 	! Set the Escape Character
+$ BELL[0,8] = 7 	! Ring the terminal Bell
+$ RED = 1		! Color - Red
+$ FGD = 30		! Foreground
+$ BGD = 0		! Background
+$ CSCR = ESC + "[2J"	! Clear the Screen 
+$ CEOS = ESC + "[0J"	! Clear to the End of the Screen 
+$ CEOL = ESC + "[0K"	! Clear to the End of the Line
+$ NORM = ESC + "[0m"	! Turn Attributes off
+$ BLNK = ESC + "[5m"    ! Turn on BLINK Attribute
+$ WIDE = ESC + "#6"     ! Turn on WIDE Attribute
+$!
+$!------------------------------------------------------------------------------
+$! Run the SSL setup if it hasn't been run yet
+$!------------------------------------------------------------------------------
+$!
+$ IF F$TRNLNM ("SSL$ROOT") .EQS. ""
+$ THEN
+$     IF F$SEARCH ("SSL$COM:SSL$INIT_ENV.COM") .NES. ""
+$     THEN 
+$         @SSL$COM:SSL$INIT_ENV.COM
+$     ELSE
+$         SAY BELL, "Unable to locate SSL$COM:SSL$INIT_ENV.COM ..."
+$	  GOTO EXIT
+$     ENDIF
+$ ENDIF
+$!
+$!------------------------------------------------------------------------------
+$! Display the Page Header
+$!------------------------------------------------------------------------------
+$!
+$ INIT_TERM
+$ BCOLOR = BGD
+$ FCOLOR = FGD + RED
+$ COLOR = ESC + "[''BCOLOR';''FCOLOR'm"
+$!
+$ TEXT = "SSL Certificate Tool"
+$ COL = (TT_COLS - (F$LENGTH (TEXT) * 2)) / 4
+$!
+$ SAY ESC + "[01;01H", CSCR
+$ SAY ESC + "[02;''COL'H", COLOR, WIDE, TEXT, NORM
+$!
+$ IF P1 .EQS. "CRT"
+$ THEN 
+$     TEXT = "Hash Certification Authorities"
+$ ELSE
+$     TEXT = "Hash Certificate Revocations"
+$ ENDIF
+$ COL = (TT_COLS - F$LENGTH (TEXT)) / 2
+$!
+$ SAY ESC + "[04;01H"
+$ SAY ESC + "[04;''COL'H", COLOR, TEXT, NORM
+$!
+$ CTR = 1
+$ ROW = 6
+$ COL = 2
+$ TOP_ROW = ROW
+$ MSG_ROW = TT_ROWS - 1
+$!
+$!------------------------------------------------------------------------------
+$! Initialize the Request Data
+$!------------------------------------------------------------------------------
+$!
+$ IF P1 .EQS. "CRT"
+$ THEN 
+$     PRM = "Certificate Path:"
+$     DEF = "SSL$CRT:*.CRT"
+$ ENDIF
+$!
+$ IF P1 .EQS. "CRL"
+$ THEN 
+$     PRM = "Certificate Revocation Path:"
+$     DEF = "SSL$CRT:*.CRL"
+$ ENDIF
+$!
+$ SAY ESC + "[''MSG_ROW';01H", CEOS
+$!
+$!------------------------------------------------------------------------------
+$! Confirm/Update the SSL Configuration Data
+$!------------------------------------------------------------------------------
+$!
+$PROMPT_LOOP:
+$!
+$ PROMPT = ESC + "[''ROW';''COL'H''PRM' ? [''DEF'] ''CEOL'"
+$ ASK "''PROMPT'" _hash_path_name
+$ _hash_path_name = F$EDIT (_hash_path_name,"TRIM")
+$ IF _hash_path_name .EQS. "" THEN _hash_path_name = DEF
+$!
+$ HASH_DEV = F$PARSE (_hash_path_name,DEF,,"DEVICE")
+$ HASH_DIR = F$PARSE (_hash_path_name,DEF,,"DIRECTORY")
+$ HASH_NAM = F$PARSE (_hash_path_name,DEF,,"NAME")
+$ HASH_TYP = F$PARSE (_hash_path_name,DEF,,"TYPE")
+$ _hash_path_name = HASH_DEV + HASH_DIR + HASH_NAM + HASH_TYP
+$!
+$!------------------------------------------------------------------------------
+$! Create the Certificiate Hashes 
+$!------------------------------------------------------------------------------
+$!
+$ IF P1 .EQS. "CRT"
+$ THEN 
+$     SAY ESC + "[''MSG_ROW';01H", BLNK, " Hashing Certificate Authorities ...", NORM, CEOL
+$ ENDIF
+$!
+$ IF P1 .EQS. "CRL"
+$ THEN 
+$     SAY ESC + "[''MSG_ROW';01H", BLNK, " Hashing Certificate Revocations ...", NORM, CEOL
+$ ENDIF
+$!
+$ IF F$SEARCH ("''HASH_DEV'''HASH_DIR'DELETE_HASH_FILES.COM") .NES. ""
+$ THEN 
+$    @'HASH_DEV''HASH_DIR'DELETE_HASH_FILES.COM
+$    DELETE 'HASH_DEV''HASH_DIR'DELETE_HASH_FILES.COM;*
+$ ENDIF
+$!
+$ CTR = 0
+$!     
+$ OPEN /WRITE OFILE 'HASH_DEV''HASH_DIR'DELETE_HASH_FILES.COM
+$!
+$CERT_LOOP:
+$!
+$ CERT_FILE = F$SEARCH ("''_hash_path_name'", 1)
+$ IF CERT_FILE .EQS. "" THEN GOTO CERT_END
+$ CTR = CTR + 1
+$!
+$ CALL HASH_CERT 'P1' 'CERT_FILE'
+$!
+$ GOTO CERT_LOOP
+$!
+$CERT_END:
+$!
+$ CLOSE OFILE
+$!
+$ IF CTR .EQ. 0 
+$ THEN 
+$     TEXT = "No files found, Press return to continue"
+$ ELSE
+$     TEXT = "Press return to continue"
+$ ENDIF
+$ COL = (TT_COLS - F$LENGTH (TEXT)) / 2
+$!
+$ IF CTR .EQ. 0 
+$ THEN 
+$     SAY BELL, ESC + "[''MSG_ROW';01H", CEOS
+$ ELSE
+$     SAY ESC + "[''MSG_ROW';01H", CEOS
+$ ENDIF
+$ PROMPT = ESC + "[''MSG_ROW';''COL'H''TEXT'"
+$ ASK "''PROMPT'" OPT
+$!
+$ GOTO EXIT
+$!
+$!------------------------------------------------------------------------------
+$! Hash Certificate Subroutine
+$!------------------------------------------------------------------------------
+$!
+$HASH_CERT: SUBROUTINE
+$!
+$ IF P1 .EQS. "CRT"
+$ THEN 
+$     HASH_SUFF = ""
+$     HASH_FUNC = "$SSL$EXE:OPENSSL X509 -HASH -NOOUT -IN"
+$ ELSE
+$     HASH_SUFF = "R"
+$     HASH_FUNC = "$SSL$EXE:OPENSSL CRL -HASH -NOOUT -IN"
+$ ENDIF
+$!
+$ PIPE HASH_FUNC 'P2' | (READ SYS$INPUT VAL ; DEFINE/NOLOG/JOB HASH_VAL &VAL)
+$ HASH_VAL = F$TRNLNM ("HASH_VAL")
+$ DEASSIGN /JOB HASH_VAL
+$!
+$ IDX = 0
+$!
+$IDX_LOOP:
+$!
+$ HASH_FILE = "''HASH_DEV'''HASH_DIR'''HASH_VAL'.''HASH_SUFF'''IDX'"
+$ IF F$SEARCH ("''HASH_FILE'") .NES. ""
+$ THEN
+$     IDX = IDX + 1
+$     GOTO IDX_LOOP
+$ ENDIF
+$!
+$ COPY 'P2' 'HASH_FILE'
+$ WRITE OFILE "$ DELETE ''HASH_FILE';*"
+$!
+$ EXIT
+$!
+$ ENDSUBOUTINE
+$!
+$!------------------------------------------------------------------------------
+$! Exit the procedure
+$!------------------------------------------------------------------------------
+$!
+$EXIT:
+$!
+$ DEFINE /USER /NOLOG SYS$ERROR  NL:
+$ DEFINE /USER /NOLOG SYS$OUTPUT NL:
+$ CLOSE OFILE
+$!
+$ Verify = F$VERIFY (Verify)
+$!
+$ EXIT
--- a/VMS/cert_tool/ssl$init_env.com
+++ b/VMS/cert_tool/ssl$init_env.com
@@ -0,0 +1,61 @@
+$!
+$!------------------------------------------------------------------------------
+$! SSL$INIT_ENV.COM - SSL Initialize Environment
+$!------------------------------------------------------------------------------
+$!
+$ Verify = F$VERIFY (0)
+$ Set NoOn
+$!
+$!------------------------------------------------------------------------------
+$! Description 
+$!------------------------------------------------------------------------------
+$!
+$! This procedure sets up the SSL environment logicals & symbols.
+$!
+$! P1 = Mode of the logicals (ie - "/SYSTEM/EXECUTIVE_MODE").
+$!      Note - if P1 is not passed in, P1 will default to PROCESS.
+$!
+$!------------------------------------------------------------------------------
+$! Initialization 
+$!------------------------------------------------------------------------------
+$!
+$ IF F$TRNLNM("SSL$ROOT") .EQS. ""
+$ THEN
+$    WRITE SYS$OUTPUT " "
+$    WRITE SYS$OUTPUT " SSL-E-ERROR, SSL has not been started."
+$    WRITE SYS$OUTPUT " "
+$    WRITE SYS$OUTPUT " Execute the command procedure, SYS$STARTUP:SSL$STARTUP.COM, and then try this procedure again."
+$    WRITE SYS$OUTPUT " "
+$    EXIT
+$ ENDIF
+$!
+$ IF P1 .EQS. ""
+$ THEN
+$    P1 = "/PROCESS"
+$ ENDIF
+$!
+$!------------------------------------------------------------------------------
+$! Define logicals
+$!------------------------------------------------------------------------------
+$!
+$ DEFINE 'P1 	SSL$CA_CONF	SSL$ROOT:[CONF]SSL$CA.CNF
+$ DEFINE 'P1 	SSL$CONF	SSL$ROOT:[CONF]SSL$CERT.CNF
+$ DEFINE 'P1 	SSL$COM		SSL$ROOT:[COM]
+$ DEFINE 'P1	SSL$CRT		SSL$ROOT:[CERTS]
+$ DEFINE 'P1 	SSL$CSR		SSL$ROOT:[CERTS]
+$ DEFINE 'P1 	SSL$KEY		SSL$ROOT:[CERTS]
+$ DEFINE 'P1 	SSL$DB		SSL$ROOT:[PRIVATE]
+$!
+$!------------------------------------------------------------------------------
+$! Define foreign symbols
+$!------------------------------------------------------------------------------
+$!
+$ OPENSSL	:== $ SSL$EXE:OPENSSL
+$ HOSTADDR	:== $ SSL$EXE:SSL$HOSTADDR
+$ HOSTNAME	:== $ SSL$EXE:SSL$HOSTNAME
+$!
+$!------------------------------------------------------------------------------
+$! Exit
+$!------------------------------------------------------------------------------
+$!
+$ EXIT
--- a/VMS/cert_tool/ssl$init_term.com
+++ b/VMS/cert_tool/ssl$init_term.com
@@ -0,0 +1,55 @@
+$!
+$!------------------------------------------------------------------------------
+$! SSL$INIT_TERM.COM - SSL Initialize Terminal procedure
+$!------------------------------------------------------------------------------
+$!
+$ Verify = F$VERIFY (0)
+$ Set NoOn
+$ Set NoControl=Y
+$!
+$!------------------------------------------------------------------------------
+$! Description 
+$!------------------------------------------------------------------------------
+$!
+$! This procedure initializes the terminal attributes.
+$!
+$! The parameters used are:
+$!
+$!------------------------------------------------------------------------------
+$! Define symbols
+$!------------------------------------------------------------------------------
+$!
+$ On Control_Y THEN GOTO EXIT
+$ Set Control=Y
+$!
+$ EDIT := EDIT
+$!
+$!------------------------------------------------------------------------------
+$! Initialize the terminal with TPU
+$!------------------------------------------------------------------------------
+$!
+$ IF F$SEARCH ("SSL$COM:SSL$EXIT_CMD.TPU") .EQS. ""
+$ THEN 
+$     OPEN /WRITE OFILE SSL$COM:SSL$EXIT_CMD.TPU
+$     WRITE OFILE "EXIT"
+$     CLOSE OFILE
+$ ENDIF
+$!
+$ DEFINE /USER /NOLOG SYS$OUTPUT NL:
+$ DEFINE /USER /NOLOG SYS$ERROR  NL:
+$ DEFINE /USER /NOLOG SYS$INPUT  SYS$COMMAND
+$ EDIT /TPU /COMMAND=OPENSS$COM:SSL$EXIT_CMD.TPU
+$!
+$!------------------------------------------------------------------------------
+$! Exit 
+$!------------------------------------------------------------------------------
+$!
+$EXIT:
+$!
+$ DEFINE /USER /NOLOG SYS$ERROR  NL:
+$ DEFINE /USER /NOLOG SYS$OUTPUT NL:
+$ CLOSE OFILE
+$!
+$ Verify = F$VERIFY (Verify)
+$!
+$ EXIT
--- a/VMS/cert_tool/ssl$pick_file.com
+++ b/VMS/cert_tool/ssl$pick_file.com
@@ -0,0 +1,230 @@
+$!
+$!------------------------------------------------------------------------------
+$! SSL$PICK_FILE.COM - SSL Pick File procedure
+$!------------------------------------------------------------------------------
+$!
+$ Verify = F$VERIFY (0)
+$ Set NoOn
+$ Set NoControl=Y
+$!
+$!------------------------------------------------------------------------------
+$! Description 
+$!------------------------------------------------------------------------------
+$!
+$! This procedure display the contents of a given file in a box size specified.
+$!
+$! The parameters used are:
+$!
+$! 	P1	- File Spec to Parse
+$! 	P2	- X1 coordinate
+$! 	P3	- Y1 coordinate
+$! 	P4	- X2 coordinate
+$! 	P5	- Y3 coordinate
+$! 	P6	- File Pick Header (Optional)
+$!
+$!------------------------------------------------------------------------------
+$! Define symbols
+$!------------------------------------------------------------------------------
+$!
+$ SSL_FILE_NAME == ""
+$ SAY := WRITE SYS$OUTPUT
+$ ASK := READ SYS$COMMAND /END_OF_FILE=EXIT /PROMPT=
+$ On Control_Y THEN GOTO EXIT
+$ Set Control=Y
+$!
+$ DRAW_BOX := @SSL$COM:SSL$DRAW_BOX
+$ FILL_BOX := @SSL$COM:SSL$FILL_BOX
+$!
+$ ESC[0,8] = 27 	! Set the Escape Character
+$ BELL[0,8] = 7 	! Ring the terminal Bell
+$ CEOL = ESC + "[0K"	! Clear to the End of the Line
+$ NORM = ESC + "[0m"	! Turn Attributes off
+$ BOLD = ESC + "[1m"    ! Turn on BOLD Attribute
+$!
+$!------------------------------------------------------------------------------
+$! Display the Page Header
+$!------------------------------------------------------------------------------
+$!
+$ P1 = F$EDIT (P1, "TRIM")
+$ P2 = F$INTEGER (P2)
+$ P3 = F$INTEGER (P3)
+$ P4 = F$INTEGER (P4)
+$ P5 = F$INTEGER (P5)
+$ FILE_MAX = 0
+$!
+$SEARCH_LOOP:
+$!
+$ FILE = F$SEARCH ("''P1'",1)
+$ IF FILE .NES. ""
+$ THEN 
+$     IF FILE_MAX .EQ. 1
+$     THEN
+$         IF FILE_1 .EQS. FILE THEN GOTO SEARCH_END
+$     ENDIF
+$     FILE_MAX = FILE_MAX + 1
+$     FILE_'FILE_MAX' = FILE
+$     GOTO SEARCH_LOOP
+$ ENDIF
+$!
+$SEARCH_END:
+$!
+$ IF FILE_MAX .EQ. 0 
+$ THEN 
+$     DRAW_BOX 'P2' 'P3' 'P4' 'P5' "''P6'" " No Files Found, Press Return to Exit "
+$     INPUT_ROW = P5 + 1
+$     PROMPT = ESC + "[''INPUT_ROW';01H ''CEOL'"
+$     ASK "''PROMPT'" OPT
+$     GOTO EXIT
+$ ENDIF
+$!
+$ COL = P2 + 2
+$ ROW = P3 + 2
+$ TOP_ROW = ROW
+$ INPUT_ROW = P5 + 1
+$ BOX_WIDTH = P4 - (P2 + 2)
+$ BOX_HEIGHT = P5 - (P3 + 3)
+$!
+$ FILE_CTR = 1
+$ PAGE_CTR = 1
+$ PAGE_'PAGE_CTR'_FILE_CTR = FILE_CTR
+$ FILES_PER_PAGE = BOX_HEIGHT
+$ PAGE_MAX = FILE_MAX / FILES_PER_PAGE
+$ IF PAGE_MAX * FILES_PER_PAGE .LT. FILE_MAX THEN PAGE_MAX = PAGE_MAX + 1
+$!
+$ DRAW_BOX 'P2' 'P3' 'P4' 'P5' "''P6'" " Enter B for Back, N for Next, Ctrl-Z to Exit or Enter a File Number "
+$ PAGE_TXT = F$FAO (" Page !UL of !UL ", PAGE_CTR, PAGE_MAX)
+$ _COL = P2 + (BOX_WIDTH - F$LENGTH (PAGE_TXT)) + 2
+$ SAY ESC + "[''P3';''_COL'H''BOLD'''PAGE_TXT'''NORM'"
+$!
+$DISPLAY_LOOP:
+$!
+$ IF FILE_CTR .LE. FILE_MAX .AND. F$TYPE (FILE_'FILE_CTR') .NES. ""
+$ THEN 
+$     FILE = FILE_'FILE_CTR'
+$ ELSE
+$     FILE = ""
+$ ENDIF
+$ WRAP_IN_PROGRESS = 0
+$!
+$WRAP_LOOP:
+$!
+$ IF ROW .LE. (P5 - 2) .AND. -
+     FILE_CTR .LE. PAGE_CTR * FILES_PER_PAGE
+$ THEN
+$     IF F$LENGTH (FILE) .GT. BOX_WIDTH 
+$     THEN 
+$ 	  IF WRAP_IN_PROGRESS .EQ. 0
+$	  THEN 
+$	      CTR_TXT = F$FAO ("!3UL. ",FILE_CTR)
+$	      WRAP_IN_PROGRESS = 1
+$	  ELSE
+$	      CTR_TXT = "     "
+$         ENDIF
+$	  FILE_SEG = F$EXTRACT (0, BOX_WIDTH - F$LENGTH (CTR_TXT), FILE)
+$         SAY ESC + "[''ROW';''COL'H''BOLD'''CTR_TXT'''NORM'''FILE_SEG'"
+$         FILE = F$EXTRACT (BOX_WIDTH - F$LENGTH (CTR_TXT), F$LENGTH (FILE) - (BOX_WIDTH + F$LENGTH (CTR_TXT)), FILE)
+$         ROW = ROW + 1
+$	  GOTO WRAP_LOOP
+$     ELSE
+$	  IF FILE .NES. ""
+$	  THEN
+$ 	      IF WRAP_IN_PROGRESS .EQ. 0
+$	      THEN 
+$	          CTR_TXT = F$FAO ("!3UL. ",FILE_CTR)
+$	      ELSE
+$	          CTR_TXT = "     "
+$             ENDIF
+$             SAY ESC + "[''ROW';''COL'H''BOLD'''CTR_TXT'''NORM'''FILE'"
+$	  ENDIF
+$     ENDIF
+$ ELSE
+$!
+$RETRY:
+$!
+$     PROMPT = ESC + "[''INPUT_ROW';01H ''CEOL'"
+$     ASK "''PROMPT'" OPT
+$     IF F$TYPE (OPT) .NES. "INTEGER" .AND. -
+         F$EDIT (OPT,"TRIM,UPCASE") .NES. "B" .AND. -
+	 F$EDIT (OPT,"TRIM,UPCASE") .NES. "N" 
+$     THEN
+$         CALL INVALID_ENTRY
+$	  GOTO RETRY
+$     ENDIF
+$     IF F$TYPE (OPT) .EQS. "INTEGER" 
+$     THEN
+$	  IF OPT .GT. 0 .AND. -
+  	     OPT .LE. FILE_MAX .AND. -
+	     OPT .LE. (FILE_CTR - 1) .AND. -
+	     OPT .GE. (FILE_CTR - 1 - FILES_PER_PAGE)
+$	  THEN 
+$	      SSL_FILE_NAME == FILE_'OPT'
+$	      GOTO EXIT
+$	  ELSE
+$             CALL INVALID_ENTRY
+$	      GOTO RETRY
+$	  ENDIF
+$     ENDIF
+$     IF F$EDIT (OPT,"TRIM,UPCASE") .EQS. "B"
+$     THEN
+$	  IF PAGE_CTR .GT. 1
+$	  THEN
+$ 	      ROW = TOP_ROW
+$	      PAGE_CTR = PAGE_CTR - 1
+$ 	      FILE_CTR = PAGE_'PAGE_CTR'_FILE_CTR
+$             PAGE_TXT = F$FAO (" Page !UL of !UL ", PAGE_CTR, PAGE_MAX)
+$             _COL = P2 + (BOX_WIDTH - F$LENGTH (PAGE_TXT)) + 2
+$             SAY ESC + "[''P3';''_COL'H''BOLD'''PAGE_TXT'''NORM'"
+$             FILL_BOX 'P2' 'P3' 'P4' 'P5'
+$	      GOTO DISPLAY_LOOP
+$	  ELSE
+$             CALL INVALID_ENTRY
+$	      GOTO RETRY
+$         ENDIF
+$     ENDIF
+$     IF F$EDIT (OPT,"TRIM,UPCASE") .EQS. "N"
+$     THEN
+$	  IF PAGE_CTR .LT. PAGE_MAX
+$	  THEN
+$	      PAGE_CTR = PAGE_CTR + 1
+$ 	      PAGE_'PAGE_CTR'_FILE_CTR = FILE_CTR
+$ 	      FILE_CTR = PAGE_'PAGE_CTR'_FILE_CTR
+$             PAGE_TXT = F$FAO (" Page !UL of !UL ", PAGE_CTR, PAGE_MAX)
+$             _COL = P2 + (BOX_WIDTH - F$LENGTH (PAGE_TXT)) + 2
+$             SAY ESC + "[''P3';''_COL'H''BOLD'''PAGE_TXT'''NORM'"
+$             FILL_BOX 'P2' 'P3' 'P4' 'P5'
+$	  ELSE
+$             CALL INVALID_ENTRY
+$	      GOTO RETRY
+$         ENDIF
+$     ENDIF
+$     FILL_BOX 'P2' 'P3' 'P4' 'P5'
+$     ROW = TOP_ROW
+$     GOTO WRAP_LOOP
+$ ENDIF
+$ FILE_CTR = FILE_CTR + 1
+$ ROW = ROW + 1
+$ GOTO DISPLAY_LOOP
+$!
+$!------------------------------------------------------------------------------
+$! Display the invalid entry 
+$!------------------------------------------------------------------------------
+$!
+$INVALID_ENTRY: SUBROUTINE
+$!
+$ SAY ESC + "[''INPUT_ROW';01H", BELL, " Invalid Entry, Try again ...''CEOL'"
+$ Wait 00:00:01.5
+$ SAY ESC + "[''INPUT_ROW';01H", CEOL
+$!
+$ EXIT
+$!
+$ ENDSUBROUTINE
+$!
+$!------------------------------------------------------------------------------
+$! Exit
+$!------------------------------------------------------------------------------
+$!
+$EXIT:
+$!
+$ Verify = F$VERIFY (Verify)
+$!
+$ EXIT
--- a/VMS/cert_tool/ssl$rem_env.com
+++ b/VMS/cert_tool/ssl$rem_env.com
@@ -0,0 +1,62 @@
+$!
+$!------------------------------------------------------------------------------
+$! SSL$REM_ENV.COM - Remove the SSL Initialize Environment
+$!------------------------------------------------------------------------------
+$!
+$ Verify = F$VERIFY (0)
+$ Set NoOn
+$!
+$!------------------------------------------------------------------------------
+$! Description 
+$!------------------------------------------------------------------------------
+$!
+$! This procedure deletes the SSL environment logicals & symbols set up by
+$! SSL$INIT_ENV.COM.
+$!
+$! P1 = Mode of the logicals (ie - "/SYSTEM/EXECUTIVE_MODE").
+$!      Note - if P1 is not passed in, P1 will default to PROCESS.
+$!
+$!------------------------------------------------------------------------------
+$! Initialization 
+$!------------------------------------------------------------------------------
+$!
+$ IF F$TRNLNM("SSL$ROOT") .EQS. ""
+$ THEN
+$    WRITE SYS$OUTPUT " "
+$    WRITE SYS$OUTPUT " SSL-E-ERROR, SSL has not been started."
+$    WRITE SYS$OUTPUT " "
+$    WRITE SYS$OUTPUT " Execute the command procedure, SYS$STARTUP:SSL$STARTUP.COM, and then try this procedure again."
+$    WRITE SYS$OUTPUT " "
+$    EXIT
+$ ENDIF
+$!
+$ IF P1 .EQS. ""
+$ THEN
+$    P1 = "/PROCESS"
+$ ENDIF
+$!
+$!------------------------------------------------------------------------------
+$! Define logicals
+$!------------------------------------------------------------------------------
+$!
+$ DEASSIGN 'P1 	SSL$CA_CONF
+$ DEASSIGN 'P1 	SSL$CONF
+$ DEASSIGN 'P1 	SSL$COM
+$ DEASSIGN 'P1	SSL$CRT
+$ DEASSIGN 'P1 	SSL$CSR
+$ DEASSIGN 'P1 	SSL$KEY
+$ DEASSIGN 'P1 	SSL$DB
+$!
+$!------------------------------------------------------------------------------
+$! Define foreign symbols
+$!------------------------------------------------------------------------------
+$!
+$ DELETE/SYMBOL/GLOBAL OPENSSL
+$ DELETE/SYMBOL/GLOBAL HOSTADDR
+$ DELETE/SYMBOL/GLOBAL HOSTNAME
+$!
+$!------------------------------------------------------------------------------
+$! Exit
+$!------------------------------------------------------------------------------
+$!
+$ EXIT
--- a/VMS/cert_tool/ssl$rqst_cert.com
+++ b/VMS/cert_tool/ssl$rqst_cert.com
@@ -0,0 +1,769 @@
+$!
+$!------------------------------------------------------------------------------
+$! SSL$RQST_CERT.COM - SSL Certificate Request procedure
+$!------------------------------------------------------------------------------
+$!
+$ Verify = F$VERIFY (0)
+$ Set NoOn
+$ Set NoControl=Y
+$!
+$!------------------------------------------------------------------------------
+$! Description 
+$!------------------------------------------------------------------------------
+$!
+$! This procedure prompts the user through creating a Certificate Request.
+$!
+$! There are no parameters used.
+$!
+$!------------------------------------------------------------------------------
+$! Define symbols
+$!------------------------------------------------------------------------------
+$!
+$ DELETE := DELETE
+$ SAY := WRITE SYS$OUTPUT
+$ ASK := READ SYS$COMMAND /END_OF_FILE=EXIT /PROMPT=
+$ PID = F$GETJPI ("","PID")
+$ TT_NOECHO = F$GETDVI ("TT:","TT_NOECHO")
+$ On Control_Y THEN GOTO EXIT
+$ Set Control=Y
+$!
+$ TT_ROWS = F$GETDVI ("TT:","TT_PAGE")
+$ TT_COLS = F$GETDVI ("TT:","DEVBUFSIZ")
+$!
+$ GET_USER_DATA := CALL GET_USER_DATA
+$ SET_USER_DATA := CALL SET_USER_DATA
+$ DEL_USER_DATA := CALL DEL_USER_DATA
+$ INIT_TERM := @SSL$COM:SSL$INIT_TERM
+$ SHOW_FILE := @SSL$COM:SSL$SHOW_FILE 
+$ SSL_CONF_FILE = F$TRNLNM ("SSL$CONF")
+$ GET_CONF_DATA := @SSL$COM:SSL$CONF_UTIL 'SSL_CONF_FILE' GET
+$ SET_CONF_DATA := @SSL$COM:SSL$CONF_UTIL 'SSL_CONF_FILE' SET
+$!
+$ ESC[0,8] = 27 	! Set the Escape Character
+$ BELL[0,8] = 7 	! Ring the terminal Bell
+$ RED = 1		! Color - Red
+$ FGD = 30		! Foreground
+$ BGD = 0		! Background
+$ CSCR = ESC + "[2J"	! Clear the Screen 
+$ CEOS = ESC + "[0J"	! Clear to the End of the Screen 
+$ CEOL = ESC + "[0K"	! Clear to the End of the Line
+$ NORM = ESC + "[0m"	! Turn Attributes off
+$ BLNK = ESC + "[5m"    ! Turn on BLINK Attribute
+$ WIDE = ESC + "#6"     ! Turn on WIDE Attribute
+$!
+$!------------------------------------------------------------------------------
+$! Run the SSL setup if it hasn't been run yet
+$!------------------------------------------------------------------------------
+$!
+$ IF F$TRNLNM ("SSL$ROOT") .EQS. ""
+$ THEN
+$     IF F$SEARCH ("SSL$COM:SSL$INIT_ENV.COM") .NES. ""
+$     THEN 
+$         @SSL$COM:SSL$INIT_ENV.COM
+$     ELSE
+$         SAY BELL, "Unable to locate SSL$COM:SSL$INIT_ENV.COM ..."
+$	  GOTO EXIT
+$     ENDIF
+$ ENDIF
+$!
+$!------------------------------------------------------------------------------
+$! Display the Page Header
+$!------------------------------------------------------------------------------
+$!
+$ INIT_TERM
+$ BCOLOR = BGD
+$ FCOLOR = FGD + RED
+$ COLOR = ESC + "[''BCOLOR';''FCOLOR'm"
+$!
+$ TEXT = "SSL Certificate Tool"
+$ COL = (TT_COLS - (F$LENGTH (TEXT) * 2)) / 4
+$!
+$ SAY ESC + "[01;01H", CSCR
+$ SAY ESC + "[02;''COL'H", COLOR, WIDE, TEXT, NORM
+$!
+$ TEXT = "Create Certificate Request"
+$ COL = (TT_COLS - F$LENGTH (TEXT)) / 2
+$!
+$ SAY ESC + "[04;01H"
+$ SAY ESC + "[04;''COL'H", COLOR, TEXT, NORM
+$!
+$ ROW = 6
+$ COL = 2
+$ TOP_ROW = ROW
+$ MSG_ROW = TT_ROWS - 1
+$!
+$!------------------------------------------------------------------------------
+$! Initialize the Request Data
+$!------------------------------------------------------------------------------
+$!
+$ IF F$SEARCH ("''SSL_CONF_FILE'") .NES. ""
+$ THEN 
+$     SAY ESC + "[''MSG_ROW';01H", BLNK, " Reading Configuration ...", NORM
+$ ELSE
+$     SAY ESC + "[''MSG_ROW';01H", BLNK, " Initializing Configuration ...", NORM
+$ ENDIF
+$!
+$ _request_name = "req"
+$!
+$ _distinguished_name = "REQ_distinguished_name"
+$ _distinguished_name_upd = "Y"
+$!
+$ _default_bits = "1024"
+$ _default_bits_upd = "Y"
+$!
+$ _default_keyfile = "SSL$KEY:SERVER.KEY"
+$ _default_keyfile_upd = "Y"
+$!
+$ _default_csrfile = "SSL$CSR:SERVER.CSR"
+$ _default_csrfile_upd = "Y"
+$!
+$ _countryName_prompt = "Country Name ?"
+$ _countryName_min = "2"
+$ _countryName_max = "2"
+$ _countryName_default = "US"
+$ _countryName_upd = "Y"
+$ _countryName_cnt = 4
+$!
+$ _stateOrProvinceName_prompt = "State or Province Name ?"
+$ _stateOrProvinceName_default = ""
+$ _stateOrProvinceName_upd = "Y"
+$ _stateOrProvinceName_cnt = 2
+$!
+$ _localityName_prompt = "City Name ?"
+$ _localityName_default = ""
+$ _localityName_upd = "Y"
+$ _localityName_cnt = 2
+$!
+$ _0organizationName_prompt = "Organization Name ?"
+$ _0organizationName_default = ""
+$ _0organizationName_upd = "Y"
+$ _0organizationName_cnt = 2
+$!
+$ _organizationalUnitName_prompt = "Organization Unit Name ?"
+$ _organizationalUnitName_default = ""
+$ _organizationalUnitName_upd = "Y"
+$ _organizationalUnitName_cnt = 2
+$!
+$ _commonName_prompt = "Common Name ?"
+$ _commonName_max = "64"
+$ HOSTNAME -s _commonName_default
+$ _commonName_upd = "Y"
+$ _commonName_cnt = 3
+$!
+$ _emailAddress_prompt = "Email Address ?"
+$ _emailAddress_max = "40"
+$ _emailAddress_default = "webmaster@''_commonName_default'"
+$ _emailAddress_upd = "Y"
+$ _emailAddress_cnt = 3
+$!
+$ IF F$SEARCH ("''SSL_CONF_FILE'") .NES. ""
+$ THEN 
+$     GET_CONF_DATA "[''_request_name']#distinguished_name"
+$     IF SSL_CONF_DATA .NES. ""
+$     THEN 
+$         _distinguished_name = SSL_CONF_DATA
+$         _distinguished_name_upd = "N"
+$     ENDIF
+$!
+$     GET_CONF_DATA "[''_request_name']#default_bits"
+$     IF SSL_CONF_DATA .NES. ""
+$     THEN 
+$         _default_bits = SSL_CONF_DATA
+$         _default_bits_upd = "N"
+$     ENDIF
+$!
+$     GET_CONF_DATA "[''_request_name']#default_keyfile"
+$     IF SSL_CONF_DATA .NES. ""
+$     THEN 
+$         _default_keyfile = F$PARSE (SSL_CONF_DATA,"SSL$ROOT:",,"DEVICE") + -
+ 		             F$PARSE (SSL_CONF_DATA,"[KEY]",,"DIRECTORY") + -
+ 		             F$PARSE (SSL_CONF_DATA,"SERVER",,"NAME") + -
+ 		             F$PARSE (SSL_CONF_DATA,".KEY",,"TYPE") 
+$         _default_keyfile_upd = "N"
+$     ENDIF
+$!
+$     GET_CONF_DATA "[''_request_name']#default_csrfile"
+$     IF SSL_CONF_DATA .NES. ""
+$     THEN 
+$         _default_csrfile = F$PARSE (SSL_CONF_DATA,"SSL$ROOT:",,"DEVICE") + -
+ 		             F$PARSE (SSL_CONF_DATA,"[CSR]",,"DIRECTORY") + -
+ 		             F$PARSE (SSL_CONF_DATA,"SERVER",,"NAME") + -
+ 		             F$PARSE (SSL_CONF_DATA,".CSR",,"TYPE") 
+$         _default_csrfile_upd = "N"
+$     ENDIF
+$!
+$     CTR = 0
+$     GET_CONF_DATA "[''_distinguished_name']#countryName"
+$     IF SSL_CONF_DATA .NES. ""
+$     THEN 
+$         _countryName_prompt = SSL_CONF_DATA
+$         CTR = CTR + 1
+$     ENDIF
+$     GET_CONF_DATA "[''_distinguished_name']#countryName_min"
+$     IF SSL_CONF_DATA .NES. ""
+$     THEN 
+$         _countryName_min = SSL_CONF_DATA
+$         CTR = CTR + 1
+$     ENDIF
+$     GET_CONF_DATA "[''_distinguished_name']#countryName_max"
+$     IF SSL_CONF_DATA .NES. ""
+$     THEN 
+$         _countryName_max = SSL_CONF_DATA
+$         CTR = CTR + 1
+$     ENDIF
+$     GET_CONF_DATA "[''_distinguished_name']#countryName_default"
+$     IF SSL_CONF_DATA .NES. ""
+$     THEN 
+$         _countryName_default = SSL_CONF_DATA
+$         CTR = CTR + 1
+$     ENDIF
+$     IF _countryName_cnt .EQ. CTR THEN _countryName_upd = "N"
+$!
+$     CTR = 0
+$     GET_CONF_DATA "[''_distinguished_name']#stateOrProvinceName"
+$     IF SSL_CONF_DATA .NES. ""
+$     THEN 
+$         _stateOrProvinceName_prompt = SSL_CONF_DATA
+$         CTR = CTR + 1
+$     ENDIF
+$     GET_CONF_DATA "[''_distinguished_name']#stateOrProvinceName_default"
+$     IF SSL_CONF_DATA .NES. ""
+$     THEN 
+$         _stateOrProvinceName_default = SSL_CONF_DATA
+$         CTR = CTR + 1
+$     ENDIF
+$     IF _stateOrProvinceName_cnt .EQ. CTR THEN _stateOrProvinceName_upd = "N"
+$!
+$     CTR = 0
+$     GET_CONF_DATA "[''_distinguished_name']#localityName"
+$     IF SSL_CONF_DATA .NES. ""
+$     THEN 
+$         _localityName_prompt = SSL_CONF_DATA
+$         CTR = CTR + 1
+$     ENDIF
+$     GET_CONF_DATA "[''_distinguished_name']#localityName_default"
+$     IF SSL_CONF_DATA .NES. ""
+$     THEN 
+$         _localityName_default = SSL_CONF_DATA
+$         CTR = CTR + 1
+$     ENDIF
+$     IF _localityName_cnt .EQ. CTR THEN _localityName_upd = "N"
+$!
+$     CTR = 0
+$     GET_CONF_DATA "[''_distinguished_name']#0.organizationName"
+$     IF SSL_CONF_DATA .NES. ""
+$     THEN 
+$         _0organizationName_prompt = SSL_CONF_DATA
+$         CTR = CTR + 1
+$     ENDIF
+$     GET_CONF_DATA "[''_distinguished_name']#0.organizationName_default"
+$     IF SSL_CONF_DATA .NES. ""
+$     THEN 
+$         _0organizationName_default = SSL_CONF_DATA
+$         CTR = CTR + 1
+$     ENDIF
+$     IF _0organizationName_cnt .EQ. CTR THEN _0organizationName_upd = "N"
+$!
+$     CTR = 0
+$     GET_CONF_DATA "[''_distinguished_name']#organizationalUnitName"
+$     IF SSL_CONF_DATA .NES. ""
+$     THEN 
+$         _organizationalUnitName_prompt = SSL_CONF_DATA
+$         CTR = CTR + 1
+$     ENDIF
+$     GET_CONF_DATA "[''_distinguished_name']#organizationalUnitName_default"
+$     IF SSL_CONF_DATA .NES. ""
+$     THEN 
+$         _organizationalUnitName_default = SSL_CONF_DATA
+$         CTR = CTR + 1
+$     ENDIF
+$     IF _organizationalUnitName_cnt .EQ. CTR THEN _organizationalUnitName_upd = "N"
+$!
+$     CTR = 0
+$     GET_CONF_DATA "[''_distinguished_name']#commonName"
+$     IF SSL_CONF_DATA .NES. ""
+$     THEN 
+$         _commonName_prompt = SSL_CONF_DATA
+$         CTR = CTR + 1
+$     ENDIF
+$     GET_CONF_DATA "[''_distinguished_name']#commonName_max"
+$     IF SSL_CONF_DATA .NES. ""
+$     THEN 
+$         _commonName_max = SSL_CONF_DATA
+$         CTR = CTR + 1
+$     ENDIF
+$     GET_CONF_DATA "[''_distinguished_name']#commonName_default"
+$     IF SSL_CONF_DATA .NES. ""
+$     THEN 
+$         _commonName_default = SSL_CONF_DATA
+$         CTR = CTR + 1
+$     ENDIF
+$     IF _commonName_cnt .EQ. CTR THEN _commonName_upd = "N"
+$!
+$     CTR = 0
+$     GET_CONF_DATA "[''_distinguished_name']#emailAddress"
+$     IF SSL_CONF_DATA .NES. ""
+$     THEN 
+$         _emailAddress_prompt = SSL_CONF_DATA
+$         CTR = CTR + 1
+$     ENDIF
+$     GET_CONF_DATA "[''_distinguished_name']#emailAddress_max"
+$     IF SSL_CONF_DATA .NES. ""
+$     THEN 
+$         _emailAddress_max = SSL_CONF_DATA
+$         CTR = CTR + 1
+$     ENDIF
+$     GET_CONF_DATA "[''_distinguished_name']#emailAddress_default"
+$     IF SSL_CONF_DATA .NES. ""
+$     THEN 
+$         _emailAddress_default = SSL_CONF_DATA
+$         CTR = CTR + 1
+$     ENDIF
+$     IF _emailAddress_cnt .EQ. CTR THEN _emailAddress_upd = "N"
+$ ENDIF
+$!
+$ SET_USER_DATA "[]#encrypt_key#-#N#Encrypt Private Key ?#S##1##Y#N"
+$ SET_USER_DATA "[]#pem_pass_phrase#-##PEM Pass Phrase ?#P#1###Y#Y"
+$ SET_USER_DATA "[''_request_name']#default_bits#D#''_default_bits'#Encryption Bits ?#I###''_default_bits_upd'#Y#N"
+$ SET_USER_DATA "[''_request_name']#default_keyfile#D#''_default_keyfile'#Certificate Key File ?#F###''_default_keyfile_upd'#Y#N"
+$ SET_USER_DATA "[''_request_name']#default_csrfile#D#''_default_csrfile'#Certificate Request File ?#F###''_default_csrfile_upd'#Y#N"
+$ SET_USER_DATA "[''_request_name']#distinguished_name#D#''_distinguished_name'##S###''_distinguished_name_upd'#N#N"
+$ SET_USER_DATA "[''_distinguished_name']#countryName#P#''_countryName_default'#''_countryName_prompt'#S#''_countryName_min'#''_countryName_max'#''_countryName_upd'#Y#N" 
+$ SET_USER_DATA "[''_distinguished_name']#stateOrProvinceName#P#''_stateOrProvinceName_default'#''_stateOrProvinceName_prompt'#S###''_stateOrProvinceName_upd'#Y#N"
+$ SET_USER_DATA "[''_distinguished_name']#localityName#P#''_localityName_default'#''_localityName_prompt'#S###''_localityName_upd'#Y#N"
+$ SET_USER_DATA "[''_distinguished_name']#0.organizationName#P#''_0organizationName_default'#''_0organizationName_prompt'#S###''_0organizationName_upd'#Y#N"
+$ SET_USER_DATA "[''_distinguished_name']#organizationalUnitName#P#''_organizationalUnitName_default'#''_organizationalUnitName_prompt'#S###''_organizationUnitName_upd'#Y#N"
+$ SET_USER_DATA "[''_distinguished_name']#commonName#P#''_commonName_default'#''_commonName_prompt'#S##''_commonName_max'#''_commonName_upd'#Y#N"
+$ SET_USER_DATA "[''_distinguished_name']#emailAddress#P#''_emailAddress_default'#''_emailAddress_prompt'#S##''_emailAddress_max'#''_emailAddress_upd'#Y#N"
+$ SET_USER_DATA "[]#display_certificate#-#N#Display the Certificate ?#S##1##Y#N"
+$!
+$ SAY ESC + "[''MSG_ROW';01H", CEOS
+$!
+$!------------------------------------------------------------------------------
+$! Confirm/Update the SSL Configuration Data
+$!------------------------------------------------------------------------------
+$!
+$ CTR = 1
+$!
+$PROMPT_LOOP:
+$!
+$ IF CTR .LE. SSL_USER_DATA_MAX
+$ THEN 
+$     KEY = F$ELEMENT (0,"#",SSL_USER_DATA_'CTR') ! Key Name
+$     ITM = F$ELEMENT (1,"#",SSL_USER_DATA_'CTR') ! Item Name
+$     VAL = F$ELEMENT (2,"#",SSL_USER_DATA_'CTR') ! Item Value Contains Default or Prompt
+$     DEF = F$ELEMENT (3,"#",SSL_USER_DATA_'CTR') ! Default Value
+$     PRM = F$ELEMENT (4,"#",SSL_USER_DATA_'CTR') ! Prompt Value
+$     TYP = F$ELEMENT (5,"#",SSL_USER_DATA_'CTR') ! Value Type
+$     MIN = F$ELEMENT (6,"#",SSL_USER_DATA_'CTR') ! Value Minimum Length
+$     MAX = F$ELEMENT (7,"#",SSL_USER_DATA_'CTR') ! Value Maximum Length
+$     UPD = F$ELEMENT (8,"#",SSL_USER_DATA_'CTR') ! Entry Updated ?
+$     REQ = F$ELEMENT (9,"#",SSL_USER_DATA_'CTR') ! Entry Required for Input ?
+$     CFM = F$ELEMENT (10,"#",SSL_USER_DATA_'CTR')! Confirm Input  ?
+$!
+$! The PEM Pass Phrase prompt is dependant on the answer to encrypt the private key
+$!
+$     IF KEY .EQS. "[]" .AND. ITM .EQS. "pem_pass_phrase"
+$     THEN
+$         GET_USER_DATA "[]#encrypt_key"
+$ 	  _encrypt_key = SSL_USER_DATA
+$         IF F$EDIT (_encrypt_key,"UPCASE") .NES. "Y"
+$	  THEN
+$             CTR = CTR + 1
+$             GOTO PROMPT_LOOP
+$	  ENDIF
+$     ENDIF
+$!
+$     CONFIRMED = 0
+$     IF REQ .EQS. "N"
+$     THEN 
+$         CTR = CTR + 1
+$         GOTO PROMPT_LOOP
+$     ENDIF
+$     IF ROW .GT. MSG_ROW - 2
+$     THEN 
+$         SAY ESC + "[''TOP_ROW';01H", CEOS
+$	  ROW = TOP_ROW
+$     ENDIF
+$!
+$CONFIRM_LOOP:
+$!
+$     IF PRM .EQS. "" 
+$     THEN 
+$         PROMPT = ESC + "[''ROW';''COL'H''ITM' ? [''DEF'] ''CEOL'"
+$     ELSE
+$         PROMPT = ESC + "[''ROW';''COL'H''PRM' [''DEF'] ''CEOL'"
+$     ENDIF
+$     IF TYP .EQS. "P" THEN SET TERMINAL /NOECHO
+$     ASK "''PROMPT'" ANS /END_OF_FILE=EXIT
+$     IF TYP .EQS. "P" THEN SET TERMINAL /ECHO
+$     ANS = F$EDIT (ANS,"TRIM")
+$     IF ANS .EQS. "" THEN ANS = DEF
+$     IF TYP .EQS. "F"
+$     THEN
+$         ANS = F$PARSE ("''ANS'","''DEF'",,,"SYNTAX_ONLY")
+$     ENDIF
+$     IF TYP .EQS. "I" .AND. F$TYPE (ANS) .NES. "INTEGER"
+$     THEN 
+$         CALL INVALID_ENTRY
+$         SAY ESC + "[''ROW';01H", CEOS
+$         GOTO PROMPT_LOOP
+$     ENDIF
+$     IF (TYP .EQS. "S" .OR. TYP .EQS. "P") .AND. -
+         ((MIN .NES. "" .AND. F$LENGTH (ANS) .LT. F$INTEGER(MIN)) .OR. -
+          (MAX .NES. "" .AND. F$LENGTH (ANS) .GT. F$INTEGER(MAX)))
+$     THEN 
+$         CALL INVALID_ENTRY
+$         SAY ESC + "[''ROW';01H", CEOS
+$	  IF TYP .EQS. "S" THEN GOTO PROMPT_LOOP
+$         IF TYP .EQS. "P" THEN GOTO CONFIRM_LOOP
+$     ENDIF
+$     ROW = ROW + 1
+$     IF CFM .EQS. "Y"
+$     THEN
+$         IF CONFIRMED .EQ. 0
+$	  THEN
+$	      CONFIRMED = 1
+$	      CONFIRMED_ANS = ANS
+$	      PRM = "Confirm ''PRM'"
+$	      GOTO CONFIRM_LOOP
+$         ELSE
+$	      IF ANS .NES. CONFIRMED_ANS
+$	      THEN 
+$                 CALL INVALID_ENTRY
+$		  ROW = ROW - 2
+$                 SAY ESC + "[''ROW';01H", CEOS
+$                 GOTO PROMPT_LOOP
+$	      ENDIF
+$         ENDIF
+$     ENDIF
+$     IF ANS .NES. DEF THEN SSL_USER_DATA_'CTR' = "''KEY'#''ITM'#''VAL'#''ANS'#''PRM'#''TYP'#''MIN'#''MAX'#Y#''REQ'#''CFM'"
+$     CTR = CTR + 1
+$     GOTO PROMPT_LOOP
+$ ENDIF
+$!
+$!------------------------------------------------------------------------------
+$! Save the SSL Configuration Data
+$!------------------------------------------------------------------------------
+$!
+$ CTR = 1
+$ SAY ESC + "[''MSG_ROW';01H", BLNK, " Saving Configuration ...", NORM
+$!
+$SAVE_CONF_LOOP:
+$!
+$ IF CTR .LE. SSL_USER_DATA_MAX
+$ THEN 
+$     KEY = F$ELEMENT (0,"#",SSL_USER_DATA_'CTR') ! Key Name
+$     ITM = F$ELEMENT (1,"#",SSL_USER_DATA_'CTR') ! Item Name
+$     VAL = F$ELEMENT (2,"#",SSL_USER_DATA_'CTR') ! Item Value Contains Default or Prompt
+$     DEF = F$ELEMENT (3,"#",SSL_USER_DATA_'CTR') ! Default Value
+$     PRM = F$ELEMENT (4,"#",SSL_USER_DATA_'CTR') ! Prompt Value
+$     TYP = F$ELEMENT (5,"#",SSL_USER_DATA_'CTR') ! Value Type
+$     MIN = F$ELEMENT (6,"#",SSL_USER_DATA_'CTR') ! Value Minimum Length
+$     MAX = F$ELEMENT (7,"#",SSL_USER_DATA_'CTR') ! Value Maximum Length
+$     UPD = F$ELEMENT (8,"#",SSL_USER_DATA_'CTR') ! Entry Updated ?
+$     REQ = F$ELEMENT (9,"#",SSL_USER_DATA_'CTR') ! Entry Required for Input ?
+$     CFM = F$ELEMENT (10,"#",SSL_USER_DATA_'CTR')! Confirm Input ?
+$     IF UPD .NES. "Y" .OR. VAL .EQS. "-"
+$     THEN 
+$         CTR = CTR + 1
+$         GOTO SAVE_CONF_LOOP
+$     ENDIF
+$     IF VAL .EQS. "D"
+$     THEN 
+$         SET_CONF_DATA "''KEY'#''ITM'" "''DEF'"
+$     ELSE
+$         SET_CONF_DATA "''KEY'#''ITM'" "''PRM'"
+$         SET_CONF_DATA "''KEY'#''ITM'_default" "''DEF'"
+$     ENDIF
+$     IF MIN .NES. "" THEN SET_CONF_DATA "''KEY'#''ITM'_min" "''MIN'"
+$     IF MAX .NES. "" THEN SET_CONF_DATA "''KEY'#''ITM'_max" "''MAX'"
+$     CTR = CTR + 1
+$     GOTO SAVE_CONF_LOOP
+$ ENDIF
+$!
+$ PURGE /NOLOG /NOCONFIRM 'SSL_CONF_FILE'
+$ RENAME 'SSL_CONF_FILE'; ;1
+$!
+$ SAY ESC + "[''MSG_ROW';01H", CEOS
+$!
+$!------------------------------------------------------------------------------
+$! Create the Server Certificiate
+$!------------------------------------------------------------------------------
+$!
+$ SAY ESC + "[''MSG_ROW';01H", BLNK, " Creating Certificate Request ...", NORM
+$!
+$ X1 = 2
+$ Y1 = TOP_ROW
+$ X2 = TT_COLS - 2
+$ Y2 = MSG_ROW - 1
+$!
+$ GET_USER_DATA "[]#encrypt_key"
+$ _encrypt_key = SSL_USER_DATA
+$ IF F$EDIT (_encrypt_key,"UPCASE") .EQS. "Y"
+$ THEN 
+$     GET_USER_DATA "[]#pem_pass_phrase"
+$     _pem_pass_phrase = SSL_USER_DATA
+$ ENDIF
+$ GET_USER_DATA "[req]#default_bits"
+$ _default_bits = SSL_USER_DATA
+$ GET_USER_DATA "[req]#default_keyfile"
+$ _default_keyfile = SSL_USER_DATA
+$ GET_USER_DATA "[req]#default_csrfile"
+$ _default_csrfile = SSL_USER_DATA
+$ GET_USER_DATA "[]#display_certificate"
+$ _display_certificate = SSL_USER_DATA
+$!
+$!
+$ DEFINE /USER /NOLOG SYS$ERROR  NL:
+$ DEFINE /USER /NOLOG SYS$OUTPUT NL:
+$ SHOW SYSTEM /FULL /OUT=SYS$LOGIN:SSL_GENRSA_'PID'.RND
+$!
+$ OPEN /WRITE OFILE SYS$LOGIN:SSL_GENRSA_'PID'.COM
+$ WRITE OFILE "$ DEFINE /USER /NOLOG RANDFILE    SYS$LOGIN:SSL_GENRSA_''PID'.RND"
+$ WRITE OFILE "$ DEFINE /USER /NOLOG SYS$ERROR   SYS$LOGIN:SSL_GENRSA_''PID'.LOG"
+$ WRITE OFILE "$ DEFINE /USER /NOLOG SYS$OUTPUT  SYS$LOGIN:SSL_GENRSA_''PID'.LOG"
+$ WRITE OFILE "$ DEFINE /USER /NOLOG SYS$COMMAND SYS$INPUT"
+$ IF _encrypt_key .EQS. "Y"
+$ THEN 
+$     WRITE OFILE "$ OPENSSL genrsa -des3 -out ''_default_keyfile' ''_default_bits'"
+$     WRITE OFILE "''_pem_pass_phrase'"
+$     WRITE OFILE "''_pem_pass_phrase'"
+$ ELSE
+$     WRITE OFILE "$ OPENSSL genrsa -out ''_default_keyfile' ''_default_bits'"
+$ ENDIF
+$ CLOSE OFILE
+$!
+$ @SYS$LOGIN:SSL_GENRSA_'PID'.COM
+$!
+$ DELETE/NOLOG/NOCONFIRM SYS$LOGIN:SSL_GENRSA_'PID'.RND;*
+$ DELETE/NOLOG/NOCONFIRM SYS$LOGIN:SSL_GENRSA_'PID'.COM;*
+$!
+$ DEFINE /USER /NOLOG SYS$ERROR  NL:
+$ DEFINE /USER /NOLOG SYS$OUTPUT NL:
+$ SEARCH SYS$LOGIN:SSL_GENRSA_'PID'.LOG /OUT=SYS$LOGIN:SSL_GENRSA_'PID'.ERR ":error:"
+$ IF F$SEARCH ("SYS$LOGIN:SSL_GENRSA_''PID'.ERR") .NES. "" 
+$ THEN 
+$     IF F$FILE_ATTRIBUTE ("SYS$LOGIN:SSL_GENRSA_''PID'.ERR","ALQ") .NE. 0
+$     THEN 
+$         DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_GENRSA_'PID'.ERR;*
+$         SAY ESC + "[''MSG_ROW';01H''BELL'''CEOS'"
+$         SHOW_FILE "SYS$LOGIN:SSL_GENRSA_''PID'.LOG" 'X1' 'Y1' 'X2' 'Y2' "< ERROR >" 
+$         DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_GENRSA_'PID'.LOG;*
+$         GOTO EXIT
+$     ENDIF
+$     DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_GENRSA_'PID'.ERR;*
+$ ENDIF
+$! 
+$ DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_GENRSA_'PID'.LOG;*
+$!
+$!
+$ DEFINE /USER /NOLOG SYS$ERROR  NL:
+$ DEFINE /USER /NOLOG SYS$OUTPUT NL:
+$ SHOW SYSTEM /FULL /OUT=SYS$LOGIN:SSL_REQ_'PID'.RND
+$!
+$ OPEN /WRITE OFILE SYS$LOGIN:SSL_REQ_'PID'.COM
+$ WRITE OFILE "$ DEFINE /USER /NOLOG RANDFILE    SYS$LOGIN:SSL_REQ_''PID'.RND"
+$ WRITE OFILE "$ DEFINE /USER /NOLOG SYS$ERROR   SYS$LOGIN:SSL_REQ_''PID'.LOG"
+$ WRITE OFILE "$ DEFINE /USER /NOLOG SYS$OUTPUT  SYS$LOGIN:SSL_REQ_''PID'.LOG"
+$ WRITE OFILE "$ DEFINE /USER /NOLOG SYS$COMMAND SYS$INPUT"
+$ IF _encrypt_key .EQS. "Y"
+$ THEN 
+$     WRITE OFILE "$ OPENSSL req -new -config ''SSL_CONF_FILE' -key ''_default_keyfile' -out ''_default_csrfile'"
+$     WRITE OFILE "''_pem_pass_phrase'"
+$     WRITE OFILE "''_pem_pass_phrase'"
+$ ELSE
+$     WRITE OFILE "$ OPENSSL req -new -nodes -config ''SSL_CONF_FILE' -keyout ''_default_keyfile' -out ''_default_csrfile'"
+$ ENDIF
+$ WRITE OFILE ""
+$ WRITE OFILE ""
+$ WRITE OFILE ""
+$ WRITE OFILE ""
+$ WRITE OFILE ""
+$ WRITE OFILE ""
+$ WRITE OFILE ""
+$ CLOSE OFILE
+$!
+$ @SYS$LOGIN:SSL_REQ_'PID'.COM
+$!
+$ DELETE/NOLOG/NOCONFIRM SYS$LOGIN:SSL_REQ_'PID'.COM;*
+$!
+$ DEFINE /USER /NOLOG SYS$ERROR  NL:
+$ DEFINE /USER /NOLOG SYS$OUTPUT NL:
+$ SEARCH SYS$LOGIN:SSL_REQ_'PID'.LOG /OUT=SYS$LOGIN:SSL_REQ_'PID'.ERR ":error:"
+$ IF F$SEARCH ("SYS$LOGIN:SSL_REQ_''PID'.ERR") .NES. "" 
+$ THEN 
+$     IF F$FILE_ATTRIBUTE ("SYS$LOGIN:SSL_REQ_''PID'.ERR","ALQ") .NE. 0
+$     THEN 
+$         DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_REQ_'PID'.ERR;*
+$         SAY ESC + "[''MSG_ROW';01H''BELL'''CEOS'"
+$         SHOW_FILE "SYS$LOGIN:SSL_REQ_''PID'.LOG" 'X1' 'Y1' 'X2' 'Y2' "< ERROR >" 
+$         DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_REQ_'PID'.LOG;*
+$         GOTO EXIT
+$     ENDIF
+$     DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_REQ_'PID'.ERR;*
+$ ENDIF
+$!
+$ DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_REQ_'PID'.LOG;*
+$! 
+$ IF F$EDIT (_display_certificate,"TRIM,UPCASE") .EQS. "Y"
+$ THEN 
+$     SAY ESC + "[''MSG_ROW';01H", BLNK, " Generating Output ...", NORM, CEOL
+$!
+$     OPEN /WRITE OFILE SYS$LOGIN:SSL_REQ_'PID'.COM
+$     WRITE OFILE "$ DEFINE /USER /NOLOG SYS$ERROR   SYS$LOGIN:SSL_REQ_''PID'.LOG"
+$     WRITE OFILE "$ DEFINE /USER /NOLOG SYS$OUTPUT  SYS$LOGIN:SSL_REQ_''PID'.LOG"
+$     WRITE OFILE "$ DEFINE /USER /NOLOG SYS$COMMAND SYS$INPUT"
+$     WRITE OFILE "$ OPENSSL req -noout -text -config ''SSL_CONF_FILE' -in ''_default_csrfile'"
+$     CLOSE OFILE
+$!
+$     @SYS$LOGIN:SSL_REQ_'PID'.COM
+$!
+$     DELETE/NOLOG/NOCONFIRM SYS$LOGIN:SSL_REQ_'PID'.COM;*
+$!
+$     DEFINE /USER /NOLOG SYS$ERROR  NL:
+$     DEFINE /USER /NOLOG SYS$OUTPUT NL:
+$     SEARCH SYS$LOGIN:SSL_REQ_'PID'.LOG /OUT=SYS$LOGIN:SSL_REQ_'PID'.ERR ":error:"
+$     IF F$SEARCH ("SYS$LOGIN:SSL_REQ_''PID'.ERR") .NES. "" 
+$     THEN 
+$         IF F$FILE_ATTRIBUTE ("SYS$LOGIN:SSL_REQ_''PID'.ERR","ALQ") .NE. 0
+$         THEN 
+$             DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_REQ_'PID'.ERR;*
+$             SAY ESC + "[''MSG_ROW';01H''BELL'''CEOS'"
+$             SHOW_FILE "SYS$LOGIN:SSL_REQ_''PID'.LOG" 'X1' 'Y1' 'X2' 'Y2' "< ERROR >" 
+$             DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_REQ_'PID'.LOG;*
+$             GOTO EXIT
+$         ENDIF
+$         DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_REQ_'PID'.ERR;*
+$     ENDIF
+$!
+$     SAY ESC + "[''MSG_ROW';01H''CEOS'"
+$     SHOW_FILE "SYS$LOGIN:SSL_REQ_''PID'.LOG" 'X1' 'Y1' 'X2' 'Y2' "< ''_default_csrfile' >" 
+$     DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_REQ_'PID'.LOG;*
+$     GOTO EXIT
+$ ENDIF
+$!
+$ TEXT = "Press return to continue"
+$ COL = (TT_COLS - F$LENGTH (TEXT)) / 2
+$!
+$ SAY ESC + "[''MSG_ROW';01H", CEOS
+$ PROMPT = ESC + "[''MSG_ROW';''COL'H''TEXT'"
+$ ASK "''PROMPT'" OPT
+$!
+$GOTO EXIT
+$!
+$!------------------------------------------------------------------------------
+$! Set the User Data
+$!------------------------------------------------------------------------------
+$!
+$SET_USER_DATA: SUBROUTINE
+$!
+$ IF F$TYPE (SSL_USER_DATA_MAX) .EQS. ""
+$ THEN
+$     SSL_USER_DATA_MAX == 1
+$ ELSE
+$     SSL_USER_DATA_MAX == SSL_USER_DATA_MAX + 1
+$ ENDIF
+$!
+$ SSL_USER_DATA_'SSL_USER_DATA_MAX' == "''P1'"
+$!
+$ EXIT
+$!
+$ ENDSUBROUTINE
+$!
+$!------------------------------------------------------------------------------
+$! Get the User Data
+$!------------------------------------------------------------------------------
+$!
+$GET_USER_DATA: SUBROUTINE
+$!
+$ CTR = 1
+$ USER_KEY = F$ELEMENT (0,"#",P1)
+$ USER_ITM = F$ELEMENT (1,"#",P1)
+$!
+$GET_USER_DATA_LOOP:
+$!
+$ IF CTR .LE. SSL_USER_DATA_MAX
+$ THEN
+$     KEY = F$ELEMENT (0,"#",SSL_USER_DATA_'CTR') ! Key Name
+$     ITM = F$ELEMENT (1,"#",SSL_USER_DATA_'CTR') ! Item Name
+$     VAL = F$ELEMENT (2,"#",SSL_USER_DATA_'CTR') ! Item Value Contains Default or Prompt
+$     DEF = F$ELEMENT (3,"#",SSL_USER_DATA_'CTR') ! Default Value
+$     PRM = F$ELEMENT (4,"#",SSL_USER_DATA_'CTR') ! Prompt Value
+$     IF USER_KEY .NES. KEY .OR. USER_ITM .NES. ITM
+$     THEN 
+$         CTR = CTR + 1
+$         GOTO GET_USER_DATA_LOOP
+$     ENDIF
+$     IF VAL .EQS. "-" THEN SSL_USER_DATA == "''DEF'"
+$     IF VAL .EQS. "D" THEN SSL_USER_DATA == "''DEF'"
+$     IF VAL .EQS. "P" THEN SSL_USER_DATA == "''PRM'"
+$ ENDIF
+$!
+$ EXIT
+$!
+$ ENDSUBROUTINE
+$!
+$!------------------------------------------------------------------------------
+$! Delete the User Data
+$!------------------------------------------------------------------------------
+$!
+$DEL_USER_DATA: SUBROUTINE
+$!
+$ IF F$TYPE (SSL_USER_DATA_MAX) .EQS. "" THEN GOTO DEL_USER_DATA_END
+$!
+$DEL_USER_DATA_LOOP:
+$!
+$ IF F$TYPE (SSL_USER_DATA_'SSL_USER_DATA_MAX') .NES. "" 
+$ THEN
+$     DELETE /SYMBOL /GLOBAL SSL_USER_DATA_'SSL_USER_DATA_MAX'
+$     SSL_USER_DATA_MAX == SSL_USER_DATA_MAX - 1
+$     GOTO DEL_USER_DATA_LOOP
+$ ENDIF
+$!
+$ DELETE /SYMBOL /GLOBAL SSL_USER_DATA_MAX
+$!
+$DEL_USER_DATA_END:
+$!
+$ IF F$TYPE (SSL_USER_DATA) .NES. "" THEN DELETE /SYMBOL /GLOBAL SSL_USER_DATA
+$!
+$ EXIT
+$!
+$ ENDSUBROUTINE
+$!
+$!------------------------------------------------------------------------------
+$! Display the invalid entry 
+$!------------------------------------------------------------------------------
+$!
+$INVALID_ENTRY: SUBROUTINE
+$!
+$ SAY ESC + "[''MSG_ROW';01H", BELL, " Invalid Entry, Try again ...''CEOL'"
+$ Wait 00:00:01.5
+$ SAY ESC + "[''MSG_ROW';01H", CEOL
+$!
+$ EXIT
+$!
+$ ENDSUBROUTINE
+$!
+$!------------------------------------------------------------------------------
+$!
+$!------------------------------------------------------------------------------
+$!
+$EXIT:
+$!
+$ DEFINE /USER /NOLOG SYS$ERROR  NL:
+$ DEFINE /USER /NOLOG SYS$OUTPUT NL:
+$ CLOSE OFILE
+$!
+$ DEL_USER_DATA
+$!
+$ IF F$TYPE (SSL_CONF_DATA) .NES. "" THEN DELETE /SYMBOL /GLOBAL SSL_CONF_DATA
+$!
+$ IF F$GETDVI ("TT:","TT_NOECHO") .AND. .NOT. TT_NOECHO THEN SET TERMINAL /ECHO
+$!
+$ IF F$SEARCH ("SYS$LOGIN:SSL_GENRSA_''PID'.%%%;*") .NES. "" THEN DELETE/NOLOG/NOCONFIRM SYS$LOGIN:SSL_GENRSA_'PID'.%%%;*
+$ IF F$SEARCH ("SYS$LOGIN:SSL_REQ_''PID'.%%%;*") .NES. "" THEN DELETE/NOLOG/NOCONFIRM SYS$LOGIN:SSL_REQ_'PID'.%%%;*
+$!
+$ Verify = F$VERIFY (Verify)
+$!
+$ EXIT
--- a/VMS/cert_tool/ssl$self_cert.com
+++ b/VMS/cert_tool/ssl$self_cert.com
@@ -0,0 +1,725 @@
+$!
+$!------------------------------------------------------------------------------
+$! SSL$SELF_CERT.COM - SSL Self Signed Certificate procedure
+$!------------------------------------------------------------------------------
+$!
+$ Verify = F$VERIFY (0)
+$ Set NoOn
+$ Set NoControl=Y
+$!
+$!------------------------------------------------------------------------------
+$! Description 
+$!------------------------------------------------------------------------------
+$!
+$! This procedure prompts the user through creating a Server Certificate.
+$!
+$! There are no parameters used.
+$!
+$!------------------------------------------------------------------------------
+$! Define symbols
+$!------------------------------------------------------------------------------
+$!
+$ DELETE := DELETE
+$ SAY := WRITE SYS$OUTPUT
+$ ASK := READ SYS$COMMAND /END_OF_FILE=EXIT /PROMPT=
+$ PID = F$GETJPI ("","PID")
+$ TT_NOECHO = F$GETDVI ("TT:","TT_NOECHO")
+$ On Control_Y THEN GOTO EXIT
+$ Set Control=Y
+$!
+$ TT_ROWS = F$GETDVI ("TT:","TT_PAGE")
+$ TT_COLS = F$GETDVI ("TT:","DEVBUFSIZ")
+$!
+$ GET_USER_DATA := CALL GET_USER_DATA
+$ SET_USER_DATA := CALL SET_USER_DATA
+$ DEL_USER_DATA := CALL DEL_USER_DATA
+$ INIT_TERM := @SSL$COM:SSL$INIT_TERM
+$ SHOW_FILE := @SSL$COM:SSL$SHOW_FILE 
+$ SSL_CONF_FILE = F$TRNLNM ("SSL$CONF")
+$ GET_CONF_DATA := @SSL$COM:SSL$CONF_UTIL 'SSL_CONF_FILE' GET
+$ SET_CONF_DATA := @SSL$COM:SSL$CONF_UTIL 'SSL_CONF_FILE' SET
+$!
+$ ESC[0,8] = 27 	! Set the Escape Character
+$ BELL[0,8] = 7 	! Ring the terminal Bell
+$ RED = 1		! Color - Red
+$ FGD = 30		! Foreground
+$ BGD = 0		! Background
+$ CSCR = ESC + "[2J"	! Clear the Screen 
+$ CEOS = ESC + "[0J"	! Clear to the End of the Screen 
+$ CEOL = ESC + "[0K"	! Clear to the End of the Line
+$ NORM = ESC + "[0m"	! Turn Attributes off
+$ BLNK = ESC + "[5m"    ! Turn on BLINK Attribute
+$ WIDE = ESC + "#6"     ! Turn on WIDE Attribute
+$!
+$!------------------------------------------------------------------------------
+$! Run the SSL setup if it hasn't been run yet
+$!------------------------------------------------------------------------------
+$!
+$ IF F$TRNLNM ("SSL$ROOT") .EQS. ""
+$ THEN
+$     IF F$SEARCH ("SSL$COM:SSL$INIT_ENV.COM") .NES. ""
+$     THEN 
+$         @SSL$COM:SSL$INIT_ENV.COM
+$     ELSE
+$         SAY BELL, "Unable to locate SSL$COM:SSL$INIT_ENV.COM ..."
+$	  GOTO EXIT
+$     ENDIF
+$ ENDIF
+$!
+$!------------------------------------------------------------------------------
+$! Display the Page Header
+$!------------------------------------------------------------------------------
+$!
+$ INIT_TERM
+$ BCOLOR = BGD
+$ FCOLOR = FGD + RED
+$ COLOR = ESC + "[''BCOLOR';''FCOLOR'm"
+$!
+$ TEXT = "SSL Certificate Tool"
+$ COL = (TT_COLS - (F$LENGTH (TEXT) * 2)) / 4
+$!
+$ SAY ESC + "[01;01H", CSCR
+$ SAY ESC + "[02;''COL'H", COLOR, WIDE, TEXT, NORM
+$!
+$ TEXT = "Create Self-Signed Certificate"
+$ COL = (TT_COLS - F$LENGTH (TEXT)) / 2
+$!
+$ SAY ESC + "[04;01H"
+$ SAY ESC + "[04;''COL'H", COLOR, TEXT, NORM
+$!
+$ ROW = 6
+$ COL = 2
+$ TOP_ROW = ROW
+$ MSG_ROW = TT_ROWS - 1
+$!
+$!------------------------------------------------------------------------------
+$! Initialize the Request Data
+$!------------------------------------------------------------------------------
+$!
+$ IF F$SEARCH ("''SSL_CONF_FILE'") .NES. ""
+$ THEN 
+$     SAY ESC + "[''MSG_ROW';01H", BLNK, " Reading Configuration ...", NORM
+$ ELSE
+$     SAY ESC + "[''MSG_ROW';01H", BLNK, " Initializing Configuration ...", NORM
+$ ENDIF
+$!
+$ _request_name = "req"
+$!
+$ _distinguished_name = "REQ_distinguished_name"
+$ _distinguished_name_upd = "Y"
+$!
+$ _default_bits = "1024"
+$ _default_bits_upd = "Y"
+$!
+$ _default_keyfile = "SSL$KEY:SERVER.KEY"
+$ _default_keyfile_upd = "Y"
+$!
+$ _default_crtfile = "SSL$CRT:SERVER.CRT"
+$ _default_crtfile_upd = "Y"
+$!
+$ _countryName_prompt = "Country Name ?"
+$ _countryName_min = "2"
+$ _countryName_max = "2"
+$ _countryName_default = "US"
+$ _countryName_upd = "Y"
+$ _countryName_cnt = 4
+$!
+$ _stateOrProvinceName_prompt = "State or Province Name ?"
+$ _stateOrProvinceName_default = ""
+$ _stateOrProvinceName_upd = "Y"
+$ _stateOrProvinceName_cnt = 2
+$!
+$ _localityName_prompt = "City Name ?"
+$ _localityName_default = ""
+$ _localityName_upd = "Y"
+$ _localityName_cnt = 2
+$!
+$ _0organizationName_prompt = "Organization Name ?"
+$ _0organizationName_default = ""
+$ _0organizationName_upd = "Y"
+$ _0organizationName_cnt = 2
+$!
+$ _organizationalUnitName_prompt = "Organization Unit Name ?"
+$ _organizationalUnitName_default = ""
+$ _organizationalUnitName_upd = "Y"
+$ _organizationalUnitName_cnt = 2
+$!
+$ _commonName_prompt = "Common Name ?"
+$ _commonName_max = "64"
+$ HOSTNAME -s _commonName_default
+$ _commonName_upd = "Y"
+$ _commonName_cnt = 3
+$!
+$ _emailAddress_prompt = "Email Address ?"
+$ _emailAddress_max = "40"
+$ _emailAddress_default = "webmaster@''_commonName_default'"
+$ _emailAddress_upd = "Y"
+$ _emailAddress_cnt = 3
+$!
+$ IF F$SEARCH ("''SSL_CONF_FILE'") .NES. ""
+$ THEN 
+$     GET_CONF_DATA "[''_request_name']#distinguished_name"
+$     IF SSL_CONF_DATA .NES. ""
+$     THEN 
+$         _distinguished_name = SSL_CONF_DATA
+$         _distinguished_name_upd = "N"
+$     ENDIF
+$!
+$     GET_CONF_DATA "[''_request_name']#default_bits"
+$     IF SSL_CONF_DATA .NES. ""
+$     THEN 
+$         _default_bits = SSL_CONF_DATA
+$     	  _default_bits_upd = "N"
+$     ENDIF
+$!
+$     GET_CONF_DATA "[''_request_name']#default_keyfile"
+$     IF SSL_CONF_DATA .NES. ""
+$     THEN 
+$         _default_keyfile = F$PARSE (SSL_CONF_DATA,"SSL$ROOT:",,"DEVICE") + -
+ 		             F$PARSE (SSL_CONF_DATA,"[KEY]",,"DIRECTORY") + -
+ 		             F$PARSE (SSL_CONF_DATA,"SERVER",,"NAME") + -
+ 		             F$PARSE (SSL_CONF_DATA,".KEY",,"TYPE") 
+$         _default_keyfile_upd = "N"
+$     ENDIF
+$!
+$     GET_CONF_DATA "[''_request_name']#default_crtfile"
+$     IF SSL_CONF_DATA .NES. ""
+$     THEN 
+$         _default_crtfile = F$PARSE (SSL_CONF_DATA,"SSL$ROOT:",,"DEVICE") + -
+ 		             F$PARSE (SSL_CONF_DATA,"[CRT]",,"DIRECTORY") + -
+ 		             F$PARSE (SSL_CONF_DATA,"SERVER",,"NAME") + -
+ 		             F$PARSE (SSL_CONF_DATA,".CRT",,"TYPE") 
+$         _default_crtfile_upd = "N"
+$     ENDIF
+$!
+$     CTR = 0
+$     GET_CONF_DATA "[''_distinguished_name']#countryName"
+$     IF SSL_CONF_DATA .NES. ""
+$     THEN 
+$         _countryName_prompt = SSL_CONF_DATA
+$	  CTR = CTR + 1
+$     ENDIF
+$     GET_CONF_DATA "[''_distinguished_name']#countryName_min"
+$     IF SSL_CONF_DATA .NES. ""
+$     THEN 
+$         _countryName_min = SSL_CONF_DATA
+$	  CTR = CTR + 1
+$     ENDIF
+$     GET_CONF_DATA "[''_distinguished_name']#countryName_max"
+$     IF SSL_CONF_DATA .NES. ""
+$     THEN 
+$         _countryName_max = SSL_CONF_DATA
+$	  CTR = CTR + 1
+$     ENDIF
+$     GET_CONF_DATA "[''_distinguished_name']#countryName_default"
+$     IF SSL_CONF_DATA .NES. ""
+$     THEN 
+$         _countryName_default = SSL_CONF_DATA
+$	  CTR = CTR + 1
+$     ENDIF
+$     IF _countryName_cnt .EQS. CTR THEN _countryName_upd = "N"
+$!
+$     CTR = 0
+$     GET_CONF_DATA "[''_distinguished_name']#stateOrProvinceName"
+$     IF SSL_CONF_DATA .NES. ""
+$     THEN 
+$         _stateOrProvinceName_prompt = SSL_CONF_DATA
+$	  CTR = CTR + 1
+$     ENDIF
+$     GET_CONF_DATA "[''_distinguished_name']#stateOrProvinceName_default"
+$     IF SSL_CONF_DATA .NES. ""
+$     THEN 
+$         _stateOrProvinceName_default = SSL_CONF_DATA
+$	  CTR = CTR + 1
+$     ENDIF
+$     IF _stateOrProvinceName_cnt .EQ. CTR THEN _stateOrProvinceName_upd = "N"
+$!
+$     CTR = 0
+$     GET_CONF_DATA "[''_distinguished_name']#localityName"
+$     IF SSL_CONF_DATA .NES. ""
+$     THEN 
+$         _localityName_prompt = SSL_CONF_DATA
+$	  CTR = CTR + 1
+$     ENDIF
+$     GET_CONF_DATA "[''_distinguished_name']#localityName_default"
+$     IF SSL_CONF_DATA .NES. ""
+$     THEN 
+$         _localityName_default = SSL_CONF_DATA
+$	  CTR = CTR + 1
+$     ENDIF
+$     IF _localityName_cnt .EQ. CTR THEN _localityName_default_upd = "N"
+$!
+$     CTR = 0
+$     GET_CONF_DATA "[''_distinguished_name']#0.organizationName"
+$     IF SSL_CONF_DATA .NES. ""
+$     THEN 
+$         _0organizationName_prompt = SSL_CONF_DATA
+$	  CTR = CTR + 1
+$     ENDIF
+$     GET_CONF_DATA "[''_distinguished_name']#0.organizationName_default"
+$     IF SSL_CONF_DATA .NES. ""
+$     THEN 
+$         _0organizationName_default = SSL_CONF_DATA
+$	  CTR = CTR + 1
+$     ENDIF
+$     IF _0organizationName_cnt .EQ. CTR THEN _0organizationName_default_upd = "N"
+$!
+$     CTR = 0
+$     GET_CONF_DATA "[''_distinguished_name']#organizationalUnitName"
+$     IF SSL_CONF_DATA .NES. ""
+$     THEN 
+$         _organizationalUnitName_prompt = SSL_CONF_DATA
+$	  CTR = CTR + 1
+$     ENDIF
+$     GET_CONF_DATA "[''_distinguished_name']#organizationalUnitName_default"
+$     IF SSL_CONF_DATA .NES. ""
+$     THEN 
+$         _organizationalUnitName_default = SSL_CONF_DATA
+$	  CTR = CTR + 1
+$     ENDIF
+$     IF _organizationalUnitName_cnt .EQ. CTR THEN _organizationalUnitName_upd = "N"
+$!
+$     CTR = 0
+$     GET_CONF_DATA "[''_distinguished_name']#commonName"
+$     IF SSL_CONF_DATA .NES. ""
+$     THEN 
+$         _commonName_prompt = SSL_CONF_DATA
+$	  CTR = CTR + 1
+$     ENDIF
+$     GET_CONF_DATA "[''_distinguished_name']#commonName_max"
+$     IF SSL_CONF_DATA .NES. ""
+$     THEN 
+$         _commonName_max = SSL_CONF_DATA
+$	  CTR = CTR + 1
+$     ENDIF
+$     GET_CONF_DATA "[''_distinguished_name']#commonName_default"
+$     IF SSL_CONF_DATA .NES. ""
+$     THEN 
+$         _commonName_default = SSL_CONF_DATA
+$	  CTR = CTR + 1
+$     ENDIF
+$     IF _commonName_cnt .EQ. CTR THEN _commonName_default_upd = "N"
+$!
+$     CTR = 0
+$     GET_CONF_DATA "[''_distinguished_name']#emailAddress"
+$     IF SSL_CONF_DATA .NES. ""
+$     THEN 
+$         _emailAddress_prompt = SSL_CONF_DATA
+$	  CTR = CTR + 1
+$     ENDIF
+$     GET_CONF_DATA "[''_distinguished_name']#emailAddress_max"
+$     IF SSL_CONF_DATA .NES. ""
+$     THEN 
+$         _emailAddress_max = SSL_CONF_DATA
+$	  CTR = CTR + 1
+$     ENDIF
+$     GET_CONF_DATA "[''_distinguished_name']#emailAddress_default"
+$     IF SSL_CONF_DATA .NES. ""
+$     THEN 
+$         _emailAddress_default = SSL_CONF_DATA
+$	  CTR = CTR + 1
+$     ENDIF
+$     IF _emailAddress_cnt .EQ. CTR THEN _emailAddress_default_upd = "N"
+$ ENDIF
+$!
+$ SET_USER_DATA "[]#encrypt_key#-#N#Encrypt Private Key ?#S##1##Y#N"
+$ SET_USER_DATA "[]#pem_pass_phrase#-##PEM Pass Phrase ?#P#1###Y#Y"
+$ SET_USER_DATA "[''_request_name']#default_bits#D#''_default_bits'#Encryption Bits ?#I###''_default_bits_upd'#Y#N"
+$ SET_USER_DATA "[''_request_name']#default_keyfile#D#''_default_keyfile'#Certificate Key File ?#F###''_default_keyfile_upd'#Y#N"
+$ SET_USER_DATA "[''_request_name']#default_crtfile#D#''_default_crtfile'#Certificate File ?#F###''_default_crtfile_upd'#Y#N"
+$ SET_USER_DATA "[''_request_name']#distinguished_name#D#''_distinguished_name'##S###''_distinguished_name_upd'#N#N"
+$ SET_USER_DATA "[''_distinguished_name']#countryName#P#''_countryName_default'#''_countryName_prompt'#S#''_countryName_min'#''#''_countryName_upd'#Y#N" 
+$ SET_USER_DATA "[''_distinguished_name']#stateOrProvinceName#P#''_stateOrProvinceName_default'#''_stateOrProvinceName_prompt'####''_stateOrProvinceName_upd'#Y#N"
+$ SET_USER_DATA "[''_distinguished_name']#localityName#P#''_localityName_default'#''_localityName_prompt'#S###''_localityName_upd'#Y#N"
+$ SET_USER_DATA "[''_distinguished_name']#0.organizationName#P#''_0organizationName_default'#''_0organizationName_prompt'#S###''_0organizationalName_upd'#Y#N"
+$ SET_USER_DATA "[''_distinguished_name']#organizationalUnitName#P#''_organizationalUnitName_default'#''_organizationalUnitName_prompt#S###''_organizationalUnitName_upd'#Y#N"
+$ SET_USER_DATA "[''_distinguished_name']#commonName#P#''_commonName_default'#''_commonName_prompt'#S##''_commonName_max'#''_commonName_upd'#Y#N"
+$ SET_USER_DATA "[''_distinguished_name']#emailAddress#P#''_emailAddress_default'#''_emailAddress_prompt'#S##''_emailAddress_max'#''_emailAddress_upd'#Y#N"
+$ SET_USER_DATA "[]#display_certificate#-#N#Display the Certificate ?#S##1##Y#N"
+$!
+$ SAY ESC + "[''MSG_ROW';01H", CEOS
+$!
+$!------------------------------------------------------------------------------
+$! Confirm/Update the SSL Configuration Data
+$!------------------------------------------------------------------------------
+$!
+$ CTR = 1
+$!
+$PROMPT_LOOP:
+$!
+$ IF CTR .LE. SSL_USER_DATA_MAX
+$ THEN 
+$     KEY = F$ELEMENT (0,"#",SSL_USER_DATA_'CTR') ! Key Name
+$     ITM = F$ELEMENT (1,"#",SSL_USER_DATA_'CTR') ! Item Name
+$     VAL = F$ELEMENT (2,"#",SSL_USER_DATA_'CTR') ! Item Value Contains Default or Prompt
+$     DEF = F$ELEMENT (3,"#",SSL_USER_DATA_'CTR') ! Default Value
+$     PRM = F$ELEMENT (4,"#",SSL_USER_DATA_'CTR') ! Prompt Value
+$     TYP = F$ELEMENT (5,"#",SSL_USER_DATA_'CTR') ! Value Type
+$     MIN = F$ELEMENT (6,"#",SSL_USER_DATA_'CTR') ! Value Minimum Length
+$     MAX = F$ELEMENT (7,"#",SSL_USER_DATA_'CTR') ! Value Maximum Length
+$     UPD = F$ELEMENT (8,"#",SSL_USER_DATA_'CTR') ! Entry Updated ?
+$     REQ = F$ELEMENT (9,"#",SSL_USER_DATA_'CTR') ! Entry Required for Input ?
+$     CFM = F$ELEMENT (10,"#",SSL_USER_DATA_'CTR')! Confirm Input  ?
+$!
+$! The PEM Pass Phrase prompt is dependant on the answer to encrypt the private key
+$!
+$     IF KEY .EQS. "[]" .AND. ITM .EQS. "pem_pass_phrase"
+$     THEN
+$         GET_USER_DATA "[]#encrypt_key"
+$ 	  _encrypt_key = SSL_USER_DATA
+$         IF F$EDIT (_encrypt_key,"UPCASE") .NES. "Y"
+$	  THEN
+$             CTR = CTR + 1
+$             GOTO PROMPT_LOOP
+$	  ENDIF
+$     ENDIF
+$!
+$     CONFIRMED = 0
+$     IF REQ .EQS. "N"
+$     THEN 
+$         CTR = CTR + 1
+$         GOTO PROMPT_LOOP
+$     ENDIF
+$     IF ROW .GT. MSG_ROW - 2
+$     THEN 
+$         SAY ESC + "[''TOP_ROW';01H", CEOS
+$	  ROW = TOP_ROW
+$     ENDIF
+$!
+$CONFIRM_LOOP:
+$!
+$     IF PRM .EQS. "" 
+$     THEN 
+$         PROMPT = ESC + "[''ROW';''COL'H''ITM' ? [''DEF'] ''CEOL'"
+$     ELSE
+$         PROMPT = ESC + "[''ROW';''COL'H''PRM' [''DEF'] ''CEOL'"
+$     ENDIF
+$     IF TYP .EQS. "P" THEN SET TERMINAL /NOECHO
+$     ASK "''PROMPT'" ANS /END_OF_FILE=EXIT
+$     IF TYP .EQS. "P" THEN SET TERMINAL /ECHO
+$     ANS = F$EDIT (ANS,"TRIM")
+$     IF ANS .EQS. "" THEN ANS = DEF
+$     IF TYP .EQS. "F"
+$     THEN
+$         ANS = F$PARSE ("''ANS'","''DEF'",,,"SYNTAX_ONLY")
+$     ENDIF
+$     IF TYP .EQS. "I" .AND. F$TYPE (ANS) .NES. "INTEGER"
+$     THEN 
+$         CALL INVALID_ENTRY
+$         SAY ESC + "[''ROW';01H", CEOS
+$         GOTO PROMPT_LOOP
+$     ENDIF
+$     IF (TYP .EQS. "S" .OR. TYP .EQS. "P") .AND. -
+         ((MIN .NES. "" .AND. F$LENGTH (ANS) .LT. F$INTEGER(MIN)) .OR. -
+          (MAX .NES. "" .AND. F$LENGTH (ANS) .GT. F$INTEGER(MAX)))
+$     THEN 
+$         CALL INVALID_ENTRY
+$         SAY ESC + "[''ROW';01H", CEOS
+$	  IF TYP .EQS. "S" THEN GOTO PROMPT_LOOP
+$         IF TYP .EQS. "P" THEN GOTO CONFIRM_LOOP
+$     ENDIF
+$     ROW = ROW + 1
+$     IF CFM .EQS. "Y"
+$     THEN
+$         IF CONFIRMED .EQ. 0
+$	  THEN
+$	      CONFIRMED = 1
+$	      CONFIRMED_ANS = ANS
+$	      PRM = "Confirm ''PRM'"
+$	      GOTO CONFIRM_LOOP
+$         ELSE
+$	      IF ANS .NES. CONFIRMED_ANS
+$	      THEN 
+$                 CALL INVALID_ENTRY
+$		  ROW = ROW - 2
+$                 SAY ESC + "[''ROW';01H", CEOS
+$                 GOTO PROMPT_LOOP
+$	      ENDIF
+$         ENDIF
+$     ENDIF
+$     IF ANS .NES. DEF THEN SSL_USER_DATA_'CTR' = "''KEY'#''ITM'#''VAL'#''ANS'#''PRM'#''TYP'#''MIN'#''MAX'#Y#''REQ'#''CFM'"
+$     CTR = CTR + 1
+$     GOTO PROMPT_LOOP
+$ ENDIF
+$!
+$!------------------------------------------------------------------------------
+$! Save the SSL Configuration Data
+$!------------------------------------------------------------------------------
+$!
+$ CTR = 1
+$ SAY ESC + "[''MSG_ROW';01H", BLNK, " Saving Configuration ...", NORM
+$!
+$SAVE_CONF_LOOP:
+$!
+$ IF CTR .LE. SSL_USER_DATA_MAX
+$ THEN 
+$     KEY = F$ELEMENT (0,"#",SSL_USER_DATA_'CTR') ! Key Name
+$     ITM = F$ELEMENT (1,"#",SSL_USER_DATA_'CTR') ! Item Name
+$     VAL = F$ELEMENT (2,"#",SSL_USER_DATA_'CTR') ! Item Value Contains Default or Prompt
+$     DEF = F$ELEMENT (3,"#",SSL_USER_DATA_'CTR') ! Default Value
+$     PRM = F$ELEMENT (4,"#",SSL_USER_DATA_'CTR') ! Prompt Value
+$     TYP = F$ELEMENT (5,"#",SSL_USER_DATA_'CTR') ! Value Type
+$     MIN = F$ELEMENT (6,"#",SSL_USER_DATA_'CTR') ! Value Minimum Length
+$     MAX = F$ELEMENT (7,"#",SSL_USER_DATA_'CTR') ! Value Maximum Length
+$     UPD = F$ELEMENT (8,"#",SSL_USER_DATA_'CTR') ! Entry Updated ?
+$     REQ = F$ELEMENT (9,"#",SSL_USER_DATA_'CTR') ! Entry Required for Input ?
+$     CFM = F$ELEMENT (10,"#",SSL_USER_DATA_'CTR')! Confirm Input ?
+$     IF UPD .NES. "Y" .OR. VAL .EQS. "-"
+$     THEN 
+$         CTR = CTR + 1
+$         GOTO SAVE_CONF_LOOP
+$     ENDIF
+$     IF VAL .EQS. "D"
+$     THEN 
+$         SET_CONF_DATA "''KEY'#''ITM'" "''DEF'"
+$     ELSE
+$         SET_CONF_DATA "''KEY'#''ITM'" "''PRM'"
+$         SET_CONF_DATA "''KEY'#''ITM'_default" "''DEF'"
+$     ENDIF
+$     IF MIN .NES. "" THEN SET_CONF_DATA "''KEY'#''ITM'_min" "''MIN'"
+$     IF MAX .NES. "" THEN SET_CONF_DATA "''KEY'#''ITM'_max" "''MAX'"
+$     CTR = CTR + 1
+$     GOTO SAVE_CONF_LOOP
+$ ENDIF
+$!
+$ PURGE /NOLOG /NOCONFIRM 'SSL_CONF_FILE'
+$ RENAME 'SSL_CONF_FILE'; ;1
+$!
+$ SAY ESC + "[''MSG_ROW';01H", CEOS
+$!
+$!------------------------------------------------------------------------------
+$! Create the Server Certificiate
+$!------------------------------------------------------------------------------
+$!
+$ SAY ESC + "[''MSG_ROW';01H", BLNK, " Creating Self-Signed Certificate ...", NORM
+$!
+$ X1 = 2
+$ Y1 = TOP_ROW
+$ X2 = TT_COLS - 2
+$ Y2 = MSG_ROW - 1
+$!
+$ GET_USER_DATA "[]#encrypt_key"
+$ _encrypt_key = SSL_USER_DATA
+$ IF F$EDIT (_encrypt_key,"UPCASE") .EQS. "Y"
+$ THEN 
+$     GET_USER_DATA "[]#pem_pass_phrase"
+$     _pem_pass_phrase = SSL_USER_DATA
+$ ENDIF
+$ GET_USER_DATA "[''_request_name']#default_bits"
+$ _default_bits = SSL_USER_DATA
+$ GET_USER_DATA "[''_request_name']#default_keyfile"
+$ _default_keyfile = SSL_USER_DATA
+$ GET_USER_DATA "[''_request_name']#default_crtfile"
+$ _default_crtfile = SSL_USER_DATA
+$ GET_USER_DATA "[]#display_certificate"
+$ _display_certificate = SSL_USER_DATA
+$!
+$ DEFINE /USER /NOLOG SYS$ERROR  NL:
+$ DEFINE /USER /NOLOG SYS$OUTPUT NL:
+$ SHOW SYSTEM /FULL /OUT=SYS$LOGIN:SSL_REQ_'PID'.RND
+$!
+$ OPEN /WRITE OFILE SYS$LOGIN:SSL_REQ_'PID'.COM
+$ WRITE OFILE "$ DEFINE /USER /NOLOG RANDFILE    SYS$LOGIN:SSL_REQ_''PID'.RND"
+$ WRITE OFILE "$ DEFINE /USER /NOLOG SYS$ERROR   SYS$LOGIN:SSL_REQ_''PID'.LOG"
+$ WRITE OFILE "$ DEFINE /USER /NOLOG SYS$OUTPUT  SYS$LOGIN:SSL_REQ_''PID'.LOG"
+$ WRITE OFILE "$ DEFINE /USER /NOLOG SYS$COMMAND SYS$INPUT"
+$ IF F$EDIT (_encrypt_key,"UPCASE") .EQS. "Y"
+$ THEN 
+$     WRITE OFILE "$ OPENSSL req -config ''SSL_CONF_FILE' -new -days 365 -x509 -keyout ''_default_keyfile' -out ''_default_crtfile'"
+$     WRITE OFILE "''_pem_pass_phrase'"
+$     WRITE OFILE "''_pem_pass_phrase'"
+$ ELSE
+$     WRITE OFILE "$ OPENSSL req -config ''SSL_CONF_FILE' -nodes -new -days 365 -x509 -keyout ''_default_keyfile' -out ''_default_crtfile'"
+$ ENDIF
+$ WRITE OFILE ""
+$ WRITE OFILE ""
+$ WRITE OFILE ""
+$ WRITE OFILE ""
+$ WRITE OFILE ""
+$ WRITE OFILE ""
+$ WRITE OFILE ""
+$ CLOSE OFILE
+$!
+$ @SYS$LOGIN:SSL_REQ_'PID'.COM
+$!
+$ DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_REQ_'PID'.COM;*
+$!
+$ DEFINE /USER /NOLOG SYS$ERROR  NL:
+$ DEFINE /USER /NOLOG SYS$OUTPUT NL:
+$ SEARCH SYS$LOGIN:SSL_REQ_'PID'.LOG /OUT=SYS$LOGIN:SSL_REQ_'PID'.ERR ":error:"
+$ IF F$SEARCH ("SYS$LOGIN:SSL_REQ_''PID'.ERR") .NES. "" 
+$ THEN 
+$     IF F$FILE_ATTRIBUTE ("SYS$LOGIN:SSL_REQ_''PID'.ERR","ALQ") .NE. 0
+$     THEN 
+$         DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_REQ_'PID'.ERR;*
+$         SAY ESC + "[''MSG_ROW';01H''BELL'''CEOS'"
+$         SHOW_FILE "SYS$LOGIN:SSL_REQ_''PID'.LOG" 'X1' 'Y1' 'X2' 'Y2' "< ERROR >"
+$         DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_REQ_'PID'.LOG;*
+$         GOTO EXIT
+$     ENDIF
+$     DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_REQ_'PID'.ERR;*
+$ ENDIF
+$!
+$ DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_REQ_'PID'.LOG;*
+$! 
+$ IF F$EDIT (_display_certificate,"TRIM,UPCASE") .EQS. "Y"
+$ THEN 
+$     SAY ESC + "[''MSG_ROW';01H", BLNK, " Generating Output ...", NORM, CEOL
+$!
+$     OPEN /WRITE OFILE SYS$LOGIN:SSL_X509_'PID'.COM
+$     WRITE OFILE "$ DEFINE /USER /NOLOG SYS$ERROR   SYS$LOGIN:SSL_X509_''PID'.LOG"
+$     WRITE OFILE "$ DEFINE /USER /NOLOG SYS$OUTPUT  SYS$LOGIN:SSL_X509_''PID'.LOG"
+$     WRITE OFILE "$ DEFINE /USER /NOLOG SYS$COMMAND SYS$INPUT"
+$     WRITE OFILE "$ OPENSSL x509 -noout -text -in ''_default_crtfile'"
+$     CLOSE OFILE
+$!
+$     @SYS$LOGIN:SSL_X509_'PID'.COM
+$!
+$     DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_X509_'PID'.COM;*
+$!
+$     DEFINE /USER /NOLOG SYS$ERROR  NL:
+$     DEFINE /USER /NOLOG SYS$OUTPUT NL:
+$     SEARCH SYS$LOGIN:SSL_X509_'PID'.LOG /OUT=SYS$LOGIN:SSL_X509_'PID'.ERR ":error:"
+$     IF F$SEARCH ("SYS$LOGIN:SSL_X509_''PID'.ERR") .NES. "" 
+$     THEN 
+$         IF F$FILE_ATTRIBUTE ("SYS$LOGIN:SSL_X509_''PID'.ERR","ALQ") .NE. 0
+$         THEN 
+$             DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_X509_'PID'.ERR;*
+$             SAY ESC + "[''MSG_ROW';01H''BELL'''CEOS'"
+$             SHOW_FILE "SYS$LOGIN:SSL_X509_''PID'.LOG" 'X1' 'Y1' 'X2' 'Y2' "< ERROR >" 
+$             DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_X509_'PID'.LOG;*
+$             GOTO EXIT
+$         ENDIF
+$         DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_X509_'PID'.ERR;*
+$     ENDIF
+$!
+$     SAY ESC + "[''MSG_ROW';01H''CEOS'"
+$     SHOW_FILE "SYS$LOGIN:SSL_X509_''PID'.LOG" 'X1' 'Y1' 'X2' 'Y2' "< ''_default_crtfile' >" 
+$     DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_X509_'PID'.LOG;*
+$     GOTO EXIT
+$ ENDIF
+$!
+$ TEXT = "Press return to continue"
+$ COL = (TT_COLS - F$LENGTH (TEXT)) / 2
+$!
+$ SAY ESC + "[''MSG_ROW';01H", CEOS
+$ PROMPT = ESC + "[''MSG_ROW';''COL'H''TEXT'"
+$ ASK "''PROMPT'" OPT
+$!
+$GOTO EXIT
+z$!
+$!------------------------------------------------------------------------------
+$! Set the User Data
+$!------------------------------------------------------------------------------
+$!
+$SET_USER_DATA: SUBROUTINE
+$!
+$ IF F$TYPE (SSL_USER_DATA_MAX) .EQS. ""
+$ THEN
+$     SSL_USER_DATA_MAX == 1
+$ ELSE
+$     SSL_USER_DATA_MAX == SSL_USER_DATA_MAX + 1
+$ ENDIF
+$!
+$ SSL_USER_DATA_'SSL_USER_DATA_MAX' == "''P1'"
+$!
+$ EXIT
+$!
+$ ENDSUBROUTINE
+$!
+$!------------------------------------------------------------------------------
+$! Find the Request Data
+$!------------------------------------------------------------------------------
+$!
+$GET_USER_DATA: SUBROUTINE
+$!
+$ CTR = 1
+$ USER_KEY = F$ELEMENT (0,"#",P1)
+$ USER_ITM = F$ELEMENT (1,"#",P1)
+$!
+$GET_USER_DATA_LOOP:
+$!
+$ IF CTR .LE. SSL_USER_DATA_MAX
+$ THEN
+$     KEY = F$ELEMENT (0,"#",SSL_USER_DATA_'CTR') ! Key Name
+$     ITM = F$ELEMENT (1,"#",SSL_USER_DATA_'CTR') ! Item Name
+$     VAL = F$ELEMENT (2,"#",SSL_USER_DATA_'CTR') ! Item Value Contains Default or Prompt
+$     DEF = F$ELEMENT (3,"#",SSL_USER_DATA_'CTR') ! Default Value
+$     PRM = F$ELEMENT (4,"#",SSL_USER_DATA_'CTR') ! Prompt Value
+$     IF USER_KEY .NES. KEY .OR. USER_ITM .NES. ITM
+$     THEN 
+$         CTR = CTR + 1
+$         GOTO GET_USER_DATA_LOOP
+$     ENDIF
+$     IF VAL .EQS. "-" THEN SSL_USER_DATA == "''DEF'"
+$     IF VAL .EQS. "D" THEN SSL_USER_DATA == "''DEF'"
+$     IF VAL .EQS. "P" THEN SSL_USER_DATA == "''PRM'"
+$ ENDIF
+$!
+$ EXIT
+$!
+$ ENDSUBROUTINE
+$!
+$!------------------------------------------------------------------------------
+$! Delete the User Data
+$!------------------------------------------------------------------------------
+$!
+$DEL_USER_DATA: SUBROUTINE
+$!
+$ IF F$TYPE (SSL_USER_DATA_MAX) .EQS. "" THEN GOTO DEL_USER_DATA_END
+$!
+$DEL_USER_DATA_LOOP:
+$!
+$ IF F$TYPE (SSL_USER_DATA_'SSL_USER_DATA_MAX') .NES. "" 
+$ THEN
+$     DELETE /SYMBOL /GLOBAL SSL_USER_DATA_'SSL_USER_DATA_MAX'
+$     SSL_USER_DATA_MAX == SSL_USER_DATA_MAX - 1
+$     GOTO DEL_USER_DATA_LOOP
+$ ENDIF
+$!
+$ DELETE /SYMBOL /GLOBAL SSL_USER_DATA_MAX
+$!
+$DEL_USER_DATA_END:
+$!
+$ IF F$TYPE (SSL_USER_DATA) .NES. "" THEN DELETE /SYMBOL /GLOBAL SSL_USER_DATA
+$!
+$ EXIT
+$!
+$ ENDSUBROUTINE
+$!
+$!------------------------------------------------------------------------------
+$! Display the invalid entry 
+$!------------------------------------------------------------------------------
+$!
+$INVALID_ENTRY: SUBROUTINE
+$!
+$ SAY ESC + "[''MSG_ROW';01H", BELL, " Invalid Entry, Try again ...''CEOL'"
+$ Wait 00:00:01.5
+$ SAY ESC + "[''MSG_ROW';01H", CEOL
+$!
+$ EXIT
+$!
+$ ENDSUBROUTINE
+$!
+$!------------------------------------------------------------------------------
+$!
+$!------------------------------------------------------------------------------
+$!
+$EXIT:
+$!
+$ DEFINE /USER /NOLOG SYS$ERROR  NL:
+$ DEFINE /USER /NOLOG SYS$OUTPUT NL:
+$ CLOSE OFILE
+$!
+$ DEL_USER_DATA
+$!
+$ IF F$TYPE (SSL_CONF_DATA) .NES. "" THEN DELETE /SYMBOL /GLOBAL SSL_CONF_DATA
+$!
+$ IF F$GETDVI ("TT:","TT_NOECHO") .AND. .NOT. TT_NOECHO THEN SET TERMINAL /ECHO
+$!
+$ IF F$SEARCH ("SYS$LOGIN:SSL_REQ_''PID'.%%%;*") .NES. "" THEN DELETE/NOLOG/NOCONFIRM SYS$LOGIN:SSL_REQ_'PID'.%%%;*
+$ IF F$SEARCH ("SYS$LOGIN:SSL_X509_''PID'.%%%;*") .NES. "" THEN DELETE/NOLOG/NOCONFIRM SYS$LOGIN:SSL_X509_'PID'.%%%;*
+$!
+$ Verify = F$VERIFY (Verify)
+$!
+$ EXIT
--- a/VMS/cert_tool/ssl$show_file.com
+++ b/VMS/cert_tool/ssl$show_file.com
@@ -0,0 +1,205 @@
+$!
+$!------------------------------------------------------------------------------
+$! SSL$SHOW_FILE.COM - SSL Show File procedure
+$!------------------------------------------------------------------------------
+$!
+$ Verify = F$VERIFY (0)
+$ Set NoOn
+$ Set NoControl=Y
+$!
+$!------------------------------------------------------------------------------
+$! Description 
+$!------------------------------------------------------------------------------
+$!
+$! This procedure display the contents of a given file in a box size specified.
+$!
+$! The parameters used are:
+$!
+$! 	P1	- File to View
+$! 	P2	- X1 coordinate
+$! 	P3	- Y1 coordinate
+$! 	P4	- X2 coordinate
+$! 	P5	- Y3 coordinate
+$! 	P6	- File Box Title (Optional)
+$!
+$!------------------------------------------------------------------------------
+$! Define symbols
+$!------------------------------------------------------------------------------
+$!
+$ SAY := WRITE SYS$OUTPUT
+$ ASK := READ SYS$COMMAND /END_OF_FILE=EXIT /PROMPT=
+$ On Control_Y THEN GOTO EXIT
+$ Set Control=Y
+$!
+$ DRAW_BOX := @SSL$COM:SSL$DRAW_BOX
+$ FILL_BOX := @SSL$COM:SSL$FILL_BOX
+$!
+$ ESC[0,8] = 27 	! Set the Escape Character
+$ CEOL = ESC + "[0K"	! Clear to the End of the Line
+$ NORM = ESC + "[0m"	! Turn Attributes off
+$ BOLD = ESC + "[1m"    ! Turn on BOLD Attribute
+$!
+$!------------------------------------------------------------------------------
+$! Display the Page Header
+$!------------------------------------------------------------------------------
+$!
+$ REC_MAX = 0
+$ OPEN /READ IFILE 'P1' 
+$!
+$READ_LOOP:
+$!
+$ READ /END_OF_FILE=READ_END IFILE IREC
+$ REC_MAX = REC_MAX + 1
+$ REC_'REC_MAX' = IREC
+$ GOTO READ_LOOP
+$!
+$READ_END:
+$!
+$ CLOSE IFILE
+$!
+$ IF REC_MAX .EQ. 0
+$ THEN 
+$     DRAW_BOX 'P2' 'P3' 'P4' 'P5' "''P6'" " ** End-of-File **, Press Return to Exit "
+$     INPUT_ROW = P5 + 1
+$     PROMPT = ESC + "[''INPUT_ROW';01H ''CEOL'"
+$     ASK "''PROMPT'" OPT
+$     GOTO EXIT
+$ ENDIF
+$!
+$ COL = P2 + 2
+$ ROW = P3 + 2
+$ TOP_ROW = ROW
+$ INPUT_ROW = P5 + 1
+$ BOX_WIDTH = P4 - (P2 + 2)
+$ BOX_HEIGHT = P5 - (P3 + 3)
+$!
+$ REC_CTR = 1
+$ PAGE_CTR = 1
+$ PAGE_'PAGE_CTR'_REC_CTR = REC_CTR
+$ RECS_PER_PAGE = BOX_HEIGHT
+$ PAGE_MAX = REC_MAX / RECS_PER_PAGE
+$ IF PAGE_MAX * RECS_PER_PAGE .LT. REC_MAX THEN PAGE_MAX = PAGE_MAX + 1
+$!
+$ DRAW_BOX 'P2' 'P3' 'P4' 'P5' "''P6'" " Enter B for Back, N for Next, Ctrl-Z to Exit "
+$ PAGE_TXT = F$FAO (" Page !UL of !UL ", PAGE_CTR, PAGE_MAX)
+$ _COL = P2 + (BOX_WIDTH - F$LENGTH (PAGE_TXT)) + 2
+$ SAY ESC + "[''P3';''_COL'H''BOLD'''PAGE_TXT'''NORM'"
+$!
+$DISPLAY_LOOP:
+$!
+$ IF REC_CTR .LE. REC_MAX .AND. F$TYPE (REC_'REC_CTR') .NES. ""
+$ THEN 
+$     REC = REC_'REC_CTR'
+$ ENDIF
+$ WRAP_IN_PROGRESS = 0
+$!
+$WRAP_LOOP:
+$!
+$ IF ROW .LE. (P5 - 2) .AND. -
+     REC_CTR .LE. PAGE_CTR * RECS_PER_PAGE
+$ THEN
+$     IF F$LENGTH (REC) .GT. BOX_WIDTH  
+$     THEN 
+$ 	  IF WRAP_IN_PROGRESS .EQ. 0
+$	  THEN
+$	      WRAP_IN_PROGRESS = 1
+$	      _COL = COL
+$	  ELSE
+$	      _COL = COL - 1
+$	  ENDIF
+$	  REC_SEG = F$EXTRACT (0, BOX_WIDTH, REC)
+$         SAY ESC + "[''ROW';''_COL'H", REC_SEG
+$         REC = ">" + F$EXTRACT (BOX_WIDTH, F$LENGTH (REC)-BOX_WIDTH, REC)
+$         ROW = ROW + 1
+$	  GOTO WRAP_LOOP
+$     ELSE
+$         IF REC_CTR .LE. REC_MAX .AND. F$TYPE (REC_'REC_CTR') .NES. ""
+$         THEN 
+$ 	      IF WRAP_IN_PROGRESS .EQ. 1
+$	      THEN
+$		  _COL = COL - 1
+$	      ELSE
+$		  _COL = COL
+$	      ENDIF
+$             SAY ESC + "[''ROW';''_COL'H", REC
+$	  ENDIF
+$     ENDIF
+$ ELSE
+$!
+$RETRY:
+$!
+$     PROMPT = ESC + "[''INPUT_ROW';01H ''CEOL'"
+$     ASK "''PROMPT'" OPT
+$     IF F$EDIT (OPT,"TRIM,UPCASE") .NES. "B" .AND. -
+	 F$EDIT (OPT,"TRIM,UPCASE") .NES. "N" 
+$     THEN
+$         CALL INVALID_ENTRY
+$	  GOTO RETRY
+$     ENDIF
+$     IF F$EDIT (OPT,"TRIM,UPCASE") .EQS. "B"
+$     THEN
+$	  IF PAGE_CTR .GT. 1
+$	  THEN
+$ 	      ROW = TOP_ROW
+$	      PAGE_CTR = PAGE_CTR - 1
+$ 	      REC_CTR = PAGE_'PAGE_CTR'_REC_CTR
+$             PAGE_TXT = F$FAO (" Page !UL of !UL ", PAGE_CTR, PAGE_MAX)
+$             _COL = P2 + (BOX_WIDTH - F$LENGTH (PAGE_TXT)) + 2
+$             SAY ESC + "[''P3';''_COL'H''BOLD'''PAGE_TXT'''NORM'"
+$             FILL_BOX 'P2' 'P3' 'P4' 'P5'
+$	      GOTO DISPLAY_LOOP
+$	  ELSE
+$             CALL INVALID_ENTRY
+$	      GOTO RETRY
+$         ENDIF
+$     ENDIF
+$     IF F$EDIT (OPT,"TRIM,UPCASE") .EQS. "N"
+$     THEN
+$	  IF PAGE_CTR .LT. PAGE_MAX
+$	  THEN
+$	      PAGE_CTR = PAGE_CTR + 1
+$ 	      PAGE_'PAGE_CTR'_REC_CTR = REC_CTR
+$             PAGE_TXT = F$FAO (" Page !UL of !UL ", PAGE_CTR, PAGE_MAX)
+$             _COL = P2 + (BOX_WIDTH - F$LENGTH (PAGE_TXT)) + 2
+$             SAY ESC + "[''P3';''_COL'H''BOLD'''PAGE_TXT'''NORM'"
+$             FILL_BOX 'P2' 'P3' 'P4' 'P5'
+$	  ELSE
+$             CALL INVALID_ENTRY
+$	      GOTO RETRY
+$         ENDIF
+$     ENDIF
+$     FILL_BOX 'P2' 'P3' 'P4' 'P5'
+$     ROW = TOP_ROW
+$     GOTO WRAP_LOOP
+$ ENDIF
+$ REC_CTR = REC_CTR + 1
+$ ROW = ROW + 1
+$ GOTO DISPLAY_LOOP
+$!
+$!------------------------------------------------------------------------------
+$! Display the invalid entry 
+$!------------------------------------------------------------------------------
+$!
+$INVALID_ENTRY: SUBROUTINE
+$!
+$ SAY ESC + "[''INPUT_ROW';01H", BELL, " Invalid Entry, Try again ...''CEOL'"
+$ Wait 00:00:01.5
+$ SAY ESC + "[''INPUT_ROW';01H", CEOL
+$!
+$ EXIT
+$!
+$ ENDSUBROUTINE
+$!
+$!------------------------------------------------------------------------------
+$! Exit 
+$!------------------------------------------------------------------------------
+$!
+$EXIT:
+$!
+$ DEFINE /USER /NOLOG SYS$ERROR  NL:
+$ DEFINE /USER /NOLOG SYS$OUTPUT NL:
+$ CLOSE IFILE
+$!
+$ Verify = F$VERIFY (Verify)
+$!
+$ EXIT
--- a/VMS/cert_tool/ssl$sign_cert.com
+++ b/VMS/cert_tool/ssl$sign_cert.com
@@ -0,0 +1,759 @@
+$!
+$!------------------------------------------------------------------------------
+$! SSL$SIGN_CERT.COM - SSL Sign Certificate Request procedure
+$!------------------------------------------------------------------------------
+$!
+$ Verify = F$VERIFY (0)
+$ Set NoOn
+$ Set NoControl=Y
+$!
+$!------------------------------------------------------------------------------
+$! Description 
+$!------------------------------------------------------------------------------
+$!
+$! This procedure prompts the user through creating a Server Certificate.
+$!
+$! There are no parameters used.
+$!
+$!------------------------------------------------------------------------------
+$! Define symbols
+$!------------------------------------------------------------------------------
+$!
+$ DELETE := DELETE
+$ SAY := WRITE SYS$OUTPUT
+$ ASK := READ SYS$COMMAND /END_OF_FILE=EXIT /PROMPT=
+$ PID = F$GETJPI ("","PID")
+$ TT_NOECHO = F$GETDVI ("TT:","TT_NOECHO")
+$ On Control_Y THEN GOTO EXIT
+$ Set Control=Y
+$!
+$ TT_ROWS = F$GETDVI ("TT:","TT_PAGE")
+$ TT_COLS = F$GETDVI ("TT:","DEVBUFSIZ")
+$!
+$ GET_USER_DATA := CALL GET_USER_DATA
+$ SET_USER_DATA := CALL SET_USER_DATA
+$ DEL_USER_DATA := CALL DEL_USER_DATA
+$ INIT_TERM := @SSL$COM:SSL$INIT_TERM
+$ SHOW_FILE := @SSL$COM:SSL$SHOW_FILE 
+$ SSL_CONF_FILE = F$TRNLMN ("SSL$CA_CONF")
+$ GET_CONF_DATA := @SSL$COM:SSL$CONF_UTIL 'SSL_CONF_FILE' GET
+$ SET_CONF_DATA := @SSL$COM:SSL$CONF_UTIL 'SSL_CONF_FILE' SET
+$!
+$ ESC[0,8] = 27 	! Set the Escape Character
+$ BELL[0,8] = 7 	! Ring the terminal Bell
+$ RED = 1		! Color - Red
+$ FGD = 30		! Foreground
+$ BGD = 0		! Background
+$ CSCR = ESC + "[2J"	! Clear the Screen 
+$ CEOS = ESC + "[0J"	! Clear to the End of the Screen 
+$ CEOL = ESC + "[0K"	! Clear to the End of the Line
+$ NORM = ESC + "[0m"	! Turn Attributes off
+$ BLNK = ESC + "[5m"    ! Turn on BLINK Attribute
+$ WIDE = ESC + "#6"     ! Turn on WIDE Attribute
+$!
+$!------------------------------------------------------------------------------
+$! Run the SSL setup if it hasn't been run yet
+$!------------------------------------------------------------------------------
+$!
+$ IF F$TRNLNM ("SSL$ROOT") .EQS. ""
+$ THEN
+$     IF F$SEARCH ("SSL$COM:SSL$INIT_ENV.COM") .NES. ""
+$     THEN 
+$         @SSL$COM:SSL$INIT_ENV.COM
+$     ELSE
+$         SAY BELL, "Unable to locate SSL$COM:SSL$INIT_ENV.COM ..."
+$	  GOTO EXIT
+$     ENDIF
+$ ENDIF
+$!
+$!------------------------------------------------------------------------------
+$! Display the Page Header
+$!------------------------------------------------------------------------------
+$!
+$ INIT_TERM
+$ BCOLOR = BGD
+$ FCOLOR = FGD + RED
+$ COLOR = ESC + "[''BCOLOR';''FCOLOR'm"
+$!
+$ TEXT = "SSL Certificate Tool"
+$ COL = (TT_COLS - (F$LENGTH (TEXT) * 2)) / 4
+$!
+$ SAY ESC + "[01;01H", CSCR
+$ SAY ESC + "[02;''COL'H", COLOR, WIDE, TEXT, NORM
+$!
+$ TEXT = "Sign Certificate Request"
+$ COL = (TT_COLS - F$LENGTH (TEXT)) / 2
+$!
+$ SAY ESC + "[04;01H"
+$ SAY ESC + "[04;''COL'H", COLOR, TEXT, NORM
+$!
+$ CTR = 1
+$ ROW = 6
+$ COL = 2
+$ TOP_ROW = ROW
+$ MSG_ROW = TT_ROWS - 1
+$!
+$!------------------------------------------------------------------------------
+$! Initialize the Request Data
+$!------------------------------------------------------------------------------
+$!
+$ IF F$SEARCH ("''SSL_CONF_FILE'") .NES. ""
+$ THEN 
+$     SAY ESC + "[''MSG_ROW';01H", BLNK, " Reading Configuration ...", NORM
+$ ELSE
+$     SAY ESC + "[''MSG_ROW';01H", BLNK, " Initializing Configuration ...", NORM
+$ ENDIF
+$!
+$ _ca = "ca"
+$!
+$ _default_ca = "CA_default_ca"
+$ _default_ca_upd = "Y"
+$!
+$ _default_serfile = "SSL$DB:SERIAL.TXT"
+$ _default_serfile_upd = "Y"
+$!
+$ _default_idxfile = "SSL$DB:INDEX.TXT"
+$ _default_idxfile_upd = "Y"
+$!
+$ _default_crtfile = "SSL$CRT:SERVER_CA.CRT"
+$ _default_crtfile_upd = "Y"
+$!
+$ _default_keyfile = "SSL$KEY:SERVER_CA.KEY"
+$ _default_keyfile_upd = "Y"
+$!
+$ _default_csrfile = "SSL$CSR:SERVER.CSR"
+$ _default_csrfile_upd = "Y"
+$!
+$ _default_sgnfile = "SSL$CRT:SIGNED.CRT"
+$ _default_sgnfile_upd = "Y"
+$!
+$ _default_newcert = "SSL$CRT"
+$ _default_newcert_upd = "Y"
+$!
+$ _default_md = "md5"
+$ _default_md_upd = "Y"
+$!
+$ _default_days = "365"
+$ _default_days_upd = "Y"
+$!
+$ _default_policy = "policy_anything"
+$ _default_policy_upd = "Y"
+$!
+$ _policy_countryName = "optional"
+$ _policy_countryName_upd = "Y"
+$!
+$ _policy_stateOrProvinceName = "optional"
+$ _policy_stateOrProvinceName_upd = "Y"
+$!
+$ _policy_localityName = "optional"
+$ _policy_localityName_upd = "Y"
+$!
+$ _policy_organizationName = "optional"
+$ _policy_organizationName_upd = "Y"
+$!
+$ _policy_organizationalUnitName = "optional"
+$ _policy_organizationalUnitName_upd = "Y"
+$!
+$ _policy_commonName = "supplied"
+$ _policy_commonName_upd = "Y"
+$!
+$ _policy_emailAddress = "optional"
+$ _policy_emailAddress_upd = "Y"
+$!
+$ _default_x509_extensions = "CA_x509_extensions"
+$ _default_x509_extensions_upd = "Y"
+$!
+$ _x509_basicContraints = "CA:FALSE"
+$ _x509_basicContraints_upd = "Y"
+$!
+$ _x509_nsCertType = "client,email,objsign,server"
+$ _x509_nsCertType_upd = "Y"
+$!
+$ _x509_nsComment = "SSL Generated Certificate"
+$ _x509_nsComment_upd = "Y"
+$!
+$ _x509_subjectKeyIdentifier = "hash"
+$ _x509_subjectKeyIdentifier_upd = "Y"
+$!
+$ _x509_authorityKeyIdentifier = "keyid,issuer:always"
+$ _x509_authorityKeyIdentifier_upd = "Y"
+$!
+$ IF F$SEARCH ("''SSL_CONF_FILE'") .NES. ""
+$ THEN 
+$     GET_CONF_DATA "[''_ca']#default_ca"
+$     IF SSL_CONF_DATA .NES. ""
+$     THEN 
+$         _default_ca = SSL_CONF_DATA
+$         _default_ca_upd = "N"
+$     ENDIF
+$!
+$     GET_CONF_DATA "[''_default_ca']#serial"
+$     IF SSL_CONF_DATA .NES. ""
+$     THEN
+$         _default_serfile = F$PARSE (SSL_CONF_DATA,"SSL$ROOT:",,"DEVICE") + -
+ 		             F$PARSE (SSL_CONF_DATA,"[DB]",,"DIRECTORY") + -
+ 		             F$PARSE (SSL_CONF_DATA,"SERIAL",,"NAME") + -
+ 		             F$PARSE (SSL_CONF_DATA,".TXT",,"TYPE") 
+$         _default_serfile_upd = "N"
+$     ENDIF
+$!
+$     GET_CONF_DATA "[''_default_ca']#database"
+$     IF SSL_CONF_DATA .NES. ""
+$     THEN
+$         _default_idxfile = F$PARSE (SSL_CONF_DATA,"SSL$ROOT:",,"DEVICE") + -
+ 		             F$PARSE (SSL_CONF_DATA,"[DB]",,"DIRECTORY") + -
+ 		             F$PARSE (SSL_CONF_DATA,"INDEX",,"NAME") + -
+ 		             F$PARSE (SSL_CONF_DATA,".TXT",,"TYPE") 
+$         _default_idxfile_upd = "N"
+$     ENDIF
+$!
+$     GET_CONF_DATA "[''_default_ca']#certificate"
+$     IF SSL_CONF_DATA .NES. ""
+$     THEN
+$         _default_crtfile = F$PARSE (SSL_CONF_DATA,"SSL$ROOT:",,"DEVICE") + -
+ 		             F$PARSE (SSL_CONF_DATA,"[CRT]",,"DIRECTORY") + -
+ 		             F$PARSE (SSL_CONF_DATA,"SERVER_CA",,"NAME") + -
+ 		             F$PARSE (SSL_CONF_DATA,".CRT",,"TYPE") 
+$         _default_crtfile_upd = "N"
+$     ENDIF
+$!
+$     GET_CONF_DATA "[''_default_ca']#private_key"
+$     IF SSL_CONF_DATA .NES. ""
+$     THEN
+$         _default_keyfile = F$PARSE (SSL_CONF_DATA,"SSL$ROOT:",,"DEVICE") + -
+ 		             F$PARSE (SSL_CONF_DATA,"[KEY]",,"DIRECTORY") + -
+ 		             F$PARSE (SSL_CONF_DATA,"SERVER_CA",,"NAME") + -
+ 		             F$PARSE (SSL_CONF_DATA,".KEY",,"TYPE") 
+$         _default_keyfile_upd = "N"
+$     ENDIF
+$!
+$     GET_CONF_DATA "[''_default_ca']#new_certs_dir"
+$     IF SSL_CONF_DATA .NES. ""
+$     THEN
+$         _default_newcert = SSL_CONF_DATA
+$         _default_newcert_upd = "N"
+$     ENDIF
+$!
+$     GET_CONF_DATA "[''_default_ca']#default_md"
+$     IF SSL_CONF_DATA .NES. ""
+$     THEN
+$         _default_md = SSL_CONF_DATA
+$         _default_md_upd = "N"
+$     ENDIF
+$!
+$     GET_CONF_DATA "[''_default_ca']#default_days"
+$     IF SSL_CONF_DATA .NES. ""
+$     THEN
+$         _default_days = SSL_CONF_DATA
+$         _default_days_upd = "N"
+$     ENDIF
+$!
+$     GET_CONF_DATA "[''_default_ca']#policy"
+$     IF SSL_CONF_DATA .NES. ""
+$     THEN
+$         _default_policy = SSL_CONF_DATA
+$         _default_policy_upd = "N"
+$     ENDIF
+$!
+$     GET_CONF_DATA "[''_default_policy']#countryName"
+$     IF SSL_CONF_DATA .NES. ""
+$     THEN
+$         _policy_countryName = SSL_CONF_DATA
+$         _policy_countryName_upd = "N"
+$     ENDIF
+$!
+$     GET_CONF_DATA "[''_default_policy']#stateOrProvinceName"
+$     IF SSL_CONF_DATA .NES. ""
+$     THEN
+$         _policy_stateOrProvinceName = SSL_CONF_DATA
+$         _policy_stateOrProvinceName_upd = "N"
+$     ENDIF
+$!
+$     GET_CONF_DATA "[''_default_policy']#localityName"
+$     IF SSL_CONF_DATA .NES. ""
+$     THEN
+$         _policy_localityName = SSL_CONF_DATA
+$         _policy_localityName_upd = "N"
+$     ENDIF
+$!
+$     GET_CONF_DATA "[''_default_policy']#organizationName"
+$     IF SSL_CONF_DATA .NES. ""
+$     THEN
+$         _policy_organizationName = SSL_CONF_DATA
+$         _policy_organizationName_upd = "N"
+$     ENDIF
+$!
+$     GET_CONF_DATA "[''_default_policy']#organizationalUnitName"
+$     IF SSL_CONF_DATA .NES. ""
+$     THEN
+$         _policy_organizationalUnitName = SSL_CONF_DATA
+$         _policy_organizationalUnitName_upd = "N"
+$     ENDIF
+$!
+$     GET_CONF_DATA "[''_default_policy']#commonName"
+$     IF SSL_CONF_DATA .NES. ""
+$     THEN
+$         _policy_commonName = SSL_CONF_DATA
+$         _policy_commonName_upd = "N"
+$     ENDIF
+$!
+$     GET_CONF_DATA "[''_default_policy']#emailAddress"
+$     IF SSL_CONF_DATA .NES. ""
+$     THEN
+$         _policy_emailAddress = SSL_CONF_DATA
+$         _policy_emailAddress_upd = "N"
+$     ENDIF
+$!
+$     GET_CONF_DATA "[''_default_ca']#x509_extensions"
+$     IF SSL_CONF_DATA .NES. ""
+$     THEN
+$         _default_x509_extensions = SSL_CONF_DATA
+$         _default_x509_extensions_upd = "N"
+$     ENDIF
+$!
+$     GET_CONF_DATA "[''_default_x509_extensions']#basicConstraints"
+$     IF SSL_CONF_DATA .NES. ""
+$     THEN
+$         _x509_basicConstraints = SSL_CONF_DATA
+$         _x509_basicConstraints_upd = "N"
+$     ENDIF
+$!
+$     GET_CONF_DATA "[''_default_x509_extensions']#nsCertType"
+$     IF SSL_CONF_DATA .NES. ""
+$     THEN
+$         _x509_nsCertType = SSL_CONF_DATA
+$         _x509_nsCertType_upd = "N"
+$     ENDIF
+$!
+$     GET_CONF_DATA "[''_default_x509_extensions']#nsComment"
+$     IF SSL_CONF_DATA .NES. ""
+$     THEN
+$         _x509_nsComment = SSL_CONF_DATA
+$         _x509_nsComment_upd = "N"
+$     ENDIF
+$!
+$     GET_CONF_DATA "[''_default_x509_extensions']#subjectKeyIdentifier"
+$     IF SSL_CONF_DATA .NES. ""
+$     THEN
+$         _x509_subjectKeyIdentifier = SSL_CONF_DATA
+$         _x509_subjectKeyIdentifier_upd = "N"
+$     ENDIF
+$!
+$     GET_CONF_DATA "[''_default_x509_extensions']#authorityKeyIdentifier"
+$     IF SSL_CONF_DATA .NES. ""
+$     THEN
+$         _x509_authorityKeyIdentifier = SSL_CONF_DATA
+$         _x509_authorityKeyIdentifier_upd = "N"
+$     ENDIF
+$ ENDIF
+$!
+$ SET_USER_DATA "[''_ca']#default_ca#D#''_default_ca'##S###''_default_ca_upd'#N#N"
+$ SET_USER_DATA "[''_default_ca']#serial#D#''_default_serfile'#Serial File ?#F###''_default_serfile_upd'#N#N"
+$ SET_USER_DATA "[''_default_ca']#database#D#''_default_idxfile'#Database File ?#F###''_default_idxfile_upd'#N#N"
+$ SET_USER_DATA "[''_default_ca']#certificate#D#''_default_crtfile'#CA Certificate File ?#F###''_default_crtfile_upd'#Y#N"
+$ SET_USER_DATA "[''_default_ca']#private_key#D#''_default_keyfile'#CA Certificate Key File ?#F###''_default_keyfile_upd'#Y#N"
+$ SET_USER_DATA "[]#default_csrfile#-#''_default_csrfile'#Certificate Request File ?#F###''_default_csrfile_upd'#Y#N"
+$ SET_USER_DATA "[]#default_sgnfile#-#''_default_sgnfile'#Signed Certificate File ?#F###''_default_sgnfile_upd'#Y#N"
+$ SET_USER_DATA "[''_default_ca']#new_certs_dir#D#''_default_newcert'#New Certificate Directory ?#S###''_default_newcert_upd'#N#N"
+$ SET_USER_DATA "[''_default_ca']#default_md#D#''_default_md'#Default Digest ?#I###''_default_md_upd'#N#N"
+$ SET_USER_DATA "[''_default_ca']#default_days#D#''_default_days'#Default Days ?#I###''_default_days_upd'#Y#N"
+$ SET_USER_DATA "[''_default_ca']#policy#D#''_default_policy'#Default Policy ?#S###''_default_policy_upd'#N#N"
+$ SET_USER_DATA "[''_default_policy']#countryName#D#''_policy_countryName'#Country Name Policy ?#S###''_policy_countryName_upd'#N#N"
+$ SET_USER_DATA "[''_default_policy']#stateOrProvinceName#D#''_policy_stateOrProvinceName'#State or Province Name Policy ?#S###''_policy_stateOrProvinceName_upd'#N#N"
+$ SET_USER_DATA "[''_default_policy']#localityName#D#''_policy_localityName'#Locality Name Policy ?#S###''_policy_localityName_upd'#N#N"
+$ SET_USER_DATA "[''_default_policy']#organizationName#D#''_policy_organizationName'#Organization Name Policy ?#S###''_policy_organizationName_upd'#N#N"
+$ SET_USER_DATA "[''_default_policy']#organizationalUnitName#D#''_policy_organizationalUnitName'#Organization Unit Name Policy ?#S###''_policy_organizationalUnitName_upd'#N#N"
+$ SET_USER_DATA "[''_default_policy']#commonName#D#''_policy_commonName'#Common Name Policy ?#S###''_policy_commonName_upd'#N#N"
+$ SET_USER_DATA "[''_default_policy']#emailAddress#D#''_policy_emailAddress'#Email Address Policy ?#S###''_policy_emailAddress_upd'#N#N"
+$ SET_USER_DATA "[''_default_ca']#x509_extensions#D#''_default_x509_extensions'#X509 Extensions ?#S###''_default_x509_extensions_upd'#N#N"
+$ SET_USER_DATA "[''_default_x509_extensions']#basicConstraints#D#''_x509_basicConstraints'#X509 Basic Constraints ?#S###''_x509_basicConstraints_upd'#N#N"
+$ SET_USER_DATA "[''_default_x509_extensions']#nsCertType#D#''_x509_nsCertType'#X509 NS Cert Type ?#S###''_x509_nsCertType_upd'#N#N"
+$ SET_USER_DATA "[''_default_x509_extensions']#nsComment#D#''_x509_nsComment'#X509 NS Comment ?#S###''_x509_nsComment_upd'#N#N"
+$ SET_USER_DATA "[''_default_x509_extensions']#subjectKeyIdentifier#D#''_x509_subjectKeyIdentifier'#X509 Subject Key Identifier ?#S###''_x509_subjectKeyIdentifier_upd'#N#N"
+$ SET_USER_DATA "[''_default_x509_extensions']#authorityKeyIdentifier#D#''_x509_authorityKeyIdentifier'#X509 Authority Key Identifier ?#S###''_x509_authorityKeyIdentifier_upd'#N#N"
+$ SET_USER_DATA "[]#pem_pass_phrase#-##PEM Pass Phrase ?#P#1###Y#N"
+$ SET_USER_DATA "[]#display_certificate#-#N#Display the Certificate ?#S##1##Y#N"
+$!
+$ SAY ESC + "[''MSG_ROW';01H", CEOS
+$!
+$!------------------------------------------------------------------------------
+$! Confirm/Update the SSL Configuration Data
+$!------------------------------------------------------------------------------
+$!
+$PROMPT_LOOP:
+$!
+$ IF CTR .LE. SSL_USER_DATA_MAX
+$ THEN 
+$     KEY = F$ELEMENT (0,"#",SSL_USER_DATA_'CTR') ! Key Name
+$     ITM = F$ELEMENT (1,"#",SSL_USER_DATA_'CTR') ! Item Name
+$     VAL = F$ELEMENT (2,"#",SSL_USER_DATA_'CTR') ! Item Value Contains Default or Prompt
+$     DEF = F$ELEMENT (3,"#",SSL_USER_DATA_'CTR') ! Default Value
+$     PRM = F$ELEMENT (4,"#",SSL_USER_DATA_'CTR') ! Prompt Value
+$     TYP = F$ELEMENT (5,"#",SSL_USER_DATA_'CTR') ! Value Type
+$     MIN = F$ELEMENT (6,"#",SSL_USER_DATA_'CTR') ! Value Minimum Length
+$     MAX = F$ELEMENT (7,"#",SSL_USER_DATA_'CTR') ! Value Maximum Length
+$     UPD = F$ELEMENT (8,"#",SSL_USER_DATA_'CTR') ! Entry Updated ?
+$     REQ = F$ELEMENT (9,"#",SSL_USER_DATA_'CTR') ! Entry Required for Input ?
+$     CFM = F$ELEMENT (10,"#",SSL_USER_DATA_'CTR')! Confirm Input  ?
+$     CONFIRMED = 0
+$     IF REQ .EQS. "N"
+$     THEN 
+$         CTR = CTR + 1
+$         GOTO PROMPT_LOOP
+$     ENDIF
+$     IF ROW .GT. MSG_ROW - 2
+$     THEN 
+$         SAY ESC + "[''TOP_ROW';01H", CEOS
+$	  ROW = TOP_ROW
+$     ENDIF
+$!
+$CONFIRM_LOOP:
+$!
+$     IF PRM .EQS. "" 
+$     THEN 
+$         PROMPT = ESC + "[''ROW';''COL'H''ITM' ? [''DEF'] ''CEOL'"
+$     ELSE
+$         PROMPT = ESC + "[''ROW';''COL'H''PRM' [''DEF'] ''CEOL'"
+$     ENDIF
+$     IF TYP .EQS. "P" THEN SET TERMINAL /NOECHO
+$     ASK "''PROMPT'" ANS /END_OF_FILE=EXIT
+$     IF TYP .EQS. "P" THEN SET TERMINAL /ECHO
+$     ANS = F$EDIT (ANS,"TRIM")
+$     IF ANS .EQS. "" THEN ANS = DEF
+$     IF TYP .EQS. "F"
+$     THEN
+$         ANS = F$PARSE ("''ANS'","''DEF'",,,"SYNTAX_ONLY")
+$     ENDIF
+$     IF TYP .EQS. "I" .AND. F$TYPE (ANS) .NES. "INTEGER"
+$     THEN 
+$         CALL INVALID_ENTRY
+$         SAY ESC + "[''ROW';01H", CEOS
+$         GOTO PROMPT_LOOP
+$     ENDIF
+$     IF (TYP .EQS. "S" .OR. TYP .EQS. "P") .AND. -
+         ((MIN .NES. "" .AND. F$LENGTH (ANS) .LT. F$INTEGER(MIN)) .OR. -
+          (MAX .NES. "" .AND. F$LENGTH (ANS) .GT. F$INTEGER(MAX)))
+$     THEN 
+$         CALL INVALID_ENTRY
+$         SAY ESC + "[''ROW';01H", CEOS
+$	  IF TYP .EQS. "S" THEN GOTO PROMPT_LOOP
+$         IF TYP .EQS. "P" THEN GOTO CONFIRM_LOOP
+$     ENDIF
+$     ROW = ROW + 1
+$     IF CFM .EQS. "Y"
+$     THEN
+$         IF CONFIRMED .EQ. 0
+$	  THEN
+$	      CONFIRMED = 1
+$	      CONFIRMED_ANS = ANS
+$	      PRM = "Confirm ''PRM'"
+$	      GOTO CONFIRM_LOOP
+$         ELSE
+$	      IF ANS .NES. CONFIRMED_ANS
+$	      THEN 
+$                 CALL INVALID_ENTRY
+$		  ROW = ROW - 2
+$                 SAY ESC + "[''ROW';01H", CEOS
+$                 GOTO PROMPT_LOOP
+$	      ENDIF
+$         ENDIF
+$     ENDIF
+$     IF ANS .NES. DEF THEN SSL_USER_DATA_'CTR' = "''KEY'#''ITM'#''VAL'#''ANS'#''PRM'#''TYP'#''MIN'#''MAX'#Y#''REQ'#''CFM'"
+$     CTR = CTR + 1
+$     GOTO PROMPT_LOOP
+$ ENDIF
+$!
+$!------------------------------------------------------------------------------
+$! Save the SSL Configuration Data
+$!------------------------------------------------------------------------------
+$!
+$ CTR = 1
+$ SAY ESC + "[''MSG_ROW';01H", BLNK, " Saving Configuration ...", NORM
+$!
+$SAVE_CONF_LOOP:
+$!
+$ IF CTR .LE. SSL_USER_DATA_MAX
+$ THEN 
+$     KEY = F$ELEMENT (0,"#",SSL_USER_DATA_'CTR') ! Key Name
+$     ITM = F$ELEMENT (1,"#",SSL_USER_DATA_'CTR') ! Item Name
+$     VAL = F$ELEMENT (2,"#",SSL_USER_DATA_'CTR') ! Item Value Contains Default or Prompt
+$     DEF = F$ELEMENT (3,"#",SSL_USER_DATA_'CTR') ! Default Value
+$     PRM = F$ELEMENT (4,"#",SSL_USER_DATA_'CTR') ! Prompt Value
+$     TYP = F$ELEMENT (5,"#",SSL_USER_DATA_'CTR') ! Value Type
+$     MIN = F$ELEMENT (6,"#",SSL_USER_DATA_'CTR') ! Value Minimum Length
+$     MAX = F$ELEMENT (7,"#",SSL_USER_DATA_'CTR') ! Value Maximum Length
+$     UPD = F$ELEMENT (8,"#",SSL_USER_DATA_'CTR') ! Entry Updated ?
+$     REQ = F$ELEMENT (9,"#",SSL_USER_DATA_'CTR') ! Entry Required for Input ?
+$     CFM = F$ELEMENT (10,"#",SSL_USER_DATA_'CTR')! Confirm Input ?
+$     IF UPD .NES. "Y" .OR. VAL .EQS. "-"
+$     THEN 
+$         CTR = CTR + 1
+$         GOTO SAVE_CONF_LOOP
+$     ENDIF
+$     IF VAL .EQS. "D"
+$     THEN 
+$         SET_CONF_DATA "''KEY'#''ITM'" "''DEF'"
+$     ELSE
+$         SET_CONF_DATA "''KEY'#''ITM'" "''PRM'"
+$         SET_CONF_DATA "''KEY'#''ITM'_default" "''DEF'"
+$     ENDIF
+$     IF MIN .NES. "" THEN SET_CONF_DATA "''KEY'#''ITM'_min" "''MIN'"
+$     IF MAX .NES. "" THEN SET_CONF_DATA "''KEY'#''ITM'_max" "''MAX'"
+$     CTR = CTR + 1
+$     GOTO SAVE_CONF_LOOP
+$ ENDIF
+$!
+$ PURGE /NOLOG /NOCONFIRM 'SSL_CONF_FILE'
+$ RENAME 'SSL_CONF_FILE'; ;1
+$!
+$ SAY ESC + "[''MSG_ROW';01H", CEOS
+$!
+$!------------------------------------------------------------------------------
+$! Create the Certificiate Authority
+$!------------------------------------------------------------------------------
+$!
+$SKIP:
+$!
+$ SAY ESC + "[''MSG_ROW';01H", BLNK, " Signing Certificate Request ...", NORM
+$!
+$ X1 = 2
+$ Y1 = TOP_ROW
+$ X2 = TT_COLS - 2
+$ Y2 = MSG_ROW - 1
+$!
+$ GET_USER_DATA "[]#pem_pass_phrase"
+$ _pem_pass_phrase = SSL_USER_DATA
+$ GET_USER_DATA "[''_default_ca']#database"
+$ _default_idxfile = SSL_USER_DATA
+$ GET_USER_DATA "[''_default_ca']#serial"
+$ _default_serfile = SSL_USER_DATA
+$ GET_USER_DATA "[]#default_csrfile"
+$ _default_csrfile = SSL_USER_DATA
+$ GET_USER_DATA "[]#default_sgnfile"
+$ _default_sgnfile = SSL_USER_DATA
+$ GET_USER_DATA "[]#display_certificate"
+$ _display_certificate = SSL_USER_DATA
+$!
+$ IF F$SEARCH ("''_default_idxfile'") .EQS. ""
+$ THEN
+$     OPEN /WRITE OFILE '_default_idxfile'
+$     CLOSE OFILE
+$ ENDIF
+$!
+$ IF F$SEARCH ("''_default_serfile'") .EQS. ""
+$ THEN
+$     OPEN /WRITE OFILE '_default_serfile'
+$     WRITE OFILE "01"
+$     CLOSE OFILE
+$ ENDIF
+$!
+$ DEFINE /USER /NOLOG SYS$ERROR  NL:
+$ DEFINE /USER /NOLOG SYS$OUTPUT NL:
+$ SHOW SYSTEM /FULL /OUT=SYS$LOGIN:SSL_CA_'PID'.RND
+$!
+$ OPEN /WRITE OFILE SYS$LOGIN:SSL_CA_'PID'.COM
+$ WRITE OFILE "$ SET NOON"
+$ WRITE OFILE "$ SET MESSAGE /NOFACILITY /NOIDENTIFICATION /NOSEVERITY /NOTEXT"
+$ WRITE OFILE "$ DEFINE /USER /NOLOG RANDFILE    SYS$LOGIN:SSL_CA_''PID'.RND"
+$ WRITE OFILE "$ DEFINE /USER /NOLOG SYS$ERROR   SYS$LOGIN:SSL_CA_''PID'.LOG"
+$ WRITE OFILE "$ DEFINE /USER /NOLOG SYS$OUTPUT  SYS$LOGIN:SSL_CA_''PID'.LOG"
+$ WRITE OFILE "$ DEFINE /USER /NOLOG SYS$COMMAND SYS$INPUT"
+$ WRITE OFILE "$ OPENSSL ca -config ''SSL_CONF_FILE' -out ''_default_sgnfile' -infiles ''_default_csrfile'"
+$ WRITE OFILE "''_pem_pass_phrase'"
+$ WRITE OFILE "y"
+$ WRITE OFILE "y"
+$ WRITE OFILE "$ SET MESSAGE /FACILITY /IDENTIFICATION /SEVERITY /TEXT"
+$ CLOSE OFILE
+$!
+$ @SYS$LOGIN:SSL_CA_'PID'.COM
+$!
+$ DELETE/NOLOG/NOCONFIRM SYS$LOGIN:SSL_CA_'PID'.RND;*
+$ DELETE/NOLOG/NOCONFIRM SYS$LOGIN:SSL_CA_'PID'.COM;*
+$!
+$ DEFINE /USER /NOLOG SYS$ERROR  NL:
+$ DEFINE /USER /NOLOG SYS$OUTPUT NL:
+$ SEARCH SYS$LOGIN:SSL_CA_'PID'.LOG /OUT=SYS$LOGIN:SSL_CA_'PID'.ERR "error:"
+$ IF F$SEARCH ("SYS$LOGIN:SSL_CA_''PID'.ERR") .NES. "" 
+$ THEN 
+$     IF F$FILE_ATTRIBUTE ("SYS$LOGIN:SSL_CA_''PID'.ERR","ALQ") .NE. 0
+$     THEN 
+$         DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_CA_'PID'.ERR;*
+$         SAY ESC + "[''MSG_ROW';01H''BELL'''CEOS'"
+$         SHOW_FILE "SYS$LOGIN:SSL_CA_''PID'.LOG" 'X1' 'Y1' 'X2' 'Y2' "< ERROR >" 
+$         DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_CA_'PID'.LOG;*
+$         GOTO EXIT
+$     ENDIF
+$     DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_CA_'PID'.ERR;*
+$ ENDIF
+$!
+$ DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_CA_'PID'.LOG;*
+$! 
+$ IF F$EDIT (_display_certificate,"TRIM,UPCASE") .EQS. "Y"
+$ THEN 
+$     SAY ESC + "[''MSG_ROW';01H", BLNK, " Generating Output ...", NORM, CEOL
+$!
+$     OPEN /WRITE OFILE SYS$LOGIN:SSL_X509_'PID'.COM
+$     WRITE OFILE "$ DEFINE /USER /NOLOG SYS$ERROR   SYS$LOGIN:SSL_X509_''PID'.LOG"
+$     WRITE OFILE "$ DEFINE /USER /NOLOG SYS$OUTPUT  SYS$LOGIN:SSL_X509_''PID'.LOG"
+$     WRITE OFILE "$ DEFINE /USER /NOLOG SYS$COMMAND SYS$INPUT"
+$     WRITE OFILE "$ OPENSSL x509 -noout -text -in ''_default_sgnfile'"
+$     CLOSE OFILE
+$!
+$     @SYS$LOGIN:SSL_X509_'PID'.COM
+$!
+$     DELETE/NOLOG/NOCONFIRM SYS$LOGIN:SSL_X509_'PID'.COM;*
+$!
+$     DEFINE /USER /NOLOG SYS$ERROR  NL:
+$     DEFINE /USER /NOLOG SYS$OUTPUT NL:
+$     SEARCH SYS$LOGIN:SSL_X509_'PID'.LOG /OUT=SYS$LOGIN:SSL_X509_'PID'.ERR ":error:"
+$     IF F$SEARCH ("SYS$LOGIN:SSL_X509_''PID'.ERR") .NES. "" 
+$     THEN 
+$         IF F$FILE_ATTRIBUTE ("SYS$LOGIN:SSL_X509_''PID'.ERR","ALQ") .NE. 0
+$         THEN 
+$             DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_X509_'PID'.ERR;*
+$             SAY ESC + "[''MSG_ROW';01H''BELL'''CEOS'"
+$             SHOW_FILE "SYS$LOGIN:SSL_X509_''PID'.LOG" 'X1' 'Y1' 'X2' 'Y2' "< ERROR >" 
+$             DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_X509_'PID'.LOG;*
+$             GOTO EXIT
+$         ENDIF
+$         DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_X509_'PID'.ERR;*
+$     ENDIF
+$!
+$     SAY ESC + "[''MSG_ROW';01H''CEOS'"
+$     SHOW_FILE "SYS$LOGIN:SSL_X509_''PID'.LOG" 'X1' 'Y1' 'X2' 'Y2' "< ''_default_sgnfile' >" 
+$     DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_X509_'PID'.LOG;*
+$     GOTO EXIT
+$ ENDIF
+$!
+$ TEXT = "Press return to continue"
+$ COL = (TT_COLS - F$LENGTH (TEXT)) / 2
+$!
+$ SAY ESC + "[''MSG_ROW';01H", CEOS
+$ PROMPT = ESC + "[''MSG_ROW';''COL'H''TEXT'"
+$ ASK "''PROMPT'" OPT
+$!
+$GOTO EXIT
+$!
+$!------------------------------------------------------------------------------
+$! Set the User Data
+$!------------------------------------------------------------------------------
+$!
+$SET_USER_DATA: SUBROUTINE
+$!
+$ IF F$TYPE (SSL_USER_DATA_MAX) .EQS. ""
+$ THEN
+$     SSL_USER_DATA_MAX == 1
+$ ELSE
+$     SSL_USER_DATA_MAX == SSL_USER_DATA_MAX + 1
+$ ENDIF
+$!
+$ SSL_USER_DATA_'SSL_USER_DATA_MAX' == "''P1'"
+$!
+$ EXIT
+$!
+$ ENDSUBROUTINE
+$!
+$!------------------------------------------------------------------------------
+$! Find the Request Data
+$!------------------------------------------------------------------------------
+$!
+$GET_USER_DATA: SUBROUTINE
+$!
+$ CTR = 1
+$ USER_KEY = F$ELEMENT (0,"#",P1)
+$ USER_ITM = F$ELEMENT (1,"#",P1)
+$!
+$GET_USER_DATA_LOOP:
+$!
+$ IF CTR .LE. SSL_USER_DATA_MAX
+$ THEN
+$     KEY = F$ELEMENT (0,"#",SSL_USER_DATA_'CTR') ! Key Name
+$     ITM = F$ELEMENT (1,"#",SSL_USER_DATA_'CTR') ! Item Name
+$     VAL = F$ELEMENT (2,"#",SSL_USER_DATA_'CTR') ! Item Value Contains Default or Prompt
+$     DEF = F$ELEMENT (3,"#",SSL_USER_DATA_'CTR') ! Default Value
+$     PRM = F$ELEMENT (4,"#",SSL_USER_DATA_'CTR') ! Prompt Value
+$     IF USER_KEY .NES. KEY .OR. USER_ITM .NES. ITM
+$     THEN 
+$         CTR = CTR + 1
+$         GOTO GET_USER_DATA_LOOP
+$     ENDIF
+$     IF VAL .EQS. "-" THEN SSL_USER_DATA == "''DEF'"
+$     IF VAL .EQS. "D" THEN SSL_USER_DATA == "''DEF'"
+$     IF VAL .EQS. "P" THEN SSL_USER_DATA == "''PRM'"
+$ ENDIF
+$!
+$ EXIT
+$!
+$ ENDSUBROUTINE
+$!
+$!------------------------------------------------------------------------------
+$! Delete the User Data
+$!------------------------------------------------------------------------------
+$!
+$DEL_USER_DATA: SUBROUTINE
+$!
+$ IF F$TYPE (SSL_USER_DATA_MAX) .EQS. "" THEN GOTO DEL_USER_DATA_END
+$!
+$DEL_USER_DATA_LOOP:
+$!
+$ IF F$TYPE (SSL_USER_DATA_'SSL_USER_DATA_MAX') .NES. "" 
+$ THEN
+$     DELETE /SYMBOL /GLOBAL SSL_USER_DATA_'SSL_USER_DATA_MAX'
+$     SSL_USER_DATA_MAX == SSL_USER_DATA_MAX - 1
+$     GOTO DEL_USER_DATA_LOOP
+$ ENDIF
+$!
+$ DELETE /SYMBOL /GLOBAL SSL_USER_DATA_MAX
+$!
+$DEL_USER_DATA_END:
+$!
+$ IF F$TYPE (SSL_USER_DATA) .NES. "" THEN DELETE /SYMBOL /GLOBAL SSL_USER_DATA
+$!
+$ EXIT
+$!
+$ ENDSUBROUTINE
+$!
+$!------------------------------------------------------------------------------
+$! Display the invalid entry 
+$!------------------------------------------------------------------------------
+$!
+$INVALID_ENTRY: SUBROUTINE
+$!
+$ SAY ESC + "[''MSG_ROW';01H", BELL, " Invalid Entry, Try again ...''CEOL'"
+$ Wait 00:00:01.5
+$ SAY ESC + "[''MSG_ROW';01H", CEOL
+$!
+$ EXIT
+$!
+$ ENDSUBROUTINE
+$!
+$!------------------------------------------------------------------------------
+$! Exit the procedure
+$!------------------------------------------------------------------------------
+$!
+$EXIT:
+$!
+$ DEFINE /USER /NOLOG SYS$ERROR  NL:
+$ DEFINE /USER /NOLOG SYS$OUTPUT NL:
+$ DEASSIGN SYS$OUTPUT
+$!
+$ DEFINE /USER /NOLOG SYS$ERROR  NL:
+$ DEFINE /USER /NOLOG SYS$OUTPUT NL:
+$ DEASSIGN SYS$ERROR
+$!
+$ DEFINE /USER /NOLOG SYS$ERROR  NL:
+$ DEFINE /USER /NOLOG SYS$OUTPUT NL:
+$ CLOSE OFILE
+$!
+$ DEL_USER_DATA
+$!
+$ IF F$TYPE (SSL_CONF_DATA) .NES. "" THEN DELETE /SYMBOL /GLOBAL SSL_CONF_DATA
+$!
+$ IF F$GETDVI ("TT:","TT_NOECHO") .AND. .NOT. TT_NOECHO THEN SET TERMINAL /ECHO
+$!
+$ IF F$SEARCH ("SYS$LOGIN:SSL_CA_''PID'.%%%;*") .NES. "" THEN DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_CA_'PID'.%%%;*
+$ IF F$SEARCH ("SYS$LOGIN:SSL_X509_''PID'.%%%;*") .NES. "" THEN DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_X509_'PID'.%%%;*
+$!
+$ Verify = F$VERIFY (Verify)
+$!
+$ EXIT
--- a/VMS/cert_tool/ssl$view_cert.com
+++ b/VMS/cert_tool/ssl$view_cert.com
@@ -0,0 +1,245 @@
+$!
+$!------------------------------------------------------------------------------
+$! SSL$VIEW_CERT.COM - SSL View Certificate procedure
+$!------------------------------------------------------------------------------
+$!
+$ Verify = F$VERIFY (0)
+$ Set NoOn
+$ Set NoControl=Y
+$!
+$!------------------------------------------------------------------------------
+$! Description 
+$!------------------------------------------------------------------------------
+$!
+$! This procedure prompts the user through creating a Server Certificate.
+$!
+$! The parameters used are:
+$!
+$! 	P1	- Certificate or Certificate Request (i.e. "CRT" or "CSR")
+$!
+$!------------------------------------------------------------------------------
+$! Define symbols
+$!------------------------------------------------------------------------------
+$!
+$ DELETE := DELETE
+$ SAY := WRITE SYS$OUTPUT
+$ ASK := READ SYS$COMMAND /END_OF_FILE=EXIT /PROMPT=
+$ PID = F$GETJPI ("","PID")
+$ TT_NOECHO = F$GETDVI ("TT:","TT_NOECHO")
+$ On Control_Y THEN GOTO EXIT
+$ Set Control=Y
+$!
+$ TT_ROWS = F$GETDVI ("TT:","TT_PAGE")
+$ TT_COLS = F$GETDVI ("TT:","DEVBUFSIZ")
+$!
+$ INIT_TERM := @SSL$COM:SSL$INIT_TERM
+$ PICK_FILE := @SSL$COM:SSL$PICK_FILE 
+$ SHOW_FILE := @SSL$COM:SSL$SHOW_FILE 
+$!
+$ ESC[0,8] = 27 	! Set the Escape Character
+$ BELL[0,8] = 7 	! Ring the terminal Bell
+$ RED = 1		! Color - Red
+$ FGD = 30		! Foreground
+$ BGD = 0		! Background
+$ CSCR = ESC + "[2J"	! Clear the Screen 
+$ CEOS = ESC + "[0J"	! Clear to the End of the Screen 
+$ CEOL = ESC + "[0K"	! Clear to the End of the Line
+$ NORM = ESC + "[0m"	! Turn Attributes off
+$ BLNK = ESC + "[5m"    ! Turn on BLINK Attribute
+$ WIDE = ESC + "#6"     ! Turn on WIDE Attribute
+$!
+$!------------------------------------------------------------------------------
+$! Run the SSL setup if it hasn't been run yet
+$!------------------------------------------------------------------------------
+$!
+$ IF F$TRNLNM ("SSL$ROOT") .EQS. ""
+$ THEN
+$     IF F$SEARCH ("SSL$COM:SSL$INIT_ENV.COM") .NES. ""
+$     THEN 
+$         @SSL$COM:SSL$INIT_ENV.COM
+$     ELSE
+$         SAY BELL, "Unable to locate SSL$COM:SSL$INIT_ENV.COM ..."
+$	  GOTO EXIT
+$     ENDIF
+$ ENDIF
+$!
+$!------------------------------------------------------------------------------
+$! Display the Page Header
+$!------------------------------------------------------------------------------
+$!
+$ INIT_TERM
+$ BCOLOR = BGD
+$ FCOLOR = FGD + RED
+$ COLOR = ESC + "[''BCOLOR';''FCOLOR'm"
+$!
+$ TEXT = "SSL Certificate Tool"
+$ COL = (TT_COLS - (F$LENGTH (TEXT) * 2)) / 4
+$!
+$ SAY ESC + "[01;01H", CSCR
+$ SAY ESC + "[02;''COL'H", COLOR, WIDE, TEXT, NORM
+$!
+$ IF P1 .EQS. "CSR"
+$ THEN 
+$     TEXT = "View Certificate Request"
+$ ELSE
+$     TEXT = "View Certificate"
+$ ENDIF
+$ COL = (TT_COLS - F$LENGTH (TEXT)) / 2
+$!
+$ SAY ESC + "[04;01H"
+$ SAY ESC + "[04;''COL'H", COLOR, TEXT, NORM
+$!
+$ CTR = 1
+$ ROW = 6
+$ COL = 2
+$ TOP_ROW = ROW
+$ MSG_ROW = TT_ROWS - 1
+$!
+$!------------------------------------------------------------------------------
+$! Initialize the Request Data
+$!------------------------------------------------------------------------------
+$!
+$ IF P1 .NES. "CRT" .AND. P1 .NES. "CSR"
+$ THEN 
+$     PRM = "Display File:"
+$     DEF = "*.*"
+$ ENDIF
+$!
+$ IF P1 .EQS. "CRT"
+$ THEN 
+$     PRM = "Display Certificate File:"
+$     DEF = "SSL$CRT:*.CRT"
+$ ENDIF
+$!
+$ IF P1 .EQS. "CSR"
+$ THEN 
+$     PRM = "Display Certificate Request File:"
+$     DEF = "SSL$CSR:*.CSR"
+$ ENDIF
+$!
+$ SAY ESC + "[''MSG_ROW';01H", CEOS
+$!
+$!------------------------------------------------------------------------------
+$! Confirm/Update the SSL Configuration Data
+$!------------------------------------------------------------------------------
+$!
+$PROMPT_LOOP:
+$!
+$ PROMPT = ESC + "[''ROW';''COL'H''PRM' ? [''DEF'] ''CEOL'"
+$ ASK "''PROMPT'" _view_file_name
+$ _view_file_name = F$EDIT (_view_file_name,"TRIM")
+$ IF _view_file_name .EQS. "" THEN _view_file_name = DEF
+$!
+$ X1 = 2
+$ Y1 = TOP_ROW
+$ X2 = TT_COLS - 2
+$ Y2 = MSG_ROW - 1
+$!
+$PICK_FILE:
+$!
+$ PICK_FILE "''_view_file_name'" 'X1' 'Y1' 'X2' 'Y2' "< Select a File >" 
+$!
+$ SAY ESC + "[''TOP_ROW';01H", CEOS
+$! 
+$ IF SSL_FILE_NAME .EQS. "" THEN GOTO EXIT
+$!
+$!------------------------------------------------------------------------------
+$! Create the Certificiate Authority
+$!------------------------------------------------------------------------------
+$!
+$ SAY ESC + "[''MSG_ROW';01H", BLNK, " Generating Output ...", NORM, CEOL
+$!
+$ IF P1 .EQS. "CRT"
+$ THEN 
+$     OPEN /WRITE OFILE SYS$LOGIN:SSL_X509_'PID'.COM
+$     WRITE OFILE "$ DEFINE /USER /NOLOG SYS$ERROR   SYS$LOGIN:SSL_X509_''PID'.LOG"
+$     WRITE OFILE "$ DEFINE /USER /NOLOG SYS$OUTPUT  SYS$LOGIN:SSL_X509_''PID'.LOG"
+$     WRITE OFILE "$ DEFINE /USER /NOLOG SYS$COMMAND SYS$INPUT"
+$     WRITE OFILE "$ OPENSSL x509 -noout -text -in ''SSL_FILE_NAME'"
+$     CLOSE OFILE
+$!
+$     @SYS$LOGIN:SSL_X509_'PID'.COM
+$!
+$     DELETE/NOLOG/NOCONFIRM SYS$LOGIN:SSL_X509_'PID'.COM;*
+$!
+$     DEFINE /USER /NOLOG SYS$ERROR  NL:
+$     DEFINE /USER /NOLOG SYS$OUTPUT NL:
+$     SEARCH SYS$LOGIN:SSL_X509_'PID'.LOG /OUT=SYS$LOGIN:SSL_X509_'PID'.ERR ":error:"
+$     IF F$SEARCH ("SYS$LOGIN:SSL_X509_''PID'.ERR") .NES. "" 
+$     THEN 
+$         IF F$FILE_ATTRIBUTE ("SYS$LOGIN:SSL_X509_''PID'.ERR","ALQ") .NE. 0
+$         THEN 
+$             DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_X509_'PID'.ERR;*
+$             SAY ESC + "[''MSG_ROW';01H''BELL'''CEOS'"
+$             SHOW_FILE "SYS$LOGIN:SSL_X509_''PID'.LOG" 'X1' 'Y1' 'X2' 'Y2' "< ERROR >" 
+$             DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_X509_'PID'.LOG;*
+$             GOTO EXIT
+$         ENDIF
+$         DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_X509_'PID'.ERR;*
+$     ENDIF
+$!
+$     SAY ESC + "[''MSG_ROW';01H''CEOS'"
+$     SHOW_FILE "SYS$LOGIN:SSL_X509_''PID'.LOG" 'X1' 'Y1' 'X2' 'Y2' "< ''SSL_FILE_NAME' >" 
+$     DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_X509_'PID'.LOG;*
+$     GOTO PICK_FILE
+$ ENDIF
+$!
+$ IF P1 .EQS. "CSR"
+$ THEN 
+$     OPEN /WRITE OFILE SYS$LOGIN:SSL_REQ_'PID'.COM
+$     WRITE OFILE "$ DEFINE /USER /NOLOG SYS$ERROR   SYS$LOGIN:SSL_REQ_''PID'.LOG"
+$     WRITE OFILE "$ DEFINE /USER /NOLOG SYS$OUTPUT  SYS$LOGIN:SSL_REQ_''PID'.LOG"
+$     WRITE OFILE "$ DEFINE /USER /NOLOG SYS$COMMAND SYS$INPUT"
+$     WRITE OFILE "$ OPENSSL req -noout -text -in ''SSL_FILE_NAME'"
+$     CLOSE OFILE
+$!
+$     @SYS$LOGIN:SSL_REQ_'PID'.COM
+$!
+$     DELETE/NOLOG/NOCONFIRM SYS$LOGIN:SSL_REQ_'PID'.COM;*
+$!
+$     DEFINE /USER /NOLOG SYS$ERROR  NL:
+$     DEFINE /USER /NOLOG SYS$OUTPUT NL:
+$     SEARCH SYS$LOGIN:SSL_REQ_'PID'.LOG /OUT=SYS$LOGIN:SSL_REQ_'PID'.ERR ":error:"
+$     IF F$SEARCH ("SYS$LOGIN:SSL_REQ_''PID'.ERR") .NES. "" 
+$     THEN 
+$         IF F$FILE_ATTRIBUTE ("SYS$LOGIN:SSL_REQ_''PID'.ERR","ALQ") .NE. 0
+$         THEN 
+$             DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_REQ_'PID'.ERR;*
+$             SAY ESC + "[''MSG_ROW';01H''BELL'''CEOS'"
+$             SHOW_FILE "SYS$LOGIN:SSL_REQ_''PID'.LOG" 'X1' 'Y1' 'X2' 'Y2' "< ERROR >" 
+$             DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_REQ_'PID'.LOG;*
+$             GOTO EXIT
+$         ENDIF
+$         DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_REQ_'PID'.ERR;*
+$     ENDIF
+$!
+$     SAY ESC + "[''MSG_ROW';01H''CEOS'"
+$     SHOW_FILE "SYS$LOGIN:SSL_REQ_''PID'.LOG" 'X1' 'Y1' 'X2' 'Y2' "< ''SSL_FILE_NAME' >" 
+$     DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_REQ_'PID'.LOG;*
+$     GOTO PICK_FILE
+$ ENDIF
+$!
+$ SAY ESC + "[''MSG_ROW';01H''CEOS'"
+$ SHOW_FILE "''SYS$LOGIN:SSL_FILE_NAME'" 'X1' 'Y1' 'X2' 'Y2' "< ''SSL_FILE_NAME' >"
+$ GOTO PICK_FILE
+$!
+$!------------------------------------------------------------------------------
+$! Exit the procedure
+$!------------------------------------------------------------------------------
+$!
+$EXIT:
+$!
+$ DEFINE /USER /NOLOG SYS$ERROR  NL:
+$ DEFINE /USER /NOLOG SYS$OUTPUT NL:
+$ CLOSE OFILE
+$!
+$ IF F$TYPE (SSL_FILE_NAME) .NES. "" THEN DELETE /SYMBOL /GLOBAL SSL_FILE_NAME
+$!
+$ IF F$GETDVI ("TT:","TT_NOECHO") .AND. .NOT. TT_NOECHO THEN SET TERMINAL /ECHO
+$!
+$ IF F$SEARCH ("SYS$LOGIN:SSL_REQ_''PID'.%%%;*") .NES. "" THEN DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_REQ_'PID'.%%%;*
+$ IF F$SEARCH ("SYS$LOGIN:SSL_X509_''PID'.%%%;*") .NES. "" THEN DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_X509_'PID'.%%%;*
+$!
+$ Verify = F$VERIFY (Verify)
+$!
+$ EXIT
--- a/VMS/install.com
+++ b/VMS/install.com
@@ -0,0 +1,154 @@
+$! INSTALL.COM -- Installs the files in a given directory tree
+$!
+$! Author: Richard Levitte <richard@levitte.org>
+$! Time of creation: 23-MAY-1998 19:22
+$!
+$! P1	root of the directory tree
+$!
+$	IF P1 .EQS. ""
+$	THEN
+$	    WRITE SYS$OUTPUT "First argument missing."
+$	    WRITE SYS$OUTPUT "Should be the directory where you want things installed."
+$	    EXIT
+$	ENDIF
+$
+$	ROOT = F$PARSE(P1,"[]A.;0",,,"SYNTAX_ONLY,NO_CONCEAL") - "A.;0"
+$	ROOT_DEV = F$PARSE(ROOT,,,"DEVICE","SYNTAX_ONLY")
+$	ROOT_DIR = F$PARSE(ROOT,,,"DIRECTORY","SYNTAX_ONLY") -
+		   - "[000000." - "][" - "[" - "]"
+$	ROOT = ROOT_DEV + "[" + ROOT_DIR
+$
+$	DEFINE/NOLOG WRK_SSLROOT 'ROOT'.] /TRANS=CONC
+$	DEFINE/NOLOG WRK_SSLVLIB WRK_SSLROOT:[VAX_LIB]
+$	DEFINE/NOLOG WRK_SSLALIB WRK_SSLROOT:[ALPHA_LIB]
+$	DEFINE/NOLOG WRK_SSLINCLUDE WRK_SSLROOT:[INCLUDE]
+$	DEFINE/NOLOG WRK_SSLVEXE WRK_SSLROOT:[VAX_EXE]
+$	DEFINE/NOLOG WRK_SSLAEXE WRK_SSLROOT:[ALPHA_EXE]
+$	DEFINE/NOLOG WRK_SSLCERTS WRK_SSLROOT:[CERTS]
+$	DEFINE/NOLOG WRK_SSLPRIVATE WRK_SSLROOT:[PRIVATE]
+$	DEFINE/NOLOG WRK_SSLCOM WRK_SSLROOT:[COM]
+$
+$	IF F$PARSE("WRK_SSLROOT:[000000]") .EQS. "" THEN -
+	   CREATE/DIR/LOG WRK_SSLROOT:[000000]
+$	IF F$PARSE("WRK_SSLINCLUDE:") .EQS. "" THEN -
+	   CREATE/DIR/LOG WRK_SSLINCLUDE:
+$!	IF F$PARSE("WRK_SSLROOT:[VMS]") .EQS. "" THEN -
+$!	   CREATE/DIR/LOG WRK_SSLROOT:[VMS]
+$	IF F$PARSE("WRK_SSLCOM:") .EQS. "" THEN -
+	   CREATE/DIR/LOG WRK_SSLROOT:[COM]
+$
+$	IF F$SEARCH("WRK_SSLINCLUDE:vms_idhacks.h") .NES. "" THEN -
+	   DELETE WRK_SSLINCLUDE:vms_idhacks.h;*
+$
+$	OPEN/WRITE SF WRK_SSLCOM:SSL$STARTUP.COM
+$	WRITE SYS$OUTPUT "%OPEN-I-CREATED,  ",F$SEARCH("WRK_SSLCOM:SSL$STARTUP.COM")," created."
+$	WRITE SF "$! Startup file for SSL 0.9.2-RL 15-Mar-1999"
+$	WRITE SF "$!"
+$	WRITE SF "$! Do not edit this file, as it will be regenerated during next installation."
+$	WRITE SF "$! Instead, add or change SSL$COM:SSL$SYSTARTUP.COM"
+$	WRITE SF "$!"
+$	WRITE SF "$!"
+$	WRITE SF "$	ARCH = ""VAX"""
+$	WRITE SF "$	IF F$GETSYI(""CPU"") .GE. 128 THEN ARCH = ""ALPHA"""
+$	WRITE SF "$!"
+$	WRITE SF "$ IF F$SEARCH(""SYS$STARTUP:SSL$DEFINE_ROOT.COM"") .NES."""" THEN -"
+$	WRITE SF "$	@SYS$STARTUP:SSL$DEFINE_ROOT.COM"
+$	WRITE SF "$!"
+$	WRITE SF "$!"
+$	WRITE SF "$	DEFINE/NOLOG/SYSTEM/EXEC	SSL$CERTS	SSL$ROOT:[CERTS]"
+$	WRITE SF "$	DEFINE/NOLOG/SYSTEM/EXEC	SSL$COM		SSL$ROOT:[COM]"
+$	WRITE SF "$	DEFINE/NOLOG/SYSTEM/EXEC	SSL$EXE		SSL$ROOT:['ARCH'_EXE]"
+$	WRITE SF "$	DEFINE/NOLOG/SYSTEM/EXEC	SSL$INCLUDE	SSL$ROOT:[INCLUDE]"
+$	WRITE SF "$	DEFINE/NOLOG/SYSTEM/EXEC	SSL$KEY		SSL$ROOT:[CERTS]"
+$	WRITE SF "$	DEFINE/NOLOG/SYSTEM/EXEC	SSL$PRIVATE	SSL$ROOT:[PRIVATE]"
+$	WRITE SF "$"
+$	WRITE SF "$!	This is program can include <openssl/{foo}.h>"
+$	WRITE SF "$	DEFINE/NOLOG/SYSTEM/EXEC	OPENSSL		SSL$INCLUDE:"
+$	WRITE SF "$!"
+$	WRITE SF "$	IF F$SEARCH(""SSL$COM:SSL$SYSTARTUP.COM"") .NES."""" THEN -"
+$	WRITE SF "	   @SSL$COM:SSL$SYSTARTUP.COM"
+$	WRITE SF "$"
+$	WRITE SF "$	EXIT"
+$	CLOSE SF
+$	SET FILE/PROT=WORLD:RE WRK_SSLCOM:SSL$STARTUP.COM
+$!
+$	OPEN/WRITE SF WRK_SSLCOM:SSL$SHUTDOWN.COM
+$	WRITE SYS$OUTPUT "%OPEN-I-CREATED,  ",F$SEARCH("WRK_SSLCOM:SSL$SHUTDOWN.COM")," created."
+$	WRITE SF "$! Shutdown file for SSL"
+$	WRITE SF "$!"
+$	WRITE SF "$! Do not edit this file, as it will be regenerated during next installation."
+$	WRITE SF "$!"
+$	WRITE SF "$	ARCH = ""VAX"""
+$	WRITE SF "$	IF F$GETSYI(""CPU"") .GE. 128 THEN ARCH = ""ALPHA"""
+$	WRITE SF "$!"
+$	WRITE SF "$ IF F$SEARCH(""SSL$COM:SSL$SYSHUTDOWN.COM"") .NES."""" THEN -"
+$	WRITE SF "	@SSL$COM:SSL$SYSHUTDOWN.COM"
+$	WRITE SF "$!"
+$	WRITE SF "$ IF F$TRNLNM(""SSL$CERTS"") .NES."""" THEN -"
+$	WRITE SF "	DEASSIGN/SYSTEM/EXEC	SSL$CERTS"
+$!
+$	WRITE SF "$ IF F$TRNLNM(""SSL$COM"") .NES."""" THEN -"
+$	WRITE SF "	DEASSIGN/SYSTEM/EXEC	SSL$COM"
+$!
+$	WRITE SF "$ IF F$TRNLNM(""SSL$EXE"") .NES."""" THEN -"
+$	WRITE SF "	DEASSIGN/SYSTEM/EXEC	SSL$EXE"
+$!
+$	WRITE SF "$ IF F$TRNLNM(""SSL$INCLUDE"") .NES."""" THEN -"
+$	WRITE SF "	DEASSIGN/SYSTEM/EXEC	SSL$INCLUDE"
+$!
+$	WRITE SF "$ IF F$TRNLNM(""SSL$KEY"") .NES."""" THEN -"
+$	WRITE SF "	DEASSIGN/SYSTEM/EXEC	SSL$KEY"
+$!
+$	WRITE SF "$ IF F$TRNLNM(""SSL$PRIVATE"") .NES."""" THEN -"
+$	WRITE SF "	DEASSIGN/SYSTEM/EXEC	SSL$PRIVATE"
+$!
+$	WRITE SF "$!"
+$	WRITE SF "$ IF F$TRNLNM(""OPENSSL"") .NES."""" THEN -"
+$	WRITE SF "	DEASSIGN/SYSTEM/EXEC	OPENSSL"
+$	WRITE SF "$!"
+$	WRITE SF "$ IF F$TRNLNM(""SSL$ROOT"") .NES."""" THEN -"
+$	WRITE SF "	DEASSIGN/SYSTEM/EXEC SSL$ROOT"
+$	WRITE SF "$!"
+$	WRITE SF "$	EXIT"
+$	CLOSE SF
+$	SET FILE/PROT=WORLD:RE WRK_SSLCOM:SSL$SHUTDOWN.COM
+$!
+$	COPY SSL$UTILS.COM WRK_SSLCOM:/LOG
+$	SET FILE/PROT=WORLD:RE WRK_SSLCOM:SSL$UTILS.COM
+$!
+$	COPY SSL$SYSTARTUP.COM WRK_SSLCOM:/LOG
+$	SET FILE/PROT=WORLD:RE WRK_SSLCOM:SSL$SYSTARTUP.COM
+$	COPY SSL$SYSHUTDOWN.COM WRK_SSLCOM:/LOG
+$	SET FILE/PROT=WORLD:RE WRK_SSLCOM:SSL$SYSHUTDOWN.COM
+$!
+$	CERT_DIR := [.CERT_TOOL]
+$	CERT_FILES := SSL$AUTH_CERT.COM,SSL$AUTO_CERT.COM,SSL$CERT_TOOL.COM, -
+		      SSL$CONF_UTIL.COM,SSL$DRAW_BOX.COM,SSL$EXIT_CMD.TPU, -
+		      SSL$FILL_BOX.COM,SSL$HASH_CERT.COM,SSL$HOSTADDR.EXE, -
+		      SSL$HOSTNAME.EXE,SSL$INIT_ENV.COM,SSL$INIT_TERM.COM, -
+		      SSL$PICK_FILE.COM,SSL$RQST_CERT.COM,SSL$SELF_CERT.COM, -
+		      SSL$SHOW_FILE.COM,SSL$SIGN_CERT.COM,SSL$VIEW_CERT.COM, -
+		      SSL$REM_ENV.COM
+$!
+$	I = 0
+$ LOOP:
+$       CF = F$EDIT(F$ELEMENT(I, ",", CERT_FILES),"TRIM")
+$       I = I + 1
+$       IF CF .EQS. "," THEN GOTO LOOP_END
+$       SET NOON
+$       IF F$SEARCH(CERT_DIR+CF) .NES. ""
+$       THEN
+$         COPY 'CERT_DIR''CF' WRK_SSLCOM:*.*/log
+$         SET FILE/PROT=W:RE WRK_SSLCOM:'CF'
+$       ENDIF
+$       SET ON
+$       GOTO LOOP
+$ LOOP_END:
+$!
+$	SHOW SYSTEM/FULL/OUTPUT=WRK_SSLROOT:[PRIVATE]RANDFILE.
+$	SET FILE/PROT=WORLD:RE WRK_SSLROOT:[PRIVATE]RANDFILE.
+$!
+$	COPY SSL010.RELEASE_NOTES WRK_SSLROOT:[000000]/LOG
+$	SET FILE/PROT=WORLD:RE WRK_SSLROOT:[000000]SSL010.RELEASE_NOTES
+$!
+$	EXIT
--- a/VMS/mkshared.com
+++ b/VMS/mkshared.com
@@ -0,0 +1,490 @@
+$! MKSHARED.COM -- script to created shareable images on VMS
+$!
+$! No command line parameters.  This should be run at the start of the source
+$! tree (the same directory where one finds INSTALL.VMS).
+$!
+$! Input:       [.UTIL]LIBEAY.NUM,[.AXP.EXE.CRYPTO]LIBCRYPTO.OLB
+$!              [.UTIL]SSLEAY.NUM,[.AXP.EXE.SSL]LIBSSL.OLB
+$! Output:      [.AXP.EXE.CRYPTO]LIBCRYPTO.OPT,.MAP,.EXE
+$!              [.AXP.EXE.SSL]LIBSSL.OPT,.MAP,.EXE
+$!
+$! So far, tests have only been made on VMS for Alpha.  VAX will come in time.
+$!
+$!
+$! >>>>>
+$!	Note: Since I don't know how to put a comment into one of the .NUM
+$!	      files, I will put the comment here and hope that it is found.
+$!
+$!	      For SSLEAY.NUM, we do not expose SSL_add_dir_cert_subjs_to_stk.
+$!	      We do not expose it because it is a truncated VMS name that
+$!	      points to (via SYMHACKS.H) SSL_add_dir_cert_subjects_to_stack.
+$!	      However, SSL_add_dir_cert_subjects_to_stack is #ifndef VMS
+$!	      out of SSL_CERT.C.  So, comment them all out and we won't get
+$!	      any link errors about undefined symbols.  This all works fine
+$!	      until we need this API's functionality. 
+$!
+$!	      For LIBEAY.NUM, 
+$!		ASN1_UTCTIME_GET  #if 0         [.CRYPTO.ASN1]A_UTCTM.C
+$!								[.CRYPTO.ASN1]ASN1.H
+$!
+$!		DES_SET_WEAK_KEY_FLAG           [.CRYPTO.DES]DES.H
+$!						Not used in any .C file.
+$!
+$!		DH_GET_DEFAULT_METHOD   Not found in any .C or .H file.
+$!		DH_SET_DEFAULT_METHOD   Not found in any .C or .H file.
+$!		DSA_GET_DEFAULT_METHOD  Not found in any .C or .H file.
+$!		DSA_SET_DEFAULT_METHOD  Not found in any .C or .H file.
+$!
+$!		PEM_READ_BIO_NETSCAPE_CERT_SEQUENCE     [.CRYPTO.PEM]PEM.H
+$!							[.CRYPTO]SYMHACKS.H
+$!							PEM_read_bio_NS_CERT_SEQ is not in any .C or .H file.
+$!
+$!		PEM_READ_BIO_PKCS8_PRIV_KEY_INFO        [.CRYPTO]SYMHACKS.H
+$!			#define PEM_read_bio_PKCS8_PRIV_KEY_INFO        PEM_read_bio_P8_PRIV_KEY_INFO
+$!			PEM_read_bio_P8_PRIV_KEY_INFO is not in any .C or .H file.
+$!
+$!		PEM_READ_NETSCAPE_CERT_SEQUENCE         [.CRYPTO.PEM]PEM.H
+$!							[.CRYPTO]SYMHACKS.H
+$!			#define PEM_read_NETSCAPE_CERT_SEQUENCE         PEM_read_NS_CERT_SEQ
+$!			PEM_read_NS_CERT_SEQ is not in any .C or .H file.
+$!
+$!		PEM_READ_PKCS8_PRIV_KEY_INFO            [.CRYPTO]SYMHACKS.H
+$!			#define PEM_read_PKCS8_PRIV_KEY_INFO            PEM_read_P8_PRIV_KEY_INFO
+$!			PEM_read_P8_PRIV_KEY_INFO is not in any .C or .H file.
+$!
+$!		PEM_WRITE_BIO_NETSCAPE_CERT_SEQUENCE    [.CRYPTO.PEM]PEM.H
+$!							[.CRYPTO]SYMHACKS.H
+$!			#define PEM_write_bio_NETSCAPE_CERT_SEQUENCE    PEM_write_bio_NS_CERT_SEQ
+$!			PEM_write_bio_NS_CERT_SEQ is not in any .C or .H file.
+$!
+$!		PEM_WRITE_BIO_PKCS8_PRIV_KEY_INFO       [.CRYPTO]SYMHACKS.H
+$!			#define PEM_write_bio_PKCS8_PRIV_KEY_INFO       PEM_write_bio_P8_PRIV_KEY_INFO
+$!			PEM_write_bio_P8_PRIV_KEY_INFO is not in any .C or .H file.
+$!
+$!		PEM_WRITE_NETSCAPE_CERT_SEQUENCE        [.CRYPTO.PEM]PEM.H
+$!							[.CRYPTO]SYMHACKS.H
+$!			#define PEM_write_NETSCAPE_CERT_SEQUENCE        PEM_write_NS_CERT_SEQ
+$!			PEM_write_NS_CERT_SEQ is not in any .C or .H file.
+$!
+$!		PEM_WRITE_PKCS8_PRIV_KEY_INFO           [.CRYPTO]SYMHACKS.H
+$!			#define PEM_write_PKCS8_PRIV_KEY_INFO           PEM_write_P8_PRIV_KEY_INFO
+$!			PEM_write_P8_PRIV_KEY_INFO is not in any .C or .H file.
+$!
+$!		RAND_EVENT                              [.CRYPTO.RAND]RAND.H RAND_event is #if windows || Win32
+$!							[.CRYPTO.RAND]RAND_WIN.C
+$!							All modules in RAND_WIN are WINDOWS or WIN32 modules.
+$!
+$!		RAND_SCREEN     if Windows or Win32 - [.CRYPTO.RAND]RAND.H
+$!
+$!		RSA_GET_DEFAULT_METHOD          is not in any .C or .H file.
+$!
+$!		RSA_SET_DEFAULT_METHOD           is not in any .C or .H file.
+$!
+$!
+$!
+$! ===========================================================================
+$!
+$! Setup VMS specific information.
+$!
+$ @vms_build_info
+$!
+$! ----- Prepare info for processing: version number and file info
+$ gosub read_version_info
+$!
+$ if libver .eqs. ""
+$ then
+$   write sys$error "ERROR: Couldn't find any library version info..."
+$   exit
+$ endif
+$
+$ if f$getsyi("CPU") .ge. 128
+$ then
+$   libid  = "Crypto"
+$   libnum = "[.UTIL]LIBEAY.NUM"
+$   libdir = "[.AXP.EXE.CRYPTO]"
+$   libolb = "''libdir'LIBCRYPTO''build_bits'.OLB"
+$   libopt = "''libdir'LIBCRYPTO.OPT"
+$   libmap = "''libdir'LIBCRYPTO.MAP"
+$   if build_bits .eqs. "32"
+$   then 
+$      libgoal= "''libdir'SSL$LIBCRYPTO_SHR''build_bits'.EXE"
+$   else
+$      libgoal= "''libdir'SSL$LIBCRYPTO_SHR.EXE"
+$   endif
+$   libref = ""
+$   gosub create_axp_shr
+$   libid  = "SSL"
+$   libnum = "[.UTIL]SSLEAY.NUM"
+$   libdir = "[.AXP.EXE.SSL]"
+$   libolb = "''libdir'LIBSSL''build_bits'.OLB"
+$   libopt = "''libdir'LIBSSL.OPT"
+$   libmap = "''libdir'LIBSSL.MAP"
+$   if build_bits .eqs. "32"
+$   then 
+$      libgoal= "''libdir'SSL$LIBSSL_SHR''build_bits'.EXE"
+$      libref = "[.AXP.EXE.CRYPTO]SSL$LIBCRYPTO_SHR''build_bits'.EXE"
+$   else
+$      libgoal= "''libdir'SSL$LIBSSL_SHR.EXE"
+$      libref = "[.AXP.EXE.CRYPTO]SSL$LIBCRYPTO_SHR.EXE"
+$   endif
+$   gosub create_axp_shr
+$ else
+$   libtit = "CRYPTO_TRANSFER_VECTOR"
+$   libid  = "Crypto"
+$   libnum = "[.UTIL]LIBEAY.NUM"
+$   libdir = "[.VAX.EXE.CRYPTO]"
+$   libmar = "''libdir'LIBCRYPTO.MAR"
+$   libolb = "''libdir'LIBCRYPTO''build_bits.OLB"
+$   libopt = "''libdir'LIBCRYPTO.OPT"
+$   libobj = "''libdir'LIBCRYPTO.OBJ"
+$   libmap = "''libdir'LIBCRYPTO.MAP"
+$   if build_bits .eqs. "32"
+$   then
+$      libgoal= "''libdir'SSL$LIBCRYPTO_SHR''build_bits'.EXE"
+$   else
+$      libgoal= "''libdir'SSL$LIBCRYPTO_SHR.EXE"
+$   endif
+$   libref = ""
+$   libvec = "LIBCRYPTO"
+$   gosub create_vax_shr
+$   libtit = "SSL_TRANSFER_VECTOR"
+$   libid  = "SSL"
+$   libnum = "[.UTIL]SSLEAY.NUM"
+$   libdir = "[.VAX.EXE.SSL]"
+$   libmar = "''libdir'LIBSSL.MAR"
+$   libolb = "''libdir'LIBSSL''build_bits'.OLB"
+$   libopt = "''libdir'LIBSSL.OPT"
+$   libobj = "''libdir'LIBSSL.OBJ"
+$   libmap = "''libdir'LIBSSL.MAP"
+$   if build_bits .eqs. "32"
+$   then
+$      libgoal= "''libdir'SSL$LIBSSL_SHR''build_bits'.EXE"
+$      libref = "[.VAX.EXE.CRYPTO]SSL$LIBCRYPTO_SHR''build_bits'.EXE"
+$   else
+$      libgoal= "''libdir'SSL$LIBSSL_SHR.EXE"
+$      libref = "[.VAX.EXE.CRYPTO]SSL$LIBCRYPTO_SHR.EXE"
+$   endif
+$   libvec = "LIBSSL"
+$   gosub create_vax_shr
+$ endif
+$ exit
+$
+$! ----- Soubroutines to actually build the shareable libraries
+$! The way things work, there's a main shareable library creator for each
+$! supported architecture, which is called from the main code above.
+$! The creator will define a number of variables to tell the next levels of
+$! subroutines what routines to use to write to the option files, call the
+$! main processor, read_func_num, and when that is done, it will write version
+$! data at the end of the .opt file, close it, and link the library.
+$!
+$! read_func_num reads through a .num file and calls the writer routine for
+$! each line.  It's also responsible for checking that order is properly kept
+$! in the .num file, check that each line applies to VMS and the architecture,
+$! and to fill in "holes" with dummy entries.
+$!
+$! The creator routines depend on the following variables:
+$! libnum       The name of the .num file to use as input
+$! libolb       The name of the object library to build from
+$! libid        The identification string of the shareable library
+$! libopt       The name of the .opt file to write
+$! libtit       The title of the assembler transfer vector file (VAX only)
+$! libmar       The name of the assembler transfer vector file (VAX only)
+$! libmap       The name of the map file to write
+$! libgoal      The name of the shareable library to write
+$! libref       The name of a shareable library to link in
+$!
+$! read_func_num depends on the following variables from the creator:
+$! libwriter    The name of the writer routine to call for each .num file line
+$! -----
+$
+$! ----- Subroutines for AXP
+$! -----
+$! The creator routine
+$ create_axp_shr:
+$   open/write opt 'libopt'
+$   write opt "identification=""",libid," ",libverstr,""""
+$   write opt "build_ident=""",build_ident,"_",build_platform,"_",build_bits,""" "
+$   write opt libolb,"/lib"
+$   if libref .nes. "" then write opt libref,"/SHARE"
+$   write opt "SYMBOL_VECTOR=(-"
+$   libfirstentry := true
+$   libwrch   := opt
+$   libwriter := write_axp_transfer_entry
+$   textcount = 0
+$   gosub read_func_num
+$   write opt ")"
+$   write opt "GSMATCH=",libvmatch,",",libver
+$   close opt
+$   link/map='libmap'/full/share='libgoal' 'libopt'/option
+$   return
+$
+$! The record writer routine
+$ write_axp_transfer_entry:
+$   if libentry .eqs. ".dummy" then return
+$   if info_kind .eqs. "VARIABLE"
+$   then
+$     pr:=DATA
+$   else
+$     pr:=PROCEDURE
+$   endif
+$   textcount_this = f$length(pr) + f$length(libentry) + 5
+$   if textcount + textcount_this .gt. 1024
+$   then
+$     write opt ")"
+$     write opt "SYMBOL_VECTOR=(-"
+$     textcount = 16
+$     libfirstentry := true
+$   endif
+$   if libfirstentry
+$   then
+$     write 'libwrch' "    ",libentry,"=",pr," -"
+$!DEBUG!$     write sys$output "''libentry' = ''pr' #1"
+$   else
+$     write 'libwrch' "    ,",libentry,"=",pr," -"
+$!DEBUG!$     write sys$output ",''libentry' = ''pr'"
+$   endif
+$   libfirstentry := false
+$   textcount = textcount + textcount_this
+$   return
+$
+$! ----- Subroutines for VAX
+$! -----
+$! The creator routine
+$ create_vax_shr:
+$   open/write mar 'libmar'
+$   type sys$input:/out=mar:
+;
+; Transfer vector for VAX shareable image
+;
+$   write mar " .TITLE ",libtit
+$   write mar " .IDENT /",libid,"/"
+$   type sys$input:/out=mar:
+;
+; Define macro to assist in building transfer vector entries.  Each entry
+; should take no more than 8 bytes.
+;
+        .MACRO FTRANSFER_ENTRY routine
+        .ALIGN QUAD
+        .TRANSFER routine
+        .MASK   routine
+        JMP     routine+2
+        .ENDM TRANSFER_ENTRY
+;
+; Place entries in own program section.
+;
+$   write mar " .PSECT $$",libvec,"QUAD,PIC,USR,CON,REL,LCL,SHR,EXE,RD,NOWRT"
+$   write mar libvec,"_xfer:"
+$   libwrch   := mar
+$   libwriter := write_vax_ftransfer_entry
+$   gosub read_func_num
+$   type sys$input:/out=mar:
+;
+; Allocate extra storage at end of vector to allow for expansion.
+;
+$   write mar " .BLKB 32768-<.-",libvec,"_xfer> ; 64 pages total."
+$   libwriter := write_vax_vtransfer_entry
+$   gosub read_func_num
+$   write mar " .END"
+$   close mar
+$   open/write opt 'libopt'
+$   write opt "identification=""",libid," ",libverstr,""""
+$   write opt libobj
+$   write opt libolb,"/lib"
+$   if libref .nes. "" then write opt libref,"/SHARE"
+$   type sys$input:/out=opt:
+!
+! Ensure transfer vector is at beginning of image
+!
+CLUSTER=FIRST
+$   write opt "COLLECT=FIRST,$$",libvec
+$   write opt "GSMATCH=",libvmatch,",",libver
+$   type sys$input:/out=opt:
+!
+! make psects nonshareable so image can be installed.
+!
+PSECT_ATTR=$CHAR_STRING_CONSTANTS,NOWRT
+$   libwrch   := opt
+$   libwriter := write_vax_psect_attr
+$   gosub read_var_num
+$   close opt
+$   macro/obj='libobj' 'libmar'
+$   link/map='libmap'/full/share='libgoal' 'libopt'/option
+$   return
+$
+$! The record writer routine for VAX functions
+$ write_vax_ftransfer_entry:
+$   if info_kind .nes. "FUNCTION" then return
+$   if libentry .eqs ".dummy"
+$   then
+$     write 'libwrch' " .BLKB 8" ! Dummy is zeroes...
+$   else
+$     write 'libwrch' " FTRANSFER_ENTRY ",libentry
+$   endif
+$   return
+$! The record writer routine for VAX variables (should never happen!)
+$ write_vax_psect_attr:
+$   if info_kind .nes. "VARIABLE" then return
+$   if libentry .eqs ".dummy" then return
+$   write 'libwrch' "PSECT_ATTR=",libentry,",NOSHR"
+$   return
+$
+$! ----- Common subroutines
+$! -----
+$! The .num file reader.  This one has great responsability.
+$ read_func_num:
+$   open libnum 'libnum'
+$   goto read_nums
+$
+$ read_nums:
+$   libentrynum=0
+$   liblastentry:=false
+$   entrycount=0
+$   loop:
+$     read/end=loop_end/err=loop_end libnum line
+$     entrynum=f$int(f$element(1," ",f$edit(line,"COMPRESS,TRIM")))
+$     entryinfo=f$element(2," ",f$edit(line,"COMPRESS,TRIM"))
+$     curentry=f$element(0," ",f$edit(line,"COMPRESS,TRIM"))
+$     info_exist=f$element(0,":",entryinfo)
+$     info_platforms=","+f$element(1,":",entryinfo)+","
+$     info_kind=f$element(2,":",entryinfo)
+$     info_algorithms=","+f$element(3,":",entryinfo)+","
+$!
+$!DEBUG!$ write sys$output " Processing ... ", line
+$!DEBUG!$ write sys$output "Entry num = ",entrynum
+$!DEBUG!$ write sys$output "Entry info = ",entryinfo
+$!DEBUG!$ write sys$output "Cur Entry = ",curentry
+$!DEBUG!$ write sys$output "info exist = ",info_exist
+$!DEBUG!$ write sys$output "info platforms = ",info_platforms
+$!DEBUG!$ write sys$output "info kind = ",info_kind
+$!DEBUG!$ write sys$output "info algs = ",info_algorithms
+$!
+$     if info_exist .eqs. "NOEXIST" then goto loop
+$     truesum = 0
+$     falsesum = 0
+$     negatives = 1
+$     plat_i = 0
+$     loop1:
+$       plat_entry = f$element(plat_i,",",info_platforms)
+$!DEBUG!$ write sys$output "plat entry = ",plat_entry
+$! 
+$       plat_i = plat_i + 1
+$!DEBUG!$ write sys$output "plat i = ", plat_i
+$       if plat_entry .eqs. "" then goto loop1
+$       if plat_entry .eqs. ","
+$       then
+$	  goto endloop1
+$       else
+$         if f$extract(0,1,plat_entry) .nes. "!" then negatives = 0
+$         if f$getsyi("CPU") .lt. 128
+$         then
+$           if plat_entry .eqs. "EXPORT_VAR_AS_FUNCTION" then -
+$             truesum = truesum + 1
+$           if plat_entry .eqs. "!EXPORT_VAR_AS_FUNCTION" then -
+$             falsesum = falsesum + 1
+$         endif
+$         if plat_entry .eqs. "VMS" 
+$	  then 
+$		truesum = truesum + 1
+$!DEBUG!$		write sys$output "plat_entry = VMS"
+$         endif
+$!
+$         if plat_entry .eqs. "!VMS" 
+$	  then 
+$		falsesum = falsesum + 1
+$!DEBUG!$		write sys$output "plat_entry <> VMS"
+$         endif
+$       endif
+$       goto loop1
+$! 
+$     endloop1:
+$!DEBUG!$     if info_platforms - "EXPORT_VAR_AS_FUNCTION" .nes. info_platforms
+$!DEBUG!$     then
+$!DEBUG!$       write sys$output line
+$!DEBUG!$       write sys$output "        truesum = ",truesum,-
+$!DEBUG!                ", negatives = ",negatives,", falsesum = ",falsesum
+$!DEBUG!$     endif
+$     if falsesum .ne. 0 then goto loop
+$     if truesum+negatives .eq. 0 
+$     then
+$!DEBUG!$	write sys$output "truesum+negatives .eq. 0. Going to loop." 
+$	goto loop
+$     endif
+$     alg_i = 0
+$     loop2:
+$       alg_entry = f$element(alg_i,",",info_algorithms)
+$!DEBUG!$ write sys$output "alg entry = ",alg_entry
+$       alg_i = alg_i + 1
+$       if alg_entry .eqs. "" then goto loop2
+$       if alg_entry .eqs. ","
+$       then
+$	  goto endloop2
+$       else
+$         if alg_entry .eqs. "KRB5" then goto loop ! Special for now
+$         if f$trnlnm("OPENSSL_NO_"+alg_entry) .nes. "" then goto loop
+$       endif
+$	goto loop2
+$!
+$     endloop2:
+$     if info_platforms - "EXPORT_VAR_AS_FUNCTION" .nes. info_platforms
+$     then
+$!DEBUG!$     write sys$output curentry," ; ",entrynum," ; ",entryinfo
+$     endif
+$   redo:
+$     next:=loop
+$     tolibentry=curentry
+$     if libentrynum .ne. entrynum
+$     then
+$       entrycount=entrycount+1
+$       if entrycount .lt. entrynum
+$       then
+$!DEBUG!$         write sys$output "Info: entrycount: ''entrycount', entrynum: ''entrynum' => 0"
+$         tolibentry=".dummy"
+$         next:=redo
+$       endif
+$       if entrycount .gt. entrynum
+$       then
+$         write sys$error "Decreasing library entry numbers!  Can't continue"
+$         write sys$error """",line,""""
+$         close libnum
+$         return
+$       endif
+$       libentry=tolibentry
+$!DEBUG!$       write sys$output entrycount," ",libentry," ",entryinfo
+$       if libentry .nes. "" .and. libwriter .nes. "" then gosub 'libwriter'
+$     else
+$       write sys$error "Info: ""''curentry'"" is an alias for ""''libentry'"".  Overriding..."
+$     endif
+$     libentrynum=entrycount
+$     goto 'next'
+$   loop_end:
+$   close libnum
+$   return
+$!
+$! The version number reader
+$!
+$read_version_info:
+$   libver = ""
+$   open/read vf [.CRYPTO]OPENSSLV.H
+$   loop_rvi:
+$     read/err=endloop_rvi/end=endloop_rvi vf rvi_line
+$     if rvi_line - "SHLIB_VERSION_NUMBER """ .eqs. rvi_line then -
+        goto loop_rvi
+$     libverstr = f$element(1,"""",rvi_line)
+$     libvmajor = f$element(0,".",libverstr)
+$     libvminor = f$element(1,".",libverstr)
+$     libvedit = f$element(2,".",libverstr)
+$     libvpatch = f$cvui(0,8,f$extract(1,1,libvedit)+"@")-f$cvui(0,8,"@")
+$     libvedit = f$extract(0,1,libvedit)
+$     libver = f$string(f$int(libvmajor)*100)+","+-
+        f$string(f$int(libvminor)*100+f$int(libvedit)*10+f$int(libvpatch))
+$     if libvmajor .eqs. "0"
+$     then
+$       libvmatch = "EQUAL"
+$     else
+$       ! Starting with the 1.0 release, backward compatibility should be
+$       ! kept, so switch over to the following
+$       libvmatch = "LEQUAL"
+$     endif
+$   endloop_rvi:
+$   close vf
+$   return
--- a/VMS/multinet_shr.opt
+++ b/VMS/multinet_shr.opt
@@ -0,0 +1 @@
+multinet:multinet_socket_library.exe/share
--- a/VMS/openssl_utils.com
+++ b/VMS/openssl_utils.com
@@ -0,0 +1,38 @@
+$!
+$!  APPS.COM
+$!  Written By:  Robert Byer
+$!               Vice-President
+$!               A-Com Computing, Inc.
+$!               byer@mail.all-net.net
+$!
+$!
+$! Slightly modified by Richard Levitte <richard@levitte.org>
+$!
+$ OPENSSL  :== $SSLEXE:OPENSSL
+$ VERIFY   :== $SSLEXE:OPENSSL VERIFY
+$ ASN1PARSE:== $SSLEXE:OPENSSL ASN1PARS
+$ REQ      :== $SSLEXE:OPENSSL REQ
+$ DGST     :== $SSLEXE:OPENSSL DGST
+$ DH       :== $SSLEXE:OPENSSL DH
+$ ENC      :== $SSLEXE:OPENSSL ENC
+$ GENDH    :== $SSLEXE:OPENSSL GENDH
+$ ERRSTR   :== $SSLEXE:OPENSSL ERRSTR
+$ CA       :== $SSLEXE:OPENSSL CA
+$ CRL      :== $SSLEXE:OPENSSL CRL
+$ RSA      :== $SSLEXE:OPENSSL RSA
+$ DSA      :== $SSLEXE:OPENSSL DSA
+$ DSAPARAM :== $SSLEXE:OPENSSL DSAPARAM
+$ X509     :== $SSLEXE:OPENSSL X509
+$ GENRSA   :== $SSLEXE:OPENSSL GENRSA
+$ GENDSA   :== $SSLEXE:OPENSSL GENDSA
+$ S_SERVER :== $SSLEXE:OPENSSL S_SERVER
+$ S_CLIENT :== $SSLEXE:OPENSSL S_CLIENT
+$ SPEED    :== $SSLEXE:OPENSSL SPEED
+$ S_TIME   :== $SSLEXE:OPENSSL S_TIME
+$ VERSION  :== $SSLEXE:OPENSSL VERSION
+$ PKCS7    :== $SSLEXE:OPENSSL PKCS7
+$ CRL2PKCS7:== $SSLEXE:OPENSSL CRL2P7
+$ SESS_ID  :== $SSLEXE:OPENSSL SESS_ID
+$ CIPHERS  :== $SSLEXE:OPENSSL CIPHERS
+$ NSEQ     :== $SSLEXE:OPENSSL NSEQ
+$ PKCS12   :== $SSLEXE:OPENSSL PKCS12
--- a/VMS/socketshr_shr.opt
+++ b/VMS/socketshr_shr.opt
@@ -0,0 +1 @@
+socketshr/share
--- a/VMS/ssl$syshutdown.com
+++ b/VMS/ssl$syshutdown.com
@@ -0,0 +1,8 @@
+$!
+$! SSL$SYSHUTDOWN.COM - This command procedure is used for site specific SSL
+$!			shutdown tasks.  Anything setup in SSL$SYSTARTUP.COM
+$!			should be cleaned up in this command procedure.
+$!
+$ DEASSIGN/SYSTEM/EXEC  RANDFILE
+$ DEASSIGN/SYSTEM/EXEC  SSL$RANDFILE
+$!
--- a/VMS/ssl$systartup.com
+++ b/VMS/ssl$systartup.com
@@ -0,0 +1,7 @@
+$!
+$!
+$!  Add logical to aid random number generators.  --  http://www.free.lp.se/openssl/docs/openssl3.html#ss3.1
+$!
+$ DEFINE/SYSTEM/EXEC  RANDFILE		SSL$ROOT:[PRIVATE]RANDFILE.;
+$ DEFINE/SYSTEM/EXEC  SSL$RANDFILE	SSL$ROOT:[PRIVATE]RANDFILE.;
+$!
--- a/VMS/ssl$utils.com
+++ b/VMS/ssl$utils.com
@@ -0,0 +1,76 @@
+$!
+$!  APPS.COM
+$!  Written By:  Robert Byer
+$!               Vice-President
+$!               A-Com Computing, Inc.
+$!               byer@mail.all-net.net
+$!
+$!
+$! Slightly modified by Richard Levitte <richard@levitte.org>
+$!
+$ IF P1 .NES. "" THEN GOTO 'P1
+$!
+$DEFINE:
+$!
+$ OPENSSL  :== $SSL$EXE:OPENSSL
+$ VERIFY   :== $SSL$EXE:OPENSSL VERIFY
+$ ASN1PARSE:== $SSL$EXE:OPENSSL ASN1PARS
+$ REQ      :== $SSL$EXE:OPENSSL REQ
+$ DGST     :== $SSL$EXE:OPENSSL DGST
+$ DH       :== $SSL$EXE:OPENSSL DH
+$ ENC      :== $SSL$EXE:OPENSSL ENC
+$ GENDH    :== $SSL$EXE:OPENSSL GENDH
+$ ERRSTR   :== $SSL$EXE:OPENSSL ERRSTR
+$ CA       :== $SSL$EXE:OPENSSL CA
+$ CRL      :== $SSL$EXE:OPENSSL CRL
+$ RSA      :== $SSL$EXE:OPENSSL RSA
+$ DSA      :== $SSL$EXE:OPENSSL DSA
+$ DSAPARAM :== $SSL$EXE:OPENSSL DSAPARAM
+$ X509     :== $SSL$EXE:OPENSSL X509
+$ GENRSA   :== $SSL$EXE:OPENSSL GENRSA
+$ GENDSA   :== $SSL$EXE:OPENSSL GENDSA
+$ S_SERVER :== $SSL$EXE:OPENSSL S_SERVER
+$ S_CLIENT :== $SSL$EXE:OPENSSL S_CLIENT
+$ SPEED    :== $SSL$EXE:OPENSSL SPEED
+$ S_TIME   :== $SSL$EXE:OPENSSL S_TIME
+$ VERSION  :== $SSL$EXE:OPENSSL VERSION
+$ PKCS7    :== $SSL$EXE:OPENSSL PKCS7
+$ CRL2PKCS7:== $SSL$EXE:OPENSSL CRL2P7
+$ SESS_ID  :== $SSL$EXE:OPENSSL SESS_ID
+$ CIPHERS  :== $SSL$EXE:OPENSSL CIPHERS
+$ NSEQ     :== $SSL$EXE:OPENSSL NSEQ
+$ PKCS12   :== $SSL$EXE:OPENSSL PKCS12
+$!
+$EXIT
+$!
+$REMOVE:
+$ DELETE/SYMBOL/GLOBAL OPENSSL
+$ DELETE/SYMBOL/GLOBAL VERIFY
+$ DELETE/SYMBOL/GLOBAL ASN1PARSE
+$ DELETE/SYMBOL/GLOBAL REQ
+$ DELETE/SYMBOL/GLOBAL DGST
+$ DELETE/SYMBOL/GLOBAL DH
+$ DELETE/SYMBOL/GLOBAL ENC
+$ DELETE/SYMBOL/GLOBAL GENDH
+$ DELETE/SYMBOL/GLOBAL ERRSTR
+$ DELETE/SYMBOL/GLOBAL CA
+$ DELETE/SYMBOL/GLOBAL CRL
+$ DELETE/SYMBOL/GLOBAL RSA
+$ DELETE/SYMBOL/GLOBAL DSA
+$ DELETE/SYMBOL/GLOBAL DSAPARAM
+$ DELETE/SYMBOL/GLOBAL X509
+$ DELETE/SYMBOL/GLOBAL GENRSA
+$ DELETE/SYMBOL/GLOBAL GENDSA
+$ DELETE/SYMBOL/GLOBAL S_SERVER
+$ DELETE/SYMBOL/GLOBAL S_CLIENT
+$ DELETE/SYMBOL/GLOBAL SPEED
+$ DELETE/SYMBOL/GLOBAL S_TIME
+$ DELETE/SYMBOL/GLOBAL VERSION
+$ DELETE/SYMBOL/GLOBAL PKCS7
+$ DELETE/SYMBOL/GLOBAL CRL2PKCS7
+$ DELETE/SYMBOL/GLOBAL SESS_ID
+$ DELETE/SYMBOL/GLOBAL CIPHERS
+$ DELETE/SYMBOL/GLOBAL NSEQ
+$ DELETE/SYMBOL/GLOBAL PKCS12
+$!
+$EXIT
--- a/VMS/ssl010.release_notes
+++ b/VMS/ssl010.release_notes
@@ -0,0 +1,25 @@
+
+      Compaq SSL for OpenVMS Alpha
+
+      Field Test Release Notes
+
+      February 2002
+
+      Based on OpenSSL 0.9.6B
+
+      Compaq SSL T1.0 for OpenVMS Alpha
+      CPQ-AXPVMS-SSL-T0100--1.PCSI-DCX-AXPEXE
+
+      ----------------------------------------------
+
+      Compaq is pleased to provide you with the first release of Compaq
+      SSL for OpenVMS Alpha.  Compaq SSL (Secure Sockets Layer)
+      is based on the 0.9.6B release from the Open Group.  See
+      http://www.openssl.org for more information about OpenSSL.
+
+      Documentation for this kit, including installation and configuration
+      information, release notes, a programming tutorial and API reference,
+      is included in "Open Source Security for OpenVMS Alpha
+      Volume 2: SSL" in HTML, PDF, and PostScript format. This document
+      is included on the OpenVMS field test documentation CD-ROM.
+
--- a/VMS/tcpip_shr_decc.opt
+++ b/VMS/tcpip_shr_decc.opt
@@ -0,0 +1 @@
+sys$share:tcpip$ipc_shr.exe/share
--- a/VMS/test-includes.com
+++ b/VMS/test-includes.com
@@ -0,0 +1,28 @@
+$! Quick script to check how well including individual header files works
+$! on VMS, even when the VMS macro isn't defined.
+$
+$	sav_def = f$env("DEFAULT")
+$	here = f$parse("A.;0",f$ENV("PROCEDURE")) - "A.;0"
+$	set default 'here'
+$	set default [-.include.openssl]
+$	define openssl 'f$env("DEFAULT")'
+$	set default [--]
+$
+$ loop:
+$	f = f$search("openssl:*.h")
+$	if f .eqs. "" then goto loop_end
+$	write sys$output "Checking ",f
+$	open/write foo foo.c
+$	write foo "#undef VMS"
+$	write foo "#include <stdio.h>"
+$	write foo "#include <openssl/",f$parse(f,,,"NAME"),".h>"
+$	write foo "main()"
+$	write foo "{printf(""foo\n"");}"
+$	close foo
+$	cc/STANDARD=ANSI89/NOLIST/PREFIX=ALL foo.c
+$	delete foo.c;
+$	goto loop
+$ loop_end:
+$	set default 'save_def'
+$	exit
+
--- a/VMS/ucx_shr_decc.opt
+++ b/VMS/ucx_shr_decc.opt
@@ -0,0 +1 @@
+sys$share:ucx$ipc_shr.exe/share
--- a/VMS/ucx_shr_decc_log.opt
+++ b/VMS/ucx_shr_decc_log.opt
@@ -0,0 +1 @@
+ucx$ipc_shr/share
--- a/VMS/ucx_shr_vaxc.opt
+++ b/VMS/ucx_shr_vaxc.opt
@@ -0,0 +1 @@
+sys$library:ucx$ipc.olb/library
--- a/apps/.cvsignore
+++ b/apps/.cvsignore
@@ -0,0 +1,5 @@
+openssl
+Makefile.save
+der_chop
+der_chop.bak
+CA.pl
--- a/apps/CA.com
+++ b/apps/CA.com
@@ -0,0 +1,220 @@
+$! CA - wrapper around ca to make it easier to use ... basically ca requires
+$!      some setup stuff to be done before you can use it and this makes
+$!      things easier between now and when Eric is convinced to fix it :-)
+$!
+$! CA -newca ... will setup the right stuff
+$! CA -newreq ... will generate a certificate request 
+$! CA -sign ... will sign the generated request and output 
+$!
+$! At the end of that grab newreq.pem and newcert.pem (one has the key 
+$! and the other the certificate) and cat them together and that is what
+$! you want/need ... I'll make even this a little cleaner later.
+$!
+$!
+$! 12-Jan-96 tjh    Added more things ... including CA -signcert which
+$!                  converts a certificate to a request and then signs it.
+$! 10-Jan-96 eay    Fixed a few more bugs and added the SSLEAY_CONFIG
+$!                 environment variable so this can be driven from
+$!                 a script.
+$! 25-Jul-96 eay    Cleaned up filenames some more.
+$! 11-Jun-96 eay    Fixed a few filename missmatches.
+$! 03-May-96 eay    Modified to use 'openssl cmd' instead of 'cmd'.
+$! 18-Apr-96 tjh    Original hacking
+$!
+$! Tim Hudson
+$! tjh@cryptsoft.com
+$!
+$!
+$! default ssleay.cnf file has setup as per the following
+$! demoCA ... where everything is stored
+$
+$ IF F$TYPE(SSLEAY_CONFIG) .EQS. "" THEN SSLEAY_CONFIG := SSLLIB:SSLEAY.CNF
+$
+$ DAYS   = "-days 365"
+$ REQ    = openssl + " req " + SSLEAY_CONFIG
+$ CA     = openssl + " ca " + SSLEAY_CONFIG
+$ VERIFY = openssl + " verify"
+$ X509   = openssl + " x509"
+$ PKCS12 = openssl + " pkcs12"
+$ echo   = "write sys$Output"
+$!
+$ s = F$PARSE(F$ENVIRONMENT("DEFAULT"),"[]") - "].;"
+$ CATOP  := 's'.demoCA
+$ CAKEY  := ]cakey.pem
+$ CACERT := ]cacert.pem
+$
+$ __INPUT := SYS$COMMAND
+$ RET = 1
+$!
+$ i = 1
+$opt_loop:
+$ if i .gt. 8 then goto opt_loop_end
+$
+$ prog_opt = F$EDIT(P'i',"lowercase")
+$
+$ IF (prog_opt .EQS. "?" .OR. prog_opt .EQS. "-h" .OR. prog_opt .EQS. "-help") 
+$ THEN
+$   echo "usage: CA -newcert|-newreq|-newca|-sign|-verify" 
+$   exit
+$ ENDIF
+$!
+$ IF (prog_opt .EQS. "-input")
+$ THEN
+$   ! Get input from somewhere other than SYS$COMMAND
+$   i = i + 1
+$   __INPUT = P'i'
+$   GOTO opt_loop_continue
+$ ENDIF
+$!
+$ IF (prog_opt .EQS. "-newcert")
+$ THEN
+$   ! Create a certificate.
+$   DEFINE/USER SYS$INPUT '__INPUT'
+$   REQ -new -x509 -keyout newreq.pem -out newreq.pem 'DAYS'
+$   RET=$STATUS
+$   echo "Certificate (and private key) is in newreq.pem"
+$   GOTO opt_loop_continue
+$ ENDIF
+$!
+$ IF (prog_opt .EQS. "-newreq")
+$ THEN
+$   ! Create a certificate request
+$   DEFINE/USER SYS$INPUT '__INPUT'
+$   REQ -new -keyout newreq.pem -out newreq.pem 'DAYS'
+$   RET=$STATUS
+$   echo "Request (and private key) is in newreq.pem"
+$   GOTO opt_loop_continue
+$ ENDIF
+$!
+$ IF (prog_opt .EQS. "-newca")
+$ THEN
+$   ! If explicitly asked for or it doesn't exist then setup the directory
+$   ! structure that Eric likes to manage things.
+$   IF F$SEARCH(CATOP+"]serial.") .EQS. ""
+$   THEN
+$     CREATE /DIR /PROTECTION=OWNER:RWED 'CATOP']
+$     CREATE /DIR /PROTECTION=OWNER:RWED 'CATOP'.certs]
+$     CREATE /DIR /PROTECTION=OWNER:RWED 'CATOP'.crl]
+$     CREATE /DIR /PROTECTION=OWNER:RWED 'CATOP'.newcerts]
+$     CREATE /DIR /PROTECTION=OWNER:RWED 'CATOP'.private]
+$
+$     OPEN   /WRITE ser_file 'CATOP']serial. 
+$     WRITE ser_file "01"
+$     CLOSE ser_file
+$     APPEND/NEW NL: 'CATOP']index.txt
+$
+$     ! The following is to make sure access() doesn't get confused.  It
+$     ! really needs one file in the directory to give correct answers...
+$     COPY NLA0: 'CATOP'.certs].;
+$     COPY NLA0: 'CATOP'.crl].;
+$     COPY NLA0: 'CATOP'.newcerts].;
+$     COPY NLA0: 'CATOP'.private].;
+$   ENDIF
+$!
+$   IF F$SEARCH(CATOP+".private"+CAKEY) .EQS. ""
+$   THEN
+$     READ '__INPUT' FILE -
+	   /PROMT="CA certificate filename (or enter to create)"
+$     IF F$SEARCH(FILE) .NES. ""
+$     THEN
+$       COPY 'FILE' 'CATOP'.private'CAKEY'
+$	RET=$STATUS
+$     ELSE
+$       echo "Making CA certificate ..."
+$       DEFINE/USER SYS$INPUT '__INPUT'
+$       REQ -new -x509 -keyout 'CATOP'.private'CAKEY' -
+		       -out 'CATOP''CACERT' 'DAYS'
+$	RET=$STATUS
+$     ENDIF
+$   ENDIF
+$   GOTO opt_loop_continue
+$ ENDIF
+$!
+$ IF (prog_opt .EQS. "-pkcs12")
+$ THEN
+$   i = i + 1
+$   cname = P'i'
+$   IF cname .EQS. "" THEN cname = "My certificate"
+$   PKCS12 -in newcert.pem -inkey newreq.pem -certfile 'CATOP''CACERT -
+	   -out newcert.p12 -export -name "''cname'"
+$   RET=$STATUS
+$   exit RET
+$ ENDIF
+$!
+$ IF (prog_opt .EQS. "-xsign")
+$ THEN
+$!
+$   DEFINE/USER SYS$INPUT '__INPUT'
+$   CA -policy policy_anything -infiles newreq.pem
+$   RET=$STATUS
+$   GOTO opt_loop_continue
+$ ENDIF
+$!
+$ IF ((prog_opt .EQS. "-sign") .OR. (prog_opt .EQS. "-signreq"))
+$ THEN
+$!   
+$   DEFINE/USER SYS$INPUT '__INPUT'
+$   CA -policy policy_anything -out newcert.pem -infiles newreq.pem
+$   RET=$STATUS
+$   type newcert.pem
+$   echo "Signed certificate is in newcert.pem"
+$   GOTO opt_loop_continue
+$ ENDIF
+$!
+$ IF (prog_opt .EQS. "-signcert")
+$  THEN
+$!   
+$   echo "Cert passphrase will be requested twice - bug?"
+$   DEFINE/USER SYS$INPUT '__INPUT'
+$   X509 -x509toreq -in newreq.pem -signkey newreq.pem -out tmp.pem
+$   DEFINE/USER SYS$INPUT '__INPUT'
+$   CA -policy policy_anything -out newcert.pem -infiles tmp.pem
+y
+y
+$   type newcert.pem
+$   echo "Signed certificate is in newcert.pem"
+$   GOTO opt_loop_continue
+$ ENDIF
+$!
+$ IF (prog_opt .EQS. "-verify")
+$ THEN
+$!   
+$   i = i + 1
+$   IF (p'i' .EQS. "")
+$   THEN
+$     DEFINE/USER SYS$INPUT '__INPUT'
+$     VERIFY "-CAfile" 'CATOP''CACERT' newcert.pem
+$   ELSE
+$     j = i
+$    verify_opt_loop:
+$     IF j .GT. 8 THEN GOTO verify_opt_loop_end
+$     IF p'j' .NES. ""
+$     THEN 
+$       DEFINE/USER SYS$INPUT '__INPUT'
+$       __tmp = p'j'
+$       VERIFY "-CAfile" 'CATOP''CACERT' '__tmp'
+$       tmp=$STATUS
+$       IF tmp .NE. 0 THEN RET=tmp
+$     ENDIF
+$     j = j + 1
+$     GOTO verify_opt_loop
+$    verify_opt_loop_end:
+$   ENDIF
+$   
+$   GOTO opt_loop_end
+$ ENDIF
+$!
+$ IF (prog_opt .NES. "")
+$ THEN
+$!   
+$   echo "Unknown argument ''prog_opt'"
+$   
+$   EXIT 3
+$ ENDIF
+$
+$opt_loop_continue:
+$ i = i + 1
+$ GOTO opt_loop
+$
+$opt_loop_end:
+$ EXIT 'RET'
--- a/apps/CA.pl.in
+++ b/apps/CA.pl.in
@@ -0,0 +1,173 @@
+#!/usr/local/bin/perl
+#
+# CA - wrapper around ca to make it easier to use ... basically ca requires
+#      some setup stuff to be done before you can use it and this makes
+#      things easier between now and when Eric is convinced to fix it :-)
+#
+# CA -newca ... will setup the right stuff
+# CA -newreq[-nodes] ... will generate a certificate request 
+# CA -sign ... will sign the generated request and output 
+#
+# At the end of that grab newreq.pem and newcert.pem (one has the key 
+# and the other the certificate) and cat them together and that is what
+# you want/need ... I'll make even this a little cleaner later.
+#
+#
+# 12-Jan-96 tjh    Added more things ... including CA -signcert which
+#                  converts a certificate to a request and then signs it.
+# 10-Jan-96 eay    Fixed a few more bugs and added the SSLEAY_CONFIG
+#		   environment variable so this can be driven from
+#		   a script.
+# 25-Jul-96 eay    Cleaned up filenames some more.
+# 11-Jun-96 eay    Fixed a few filename missmatches.
+# 03-May-96 eay    Modified to use 'ssleay cmd' instead of 'cmd'.
+# 18-Apr-96 tjh    Original hacking
+#
+# Tim Hudson
+# tjh@cryptsoft.com
+#
+
+# 27-Apr-98 snh    Translation into perl, fix existing CA bug.
+#
+#
+# Steve Henson
+# shenson@bigfoot.com
+
+# default openssl.cnf file has setup as per the following
+# demoCA ... where everything is stored
+
+$SSLEAY_CONFIG=$ENV{"SSLEAY_CONFIG"};
+$DAYS="-days 365";
+$REQ="openssl req $SSLEAY_CONFIG";
+$CA="openssl ca $SSLEAY_CONFIG";
+$VERIFY="openssl verify";
+$X509="openssl x509";
+$PKCS12="openssl pkcs12";
+
+$CATOP="./demoCA";
+$CAKEY="cakey.pem";
+$CACERT="cacert.pem";
+
+$DIRMODE = 0777;
+
+$RET = 0;
+
+foreach (@ARGV) {
+	if ( /^(-\?|-h|-help)$/ ) {
+	    print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n";
+	    exit 0;
+	} elsif (/^-newcert$/) {
+	    # create a certificate
+	    system ("$REQ -new -x509 -keyout newreq.pem -out newreq.pem $DAYS");
+	    $RET=$?;
+	    print "Certificate (and private key) is in newreq.pem\n"
+	} elsif (/^-newreq$/) {
+	    # create a certificate request
+	    system ("$REQ -new -keyout newreq.pem -out newreq.pem $DAYS");
+	    $RET=$?;
+	    print "Request (and private key) is in newreq.pem\n";
+	} elsif (/^-newreq-nodes$/) {
+	    # create a certificate request
+	    system ("$REQ -new -nodes -keyout newreq.pem -out newreq.pem $DAYS");
+	    $RET=$?;
+	    print "Request (and private key) is in newreq.pem\n";
+	} elsif (/^-newca$/) {
+		# if explicitly asked for or it doesn't exist then setup the
+		# directory structure that Eric likes to manage things 
+	    $NEW="1";
+	    if ( "$NEW" || ! -f "${CATOP}/serial" ) {
+		# create the directory hierarchy
+		mkdir $CATOP, $DIRMODE;
+		mkdir "${CATOP}/certs", $DIRMODE;
+		mkdir "${CATOP}/crl", $DIRMODE ;
+		mkdir "${CATOP}/newcerts", $DIRMODE;
+		mkdir "${CATOP}/private", $DIRMODE;
+		open OUT, ">${CATOP}/serial";
+		print OUT "01\n";
+		close OUT;
+		open OUT, ">${CATOP}/index.txt";
+		close OUT;
+	    }
+	    if ( ! -f "${CATOP}/private/$CAKEY" ) {
+		print "CA certificate filename (or enter to create)\n";
+		$FILE = <STDIN>;
+
+		chop $FILE;
+
+		# ask user for existing CA certificate
+		if ($FILE) {
+		    cp_pem($FILE,"${CATOP}/private/$CAKEY", "PRIVATE");
+		    cp_pem($FILE,"${CATOP}/$CACERT", "CERTIFICATE");
+		    $RET=$?;
+		} else {
+		    print "Making CA certificate ...\n";
+		    system ("$REQ -new -x509 -keyout " .
+			"${CATOP}/private/$CAKEY -out ${CATOP}/$CACERT $DAYS");
+		    $RET=$?;
+		}
+	    }
+	} elsif (/^-pkcs12$/) {
+	    my $cname = $ARGV[1];
+	    $cname = "My Certificate" unless defined $cname;
+	    system ("$PKCS12 -in newcert.pem -inkey newreq.pem " .
+			"-certfile ${CATOP}/$CACERT -out newcert.p12 " .
+			"-export -name \"$cname\"");
+	    $RET=$?;
+	    exit $RET;
+	} elsif (/^-xsign$/) {
+	    system ("$CA -policy policy_anything -infiles newreq.pem");
+	    $RET=$?;
+	} elsif (/^(-sign|-signreq)$/) {
+	    system ("$CA -policy policy_anything -out newcert.pem " .
+							"-infiles newreq.pem");
+	    $RET=$?;
+	    print "Signed certificate is in newcert.pem\n";
+	} elsif (/^(-signCA)$/) {
+	    system ("$CA -policy policy_anything -out newcert.pem " .
+					"-extensions v3_ca -infiles newreq.pem");
+	    $RET=$?;
+	    print "Signed CA certificate is in newcert.pem\n";
+	} elsif (/^-signcert$/) {
+	    system ("$X509 -x509toreq -in newreq.pem -signkey newreq.pem " .
+								"-out tmp.pem");
+	    system ("$CA -policy policy_anything -out newcert.pem " .
+							"-infiles tmp.pem");
+	    $RET = $?;
+	    print "Signed certificate is in newcert.pem\n";
+	} elsif (/^-verify$/) {
+	    if (shift) {
+		foreach $j (@ARGV) {
+		    system ("$VERIFY -CAfile $CATOP/$CACERT $j");
+		    $RET=$? if ($? != 0);
+		}
+		exit $RET;
+	    } else {
+		    system ("$VERIFY -CAfile $CATOP/$CACERT newcert.pem");
+		    $RET=$?;
+	    	    exit 0;
+	    }
+	} else {
+	    print STDERR "Unknown arg $_\n";
+	    print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n";
+	    exit 1;
+	}
+}
+
+exit $RET;
+
+sub cp_pem {
+my ($infile, $outfile, $bound) = @_;
+open IN, $infile;
+open OUT, ">$outfile";
+my $flag = 0;
+while (<IN>) {
+	$flag = 1 if (/^-----BEGIN.*$bound/) ;
+	print OUT $_ if ($flag);
+	if (/^-----END.*$bound/) {
+		close IN;
+		close OUT;
+		return;
+	}
+}
+}
+
--- a/apps/CA.sh
+++ b/apps/CA.sh
@@ -27,14 +27,14 @@
 # tjh@cryptsoft.com
 #

-# default ssleay.cnf file has setup as per the following
+# default openssl.cnf file has setup as per the following
 # demoCA ... where everything is stored

 DAYS="-days 365"
-REQ="ssleay req $SSLEAY_CONFIG"
-CA="ssleay ca $SSLEAY_CONFIG"
-VERIFY="ssleay verify"
-X509="ssleay x509"
+REQ="openssl req $SSLEAY_CONFIG"
+CA="openssl ca $SSLEAY_CONFIG"
+VERIFY="openssl verify"
+X509="openssl x509"

 CATOP=./demoCA
 CAKEY=./cakey.pem
@@ -60,7 +60,7 @@ case $i in
    echo "Request (and private key) is in newreq.pem"
    ;;
 -newca)     
-    # if explictly asked for or it doesn't exist then setup the directory
+    # if explicitly asked for or it doesn't exist then setup the directory
    # structure that Eric likes to manage things 
    NEW="1"
    if [ "$NEW" -o ! -f ${CATOP}/serial ]; then
--- a/apps/Makefile.ssl
+++ b/apps/Makefile.ssl
@@ -1,65 +1,74 @@
 #
-# SSLeay/apps/Makefile.ssl
+#  apps/Makefile.ssl
 #

 DIR=		apps
 TOP=		..
 CC=		cc
-INCLUDES=	-I../include
+INCLUDES=	-I$(TOP) -I../include $(KRB5_INCLUDES)
 CFLAG=		-g -static
+INSTALL_PREFIX=
 INSTALLTOP=	/usr/local/ssl
+OPENSSLDIR=	/usr/local/ssl
 MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	makedepend -f Makefile.ssl
+MAKEDEPPROG=	makedepend
+MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
 MAKEFILE=	Makefile.ssl
-RM=		/bin/rm -f
+PERL= perl
+RM=		rm -f
+# KRB5 stuff
+KRB5_INCLUDES=
+LIBKRB5=

 PEX_LIBS=
 EX_LIBS= 
+EXE_EXT= 
+
+SHLIB_TARGET=

 CFLAGS= -DMONOLITH $(INCLUDES) $(CFLAG)

-GENERAL=Makefile
+GENERAL=Makefile makeapps.com install.com

 DLIBCRYPTO=../libcrypto.a
 DLIBSSL=../libssl.a
 LIBCRYPTO=-L.. -lcrypto
 LIBSSL=-L.. -lssl

-SSLEAY= ssleay
+PROGRAM= openssl

-SCRIPTS=CA.sh der_chop
+SCRIPTS=CA.sh CA.pl der_chop

-EXE= $(SSLEAY)
+EXE= $(PROGRAM)$(EXE_EXT)

-E_EXE=	verify asn1pars req dgst dh enc gendh errstr ca crl \
-	rsa dsa dsaparam \
-	x509 genrsa s_server s_client speed \
-	s_time version pkcs7 crl2pkcs7 sess_id ciphers
+E_EXE=	verify asn1pars req dgst dh dhparam enc passwd gendh errstr \
+	ca crl rsa rsautl dsa dsaparam ecdsa ecdsaparam\
+	x509 genrsa gendsa s_server s_client speed \
+	s_time version pkcs7 crl2pkcs7 sess_id ciphers nseq pkcs12 \
+	pkcs8 spkac smime rand engine ocsp

-PROGS= $(SSLEAY).c
+PROGS= $(PROGRAM).c

 A_OBJ=apps.o
 A_SRC=apps.c
 S_OBJ=	s_cb.o s_socket.o
 S_SRC=	s_cb.c s_socket.c
+RAND_OBJ=app_rand.o
+RAND_SRC=app_rand.c

-E_OBJ=	verify.o asn1pars.o req.o dgst.o dh.o enc.o gendh.o errstr.o ca.o \
-	pkcs7.o crl2p7.o crl.o \
-	rsa.o dsa.o dsaparam.o \
-	x509.o genrsa.o s_server.o s_client.o speed.o \
-	s_time.o $(A_OBJ) $(S_OBJ) version.o sess_id.o \
-	ciphers.o
+E_OBJ=	verify.o asn1pars.o req.o dgst.o dh.o dhparam.o enc.o passwd.o gendh.o errstr.o \
+	ca.o pkcs7.o crl2p7.o crl.o \
+	rsa.o rsautl.o dsa.o dsaparam.o ecdsa.o ecdsaparam.o\
+	x509.o genrsa.o gendsa.o s_server.o s_client.o speed.o \
+	s_time.o $(A_OBJ) $(S_OBJ) $(RAND_OBJ) version.o sess_id.o \
+	ciphers.o nseq.o pkcs12.o pkcs8.o spkac.o smime.o rand.o engine.o ocsp.o

-#	pem_mail.o
-
-E_SRC=	verify.c asn1pars.c req.c dgst.c dh.c enc.c gendh.c errstr.c ca.c \
+E_SRC=	verify.c asn1pars.c req.c dgst.c dh.c enc.c passwd.c gendh.c errstr.c ca.c \
 	pkcs7.c crl2p7.c crl.c \
-	rsa.c dsa.c dsaparam.c \
-	x509.c genrsa.c s_server.c s_client.c speed.c \
-	s_time.c $(A_SRC) $(S_SRC) version.c sess_id.c \
-	ciphers.c
-
-#	pem_mail.c
+	rsa.c rsautl.c dsa.c dsaparam.c ecdsa.c ecdsaparam.c\
+	x509.c genrsa.c gendsa.c s_server.c s_client.c speed.c \
+	s_time.c $(A_SRC) $(S_SRC) $(RAND_SRC) version.c sess_id.c \
+	ciphers.c nseq.c pkcs12.c pkcs8.c spkac.c smime.c rand.c engine.c ocsp.c

 SRC=$(E_SRC)

@@ -75,29 +84,32 @@ top:

 all:	exe

-exe:	$(EXE)
+exe:	$(PROGRAM)

 req: sreq.o $(A_OBJ) $(DLIBCRYPTO)
-	$(CC) -o req $(CFLAG) sreq.o $(A_OBJ) $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+	$(CC) -o req $(CFLAG) sreq.o $(A_OBJ) $(RAND_OBJ) $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)

 sreq.o: req.c 
 	$(CC) -c $(INCLUDES) $(CFLAG) -o sreq.o req.c

 files:
-	perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO

-install: mklinks
-	@for i in $(EXE) $(SCRIPTS) mklinks; \
+install:
+	@for i in $(EXE); \
 	do  \
 	(echo installing $$i; \
-	 cp $$i $(INSTALLTOP)/bin/$$i; \
-	 chmod 755 $(INSTALLTOP)/bin/$$i ); \
-	 done; \
-	cp ssleay.cnf $(INSTALLTOP)/lib
-	chmod 644 $(INSTALLTOP)/lib/ssleay.cnf
-	cd $(INSTALLTOP)/bin; \
-	/bin/sh ./mklinks; \
-	/bin/rm -f ./mklinks
+	 cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i; \
+	 chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i ); \
+	 done;
+	@for i in $(SCRIPTS); \
+	do  \
+	(echo installing $$i; \
+	 cp $$i $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i; \
+	 chmod 755 $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i ); \
+	 done
+	@cp openssl.cnf $(INSTALL_PREFIX)$(OPENSSLDIR); \
+	chmod 644 $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf

 tags:
 	ctags $(SRC)
@@ -105,24 +117,21 @@ tags:
 tests:

 links:
-	/bin/rm -f Makefile
-	$(TOP)/util/point.sh Makefile.ssl Makefile ;
+	@$(TOP)/util/point.sh Makefile.ssl Makefile

 lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff

 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(SRC)
+	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(SRC)

 dclean:
-	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
 	mv -f Makefile.new $(MAKEFILE)

-errors:
-
 clean:
-	/bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff $(EXE)
-	/bin/rm -f req
+	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff $(EXE)
+	rm -f req

 $(DLIBSSL):
 	(cd ../ssl; $(MAKE))
@@ -130,15 +139,807 @@ $(DLIBSSL):
 $(DLIBCRYPTO):
 	(cd ../crypto; $(MAKE))

-$(SSLEAY): progs.h $(E_OBJ) $(SSLEAY).o $(DLIBCRYPTO) $(DLIBSSL)
-	$(RM) $(SSLEAY)
-	$(CC) -o $(SSLEAY) $(CFLAGS) $(SSLEAY).o $(E_OBJ) $(PEX_LIBS) $(LIBSSL) $(LIBCRYPTO) $(EX_LIBS)
+$(PROGRAM): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL)
+	$(RM) $(PROGRAM)
+	if [ "$(SHLIB_TARGET)" = "hpux-shared" ] ; then \
+	  $(CC) -o $(PROGRAM) $(CFLAGS) $(PROGRAM).o $(E_OBJ) $(PEX_LIBS) $(DLIBSSL) $(LIBKRB5) $(DLIBCRYPTO) $(EX_LIBS) ; \
+	else \
+	  $(CC) -o $(PROGRAM) $(CFLAGS) $(PROGRAM).o $(E_OBJ) $(PEX_LIBS) $(LIBSSL) $(LIBKRB5) $(LIBCRYPTO) $(EX_LIBS) ; \
+	fi
+	-(cd ..; OPENSSL="`pwd`/apps/openssl"; export OPENSSL; \
+		LIBPATH="`pwd`"; LD_LIBRARY_PATH="`pwd`"; SHLIB_PATH="`pwd`"; \
+		export LD_LIBRARY_PATH SHLIB_PATH LIBPATH; \
+		$(PERL) tools/c_rehash certs)

-progs.h:
-	perl ./g_ssleay.pl $(E_EXE) >progs.h
-	$(RM) $(SSLEAY).o
-
-mklinks:
-	perl ./g_ssleay.pl $(E_EXE) >progs.h
+progs.h: progs.pl
+	$(PERL) progs.pl $(E_EXE) >progs.h
+	$(RM) $(PROGRAM).o

 # DO NOT DELETE THIS LINE -- make depend depends on it.
+
+app_rand.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/asn1t.h
+app_rand.o: ../include/openssl/bio.h ../include/openssl/bn.h
+app_rand.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+app_rand.o: ../include/openssl/crypto.h ../include/openssl/dh.h
+app_rand.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+app_rand.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h
+app_rand.o: ../include/openssl/engine.h ../include/openssl/err.h
+app_rand.o: ../include/openssl/evp.h ../include/openssl/lhash.h
+app_rand.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+app_rand.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+app_rand.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
+app_rand.o: ../include/openssl/rand.h ../include/openssl/rsa.h
+app_rand.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+app_rand.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+app_rand.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+app_rand.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h app_rand.c
+app_rand.o: apps.h
+apps.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/asn1t.h
+apps.o: ../include/openssl/bio.h ../include/openssl/bn.h
+apps.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+apps.o: ../include/openssl/crypto.h ../include/openssl/dh.h
+apps.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+apps.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h
+apps.o: ../include/openssl/engine.h ../include/openssl/err.h
+apps.o: ../include/openssl/evp.h ../include/openssl/lhash.h
+apps.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+apps.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+apps.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+apps.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h
+apps.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+apps.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+apps.o: ../include/openssl/sha.h ../include/openssl/stack.h
+apps.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+apps.o: ../include/openssl/ui.h ../include/openssl/x509.h
+apps.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.c apps.h
+asn1pars.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/asn1t.h
+asn1pars.o: ../include/openssl/bio.h ../include/openssl/bn.h
+asn1pars.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+asn1pars.o: ../include/openssl/crypto.h ../include/openssl/dh.h
+asn1pars.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+asn1pars.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h
+asn1pars.o: ../include/openssl/engine.h ../include/openssl/err.h
+asn1pars.o: ../include/openssl/evp.h ../include/openssl/lhash.h
+asn1pars.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+asn1pars.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+asn1pars.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+asn1pars.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+asn1pars.o: ../include/openssl/rand.h ../include/openssl/rsa.h
+asn1pars.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+asn1pars.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+asn1pars.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+asn1pars.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+asn1pars.o: asn1pars.c
+ca.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/asn1t.h
+ca.o: ../include/openssl/bio.h ../include/openssl/bn.h
+ca.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+ca.o: ../include/openssl/crypto.h ../include/openssl/dh.h
+ca.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+ca.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h
+ca.o: ../include/openssl/engine.h ../include/openssl/err.h
+ca.o: ../include/openssl/evp.h ../include/openssl/lhash.h
+ca.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+ca.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+ca.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+ca.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+ca.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+ca.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+ca.o: ../include/openssl/sha.h ../include/openssl/stack.h
+ca.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+ca.o: ../include/openssl/ui.h ../include/openssl/x509.h
+ca.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h ca.c
+ciphers.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/asn1t.h
+ciphers.o: ../include/openssl/bio.h ../include/openssl/bn.h
+ciphers.o: ../include/openssl/buffer.h ../include/openssl/comp.h
+ciphers.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+ciphers.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+ciphers.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+ciphers.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+ciphers.o: ../include/openssl/err.h ../include/openssl/evp.h
+ciphers.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+ciphers.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+ciphers.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ciphers.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+ciphers.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+ciphers.o: ../include/openssl/rand.h ../include/openssl/rsa.h
+ciphers.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+ciphers.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+ciphers.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+ciphers.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+ciphers.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
+ciphers.o: ../include/openssl/ui.h ../include/openssl/x509.h
+ciphers.o: ../include/openssl/x509_vfy.h apps.h ciphers.c
+crl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/asn1t.h
+crl.o: ../include/openssl/bio.h ../include/openssl/bn.h
+crl.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+crl.o: ../include/openssl/crypto.h ../include/openssl/dh.h
+crl.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+crl.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h
+crl.o: ../include/openssl/engine.h ../include/openssl/err.h
+crl.o: ../include/openssl/evp.h ../include/openssl/lhash.h
+crl.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+crl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+crl.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+crl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+crl.o: ../include/openssl/rand.h ../include/openssl/rsa.h
+crl.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+crl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+crl.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+crl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+crl.o: ../include/openssl/x509v3.h apps.h crl.c
+crl2p7.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/asn1t.h
+crl2p7.o: ../include/openssl/bio.h ../include/openssl/bn.h
+crl2p7.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+crl2p7.o: ../include/openssl/crypto.h ../include/openssl/dh.h
+crl2p7.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+crl2p7.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h
+crl2p7.o: ../include/openssl/engine.h ../include/openssl/err.h
+crl2p7.o: ../include/openssl/evp.h ../include/openssl/lhash.h
+crl2p7.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+crl2p7.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+crl2p7.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+crl2p7.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+crl2p7.o: ../include/openssl/rand.h ../include/openssl/rsa.h
+crl2p7.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+crl2p7.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+crl2p7.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+crl2p7.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+crl2p7.o: crl2p7.c
+dgst.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/asn1t.h
+dgst.o: ../include/openssl/bio.h ../include/openssl/bn.h
+dgst.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+dgst.o: ../include/openssl/crypto.h ../include/openssl/dh.h
+dgst.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+dgst.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h
+dgst.o: ../include/openssl/engine.h ../include/openssl/err.h
+dgst.o: ../include/openssl/evp.h ../include/openssl/lhash.h
+dgst.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+dgst.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+dgst.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+dgst.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+dgst.o: ../include/openssl/rand.h ../include/openssl/rsa.h
+dgst.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+dgst.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+dgst.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+dgst.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h dgst.c
+dh.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/asn1t.h
+dh.o: ../include/openssl/bio.h ../include/openssl/bn.h
+dh.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+dh.o: ../include/openssl/crypto.h ../include/openssl/dh.h
+dh.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+dh.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h
+dh.o: ../include/openssl/engine.h ../include/openssl/err.h
+dh.o: ../include/openssl/evp.h ../include/openssl/lhash.h
+dh.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+dh.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+dh.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+dh.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+dh.o: ../include/openssl/rand.h ../include/openssl/rsa.h
+dh.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+dh.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+dh.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+dh.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h dh.c
+dsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/asn1t.h
+dsa.o: ../include/openssl/bio.h ../include/openssl/bn.h
+dsa.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+dsa.o: ../include/openssl/crypto.h ../include/openssl/dh.h
+dsa.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+dsa.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h
+dsa.o: ../include/openssl/engine.h ../include/openssl/err.h
+dsa.o: ../include/openssl/evp.h ../include/openssl/lhash.h
+dsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+dsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+dsa.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+dsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+dsa.o: ../include/openssl/rand.h ../include/openssl/rsa.h
+dsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+dsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+dsa.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+dsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h dsa.c
+dsaparam.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/asn1t.h
+dsaparam.o: ../include/openssl/bio.h ../include/openssl/bn.h
+dsaparam.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+dsaparam.o: ../include/openssl/crypto.h ../include/openssl/dh.h
+dsaparam.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+dsaparam.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h
+dsaparam.o: ../include/openssl/engine.h ../include/openssl/err.h
+dsaparam.o: ../include/openssl/evp.h ../include/openssl/lhash.h
+dsaparam.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+dsaparam.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+dsaparam.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+dsaparam.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+dsaparam.o: ../include/openssl/rand.h ../include/openssl/rsa.h
+dsaparam.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+dsaparam.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+dsaparam.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+dsaparam.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+dsaparam.o: dsaparam.c
+ecdsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/asn1t.h
+ecdsa.o: ../include/openssl/bio.h ../include/openssl/bn.h
+ecdsa.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+ecdsa.o: ../include/openssl/crypto.h ../include/openssl/dh.h
+ecdsa.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+ecdsa.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h
+ecdsa.o: ../include/openssl/engine.h ../include/openssl/err.h
+ecdsa.o: ../include/openssl/evp.h ../include/openssl/lhash.h
+ecdsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+ecdsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ecdsa.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+ecdsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+ecdsa.o: ../include/openssl/rand.h ../include/openssl/rsa.h
+ecdsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+ecdsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+ecdsa.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+ecdsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h ecdsa.c
+ecdsaparam.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/asn1t.h
+ecdsaparam.o: ../include/openssl/bio.h ../include/openssl/bn.h
+ecdsaparam.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+ecdsaparam.o: ../include/openssl/crypto.h ../include/openssl/dh.h
+ecdsaparam.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+ecdsaparam.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h
+ecdsaparam.o: ../include/openssl/engine.h ../include/openssl/err.h
+ecdsaparam.o: ../include/openssl/evp.h ../include/openssl/lhash.h
+ecdsaparam.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+ecdsaparam.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ecdsaparam.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+ecdsaparam.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+ecdsaparam.o: ../include/openssl/rand.h ../include/openssl/rsa.h
+ecdsaparam.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+ecdsaparam.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+ecdsaparam.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+ecdsaparam.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+ecdsaparam.o: ecdsaparam.c
+enc.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/asn1t.h
+enc.o: ../include/openssl/bio.h ../include/openssl/bn.h
+enc.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+enc.o: ../include/openssl/crypto.h ../include/openssl/dh.h
+enc.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+enc.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h
+enc.o: ../include/openssl/engine.h ../include/openssl/err.h
+enc.o: ../include/openssl/evp.h ../include/openssl/lhash.h
+enc.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+enc.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+enc.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+enc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+enc.o: ../include/openssl/rand.h ../include/openssl/rsa.h
+enc.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+enc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+enc.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h enc.c
+engine.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/asn1t.h
+engine.o: ../include/openssl/bio.h ../include/openssl/bn.h
+engine.o: ../include/openssl/buffer.h ../include/openssl/comp.h
+engine.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+engine.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+engine.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+engine.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+engine.o: ../include/openssl/err.h ../include/openssl/evp.h
+engine.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+engine.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+engine.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+engine.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+engine.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+engine.o: ../include/openssl/rand.h ../include/openssl/rsa.h
+engine.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+engine.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+engine.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+engine.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+engine.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
+engine.o: ../include/openssl/ui.h ../include/openssl/x509.h
+engine.o: ../include/openssl/x509_vfy.h apps.h engine.c
+errstr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/asn1t.h
+errstr.o: ../include/openssl/bio.h ../include/openssl/bn.h
+errstr.o: ../include/openssl/buffer.h ../include/openssl/comp.h
+errstr.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+errstr.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+errstr.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+errstr.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+errstr.o: ../include/openssl/err.h ../include/openssl/evp.h
+errstr.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+errstr.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+errstr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+errstr.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+errstr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+errstr.o: ../include/openssl/rand.h ../include/openssl/rsa.h
+errstr.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+errstr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+errstr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+errstr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+errstr.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
+errstr.o: ../include/openssl/ui.h ../include/openssl/x509.h
+errstr.o: ../include/openssl/x509_vfy.h apps.h errstr.c
+gendh.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/asn1t.h
+gendh.o: ../include/openssl/bio.h ../include/openssl/bn.h
+gendh.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+gendh.o: ../include/openssl/crypto.h ../include/openssl/dh.h
+gendh.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+gendh.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h
+gendh.o: ../include/openssl/engine.h ../include/openssl/err.h
+gendh.o: ../include/openssl/evp.h ../include/openssl/lhash.h
+gendh.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+gendh.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+gendh.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+gendh.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+gendh.o: ../include/openssl/rand.h ../include/openssl/rsa.h
+gendh.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+gendh.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+gendh.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+gendh.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h gendh.c
+gendsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/asn1t.h
+gendsa.o: ../include/openssl/bio.h ../include/openssl/bn.h
+gendsa.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+gendsa.o: ../include/openssl/crypto.h ../include/openssl/dh.h
+gendsa.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+gendsa.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h
+gendsa.o: ../include/openssl/engine.h ../include/openssl/err.h
+gendsa.o: ../include/openssl/evp.h ../include/openssl/lhash.h
+gendsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+gendsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+gendsa.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+gendsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+gendsa.o: ../include/openssl/rand.h ../include/openssl/rsa.h
+gendsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+gendsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+gendsa.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+gendsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+gendsa.o: gendsa.c
+genrsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/asn1t.h
+genrsa.o: ../include/openssl/bio.h ../include/openssl/bn.h
+genrsa.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+genrsa.o: ../include/openssl/crypto.h ../include/openssl/dh.h
+genrsa.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+genrsa.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h
+genrsa.o: ../include/openssl/engine.h ../include/openssl/err.h
+genrsa.o: ../include/openssl/evp.h ../include/openssl/lhash.h
+genrsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+genrsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+genrsa.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+genrsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+genrsa.o: ../include/openssl/rand.h ../include/openssl/rsa.h
+genrsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+genrsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+genrsa.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+genrsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+genrsa.o: genrsa.c
+nseq.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/asn1t.h
+nseq.o: ../include/openssl/bio.h ../include/openssl/bn.h
+nseq.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+nseq.o: ../include/openssl/crypto.h ../include/openssl/dh.h
+nseq.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+nseq.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h
+nseq.o: ../include/openssl/engine.h ../include/openssl/err.h
+nseq.o: ../include/openssl/evp.h ../include/openssl/lhash.h
+nseq.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+nseq.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+nseq.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+nseq.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+nseq.o: ../include/openssl/rand.h ../include/openssl/rsa.h
+nseq.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+nseq.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+nseq.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+nseq.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h nseq.c
+ocsp.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/asn1t.h
+ocsp.o: ../include/openssl/bio.h ../include/openssl/bn.h
+ocsp.o: ../include/openssl/buffer.h ../include/openssl/comp.h
+ocsp.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+ocsp.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+ocsp.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+ocsp.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+ocsp.o: ../include/openssl/err.h ../include/openssl/evp.h
+ocsp.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+ocsp.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+ocsp.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+ocsp.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+ocsp.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+ocsp.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+ocsp.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+ocsp.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+ocsp.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+ocsp.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+ocsp.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+ocsp.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+ocsp.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+ocsp.o: ../include/openssl/x509v3.h apps.h ocsp.c
+openssl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/asn1t.h
+openssl.o: ../include/openssl/bio.h ../include/openssl/bn.h
+openssl.o: ../include/openssl/buffer.h ../include/openssl/comp.h
+openssl.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+openssl.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+openssl.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+openssl.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+openssl.o: ../include/openssl/err.h ../include/openssl/evp.h
+openssl.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+openssl.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+openssl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+openssl.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+openssl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+openssl.o: ../include/openssl/rand.h ../include/openssl/rsa.h
+openssl.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+openssl.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+openssl.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+openssl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+openssl.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
+openssl.o: ../include/openssl/ui.h ../include/openssl/x509.h
+openssl.o: ../include/openssl/x509_vfy.h apps.h openssl.c progs.h s_apps.h
+passwd.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/asn1t.h
+passwd.o: ../include/openssl/bio.h ../include/openssl/bn.h
+passwd.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+passwd.o: ../include/openssl/crypto.h ../include/openssl/des.h
+passwd.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+passwd.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+passwd.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h
+passwd.o: ../include/openssl/engine.h ../include/openssl/err.h
+passwd.o: ../include/openssl/evp.h ../include/openssl/lhash.h
+passwd.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h
+passwd.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+passwd.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+passwd.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+passwd.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+passwd.o: ../include/openssl/sha.h ../include/openssl/stack.h
+passwd.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+passwd.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+passwd.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+passwd.o: passwd.c
+pkcs12.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/asn1t.h
+pkcs12.o: ../include/openssl/bio.h ../include/openssl/bn.h
+pkcs12.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+pkcs12.o: ../include/openssl/crypto.h ../include/openssl/dh.h
+pkcs12.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+pkcs12.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h
+pkcs12.o: ../include/openssl/engine.h ../include/openssl/err.h
+pkcs12.o: ../include/openssl/evp.h ../include/openssl/lhash.h
+pkcs12.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+pkcs12.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+pkcs12.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+pkcs12.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h
+pkcs12.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+pkcs12.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+pkcs12.o: ../include/openssl/sha.h ../include/openssl/stack.h
+pkcs12.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+pkcs12.o: ../include/openssl/ui.h ../include/openssl/x509.h
+pkcs12.o: ../include/openssl/x509_vfy.h apps.h pkcs12.c
+pkcs7.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/asn1t.h
+pkcs7.o: ../include/openssl/bio.h ../include/openssl/bn.h
+pkcs7.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+pkcs7.o: ../include/openssl/crypto.h ../include/openssl/dh.h
+pkcs7.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+pkcs7.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h
+pkcs7.o: ../include/openssl/engine.h ../include/openssl/err.h
+pkcs7.o: ../include/openssl/evp.h ../include/openssl/lhash.h
+pkcs7.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+pkcs7.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+pkcs7.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+pkcs7.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+pkcs7.o: ../include/openssl/rand.h ../include/openssl/rsa.h
+pkcs7.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+pkcs7.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+pkcs7.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+pkcs7.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h pkcs7.c
+pkcs8.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/asn1t.h
+pkcs8.o: ../include/openssl/bio.h ../include/openssl/bn.h
+pkcs8.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+pkcs8.o: ../include/openssl/crypto.h ../include/openssl/dh.h
+pkcs8.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+pkcs8.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h
+pkcs8.o: ../include/openssl/engine.h ../include/openssl/err.h
+pkcs8.o: ../include/openssl/evp.h ../include/openssl/lhash.h
+pkcs8.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+pkcs8.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+pkcs8.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+pkcs8.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h
+pkcs8.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+pkcs8.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+pkcs8.o: ../include/openssl/sha.h ../include/openssl/stack.h
+pkcs8.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+pkcs8.o: ../include/openssl/ui.h ../include/openssl/x509.h
+pkcs8.o: ../include/openssl/x509_vfy.h apps.h pkcs8.c
+rand.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/asn1t.h
+rand.o: ../include/openssl/bio.h ../include/openssl/bn.h
+rand.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+rand.o: ../include/openssl/crypto.h ../include/openssl/dh.h
+rand.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+rand.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h
+rand.o: ../include/openssl/engine.h ../include/openssl/err.h
+rand.o: ../include/openssl/evp.h ../include/openssl/lhash.h
+rand.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+rand.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+rand.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
+rand.o: ../include/openssl/rand.h ../include/openssl/rsa.h
+rand.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+rand.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+rand.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+rand.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h rand.c
+req.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/asn1t.h
+req.o: ../include/openssl/bio.h ../include/openssl/bn.h
+req.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+req.o: ../include/openssl/crypto.h ../include/openssl/dh.h
+req.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+req.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h
+req.o: ../include/openssl/engine.h ../include/openssl/err.h
+req.o: ../include/openssl/evp.h ../include/openssl/lhash.h
+req.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+req.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+req.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+req.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+req.o: ../include/openssl/rand.h ../include/openssl/rsa.h
+req.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+req.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+req.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+req.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+req.o: ../include/openssl/x509v3.h apps.h req.c
+rsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/asn1t.h
+rsa.o: ../include/openssl/bio.h ../include/openssl/bn.h
+rsa.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+rsa.o: ../include/openssl/crypto.h ../include/openssl/dh.h
+rsa.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+rsa.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h
+rsa.o: ../include/openssl/engine.h ../include/openssl/err.h
+rsa.o: ../include/openssl/evp.h ../include/openssl/lhash.h
+rsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+rsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+rsa.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+rsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+rsa.o: ../include/openssl/rand.h ../include/openssl/rsa.h
+rsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+rsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+rsa.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+rsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h rsa.c
+rsautl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/asn1t.h
+rsautl.o: ../include/openssl/bio.h ../include/openssl/bn.h
+rsautl.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+rsautl.o: ../include/openssl/crypto.h ../include/openssl/dh.h
+rsautl.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+rsautl.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h
+rsautl.o: ../include/openssl/engine.h ../include/openssl/err.h
+rsautl.o: ../include/openssl/evp.h ../include/openssl/lhash.h
+rsautl.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+rsautl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+rsautl.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+rsautl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+rsautl.o: ../include/openssl/rand.h ../include/openssl/rsa.h
+rsautl.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+rsautl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+rsautl.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+rsautl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+rsautl.o: rsautl.c
+s_cb.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/asn1t.h
+s_cb.o: ../include/openssl/bio.h ../include/openssl/bn.h
+s_cb.o: ../include/openssl/buffer.h ../include/openssl/comp.h
+s_cb.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+s_cb.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+s_cb.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+s_cb.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+s_cb.o: ../include/openssl/err.h ../include/openssl/evp.h
+s_cb.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+s_cb.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+s_cb.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s_cb.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+s_cb.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s_cb.o: ../include/openssl/rand.h ../include/openssl/rsa.h
+s_cb.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s_cb.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s_cb.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s_cb.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+s_cb.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
+s_cb.o: ../include/openssl/ui.h ../include/openssl/x509.h
+s_cb.o: ../include/openssl/x509_vfy.h apps.h s_apps.h s_cb.c
+s_client.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/asn1t.h
+s_client.o: ../include/openssl/bio.h ../include/openssl/bn.h
+s_client.o: ../include/openssl/buffer.h ../include/openssl/comp.h
+s_client.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+s_client.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+s_client.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+s_client.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+s_client.o: ../include/openssl/err.h ../include/openssl/evp.h
+s_client.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+s_client.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+s_client.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s_client.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+s_client.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s_client.o: ../include/openssl/rand.h ../include/openssl/rsa.h
+s_client.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s_client.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s_client.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s_client.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+s_client.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
+s_client.o: ../include/openssl/ui.h ../include/openssl/x509.h
+s_client.o: ../include/openssl/x509_vfy.h apps.h s_apps.h s_client.c
+s_server.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/asn1t.h
+s_server.o: ../include/openssl/bio.h ../include/openssl/bn.h
+s_server.o: ../include/openssl/buffer.h ../include/openssl/comp.h
+s_server.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+s_server.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+s_server.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+s_server.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+s_server.o: ../include/openssl/err.h ../include/openssl/evp.h
+s_server.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+s_server.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+s_server.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s_server.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+s_server.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s_server.o: ../include/openssl/rand.h ../include/openssl/rsa.h
+s_server.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s_server.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s_server.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s_server.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+s_server.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
+s_server.o: ../include/openssl/ui.h ../include/openssl/x509.h
+s_server.o: ../include/openssl/x509_vfy.h apps.h s_apps.h s_server.c
+s_socket.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/asn1t.h
+s_socket.o: ../include/openssl/bio.h ../include/openssl/bn.h
+s_socket.o: ../include/openssl/buffer.h ../include/openssl/comp.h
+s_socket.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+s_socket.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+s_socket.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+s_socket.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+s_socket.o: ../include/openssl/err.h ../include/openssl/evp.h
+s_socket.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+s_socket.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+s_socket.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s_socket.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+s_socket.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s_socket.o: ../include/openssl/rand.h ../include/openssl/rsa.h
+s_socket.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s_socket.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s_socket.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s_socket.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+s_socket.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
+s_socket.o: ../include/openssl/ui.h ../include/openssl/x509.h
+s_socket.o: ../include/openssl/x509_vfy.h apps.h s_apps.h s_socket.c
+s_time.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/asn1t.h
+s_time.o: ../include/openssl/bio.h ../include/openssl/bn.h
+s_time.o: ../include/openssl/buffer.h ../include/openssl/comp.h
+s_time.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+s_time.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+s_time.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+s_time.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+s_time.o: ../include/openssl/err.h ../include/openssl/evp.h
+s_time.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+s_time.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+s_time.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s_time.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+s_time.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s_time.o: ../include/openssl/rand.h ../include/openssl/rsa.h
+s_time.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s_time.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s_time.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s_time.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+s_time.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
+s_time.o: ../include/openssl/ui.h ../include/openssl/x509.h
+s_time.o: ../include/openssl/x509_vfy.h apps.h s_apps.h s_time.c
+sess_id.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/asn1t.h
+sess_id.o: ../include/openssl/bio.h ../include/openssl/bn.h
+sess_id.o: ../include/openssl/buffer.h ../include/openssl/comp.h
+sess_id.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+sess_id.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+sess_id.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+sess_id.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+sess_id.o: ../include/openssl/err.h ../include/openssl/evp.h
+sess_id.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+sess_id.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+sess_id.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+sess_id.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+sess_id.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+sess_id.o: ../include/openssl/rand.h ../include/openssl/rsa.h
+sess_id.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+sess_id.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+sess_id.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+sess_id.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+sess_id.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
+sess_id.o: ../include/openssl/ui.h ../include/openssl/x509.h
+sess_id.o: ../include/openssl/x509_vfy.h apps.h sess_id.c
+smime.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/asn1t.h
+smime.o: ../include/openssl/bio.h ../include/openssl/bn.h
+smime.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+smime.o: ../include/openssl/crypto.h ../include/openssl/dh.h
+smime.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+smime.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h
+smime.o: ../include/openssl/engine.h ../include/openssl/err.h
+smime.o: ../include/openssl/evp.h ../include/openssl/lhash.h
+smime.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+smime.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+smime.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+smime.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+smime.o: ../include/openssl/rand.h ../include/openssl/rsa.h
+smime.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+smime.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+smime.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+smime.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h smime.c
+speed.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+speed.o: ../include/openssl/asn1t.h ../include/openssl/bio.h
+speed.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+speed.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+speed.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+speed.o: ../include/openssl/des.h ../include/openssl/des_old.h
+speed.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+speed.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+speed.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+speed.o: ../include/openssl/err.h ../include/openssl/evp.h
+speed.o: ../include/openssl/hmac.h ../include/openssl/idea.h
+speed.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+speed.o: ../include/openssl/md4.h ../include/openssl/md5.h
+speed.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+speed.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+speed.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+speed.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+speed.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+speed.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+speed.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+speed.o: ../include/openssl/sha.h ../include/openssl/stack.h
+speed.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+speed.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+speed.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h speed.c
+speed.o: testdsa.h testrsa.h
+spkac.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/asn1t.h
+spkac.o: ../include/openssl/bio.h ../include/openssl/bn.h
+spkac.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+spkac.o: ../include/openssl/crypto.h ../include/openssl/dh.h
+spkac.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+spkac.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h
+spkac.o: ../include/openssl/engine.h ../include/openssl/err.h
+spkac.o: ../include/openssl/evp.h ../include/openssl/lhash.h
+spkac.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+spkac.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+spkac.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+spkac.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+spkac.o: ../include/openssl/rand.h ../include/openssl/rsa.h
+spkac.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+spkac.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+spkac.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+spkac.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h spkac.c
+verify.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/asn1t.h
+verify.o: ../include/openssl/bio.h ../include/openssl/bn.h
+verify.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+verify.o: ../include/openssl/crypto.h ../include/openssl/dh.h
+verify.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+verify.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h
+verify.o: ../include/openssl/engine.h ../include/openssl/err.h
+verify.o: ../include/openssl/evp.h ../include/openssl/lhash.h
+verify.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+verify.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+verify.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+verify.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+verify.o: ../include/openssl/rand.h ../include/openssl/rsa.h
+verify.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+verify.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+verify.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+verify.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+verify.o: ../include/openssl/x509v3.h apps.h verify.c
+version.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/asn1t.h
+version.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+version.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+version.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+version.o: ../include/openssl/des.h ../include/openssl/des_old.h
+version.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+version.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+version.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+version.o: ../include/openssl/err.h ../include/openssl/evp.h
+version.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+version.o: ../include/openssl/md2.h ../include/openssl/obj_mac.h
+version.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+version.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+version.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+version.o: ../include/openssl/rc4.h ../include/openssl/rsa.h
+version.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+version.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+version.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+version.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+version.o: ../include/openssl/x509_vfy.h apps.h version.c
+x509.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/asn1t.h
+x509.o: ../include/openssl/bio.h ../include/openssl/bn.h
+x509.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+x509.o: ../include/openssl/crypto.h ../include/openssl/dh.h
+x509.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+x509.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h
+x509.o: ../include/openssl/engine.h ../include/openssl/err.h
+x509.o: ../include/openssl/evp.h ../include/openssl/lhash.h
+x509.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+x509.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+x509.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+x509.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+x509.o: ../include/openssl/rand.h ../include/openssl/rsa.h
+x509.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+x509.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+x509.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+x509.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+x509.o: ../include/openssl/x509v3.h apps.h x509.c
--- a/apps/app_rand.c
+++ b/apps/app_rand.c
@@ -0,0 +1,218 @@
+/* apps/app_rand.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#define NON_MAIN
+#include "apps.h"
+#undef NON_MAIN
+#include <openssl/bio.h>
+#include <openssl/rand.h>
+
+
+static int seeded = 0;
+static int egdsocket = 0;
+
+int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn)
+	{
+	int consider_randfile = (file == NULL);
+	char buffer[200];
+	
+#ifdef OPENSSL_SYS_WINDOWS
+	BIO_printf(bio_e,"Loading 'screen' into random state -");
+	BIO_flush(bio_e);
+	RAND_screen();
+	BIO_printf(bio_e," done\n");
+#endif
+
+	if (file == NULL)
+		file = RAND_file_name(buffer, sizeof buffer);
+	else if (RAND_egd(file) > 0)
+		{
+		/* we try if the given filename is an EGD socket.
+		   if it is, we don't write anything back to the file. */
+		egdsocket = 1;
+		return 1;
+		}
+	if (file == NULL || !RAND_load_file(file, -1))
+		{
+		if (RAND_status() == 0)
+			{
+			if (!dont_warn)
+				{
+				BIO_printf(bio_e,"unable to load 'random state'\n");
+				BIO_printf(bio_e,"This means that the random number generator has not been seeded\n");
+				BIO_printf(bio_e,"with much random data.\n");
+				if (consider_randfile) /* explanation does not apply when a file is explicitly named */
+					{
+					BIO_printf(bio_e,"Consider setting the RANDFILE environment variable to point at a file that\n");
+					BIO_printf(bio_e,"'random' data can be kept in (the file will be overwritten).\n");
+					}
+				}
+			return 0;
+			}
+		}
+	seeded = 1;
+	return 1;
+	}
+
+long app_RAND_load_files(char *name)
+	{
+	char *p,*n;
+	int last;
+	long tot=0;
+	int egd;
+	
+	for (;;)
+		{
+		last=0;
+		for (p=name; ((*p != '\0') && (*p != LIST_SEPARATOR_CHAR)); p++);
+		if (*p == '\0') last=1;
+		*p='\0';
+		n=name;
+		name=p+1;
+		if (*n == '\0') break;
+
+		egd=RAND_egd(n);
+		if (egd > 0)
+			tot+=egd;
+		else
+			tot+=RAND_load_file(n,-1);
+		if (last) break;
+		}
+	if (tot > 512)
+		app_RAND_allow_write_file();
+	return(tot);
+	}
+
+int app_RAND_write_file(const char *file, BIO *bio_e)
+	{
+	char buffer[200];
+	
+	if (egdsocket || !seeded)
+		/* If we did not manage to read the seed file,
+		 * we should not write a low-entropy seed file back --
+		 * it would suppress a crucial warning the next time
+		 * we want to use it. */
+		return 0;
+
+	if (file == NULL)
+		file = RAND_file_name(buffer, sizeof buffer);
+	if (file == NULL || !RAND_write_file(file))
+		{
+		BIO_printf(bio_e,"unable to write 'random state'\n");
+		return 0;
+		}
+	return 1;
+	}
+
+void app_RAND_allow_write_file(void)
+	{
+	seeded = 1;
+	}
--- a/apps/apps.c
+++ b/apps/apps.c
--- a/apps/apps.h
+++ b/apps/apps.h
@@ -55,22 +55,90 @@
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */

 #ifndef HEADER_APPS_H
 #define HEADER_APPS_H

 #include "e_os.h"

-#include "buffer.h"
-#include "bio.h"
-#include "crypto.h"
-#include "progs.h"
+#include <openssl/buffer.h>
+#include <openssl/bio.h>
+#include <openssl/crypto.h>
+#include <openssl/x509.h>
+#include <openssl/lhash.h>
+#include <openssl/conf.h>
+#include <openssl/txt_db.h>
+#include <openssl/engine.h>
+#include <openssl/ossl_typ.h>

-#ifdef NO_STDIO
+int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn);
+int app_RAND_write_file(const char *file, BIO *bio_e);
+/* When `file' is NULL, use defaults.
+ * `bio_e' is for error messages. */
+void app_RAND_allow_write_file(void);
+long app_RAND_load_files(char *file); /* `file' is a list of files to read,
+                                       * separated by LIST_SEPARATOR_CHAR
+                                       * (see e_os.h).  The string is
+                                       * destroyed! */
+
+#ifdef OPENSSL_NO_STDIO
 BIO_METHOD *BIO_s_file();
 #endif

-#ifdef WIN32
+#ifdef OPENSSL_SYS_WIN32
 #define rename(from,to) WIN32_rename((from),(to))
 int WIN32_rename(char *oldname,char *newname);
 #endif
@@ -88,8 +156,7 @@ extern BIO *bio_err;
 #else

 #define MAIN(a,v)	PROG(a,v)
-#include "conf.h"
-extern LHASH *config;
+extern CONF *config;
 extern char *default_config_file;
 extern BIO *bio_err;

@@ -103,22 +170,35 @@ extern BIO *bio_err;
 #define do_pipe_sig()
 #endif

-#if defined(MONOLITH) && !defined(SSLEAY)
-#  define apps_startup()	do_pipe_sig()
+#if defined(MONOLITH) && !defined(OPENSSL_C)
+#  define apps_startup() \
+		do_pipe_sig()
+#  define apps_shutdown()
 #else
-#  if defined(MSDOS) || defined(WIN16) || defined(WIN32)
+#  if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WIN16) || \
+   defined(OPENSSL_SYS_WIN32)
 #    ifdef _O_BINARY
 #      define apps_startup() \
-		_fmode=_O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \
-		SSLeay_add_all_algorithms()
+		do { _fmode=_O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \
+		ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \
+		ENGINE_load_builtin_engines(); setup_ui_method(); } while(0)
 #    else
 #      define apps_startup() \
-		_fmode=O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \
-		SSLeay_add_all_algorithms()
+		do { _fmode=O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \
+		ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \
+		ENGINE_load_builtin_engines(); setup_ui_method(); } while(0)
 #    endif
 #  else
-#    define apps_startup()	do_pipe_sig(); SSLeay_add_all_algorithms();
+#    define apps_startup() \
+		do { do_pipe_sig(); OpenSSL_add_all_algorithms(); \
+		ERR_load_crypto_strings(); ENGINE_load_builtin_engines(); \
+		setup_ui_method(); } while(0)
 #  endif
+#  define apps_shutdown() \
+		do { CONF_modules_unload(1); destroy_ui_method(); \
+		EVP_cleanup(); ENGINE_cleanup(); \
+		CRYPTO_cleanup_all_ex_data(); ERR_remove_state(0); \
+		ERR_free_strings(); } while(0)
 #endif

 typedef struct args_st
@@ -127,24 +207,71 @@ typedef struct args_st
 	int count;
 	} ARGS;

-#ifndef NOPROTO
+#define PW_MIN_LENGTH 4
+typedef struct pw_cb_data
+	{
+	const void *password;
+	const char *prompt_info;
+	} PW_CB_DATA;
+
+int password_callback(char *buf, int bufsiz, int verify,
+	PW_CB_DATA *cb_data);
+
+int setup_ui_method();
+void destroy_ui_method();
+
 int should_retry(int i);
 int args_from_file(char *file, int *argc, char **argv[]);
 int str2fmt(char *s);
 void program_name(char *in,char *out,int size);
 int chopup_args(ARGS *arg,char *buf, int *argc, char **argv[]);
-#else
-int should_retry();
-int args_from_file();
-int str2fmt();
-void program_name();
-int chopup_args();
+#ifdef HEADER_X509_H
+int dump_cert_text(BIO *out, X509 *x);
+void print_name(BIO *out, char *title, X509_NAME *nm, unsigned long lflags);
 #endif
+int set_cert_ex(unsigned long *flags, const char *arg);
+int set_name_ex(unsigned long *flags, const char *arg);
+int set_ext_copy(int *copy_type, const char *arg);
+int copy_extensions(X509 *x, X509_REQ *req, int copy_type);
+int app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2);
+int add_oid_section(BIO *err, CONF *conf);
+X509 *load_cert(BIO *err, const char *file, int format,
+	const char *pass, ENGINE *e, const char *cert_descrip);
+EVP_PKEY *load_key(BIO *err, const char *file, int format,
+	const char *pass, ENGINE *e, const char *key_descrip);
+EVP_PKEY *load_pubkey(BIO *err, const char *file, int format,
+	const char *pass, ENGINE *e, const char *key_descrip);
+STACK_OF(X509) *load_certs(BIO *err, const char *file, int format,
+	const char *pass, ENGINE *e, const char *cert_descrip);
+X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath);
+ENGINE *setup_engine(BIO *err, const char *engine, int debug);
+
+int load_config(BIO *err, CONF *cnf);
+
+/* Functions defined in ca.c and also used in ocsp.c */
+int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold,
+			ASN1_GENERALIZEDTIME **pinvtm, char *str);
+int make_serial_index(TXT_DB *db);
+
+X509_NAME *do_subject(char *str, long chtype);

 #define FORMAT_UNDEF    0
 #define FORMAT_ASN1     1
 #define FORMAT_TEXT     2
 #define FORMAT_PEM      3
 #define FORMAT_NETSCAPE 4
+#define FORMAT_PKCS12   5
+#define FORMAT_SMIME    6
+#define FORMAT_ENGINE   7
+#define FORMAT_IISSGC	8	/* XXX this stupid macro helps us to avoid
+				 * adding yet another param to load_*key() */
+
+#define EXT_COPY_NONE	0
+#define EXT_COPY_ADD	1
+#define EXT_COPY_ALL	2
+
+#define NETSCAPE_CERT_HDR	"certificate"
+
+#define APP_PASS_LEN	1024

 #endif
--- a/apps/asn1pars.c
+++ b/apps/asn1pars.c
@@ -57,39 +57,39 @@
 */

 /* A nice addition from Dr Stephen Henson <shenson@bigfoot.com> to 
- * add the -strparse option which parses nested binarary structures
+ * add the -strparse option which parses nested binary structures
 */

 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include "apps.h"
-#include "err.h"
-#include "evp.h"
-#include "x509.h"
-#include "pem.h"
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>

 /* -inform arg	- input format - default PEM (DER or PEM)
 * -in arg	- input file - default stdin
 * -i		- indent the details by depth
 * -offset	- where in the file to start
 * -length	- how many bytes to use
- * -oid file	- extra oid decription file
+ * -oid file	- extra oid description file
 */

 #undef PROG
 #define PROG	asn1parse_main

-int MAIN(argc, argv)
-int argc;
-char **argv;
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
 	{
 	int i,badops=0,offset=0,ret=1,j;
 	unsigned int length=0;
 	long num,tmplen;
-	BIO *in=NULL,*out=NULL,*b64=NULL;
-	int informat,indent=0;
-	char *infile=NULL,*str=NULL,*prog,*oidfile=NULL;
+	BIO *in=NULL,*out=NULL,*b64=NULL, *derout = NULL;
+	int informat,indent=0, noout = 0, dump = 0;
+	char *infile=NULL,*str=NULL,*prog,*oidfile=NULL, *derfile=NULL;
 	unsigned char *tmpbuf;
 	BUF_MEM *buf=NULL;
 	STACK *osk=NULL;
@@ -103,12 +103,15 @@ char **argv;
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);

+	if (!load_config(bio_err, NULL))
+		goto end;
+
 	prog=argv[0];
 	argc--;
 	argv++;
 	if ((osk=sk_new_null()) == NULL)
 		{
-		BIO_printf(bio_err,"Malloc failure\n");
+		BIO_printf(bio_err,"Memory allocation failure\n");
 		goto end;
 		}
 	while (argc >= 1)
@@ -123,10 +126,16 @@ char **argv;
 			if (--argc < 1) goto bad;
 			infile= *(++argv);
 			}
+		else if (strcmp(*argv,"-out") == 0)
+			{
+			if (--argc < 1) goto bad;
+			derfile= *(++argv);
+			}
 		else if (strcmp(*argv,"-i") == 0)
 			{
 			indent=1;
 			}
+		else if (strcmp(*argv,"-noout") == 0) noout = 1;
 		else if (strcmp(*argv,"-oid") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -143,6 +152,16 @@ char **argv;
 			length= atoi(*(++argv));
 			if (length == 0) goto bad;
 			}
+		else if (strcmp(*argv,"-dump") == 0)
+			{
+			dump= -1;
+			}
+		else if (strcmp(*argv,"-dlimit") == 0)
+			{
+			if (--argc < 1) goto bad;
+			dump= atoi(*(++argv));
+			if (dump <= 0) goto bad;
+			}
 		else if (strcmp(*argv,"-strparse") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -164,14 +183,19 @@ bad:
 		BIO_printf(bio_err,"%s [options] <infile\n",prog);
 		BIO_printf(bio_err,"where options are\n");
 		BIO_printf(bio_err," -inform arg   input format - one of DER TXT PEM\n");
-		BIO_printf(bio_err," -in arg       inout file\n");
+		BIO_printf(bio_err," -in arg       input file\n");
+		BIO_printf(bio_err," -out arg      output file\n");
+		BIO_printf(bio_err," -noout arg    don't produce any output\n");
 		BIO_printf(bio_err," -offset arg   offset into file\n");
-		BIO_printf(bio_err," -length arg   lenth of section in file\n");
+		BIO_printf(bio_err," -length arg   length of section in file\n");
 		BIO_printf(bio_err," -i            indent entries\n");
+		BIO_printf(bio_err," -dump         dump unknown data in hex form\n");
+		BIO_printf(bio_err," -dlimit arg   dump the first arg bytes of unknown data in hex form\n");
 		BIO_printf(bio_err," -oid file     file of extra oid definitions\n");
 		BIO_printf(bio_err," -strparse offset\n");
 		BIO_printf(bio_err,"               a series of these can be used to 'dig' into multiple\n");
 		BIO_printf(bio_err,"               ASN1 blob wrappings\n");
+		BIO_printf(bio_err," -out filename output DER encoding to file\n");
 		goto end;
 		}

@@ -185,6 +209,12 @@ bad:
 		goto end;
 		}
 	BIO_set_fp(out,stdout,BIO_NOCLOSE|BIO_FP_TEXT);
+#ifdef OPENSSL_SYS_VMS
+	{
+	BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+	out = BIO_push(tmpbio, out);
+	}
+#endif

 	if (oidfile != NULL)
 		{
@@ -208,6 +238,14 @@ bad:
 			}
 		}

+	if (derfile) {
+		if(!(derout = BIO_new_file(derfile, "wb"))) {
+			BIO_printf(bio_err,"problems opening %s\n",derfile);
+			ERR_print_errors(bio_err);
+			goto end;
+		}
+	}
+
 	if ((buf=BUF_MEM_new()) == NULL) goto end;
 	if (!BUF_MEM_grow(buf,BUFSIZ*8)) goto end; /* Pre-allocate :-) */

@@ -241,6 +279,7 @@ bad:
 		tmplen=num;
 		for (i=0; i<sk_num(osk); i++)
 			{
+			ASN1_TYPE *atmp;
 			j=atoi(sk_value(osk,i));
 			if (j == 0)
 				{
@@ -249,7 +288,10 @@ bad:
 				}
 			tmpbuf+=j;
 			tmplen-=j;
-			if (d2i_ASN1_TYPE(&at,&tmpbuf,tmplen) == NULL)
+			atmp = at;
+			at = d2i_ASN1_TYPE(NULL,&tmpbuf,tmplen);
+			ASN1_TYPE_free(atmp);
+			if(!at)
 				{
 				BIO_printf(bio_err,"Error parsing structure\n");
 				ERR_print_errors(bio_err);
@@ -264,15 +306,25 @@ bad:
 		}

 	if (length == 0) length=(unsigned int)num;
-	if (!ASN1_parse(out,(unsigned char *)&(str[offset]),length,indent))
+	if(derout) {
+		if(BIO_write(derout, str + offset, length) != (int)length) {
+			BIO_printf(bio_err, "Error writing output\n");
+			ERR_print_errors(bio_err);
+			goto end;
+		}
+	}
+	if (!noout &&
+	    !ASN1_parse_dump(out,(unsigned char *)&(str[offset]),length,
+		    indent,dump))
 		{
 		ERR_print_errors(bio_err);
 		goto end;
 		}
 	ret=0;
 end:
+	BIO_free(derout);
 	if (in != NULL) BIO_free(in);
-	if (out != NULL) BIO_free(out);
+	if (out != NULL) BIO_free_all(out);
 	if (b64 != NULL) BIO_free(b64);
 	if (ret != 0)
 		ERR_print_errors(bio_err);
@@ -280,6 +332,7 @@ end:
 	if (at != NULL) ASN1_TYPE_free(at);
 	if (osk != NULL) sk_free(osk);
 	OBJ_cleanup();
+	apps_shutdown();
 	EXIT(ret);
 	}

--- a/apps/bss_file.c
+++ b/apps/bss_file.c
@@ -1,324 +0,0 @@
-/* crypto/bio/bss_file.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#define APPS_WIN16
-#include <stdio.h>
-#include <errno.h>
-#include "cryptlib.h"
-#include "bio.h"
-#include "err.h"
-
-#ifndef NOPROTO
-static int MS_CALLBACK file_write(BIO *h,char *buf,int num);
-static int MS_CALLBACK file_read(BIO *h,char *buf,int size);
-static int MS_CALLBACK file_puts(BIO *h,char *str);
-static int MS_CALLBACK file_gets(BIO *h,char *str,int size);
-static long MS_CALLBACK file_ctrl(BIO *h,int cmd,long arg1,char *arg2);
-static int MS_CALLBACK file_new(BIO *h);
-static int MS_CALLBACK file_free(BIO *data);
-#else
-static int MS_CALLBACK file_write();
-static int MS_CALLBACK file_read();
-static int MS_CALLBACK file_puts();
-static int MS_CALLBACK file_gets();
-static long MS_CALLBACK file_ctrl();
-static int MS_CALLBACK file_new();
-static int MS_CALLBACK file_free();
-#endif
-
-static BIO_METHOD methods_filep=
-	{
-	BIO_TYPE_FILE,"FILE pointer",
-	file_write,
-	file_read,
-	file_puts,
-	file_gets,
-	file_ctrl,
-	file_new,
-	file_free,
-	};
-
-BIO *BIO_new_file(filename,mode)
-char *filename;
-char *mode;
-	{
-	BIO *ret;
-	FILE *file;
-
-	if ((file=fopen(filename,mode)) == NULL)
-		{
-		SYSerr(SYS_F_FOPEN,errno);
-		BIOerr(BIO_F_BIO_NEW_FILE,ERR_R_SYS_LIB);
-		return(NULL);
-		}
-	if ((ret=BIO_new_fp(file,BIO_CLOSE)) == NULL)
-		{
-		fclose(file);
-		return(NULL);
-		}
-	return(ret);
-	}
-
-BIO *BIO_new_fp(stream,close_flag)
-FILE *stream;
-int close_flag;
-	{
-	BIO *ret;
-
-	if ((ret=BIO_new(BIO_s_file())) == NULL)
-		return(NULL);
-	BIO_set_fp(ret,stream,close_flag);
-	return(ret);
-	}
-
-#if !defined(WIN16) || defined(APPS_WIN16)
-
-BIO_METHOD *BIO_s_file()
-	{
-	return(&methods_filep);
-	}
-
-#else
-
-BIO_METHOD *BIO_s_file_internal_w16()
-	{
-	return(&methods_filep);
-	}
-
-#endif
-
-static int MS_CALLBACK file_new(bi)
-BIO *bi;
-	{
-	bi->init=0;
-	bi->num=0;
-	bi->ptr=NULL;
-	return(1);
-	}
-
-static int MS_CALLBACK file_free(a)
-BIO *a;
-	{
-	if (a == NULL) return(0);
-	if (a->shutdown)
-		{
-		if ((a->init) && (a->ptr != NULL))
-			{
-			fclose((FILE *)a->ptr);
-			a->ptr=NULL;
-			}
-		a->init=0;
-		}
-	return(1);
-	}
-	
-static int MS_CALLBACK file_read(b,out,outl)
-BIO *b;
-char *out;
-int outl;
-	{
-	int ret=0;
-
-	if (b->init && (out != NULL))
-		{
-		ret=fread(out,1,(int)outl,(FILE *)b->ptr);
-		}
-	return(ret);
-	}
-
-static int MS_CALLBACK file_write(b,in,inl)
-BIO *b;
-char *in;
-int inl;
-	{
-	int ret=0;
-
-	if (b->init && (in != NULL))
-		{
-		if (fwrite(in,(int)inl,1,(FILE *)b->ptr))
-			ret=inl;
-		/* ret=fwrite(in,1,(int)inl,(FILE *)b->ptr); */
-		/* acording to Tim Hudson <tjh@cryptsoft.com>, the commented
-		 * out version above can cause 'inl' write calls under
-		 * some stupid stdio implementations (VMS) */
-		}
-	return(ret);
-	}
-
-static long MS_CALLBACK file_ctrl(b,cmd,num,ptr)
-BIO *b;
-int cmd;
-long num;
-char *ptr;
-	{
-	long ret=1;
-	FILE *fp=(FILE *)b->ptr;
-	FILE **fpp;
-	char p[4];
-
-	switch (cmd)
-		{
-	case BIO_CTRL_RESET:
-		ret=(long)fseek(fp,num,0);
-		break;
-	case BIO_CTRL_EOF:
-		ret=(long)feof(fp);
-		break;
-	case BIO_CTRL_INFO:
-		ret=ftell(fp);
-		break;
-	case BIO_C_SET_FILE_PTR:
-		file_free(b);
-		b->shutdown=(int)num;
-		b->ptr=(char *)ptr;
-		b->init=1;
-		break;
-	case BIO_C_SET_FILENAME:
-		file_free(b);
-		b->shutdown=(int)num&BIO_CLOSE;
-		if (num & BIO_FP_APPEND)
-			{
-			if (num & BIO_FP_READ)
-				strcpy(p,"a+");
-			else	strcpy(p,"a");
-			}
-		else if ((num & BIO_FP_READ) && (num & BIO_FP_WRITE))
-			strcpy(p,"r+");
-		else if (num & BIO_FP_WRITE)
-			strcpy(p,"w");
-		else if (num & BIO_FP_READ)
-			strcpy(p,"r");
-		else
-			{
-			BIOerr(BIO_F_FILE_CTRL,BIO_R_BAD_FOPEN_MODE);
-			ret=0;
-			break;
-			}
-#if defined(MSDOS) || defined(WINDOWS)
-		if (!(num & BIO_FP_TEXT))
-			strcat(p,"b");
-		else
-			strcat(p,"t");
-#endif
-		fp=fopen(ptr,p);
-		if (fp == NULL)
-			{
-			SYSerr(SYS_F_FOPEN,errno);
-			BIOerr(BIO_F_FILE_CTRL,ERR_R_SYS_LIB);
-			ret=0;
-			break;
-			}
-		b->ptr=(char *)fp;
-		b->init=1;
-		break;
-	case BIO_C_GET_FILE_PTR:
-		/* the ptr parameter is actually a FILE ** in this case. */
-		if (ptr != NULL)
-			{
-			fpp=(FILE **)ptr;
-			*fpp=(FILE *)b->ptr;
-			}
-		break;
-	case BIO_CTRL_GET_CLOSE:
-		ret=(long)b->shutdown;
-		break;
-	case BIO_CTRL_SET_CLOSE:
-		b->shutdown=(int)num;
-		break;
-	case BIO_CTRL_FLUSH:
-		fflush((FILE *)b->ptr);
-		break;
-	case BIO_CTRL_DUP:
-		ret=1;
-		break;
-
-	case BIO_CTRL_PENDING:
-	case BIO_CTRL_PUSH:
-	case BIO_CTRL_POP:
-	default:
-		ret=0;
-		break;
-		}
-	return(ret);
-	}
-
-static int MS_CALLBACK file_gets(bp,buf,size)
-BIO *bp;
-char *buf;
-int size;
-	{
-	int ret=0;
-
-	buf[0]='\0';
-	fgets(buf,size,(FILE *)bp->ptr);
-	if (buf[0] != '\0')
-		ret=strlen(buf);
-	return(ret);
-	}
-
-static int MS_CALLBACK file_puts(bp,str)
-BIO *bp;
-char *str;
-	{
-	int n,ret;
-
-	n=strlen(str);
-	ret=file_write(bp,str,n);
-	return(ret);
-	}
-
--- a/apps/c512-key.pem
+++ b/apps/c512-key.pem
@@ -1,9 +0,0 @@
-----BEGIN RSA PRIVATE KEY-----
-MIIBOwIBAAJBALtv55QyzG6i2PlwZ1pah7++Gv8L5j6Hnyr/uTZE1NLG0ABDDexm
-q/R4KedLjFEIYjocDui+IXs62NNtXrT8odkCAwEAAQJAbwXq0vJ/+uyEvsNgxLko
-/V86mGXQ/KrSkeKlL0r4ENxjcyeMAGoKu6J9yMY7+X9+Zm4nxShNfTsf/+Freoe1
-HQIhAPOSm5Q1YI+KIsII2GeVJx1U69+wnd71OasIPakS1L1XAiEAxQAW+J3/JWE0
-ftEYakbhUOKL8tD1OaFZS71/5GdG7E8CIQCefUMmySSvwd6kC0VlATSWbW+d+jp/
-nWmM1KvqnAo5uQIhALqEADu5U1Wvt8UN8UDGBRPQulHWNycuNV45d3nnskWPAiAw
-ueTyr6WsZ5+SD8g/Hy3xuvF3nPmJRH+rwvVihlcFOg==
-----END RSA PRIVATE KEY-----
--- a/apps/c512-req.pem
+++ b/apps/c512-req.pem
@@ -1,8 +0,0 @@
-----BEGIN CERTIFICATE REQUEST-----
-MIIBGzCBxgIBADBjMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEa
-MBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxIzAhBgNVBAMTGkNsaWVudCB0ZXN0
-IGNlcnQgKDUxMiBiaXQpMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALtv55QyzG6i
-2PlwZ1pah7++Gv8L5j6Hnyr/uTZE1NLG0ABDDexmq/R4KedLjFEIYjocDui+IXs6
-2NNtXrT8odkCAwEAATANBgkqhkiG9w0BAQQFAANBAC5JBTeji7RosqMaUIDzIW13
-oO6+kPhx9fXSpMFHIsY3aH92Milkov/2A4SuZTcnv/P6+8klmS0EaiUKcRzak4E=
-----END CERTIFICATE REQUEST-----
--- a/apps/ca-cert.srl
+++ b/apps/ca-cert.srl
@@ -1 +1 @@
-05
+07
--- a/apps/ca.c
+++ b/apps/ca.c
--- a/apps/cert.der
+++ b/apps/cert.der
--- a/apps/ciphers.c
+++ b/apps/ciphers.c
@@ -59,12 +59,12 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#ifdef NO_STDIO
+#ifdef OPENSSL_NO_STDIO
 #define APPS_WIN16
 #endif
 #include "apps.h"
-#include "err.h"
-#include "ssl.h"
+#include <openssl/err.h>
+#include <openssl/ssl.h>

 #undef PROG
 #define PROG	ciphers_main
@@ -74,30 +74,32 @@ static char *ciphers_usage[]={
 " -v          - verbose mode, a textual listing of the ciphers in SSLeay\n",
 " -ssl2       - SSL2 mode\n",
 " -ssl3       - SSL3 mode\n",
+" -tls1       - TLS1 mode\n",
 NULL
 };

-int MAIN(argc, argv)
-int argc;
-char **argv;
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
 	{
 	int ret=1,i;
 	int verbose=0;
-	char **pp,*p;
+	char **pp;
+	const char *p;
 	int badops=0;
 	SSL_CTX *ctx=NULL;
 	SSL *ssl=NULL;
 	char *ciphers=NULL;
 	SSL_METHOD *meth=NULL;
-	STACK *sk;
+	STACK_OF(SSL_CIPHER) *sk;
 	char buf[512];
 	BIO *STDout=NULL;

-#if !defined(NO_SSL2) && !defined(NO_SSL3)
+#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
 	meth=SSLv23_server_method();
-#elif !defined(NO_SSL3)
+#elif !defined(OPENSSL_NO_SSL3)
 	meth=SSLv3_server_method();
-#elif !defined(NO_SSL2)
+#elif !defined(OPENSSL_NO_SSL2)
 	meth=SSLv2_server_method();
 #endif

@@ -106,6 +108,12 @@ char **argv;
 	if (bio_err == NULL)
 		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
 	STDout=BIO_new_fp(stdout,BIO_NOCLOSE);
+#ifdef OPENSSL_SYS_VMS
+	{
+	BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+	STDout = BIO_push(tmpbio, STDout);
+	}
+#endif

 	argc--;
 	argv++;
@@ -113,13 +121,17 @@ char **argv;
 		{
 		if (strcmp(*argv,"-v") == 0)
 			verbose=1;
-#ifndef NO_SSL2
+#ifndef OPENSSL_NO_SSL2
 		else if (strcmp(*argv,"-ssl2") == 0)
 			meth=SSLv2_client_method();
 #endif
-#ifndef NO_SSL3
+#ifndef OPENSSL_NO_SSL3
 		else if (strcmp(*argv,"-ssl3") == 0)
 			meth=SSLv3_client_method();
+#endif
+#ifndef OPENSSL_NO_TLS1
+		else if (strcmp(*argv,"-tls1") == 0)
+			meth=TLSv1_client_method();
 #endif
 		else if ((strncmp(*argv,"-h",2) == 0) ||
 			 (strcmp(*argv,"-?") == 0))
@@ -138,16 +150,20 @@ char **argv;
 	if (badops)
 		{
 		for (pp=ciphers_usage; (*pp != NULL); pp++)
-			BIO_printf(bio_err,*pp);
+			BIO_printf(bio_err,"%s",*pp);
 		goto end;
 		}

-	SSLeay_add_ssl_algorithms();
+	OpenSSL_add_ssl_algorithms();

 	ctx=SSL_CTX_new(meth);
 	if (ctx == NULL) goto err;
-	if (ciphers != NULL)
-		SSL_CTX_set_cipher_list(ctx,ciphers);
+	if (ciphers != NULL) {
+		if(!SSL_CTX_set_cipher_list(ctx,ciphers)) {
+			BIO_printf(bio_err, "Error in cipher list\n");
+			goto err;
+		}
+	}
 	ssl=SSL_new(ctx);
 	if (ssl == NULL) goto err;

@@ -167,10 +183,10 @@ char **argv;
 		{
 		sk=SSL_get_ciphers(ssl);

-		for (i=0; i<sk_num(sk); i++)
+		for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
 			{
 			BIO_puts(STDout,SSL_CIPHER_description(
-				(SSL_CIPHER *)sk_value(sk,i),
+				sk_SSL_CIPHER_value(sk,i),
 				buf,512));
 			}
 		}
@@ -185,7 +201,8 @@ err:
 end:
 	if (ctx != NULL) SSL_CTX_free(ctx);
 	if (ssl != NULL) SSL_free(ssl);
-	if (STDout != NULL) BIO_free(STDout);
+	if (STDout != NULL) BIO_free_all(STDout);
+	apps_shutdown();
 	EXIT(ret);
 	}

--- a/apps/crl.c
+++ b/apps/crl.c
@@ -60,10 +60,11 @@
 #include <stdlib.h>
 #include <string.h>
 #include "apps.h"
-#include "bio.h"
-#include "err.h"
-#include "x509.h"
-#include "pem.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/pem.h>

 #undef PROG
 #define PROG	crl_main
@@ -74,7 +75,7 @@
 static char *crl_usage[]={
 "usage: crl args\n",
 "\n",
-" -inform arg     - input format - default PEM (one of DER, TXT or PEM)\n",
+" -inform arg     - input format - default PEM (DER or PEM)\n",
 " -outform arg    - output format - default PEM\n",
 " -text           - print out a text format version\n",
 " -in arg         - input file - default stdin\n",
@@ -84,28 +85,36 @@ static char *crl_usage[]={
 " -lastupdate     - lastUpdate field\n",
 " -nextupdate     - nextUpdate field\n",
 " -noout          - no CRL output\n",
+" -CAfile  name   - verify CRL using certificates in file \"name\"\n",
+" -CApath  dir    - verify CRL using certificates in \"dir\"\n",
+" -nameopt arg    - various certificate name options\n",
 NULL
 };

-#ifndef NOPROTO
 static X509_CRL *load_crl(char *file, int format);
-#else
-static X509_CRL *load_crl();
-#endif
-
 static BIO *bio_out=NULL;

-int MAIN(argc, argv)
-int argc;
-char **argv;
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
 	{
+	unsigned long nmflag = 0;
 	X509_CRL *x=NULL;
+	char *CAfile = NULL, *CApath = NULL;
 	int ret=1,i,num,badops=0;
 	BIO *out=NULL;
 	int informat,outformat;
 	char *infile=NULL,*outfile=NULL;
-	int hash=0,issuer=0,lastupdate=0,nextupdate=0,noout=0;
-	char **pp,buf[256];
+	int hash=0,issuer=0,lastupdate=0,nextupdate=0,noout=0,text=0;
+	int fingerprint = 0;
+	char **pp;
+	X509_STORE *store = NULL;
+	X509_STORE_CTX ctx;
+	X509_LOOKUP *lookup = NULL;
+	X509_OBJECT xobj;
+	EVP_PKEY *pkey;
+	int do_ver = 0;
+	const EVP_MD *md_alg,*digest=EVP_md5();

 	apps_startup();

@@ -113,9 +122,20 @@ char **argv;
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);

+	if (!load_config(bio_err, NULL))
+		goto end;
+
 	if (bio_out == NULL)
 		if ((bio_out=BIO_new(BIO_s_file())) != NULL)
+			{
 			BIO_set_fp(bio_out,stdout,BIO_NOCLOSE);
+#ifdef OPENSSL_SYS_VMS
+			{
+			BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+			bio_out = BIO_push(tmpbio, bio_out);
+			}
+#endif
+			}

 	informat=FORMAT_PEM;
 	outformat=FORMAT_PEM;
@@ -142,10 +162,6 @@ char **argv;
 			if (--argc < 1) goto bad;
 			outformat=str2fmt(*(++argv));
 			}
-		else if (strcmp(*argv,"-text") == 0)
-			{
-			outformat=FORMAT_TEXT;
-			}
 		else if (strcmp(*argv,"-in") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -156,8 +172,29 @@ char **argv;
 			if (--argc < 1) goto bad;
 			outfile= *(++argv);
 			}
+		else if (strcmp(*argv,"-CApath") == 0)
+			{
+			if (--argc < 1) goto bad;
+			CApath = *(++argv);
+			do_ver = 1;
+			}
+		else if (strcmp(*argv,"-CAfile") == 0)
+			{
+			if (--argc < 1) goto bad;
+			CAfile = *(++argv);
+			do_ver = 1;
+			}
+		else if (strcmp(*argv,"-verify") == 0)
+			do_ver = 1;
+		else if (strcmp(*argv,"-text") == 0)
+			text = 1;
 		else if (strcmp(*argv,"-hash") == 0)
 			hash= ++num;
+		else if (strcmp(*argv,"-nameopt") == 0)
+			{
+			if (--argc < 1) goto bad;
+			if (!set_name_ex(&nmflag, *(++argv))) goto bad;
+			}
 		else if (strcmp(*argv,"-issuer") == 0)
 			issuer= ++num;
 		else if (strcmp(*argv,"-lastupdate") == 0)
@@ -166,6 +203,13 @@ char **argv;
 			nextupdate= ++num;
 		else if (strcmp(*argv,"-noout") == 0)
 			noout= ++num;
+		else if (strcmp(*argv,"-fingerprint") == 0)
+			fingerprint= ++num;
+		else if ((md_alg=EVP_get_digestbyname(*argv + 1)))
+			{
+			/* ok */
+			digest=md_alg;
+			}
 		else
 			{
 			BIO_printf(bio_err,"unknown option %s\n",*argv);
@@ -176,19 +220,11 @@ char **argv;
 		argv++;
 		}

-	if (outformat == FORMAT_TEXT)
-		{
-		num=0;
-		issuer= ++num;
-		lastupdate= ++num;
-		nextupdate= ++num;
-		}
-
 	if (badops)
 		{
 bad:
 		for (pp=crl_usage; (*pp != NULL); pp++)
-			BIO_printf(bio_err,*pp);
+			BIO_printf(bio_err,"%s",*pp);
 		goto end;
 		}

@@ -196,40 +232,99 @@ bad:
 	x=load_crl(infile,informat);
 	if (x == NULL) { goto end; }

+	if(do_ver) {
+		store = X509_STORE_new();
+		lookup=X509_STORE_add_lookup(store,X509_LOOKUP_file());
+		if (lookup == NULL) goto end;
+		if (!X509_LOOKUP_load_file(lookup,CAfile,X509_FILETYPE_PEM))
+			X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT);
+			
+		lookup=X509_STORE_add_lookup(store,X509_LOOKUP_hash_dir());
+		if (lookup == NULL) goto end;
+		if (!X509_LOOKUP_add_dir(lookup,CApath,X509_FILETYPE_PEM))
+			X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT);
+		ERR_clear_error();
+
+		if(!X509_STORE_CTX_init(&ctx, store, NULL, NULL)) {
+			BIO_printf(bio_err,
+				"Error initialising X509 store\n");
+			goto end;
+		}
+
+		i = X509_STORE_get_by_subject(&ctx, X509_LU_X509, 
+					X509_CRL_get_issuer(x), &xobj);
+		if(i <= 0) {
+			BIO_printf(bio_err,
+				"Error getting CRL issuer certificate\n");
+			goto end;
+		}
+		pkey = X509_get_pubkey(xobj.data.x509);
+		X509_OBJECT_free_contents(&xobj);
+		if(!pkey) {
+			BIO_printf(bio_err,
+				"Error getting CRL issuer public key\n");
+			goto end;
+		}
+		i = X509_CRL_verify(x, pkey);
+		EVP_PKEY_free(pkey);
+		if(i < 0) goto end;
+		if(i == 0) BIO_printf(bio_err, "verify failure\n");
+		else BIO_printf(bio_err, "verify OK\n");
+	}
+
 	if (num)
 		{
 		for (i=1; i<=num; i++)
 			{
 			if (issuer == i)
 				{
-				X509_NAME_oneline(x->crl->issuer,buf,256);
-				fprintf(stdout,"issuer= %s\n",buf);
+				print_name(bio_out, "issuer=", X509_CRL_get_issuer(x), nmflag);
 				}

 			if (hash == i)
 				{
-				fprintf(stdout,"%08lx\n",
-					X509_NAME_hash(x->crl->issuer));
+				BIO_printf(bio_out,"%08lx\n",
+					X509_NAME_hash(X509_CRL_get_issuer(x)));
 				}
 			if (lastupdate == i)
 				{
-				fprintf(stdout,"lastUpdate=");
-				ASN1_UTCTIME_print(bio_out,x->crl->lastUpdate);
-				fprintf(stdout,"\n");
+				BIO_printf(bio_out,"lastUpdate=");
+				ASN1_TIME_print(bio_out,
+						X509_CRL_get_lastUpdate(x));
+				BIO_printf(bio_out,"\n");
 				}
 			if (nextupdate == i)
 				{
-				fprintf(stdout,"nextUpdate=");
-				if (x->crl->nextUpdate != NULL)
-					ASN1_UTCTIME_print(bio_out,x->crl->nextUpdate);
+				BIO_printf(bio_out,"nextUpdate=");
+				if (X509_CRL_get_nextUpdate(x)) 
+					ASN1_TIME_print(bio_out,
+						X509_CRL_get_nextUpdate(x));
 				else
-					fprintf(stdout,"NONE");
-				fprintf(stdout,"\n");
-				}
-			}
+					BIO_printf(bio_out,"NONE");
+				BIO_printf(bio_out,"\n");
 				}
+			if (fingerprint == i)
+				{
+				int j;
+				unsigned int n;
+				unsigned char md[EVP_MAX_MD_SIZE];

-	if (noout) goto end;
+				if (!X509_CRL_digest(x,digest,md,&n))
+					{
+					BIO_printf(bio_err,"out of memory\n");
+					goto end;
+					}
+				BIO_printf(bio_out,"%s Fingerprint=",
+						OBJ_nid2sn(EVP_MD_type(digest)));
+				for (j=0; j<(int)n; j++)
+					{
+					BIO_printf(bio_out,"%02X%c",md[j],
+						(j+1 == (int)n)
+						?'\n':':');
+					}
+				}
+			}
+		}

 	out=BIO_new(BIO_s_file());
 	if (out == NULL)
@@ -239,7 +334,15 @@ bad:
 		}

 	if (outfile == NULL)
+		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
+#ifdef OPENSSL_SYS_VMS
+		{
+		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+		out = BIO_push(tmpbio, out);
+		}
+#endif
+		}
 	else
 		{
 		if (BIO_write_filename(out,outfile) <= 0)
@@ -249,27 +352,14 @@ bad:
 			}
 		}

+	if (text) X509_CRL_print(out, x);
+
+	if (noout) goto end;
+
 	if 	(outformat == FORMAT_ASN1)
 		i=(int)i2d_X509_CRL_bio(out,x);
 	else if (outformat == FORMAT_PEM)
 		i=PEM_write_bio_X509_CRL(out,x);
-	else if (outformat == FORMAT_TEXT)
-		{
-		X509_REVOKED *r;
-		STACK *sk;
-
-		sk=sk_dup(x->crl->revoked);
-		while ((r=(X509_REVOKED *)sk_pop(sk)) != NULL)
-			{
-			fprintf(stdout,"revoked: serialNumber=");
-			i2a_ASN1_INTEGER(out,r->serialNumber);
-			fprintf(stdout," revocationDate=");
-			ASN1_UTCTIME_print(bio_out,r->revocationDate);
-			fprintf(stdout,"\n");
-			}
-		sk_free(sk);
-		i=1;
-		}
 	else	
 		{
 		BIO_printf(bio_err,"bad output format specified for outfile\n");
@@ -278,15 +368,19 @@ bad:
 	if (!i) { BIO_printf(bio_err,"unable to write CRL\n"); goto end; }
 	ret=0;
 end:
-	if (out != NULL) BIO_free(out);
-	if (bio_out != NULL) BIO_free(bio_out);
-	if (x != NULL) X509_CRL_free(x);
+	BIO_free_all(out);
+	BIO_free_all(bio_out);
+	bio_out=NULL;
+	X509_CRL_free(x);
+	if(store) {
+		X509_STORE_CTX_cleanup(&ctx);
+		X509_STORE_free(store);
+	}
+	apps_shutdown();
 	EXIT(ret);
 	}

-static X509_CRL *load_crl(infile, format)
-char *infile;
-int format;
+static X509_CRL *load_crl(char *infile, int format)
 	{
 	X509_CRL *x=NULL;
 	BIO *in=NULL;
@@ -311,7 +405,7 @@ int format;
 	if 	(format == FORMAT_ASN1)
 		x=d2i_X509_CRL_bio(in,NULL);
 	else if (format == FORMAT_PEM)
-		x=PEM_read_bio_X509_CRL(in,NULL,NULL);
+		x=PEM_read_bio_X509_CRL(in,NULL,NULL,NULL);
 	else	{
 		BIO_printf(bio_err,"bad input format specified for input crl\n");
 		goto end;
@@ -324,7 +418,7 @@ int format;
 		}
 	
 end:
-	if (in != NULL) BIO_free(in);
+	BIO_free(in);
 	return(x);
 	}

--- a/Show More
+++ b/Show More