PSARC/2016/217 Smartcard Reintroduction
PSARC/2016/220 libPKI
PSARC/2016/365 Mediated implementation of libpki in Solaris 11.3
22673523 Add libpki v0.8.9 to Userland consolidation
23535842 Mediated implementation of libpki in Solaris 11.3
23528052 libpki's configure and Makefile need refactoring
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/libpki/Makefile Wed Jul 06 18:39:47 2016 -0700
@@ -0,0 +1,105 @@
+#
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License (the "License").
+# You may not use this file except in compliance with the License.
+#
+# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+# or http://www.opensolaris.org/os/licensing.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+# If applicable, add the following below this CDDL HEADER, with the
+# fields enclosed by brackets "[]" replaced with your own identifying
+# information: Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
+#
+include ../../make-rules/shared-macros.mk
+
+COMPONENT_NAME= libpki
+COMPONENT_VERSION= 0.8.9
+
+# Version 0.8.9 of libpki has not been released, yet. There is no source
+# tarball for it. In Solaris 12, Userland consolidation has infrastructure
+# to fetch sources based on a specified git commit hash. Such infrastructure
+# is not present in Solaris 11.3. So we take the latest tarball 0.8.8
+# and apply few patches on top of it to get the same sources as in s12.
+COMPONENT_PROJECT_URL= https://www.openca.org/projects/libpki/
+COMPONENT_SRC= $(COMPONENT_NAME)-0.8.8
+COMPONENT_ARCHIVE= $(COMPONENT_SRC).tar.gz
+COMPONENT_ARCHIVE_HASH= \
+ sha256:0a3907650d0b4cf958adb7955789a2c080fc60709a7fddda0262c385ba0e3465
+COMPONENT_ARCHIVE_URL= \
+ http://downloads.sourceforge.net/project/openca/$(COMPONENT_NAME)/releases/v0.8.8/sources/$(COMPONENT_ARCHIVE)
+COMPONENT_BUGDB= library/smartcard
+
+TPNO= 26905
+
+
+include $(WS_MAKE_RULES)/prep.mk
+include $(WS_MAKE_RULES)/configure.mk
+include $(WS_MAKE_RULES)/ips.mk
+
+PKG_PROTO_DIRS += $(COMPONENT_SRC)/docs
+
+# Need to include the path below because not all headers are available in
+# $(BUILD_DIR)/src/libpki.
+CFLAGS += -I$(COMPONENT_DIR)/$(COMPONENT_SRC)/src
+
+OPENLDAP_VARIANT = $(BUILD_DIR)/$(MACH64)-openldap
+MOZILLALDAP_VARIANT = $(BUILD_DIR)/$(MACH64)-mozillaldap
+
+VARIANTS = $(OPENLDAP_VARIANT) $(MOZILLALDAP_VARIANT)
+
+$(VARIANTS:%=%/.configured): BITS=64
+
+BUILD_64 = $(VARIANTS:%=%/.built)
+
+# Only install the OpenLDAP variant. We will cherry-pick libpki built against
+# Mozilla LDAP out of the build directory to avoid re-installing everything.
+INSTALL_64 = $(OPENLDAP_VARIANT)/.installed
+
+TEST_64 = $(OPENLDAP_VARIANT)/.tested
+
+# configure.in and Makefile.am patches need configure script recreation.
+COMPONENT_PREP_ACTION += (cd $(@D); autoreconf);
+
+# This is necessary because 'gmake install' tries to install some files under
+# /usr/bin without it.
+CONFIGURE_ENV += DESTDIR="$(PROTO_DIR)"
+COMPONENT_INSTALL_ARGS += DESTDIR="$(PROTO_DIR)"
+
+CONFIGURE_BINDIR.64 = $(CONFIGURE_PREFIX)/bin
+CONFIGURE_ENV += CFLAGS="$(CFLAGS)"
+
+CONFIGURE_OPTIONS += --with-libdir=$(USRLIBDIR64)
+CONFIGURE_OPTIONS += --with-lib-prefix=$(USRLIBDIR64)
+
+# We build two variants: against OpenLDAP and against Mozilla LDAP libraries.
+$(OPENLDAP_VARIANT)/.configured: CONFIGURE_OPTIONS += --enable-openldap=yes
+$(MOZILLALDAP_VARIANT)/.configured: CONFIGURE_OPTIONS += --enable-openldap=no
+
+COMPONENT_PRE_TEST_ACTION = files/setup_test.sh $(@D) $(COMPONENT_SRC)
+
+# common targets
+configure: $(CONFIGURE_64)
+
+build: $(BUILD_64)
+
+install: $(INSTALL_64) $(MOZILLALDAP_VARIANT)/.built
+
+test: $(TEST_64)
+
+REQUIRED_PACKAGES += library/libxml2
+REQUIRED_PACKAGES += library/openldap
+REQUIRED_PACKAGES += library/security/openssl
+REQUIRED_PACKAGES += library/security/openssl/openssl-fips-140
+REQUIRED_PACKAGES += shell/ksh93
+REQUIRED_PACKAGES += system/library
+REQUIRED_PACKAGES += system/linker
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/libpki/files/setup_test.sh Wed Jul 06 18:39:47 2016 -0700
@@ -0,0 +1,64 @@
+#!/bin/sh
+#
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License (the "License").
+# You may not use this file except in compliance with the License.
+#
+# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+# or http://www.opensolaris.org/os/licensing.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+# If applicable, add the following below this CDDL HEADER, with the
+# fields enclosed by brackets "[]" replaced with your own identifying
+# information: Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
+#
+
+BUILD_DIR=$1
+COMPONENT_SRC=$2
+
+export PATH=/bin:$PATH
+
+# Replace the path to that under component build dir
+gsed -i 's|\"etc\"|'\""$BUILD_DIR"'/etc\"|g' $COMPONENT_SRC/src/tests/test6.c
+gsed -i 's|\"etc\"|'\""$BUILD_DIR"'/etc\"|g' $COMPONENT_SRC/src/tests/test8.c
+
+# Make dirs under component build dir and copy necessary files under them
+rm -rf $BUILD_DIR/etc/hsm.d
+mkdir $BUILD_DIR/etc/hsm.d
+cp $COMPONENT_SRC/etc/hsm.d/etoken-engine.xml $BUILD_DIR/etc/hsm.d
+rm $BUILD_DIR/etc/objectIdentifiers.xml
+cp $COMPONENT_SRC/etc/objectIdentifiers.xml $BUILD_DIR/etc
+rm -rf $BUILD_DIR/etc/token.d
+mkdir $BUILD_DIR/etc/token.d
+cp $COMPONENT_SRC/etc/token.d/test.xml $BUILD_DIR/etc/token.d
+
+# Replace the path to that under component build dir
+sed -e 's|/$HOME|'"$BUILD_DIR"'/etc|g' $COMPONENT_SRC/etc/token.d/default.xml > $BUILD_DIR/etc/token.d/default.xml
+
+# Copy .libpki dir under component build dir
+rm -rf $BUILD_DIR/etc/.libpki
+cp -R $COMPONENT_SRC/etc/.libpki $BUILD_DIR/etc
+
+# Make results dir under component build dir
+rm -rf $BUILD_DIR/results
+mkdir $BUILD_DIR/results
+
+# Build test scripts
+gmake -C $BUILD_DIR/src/tests check-am
+
+# Test scripts need escapes because they are executed indirectly
+for i in {1..9}
+do
+ gsed -i 's|$libtool_install_magic|$$libtool_install_magic|g' $BUILD_DIR/src/tests/test$i
+ gsed -i 's|$libtool_execute_magic|$$libtool_execute_magic|g' $BUILD_DIR/src/tests/test$i
+ gsed -i 's|:$LD_LIBRARY_PATH|:$$LD_LIBRARY_PATH|g' $BUILD_DIR/src/tests/test$i
+done
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/libpki/libpki.license Wed Jul 06 18:39:47 2016 -0700
@@ -0,0 +1,59 @@
+====================================================================
+ LibPKI - Open Source Project
+ (c) 2007-2013 by OpenCA Labs and Massimiliano Pala
+ All Rights Reserved
+====================================================================
+
+ This software have been released under an Apache-style licence.
+
+ This software consists of voluntary contributions made by many
+ individuals on behalf of the OpenCA Labs. For more information
+ on the OpenCA Team and the OpenCA Project please refer to
+ <http://www.OpenCA.org/>.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions
+ are met:
+
+ 1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in
+ the documentation and/or other materials provided with the
+ distribution.
+
+ 3. All advertising materials mentioning features or use of this
+ software must display the following acknowledgment:
+ "This product includes software developed by the OpenCA Labs
+ for use in the OpenCA project (http://www.OpenCA.org/)."
+
+ 4. The names "OpenCA" and "OpenCA Labs" must not be used to
+ endorse or promote products derived from this software without
+ prior written permission. For written permission, please contact
+ [email protected].
+
+ 5. Products derived from this software may not be called "OpenCA"
+ nor may "OpenCA" appear in their names without prior written
+ permission of the OpenCA Labs.
+
+ 6. Redistributions of any form whatsoever must retain the following
+ acknowledgment:
+
+ "This product includes software developed by Massimiliano
+ Pala and the OpenCA Labs for use in the OpenCA project
+ (http://www.openca.org/)."
+
+ THIS SOFTWARE IS PROVIDED BY THE OPENCA TEAM ``AS IS'' AND ANY
+ EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OPENCA TEAM OR
+ ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ OF THE POSSIBILITY OF SUCH DAMAGE.
+
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/libpki/libpki.p5m Wed Jul 06 18:39:47 2016 -0700
@@ -0,0 +1,204 @@
+#
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License (the "License").
+# You may not use this file except in compliance with the License.
+#
+# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+# or http://www.opensolaris.org/os/licensing.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+# If applicable, add the following below this CDDL HEADER, with the
+# fields enclosed by brackets "[]" replaced with your own identifying
+# information: Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+
+#
+# Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
+#
+
+set name=pkg.fmri \
+ value=pkg:/library/security/ocsp/libpki@$(IPS_COMPONENT_VERSION),$(BUILD_VERSION)
+set name=pkg.summary \
+ value="Provides a library for managing certificates for smartcards"
+set name=pkg.description \
+ value="Provides a library to manage PKI-enabled application certificates from generation to validation for smartcards. OpenLDAP and Mozilla LDAP implementation is mediated."
+set name=com.oracle.info.description value="the LibPKI Project"
+set name=com.oracle.info.tpno value=$(TPNO)
+set name=info.classification \
+ value=org.opensolaris.category.2008:System/Libraries \
+ value=org.opensolaris.category.2008:System/Security
+set name=info.source-url value=$(COMPONENT_ARCHIVE_URL)
+set name=info.upstream-url value=$(COMPONENT_PROJECT_URL)
+set name=org.opensolaris.arc-caseid value=PSARC/2016/220
+set name=org.opensolaris.consolidation value=$(CONSOLIDATION)
+dir path=etc/libpki/hsm.d
+file path=etc/libpki/profile.d/server.xml
+file path=etc/libpki/profile.d/test.xml
+file path=etc/libpki/profile.d/user.xml
+file path=etc/libpki/store.d/empty.xml
+dir path=etc/libpki/token.d
+file path=etc/pki.conf
+file path=usr/bin/libpki-config
+file path=usr/bin/pki-cert
+file path=usr/bin/pki-crl
+file path=usr/bin/pki-derenc
+file path=usr/bin/pki-lirt
+file path=usr/bin/pki-query
+file path=usr/bin/pki-request
+file path=usr/bin/pki-siginfo
+file path=usr/bin/pki-tool
+file path=usr/bin/pki-xpair
+file path=usr/bin/url-tool
+file path=usr/include/libpki/cms.h
+file path=usr/include/libpki/cms/cms_cert_req.h
+file path=usr/include/libpki/config.h
+file path=usr/include/libpki/crypto.h
+file path=usr/include/libpki/drivers/engine/data_st.h
+file path=usr/include/libpki/drivers/engine/engine_hsm.h
+file path=usr/include/libpki/drivers/engine/engine_hsm_obj.h
+file path=usr/include/libpki/drivers/engine/engine_hsm_pkey.h
+file path=usr/include/libpki/drivers/engine/engine_st.h
+file path=usr/include/libpki/drivers/hsm_keypair.h
+file path=usr/include/libpki/drivers/hsm_main.h
+file path=usr/include/libpki/drivers/hsm_slot.h
+file path=usr/include/libpki/drivers/kmf/data_st.h
+file path=usr/include/libpki/drivers/kmf/kmf_hsm.h
+file path=usr/include/libpki/drivers/kmf/kmf_hsm_engine.h
+file path=usr/include/libpki/drivers/kmf/kmf_hsm_pkey.h
+file path=usr/include/libpki/drivers/kmf/kmf_hsm_sign.h
+file path=usr/include/libpki/drivers/kmf/pki_kmflib.h
+file path=usr/include/libpki/drivers/openssl/data_st.h
+file path=usr/include/libpki/drivers/openssl/openssl_hsm.h
+file path=usr/include/libpki/drivers/openssl/openssl_hsm_cb.h
+file path=usr/include/libpki/drivers/openssl/openssl_hsm_obj.h
+file path=usr/include/libpki/drivers/openssl/openssl_hsm_pkey.h
+file path=usr/include/libpki/drivers/pkcs11/pkcs11_hsm.h
+file path=usr/include/libpki/drivers/pkcs11/pkcs11_hsm_obj.h
+file path=usr/include/libpki/drivers/pkcs11/pkcs11_hsm_pkey.h
+file path=usr/include/libpki/drivers/pkcs11/pkcs11_utils.h
+file path=usr/include/libpki/drivers/pkcs11/rsa/cryptoki.h
+file path=usr/include/libpki/drivers/pkcs11/rsa/pkcs11_func.h
+file path=usr/include/libpki/drivers/pkcs11/rsa/pkcs11t.h
+file path=usr/include/libpki/errors-new.h
+file path=usr/include/libpki/errors.h
+file path=usr/include/libpki/extensions.h
+file path=usr/include/libpki/hsm_st.h
+file path=usr/include/libpki/io/pki_keypair_io.h
+file path=usr/include/libpki/io/pki_msg_req_io.h
+file path=usr/include/libpki/io/pki_msg_resp_io.h
+file path=usr/include/libpki/io/pki_ocsp_req_io.h
+file path=usr/include/libpki/io/pki_ocsp_resp_io.h
+file path=usr/include/libpki/io/pki_x509_cert_io.h
+file path=usr/include/libpki/io/pki_x509_crl_io.h
+file path=usr/include/libpki/io/pki_x509_io.h
+file path=usr/include/libpki/io/pki_x509_p12_io.h
+file path=usr/include/libpki/io/pki_x509_pkcs7_io.h
+file path=usr/include/libpki/io/pki_x509_req_io.h
+file path=usr/include/libpki/io/pki_x509_xpair_io.h
+file path=usr/include/libpki/lirt/lirt.h
+file path=usr/include/libpki/lirt/lirt_asn1.h
+file path=usr/include/libpki/lirt/lirt_bio.h
+file path=usr/include/libpki/lirt/lirt_lib.h
+file path=usr/include/libpki/net/dns.h
+file path=usr/include/libpki/net/http_s.h
+file path=usr/include/libpki/net/ldap.h
+file path=usr/include/libpki/net/pkcs11.h
+file path=usr/include/libpki/net/pki_mysql.h
+file path=usr/include/libpki/net/pki_pg.h
+file path=usr/include/libpki/net/pki_socket.h
+file path=usr/include/libpki/net/sock.h
+file path=usr/include/libpki/net/ssl.h
+file path=usr/include/libpki/net/url.h
+file path=usr/include/libpki/openssl/data_st.h
+file path=usr/include/libpki/openssl/pthread_init.h
+file path=usr/include/libpki/os.h
+file path=usr/include/libpki/pki.h
+file path=usr/include/libpki/pki_algor.h
+file path=usr/include/libpki/pki_algorithm.h
+file path=usr/include/libpki/pki_conf.h
+file path=usr/include/libpki/pki_cred.h
+file path=usr/include/libpki/pki_digest.h
+file path=usr/include/libpki/pki_hmac.h
+file path=usr/include/libpki/pki_id.h
+file path=usr/include/libpki/pki_id_info.h
+file path=usr/include/libpki/pki_init.h
+file path=usr/include/libpki/pki_integer.h
+file path=usr/include/libpki/pki_io.h
+file path=usr/include/libpki/pki_keypair.h
+file path=usr/include/libpki/pki_keyparams.h
+file path=usr/include/libpki/pki_log.h
+file path=usr/include/libpki/pki_mem.h
+file path=usr/include/libpki/pki_msg.h
+file path=usr/include/libpki/pki_msg_req.h
+file path=usr/include/libpki/pki_msg_resp.h
+file path=usr/include/libpki/pki_ocsp_req.h
+file path=usr/include/libpki/pki_ocsp_resp.h
+file path=usr/include/libpki/pki_oid.h
+file path=usr/include/libpki/pki_string.h
+file path=usr/include/libpki/pki_threads.h
+file path=usr/include/libpki/pki_threads_vars.h
+file path=usr/include/libpki/pki_time.h
+file path=usr/include/libpki/pki_x509.h
+file path=usr/include/libpki/pki_x509_attribute.h
+file path=usr/include/libpki/pki_x509_cert.h
+file path=usr/include/libpki/pki_x509_cert_mem.h
+file path=usr/include/libpki/pki_x509_crl.h
+file path=usr/include/libpki/pki_x509_data_st.h
+file path=usr/include/libpki/pki_x509_extension.h
+file path=usr/include/libpki/pki_x509_mem.h
+file path=usr/include/libpki/pki_x509_mime.h
+file path=usr/include/libpki/pki_x509_name.h
+file path=usr/include/libpki/pki_x509_p12.h
+file path=usr/include/libpki/pki_x509_pkcs7.h
+file path=usr/include/libpki/pki_x509_profile.h
+file path=usr/include/libpki/pki_x509_req.h
+file path=usr/include/libpki/pki_x509_signature.h
+file path=usr/include/libpki/pki_x509_xpair.h
+file path=usr/include/libpki/pki_x509_xpair_asn1.h
+file path=usr/include/libpki/profile.h
+file path=usr/include/libpki/prqp/http_client.h
+file path=usr/include/libpki/prqp/prqp.h
+file path=usr/include/libpki/prqp/prqp_asn1.h
+file path=usr/include/libpki/prqp/prqp_bio.h
+file path=usr/include/libpki/prqp/prqp_lib.h
+file path=usr/include/libpki/prqp/prqp_req_io.h
+file path=usr/include/libpki/prqp/prqp_resp_io.h
+file path=usr/include/libpki/prqp/prqp_srv.h
+file path=usr/include/libpki/prqp/prqp_stack.h
+file path=usr/include/libpki/scep/pki_x509_scep_asn1.h
+file path=usr/include/libpki/scep/pki_x509_scep_attrs.h
+file path=usr/include/libpki/scep/pki_x509_scep_data.h
+file path=usr/include/libpki/scep/pki_x509_scep_msg.h
+file path=usr/include/libpki/scep/scep.h
+file path=usr/include/libpki/stack.h
+file path=usr/include/libpki/support.h
+file path=usr/include/libpki/token.h
+file path=usr/include/libpki/token_data.h
+file path=usr/include/libpki/token_id.h
+file path=usr/include/libpki/token_st.h
+link path=usr/lib/$(MACH64)/libpki.so target=libpki.so.89.89.9
+link path=usr/lib/$(MACH64)/libpki.so.89 target=libpki.so.89.89.9
+file build/$(MACH64)-openldap/src/.libs/libpki.so.89.89.9 \
+ path=usr/lib/libpki/openldap/$(MACH64)/libpki.so.89.89.9
+file build/$(MACH64)-mozillaldap/src/.libs/libpki.so.89.89.9 \
+ path=usr/lib/libpki/mozillaldap/$(MACH64)/libpki.so.89.89.9
+file path=usr/lib/$(MACH64)/pkgconfig/libpki.pc
+file README.data_structures path=usr/share/doc/libpki/README.data_structures
+file README.functions path=usr/share/doc/libpki/README.functions
+file path=usr/share/doc/libpki/pkginfo
+license COPYING license=Apache
+
+# Mediator links for the library.
+link path=usr/lib/$(MACH64)/libpki.so.89.89.9 \
+ target=../libpki/openldap/$(MACH64)/libpki.so.89.89.9 mediator=libpki \
+ mediator-implementation=openldap mediator-priority=vendor
+link path=usr/lib/$(MACH64)/libpki.so.89.89.9 \
+ target=../libpki/mozillaldap/$(MACH64)/libpki.so.89.89.9 mediator=libpki \
+ mediator-implementation=mozillaldap
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/libpki/patches/001-974ed8f6e3beca728cb0d79c99b344ab0dae2b0c.patch Wed Jul 06 18:39:47 2016 -0700
@@ -0,0 +1,104 @@
+From 974ed8f6e3beca728cb0d79c99b344ab0dae2b0c Mon Sep 17 00:00:00 2001
+From: "Dr. Massimiliano Pala" <[email protected]>
+Date: Wed, 25 Mar 2015 18:48:06 -0500
+Subject: [PATCH] Added responderId type selection for OCSP response signing.
+
+---
+ ChangeLog | 3 +++
+ src/libpki/openssl/data_st.h | 5 +++++
+ src/libpki/pki_ocsp_resp.h | 6 ++++--
+ src/openssl/pki_ocsp_resp.c | 14 ++++++++++----
+ 4 files changed, 22 insertions(+), 6 deletions(-)
+
+diff --git a/ChangeLog b/ChangeLog
+index 01e6f87..1bc713c 100644
+--- a/ChangeLog
++++ b/ChangeLog
+@@ -1,3 +1,6 @@
++* Mar 25 2015 Massimiliano Pala <[email protected]>
++- Added responderId type parameter in OCSP response signing
++
+ * Jan 4 2015 Massimiliano Pala <[email protected]>
+ - Fixed PKI_TOKEN_load_cert() when setting the token's algor
+ - Fixed I/O return type for PKI_X509_get()
+diff --git a/src/libpki/openssl/data_st.h b/src/libpki/openssl/data_st.h
+index 5863da3..1d23769 100644
+--- a/src/libpki/openssl/data_st.h
++++ b/src/libpki/openssl/data_st.h
+@@ -508,6 +508,11 @@ typedef struct pki_ocsp_resp_st {
+ OCSP_BASICRESP *bs;
+ } PKI_OCSP_RESP;
+
++typedef enum {
++ PKI_X509_OCSP_RESPID_TYPE_BY_NAME = 0,
++ PKI_X509_OCSP_RESPID_TYPE_BY_KEYID = 1
++} PKI_X509_OCSP_RESPID_TYPE;
++
+ #define PKI_X509_OCSP_RESP_VALUE OCSP_RESPONSE
+ #define PKI_X509_OCSP_RESP PKI_X509
+
+diff --git a/src/libpki/pki_ocsp_resp.h b/src/libpki/pki_ocsp_resp.h
+index a00ccdf..1d17546 100644
+--- a/src/libpki/pki_ocsp_resp.h
++++ b/src/libpki/pki_ocsp_resp.h
+@@ -39,9 +39,11 @@ int PKI_X509_OCSP_RESP_DATA_sign (PKI_X509_OCSP_RESP *r, PKI_X509_KEYPAIR *pkey,
+ PKI_DIGEST_ALG *md );
+ int PKI_X509_OCSP_RESP_sign ( PKI_X509_OCSP_RESP *r, PKI_X509_KEYPAIR *keypair,
+ PKI_X509_CERT *cert, PKI_X509_CERT *issuer,
+- PKI_X509_CERT_STACK * otherCerts, PKI_DIGEST_ALG *digest);
++ PKI_X509_CERT_STACK * otherCerts, PKI_DIGEST_ALG *digest,
++ PKI_X509_OCSP_RESPID_TYPE respidType);
+
+-int PKI_X509_OCSP_RESP_sign_tk ( PKI_X509_OCSP_RESP *r, PKI_TOKEN *tk, PKI_DIGEST_ALG *digest );
++int PKI_X509_OCSP_RESP_sign_tk ( PKI_X509_OCSP_RESP *r, PKI_TOKEN *tk,
++ PKI_DIGEST_ALG *digest, PKI_X509_OCSP_RESPID_TYPE respidType);
+
+ /* ------------------------------ Data Parsing --------------------------- */
+
+diff --git a/src/openssl/pki_ocsp_resp.c b/src/openssl/pki_ocsp_resp.c
+index 8f756b0..8ab1c5b 100644
+--- a/src/openssl/pki_ocsp_resp.c
++++ b/src/openssl/pki_ocsp_resp.c
+@@ -282,7 +282,7 @@ int PKI_X509_OCSP_RESP_DATA_sign (PKI_X509_OCSP_RESP *resp,
+ int PKI_X509_OCSP_RESP_sign ( PKI_X509_OCSP_RESP *resp,
+ PKI_X509_KEYPAIR *keypair, PKI_X509_CERT *cert,
+ PKI_X509_CERT *issuer, PKI_X509_CERT_STACK * otherCerts,
+- PKI_DIGEST_ALG *digest ) {
++ PKI_DIGEST_ALG *digest, PKI_X509_OCSP_RESPID_TYPE respidType ) {
+
+ OCSP_RESPID *rid;
+ PKI_OCSP_RESP *r = NULL;
+@@ -327,8 +327,13 @@ int PKI_X509_OCSP_RESP_sign ( PKI_X509_OCSP_RESP *resp,
+ rid = r->bs->tbsResponseData->responderId;
+
+ // Sets the responderId
+- if (cert)
++ if (cert && respidType == PKI_X509_OCSP_RESPID_TYPE_BY_NAME)
+ {
++ if (!cert) {
++ PKI_log_err("PKI_OCSP_RESPID_TYPE_BY_NAME requires signer's certificate");
++ return PKI_ERR;
++ }
++
+ if (!X509_NAME_set(&rid->value.byName, X509_get_subject_name(cert->value)))
+ {
+ PKI_log_err("Internal Error");
+@@ -412,7 +417,8 @@ int PKI_X509_OCSP_RESP_sign ( PKI_X509_OCSP_RESP *resp,
+
+ /*! \brief Signs a PKI_X509_OCSP_RESP object by using a token */
+
+-int PKI_X509_OCSP_RESP_sign_tk(PKI_X509_OCSP_RESP *r, PKI_TOKEN *tk, PKI_DIGEST_ALG *digest)
++int PKI_X509_OCSP_RESP_sign_tk(PKI_X509_OCSP_RESP *r, PKI_TOKEN *tk,
++ PKI_DIGEST_ALG *digest, PKI_X509_OCSP_RESPID_TYPE respidType)
+ {
+ int ret = PKI_OK;
+
+@@ -429,7 +435,7 @@ int PKI_X509_OCSP_RESP_sign_tk(PKI_X509_OCSP_RESP *r, PKI_TOKEN *tk, PKI_DIGEST_
+ }
+
+ ret = PKI_X509_OCSP_RESP_sign(r, tk->keypair, tk->cert, tk->cacert,
+- tk->otherCerts, digest);
++ tk->otherCerts, digest, respidType);
+
+ if (ret != PKI_OK) PKI_log_debug("Error while signing OCSP response");
+
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/libpki/patches/002-3f43e979f347fde0474cef264d4f1aac77285e8e.patch Wed Jul 06 18:39:47 2016 -0700
@@ -0,0 +1,1494 @@
+From 3f43e979f347fde0474cef264d4f1aac77285e8e Mon Sep 17 00:00:00 2001
+From: "Dr. Massimiliano Pala" <[email protected]>
+Date: Wed, 25 Mar 2015 18:55:05 -0500
+Subject: [PATCH] Updated version to 0.8.9. Removed CVS directories.
+
+---
+ Makefile.in | 15 +-
+ aclocal.m4 | 154 ++++++++++++-----
+ configure | 253 +++++++++++++---------------
+ configure.in | 2 +-
+ contrib/CVS/Entries | 8 -
+ contrib/CVS/Repository | 1 -
+ contrib/CVS/Root | 1 -
+ contrib/images/CVS/Entries | 3 -
+ contrib/images/CVS/Repository | 1 -
+ contrib/images/CVS/Root | 1 -
+ docs/Makefile.in | 2 +-
+ etc/Makefile.in | 2 +-
+ examples/crl/CVS/Entries | 4 -
+ examples/crl/CVS/Repository | 1 -
+ examples/crl/CVS/Root | 1 -
+ examples/profiles/CVS/Entries | 2 -
+ examples/profiles/CVS/Repository | 1 -
+ examples/profiles/CVS/Root | 1 -
+ examples/prqp/CVS/Entries | 7 -
+ examples/prqp/CVS/Repository | 1 -
+ examples/prqp/CVS/Root | 1 -
+ examples/prqp/certs/CVS/Entries | 3 -
+ examples/prqp/certs/CVS/Repository | 1 -
+ examples/prqp/certs/CVS/Root | 1 -
+ examples/token/CVS/Entries | 7 -
+ examples/token/CVS/Repository | 1 -
+ examples/token/CVS/Root | 1 -
+ examples/token/etc/CVS/Entries | 4 -
+ examples/token/etc/CVS/Repository | 1 -
+ examples/token/etc/CVS/Root | 1 -
+ examples/token/etc/hsm.d/CVS/Entries | 4 -
+ examples/token/etc/hsm.d/CVS/Repository | 1 -
+ examples/token/etc/hsm.d/CVS/Root | 1 -
+ examples/token/etc/profile.d/CVS/Entries | 4 -
+ examples/token/etc/profile.d/CVS/Repository | 1 -
+ examples/token/etc/profile.d/CVS/Root | 1 -
+ examples/token/etc/token.d/CVS/Entries | 3 -
+ examples/token/etc/token.d/CVS/Repository | 1 -
+ examples/token/etc/token.d/CVS/Root | 1 -
+ examples/token/results/CVS/Entries | 3 -
+ examples/token/results/CVS/Repository | 1 -
+ examples/token/results/CVS/Root | 1 -
+ src/Makefile.in | 6 +-
+ src/cms/Makefile.in | 6 +-
+ src/drivers/Makefile.in | 6 +-
+ src/drivers/engine/Makefile.in | 6 +-
+ src/drivers/kmf/Makefile.in | 6 +-
+ src/drivers/openssl/Makefile.in | 6 +-
+ src/drivers/pkcs11/Makefile.in | 6 +-
+ src/io/Makefile.in | 6 +-
+ src/lirt/Makefile.in | 6 +-
+ src/net/Makefile.in | 6 +-
+ src/openssl/Makefile.in | 6 +-
+ src/prqp/Makefile.in | 6 +-
+ src/scep/Makefile.in | 6 +-
+ src/tests/CVS/Entries | 12 --
+ src/tests/CVS/Repository | 1 -
+ src/tests/CVS/Root | 1 -
+ src/tests/Makefile.in | 6 +-
+ src/tools/Makefile.in | 6 +-
+ 60 files changed, 289 insertions(+), 319 deletions(-)
+ delete mode 100644 contrib/CVS/Entries
+ delete mode 100644 contrib/CVS/Repository
+ delete mode 100644 contrib/CVS/Root
+ delete mode 100644 contrib/images/CVS/Entries
+ delete mode 100644 contrib/images/CVS/Repository
+ delete mode 100644 contrib/images/CVS/Root
+ delete mode 100644 examples/crl/CVS/Entries
+ delete mode 100644 examples/crl/CVS/Repository
+ delete mode 100644 examples/crl/CVS/Root
+ delete mode 100644 examples/profiles/CVS/Entries
+ delete mode 100644 examples/profiles/CVS/Repository
+ delete mode 100644 examples/profiles/CVS/Root
+ delete mode 100644 examples/prqp/CVS/Entries
+ delete mode 100644 examples/prqp/CVS/Repository
+ delete mode 100644 examples/prqp/CVS/Root
+ delete mode 100644 examples/prqp/certs/CVS/Entries
+ delete mode 100644 examples/prqp/certs/CVS/Repository
+ delete mode 100644 examples/prqp/certs/CVS/Root
+ delete mode 100644 examples/token/CVS/Entries
+ delete mode 100644 examples/token/CVS/Repository
+ delete mode 100644 examples/token/CVS/Root
+ delete mode 100644 examples/token/etc/CVS/Entries
+ delete mode 100644 examples/token/etc/CVS/Repository
+ delete mode 100644 examples/token/etc/CVS/Root
+ delete mode 100644 examples/token/etc/hsm.d/CVS/Entries
+ delete mode 100644 examples/token/etc/hsm.d/CVS/Repository
+ delete mode 100644 examples/token/etc/hsm.d/CVS/Root
+ delete mode 100644 examples/token/etc/profile.d/CVS/Entries
+ delete mode 100644 examples/token/etc/profile.d/CVS/Repository
+ delete mode 100644 examples/token/etc/profile.d/CVS/Root
+ delete mode 100644 examples/token/etc/token.d/CVS/Entries
+ delete mode 100644 examples/token/etc/token.d/CVS/Repository
+ delete mode 100644 examples/token/etc/token.d/CVS/Root
+ delete mode 100644 examples/token/results/CVS/Entries
+ delete mode 100644 examples/token/results/CVS/Repository
+ delete mode 100644 examples/token/results/CVS/Root
+ delete mode 100644 src/tests/CVS/Entries
+ delete mode 100644 src/tests/CVS/Repository
+ delete mode 100644 src/tests/CVS/Root
+
+diff --git a/Makefile.in b/Makefile.in
+index 21a7f10..6f3a441 100644
+--- a/Makefile.in
++++ b/Makefile.in
+@@ -1,4 +1,4 @@
+-# Makefile.in generated by automake 1.13.4 from Makefile.am.
++# Makefile.in generated by automake 1.14.1 from Makefile.am.
+ # @configure_input@
+
+ # Copyright (C) 1994-2013 Free Software Foundation, Inc.
+@@ -765,8 +765,8 @@ $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ $(am__aclocal_m4_deps):
+
+ src/libpki/config.h: src/libpki/stamp-h1
+- @if test ! -f $@; then rm -f src/libpki/stamp-h1; else :; fi
+- @if test ! -f $@; then $(MAKE) $(AM_MAKEFLAGS) src/libpki/stamp-h1; else :; fi
++ @test -f $@ || rm -f src/libpki/stamp-h1
++ @test -f $@ || $(MAKE) $(AM_MAKEFLAGS) src/libpki/stamp-h1
+
+ src/libpki/stamp-h1: $(top_srcdir)/src/libpki/config.h.in $(top_builddir)/config.status
+ @rm -f src/libpki/stamp-h1
+@@ -1247,10 +1247,16 @@ dist-xz: distdir
+ $(am__post_remove_distdir)
+
+ dist-tarZ: distdir
++ @echo WARNING: "Support for shar distribution archives is" \
++ "deprecated." >&2
++ @echo WARNING: "It will be removed altogether in Automake 2.0" >&2
+ tardir=$(distdir) && $(am__tar) | compress -c >$(distdir).tar.Z
+ $(am__post_remove_distdir)
+
+ dist-shar: distdir
++ @echo WARNING: "Support for distribution archives compressed with" \
++ "legacy program 'compress' is deprecated." >&2
++ @echo WARNING: "It will be removed altogether in Automake 2.0" >&2
+ shar $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).shar.gz
+ $(am__post_remove_distdir)
+
+@@ -1292,9 +1298,10 @@ distcheck: dist
+ && dc_destdir="$${TMPDIR-/tmp}/am-dc-$$$$/" \
+ && am__cwd=`pwd` \
+ && $(am__cd) $(distdir)/_build \
+- && ../configure --srcdir=.. --prefix="$$dc_install_base" \
++ && ../configure \
+ $(AM_DISTCHECK_CONFIGURE_FLAGS) \
+ $(DISTCHECK_CONFIGURE_FLAGS) \
++ --srcdir=.. --prefix="$$dc_install_base" \
+ && $(MAKE) $(AM_MAKEFLAGS) \
+ && $(MAKE) $(AM_MAKEFLAGS) dvi \
+ && $(MAKE) $(AM_MAKEFLAGS) check \
+diff --git a/aclocal.m4 b/aclocal.m4
+index b9a6ea9..507edce 100644
+--- a/aclocal.m4
++++ b/aclocal.m4
+@@ -1,4 +1,4 @@
+-# generated automatically by aclocal 1.13.4 -*- Autoconf -*-
++# generated automatically by aclocal 1.14.1 -*- Autoconf -*-
+
+ # Copyright (C) 1996-2013 Free Software Foundation, Inc.
+
+@@ -32,10 +32,10 @@ To do so, use the procedure documented by the package, typically 'autoreconf'.])
+ # generated from the m4 files accompanying Automake X.Y.
+ # (This private macro should not be called outside this file.)
+ AC_DEFUN([AM_AUTOMAKE_VERSION],
+-[am__api_version='1.13'
++[am__api_version='1.14'
+ dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to
+ dnl require some minimum version. Point them to the right macro.
+-m4_if([$1], [1.13.4], [],
++m4_if([$1], [1.14.1], [],
+ [AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl
+ ])
+
+@@ -51,7 +51,7 @@ m4_define([_AM_AUTOCONF_VERSION], [])
+ # Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced.
+ # This function is AC_REQUIREd by AM_INIT_AUTOMAKE.
+ AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION],
+-[AM_AUTOMAKE_VERSION([1.13.4])dnl
++[AM_AUTOMAKE_VERSION([1.14.1])dnl
+ m4_ifndef([AC_AUTOCONF_VERSION],
+ [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl
+ _AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))])
+@@ -418,6 +418,12 @@ AC_DEFUN([AM_OUTPUT_DEPENDENCY_COMMANDS],
+ # This macro actually does too much. Some checks are only needed if
+ # your package does certain things. But this isn't really a big deal.
+
++dnl Redefine AC_PROG_CC to automatically invoke _AM_PROG_CC_C_O.
++m4_define([AC_PROG_CC],
++m4_defn([AC_PROG_CC])
++[_AM_PROG_CC_C_O
++])
++
+ # AM_INIT_AUTOMAKE(PACKAGE, VERSION, [NO-DEFINE])
+ # AM_INIT_AUTOMAKE([OPTIONS])
+ # -----------------------------------------------
+@@ -526,7 +532,48 @@ dnl macro is hooked onto _AC_COMPILER_EXEEXT early, see below.
+ AC_CONFIG_COMMANDS_PRE(dnl
+ [m4_provide_if([_AM_COMPILER_EXEEXT],
+ [AM_CONDITIONAL([am__EXEEXT], [test -n "$EXEEXT"])])])dnl
+-])
++
++# POSIX will say in a future version that running "rm -f" with no argument
++# is OK; and we want to be able to make that assumption in our Makefile
++# recipes. So use an aggressive probe to check that the usage we want is
++# actually supported "in the wild" to an acceptable degree.
++# See automake bug#10828.
++# To make any issue more visible, cause the running configure to be aborted
++# by default if the 'rm' program in use doesn't match our expectations; the
++# user can still override this though.
++if rm -f && rm -fr && rm -rf; then : OK; else
++ cat >&2 <<'END'
++Oops!
++
++Your 'rm' program seems unable to run without file operands specified
++on the command line, even when the '-f' option is present. This is contrary
++to the behaviour of most rm programs out there, and not conforming with
++the upcoming POSIX standard: <http://austingroupbugs.net/view.php?id=542>
++
++Please tell [email protected] about your system, including the value
++of your $PATH and any error possibly output before this message. This
++can help us improve future automake versions.
++
++END
++ if test x"$ACCEPT_INFERIOR_RM_PROGRAM" = x"yes"; then
++ echo 'Configuration will proceed anyway, since you have set the' >&2
++ echo 'ACCEPT_INFERIOR_RM_PROGRAM variable to "yes"' >&2
++ echo >&2
++ else
++ cat >&2 <<'END'
++Aborting the configuration process, to ensure you take notice of the issue.
++
++You can download and install GNU coreutils to get an 'rm' implementation
++that behaves properly: <http://www.gnu.org/software/coreutils/>.
++
++If you want to complete the configuration process using your problematic
++'rm' anyway, export the environment variable ACCEPT_INFERIOR_RM_PROGRAM
++to "yes", and re-run configure.
++
++END
++ AC_MSG_ERROR([Your 'rm' program is bad, sorry.])
++ fi
++fi])
+
+ dnl Hook into '_AC_COMPILER_EXEEXT' early to learn its expansion. Do not
+ dnl add the conditional right here, as _AC_COMPILER_EXEEXT may be further
+@@ -534,7 +581,6 @@ dnl mangled by Autoconf and run in a shell conditional statement.
+ m4_define([_AC_COMPILER_EXEEXT],
+ m4_defn([_AC_COMPILER_EXEEXT])[m4_provide([_AM_COMPILER_EXEEXT])])
+
+-
+ # When config.status generates a header, we must update the stamp-h file.
+ # This file resides in the same directory as the config header
+ # that is generated. The stamp files are numbered to have different names.
+@@ -682,38 +728,6 @@ AC_MSG_RESULT([$_am_result])
+ rm -f confinc confmf
+ ])
+
+-# Copyright (C) 1999-2013 Free Software Foundation, Inc.
+-#
+-# This file is free software; the Free Software Foundation
+-# gives unlimited permission to copy and/or distribute it,
+-# with or without modifications, as long as this notice is preserved.
+-
+-# AM_PROG_CC_C_O
+-# --------------
+-# Like AC_PROG_CC_C_O, but changed for automake.
+-AC_DEFUN([AM_PROG_CC_C_O],
+-[AC_REQUIRE([AC_PROG_CC_C_O])dnl
+-AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl
+-AC_REQUIRE_AUX_FILE([compile])dnl
+-# FIXME: we rely on the cache variable name because
+-# there is no other way.
+-set dummy $CC
+-am_cc=`echo $[2] | sed ['s/[^a-zA-Z0-9_]/_/g;s/^[0-9]/_/']`
+-eval am_t=\$ac_cv_prog_cc_${am_cc}_c_o
+-if test "$am_t" != yes; then
+- # Losing compiler, so override with the script.
+- # FIXME: It is wrong to rewrite CC.
+- # But if we don't then we get into trouble of one sort or another.
+- # A longer-term fix would be to have automake use am__CC in this case,
+- # and then we could set am__CC="\$(top_srcdir)/compile \$(CC)"
+- CC="$am_aux_dir/compile $CC"
+-fi
+-dnl Make sure AC_PROG_CC is never called again, or it will override our
+-dnl setting of CC.
+-m4_define([AC_PROG_CC],
+- [m4_fatal([AC_PROG_CC cannot be called after AM_PROG_CC_C_O])])
+-])
+-
+ # Fake the existence of programs that GNU maintainers use. -*- Autoconf -*-
+
+ # Copyright (C) 1997-2013 Free Software Foundation, Inc.
+@@ -784,6 +798,70 @@ AC_DEFUN([_AM_SET_OPTIONS],
+ AC_DEFUN([_AM_IF_OPTION],
+ [m4_ifset(_AM_MANGLE_OPTION([$1]), [$2], [$3])])
+
++# Copyright (C) 1999-2013 Free Software Foundation, Inc.
++#
++# This file is free software; the Free Software Foundation
++# gives unlimited permission to copy and/or distribute it,
++# with or without modifications, as long as this notice is preserved.
++
++# _AM_PROG_CC_C_O
++# ---------------
++# Like AC_PROG_CC_C_O, but changed for automake. We rewrite AC_PROG_CC
++# to automatically call this.
++AC_DEFUN([_AM_PROG_CC_C_O],
++[AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl
++AC_REQUIRE_AUX_FILE([compile])dnl
++AC_LANG_PUSH([C])dnl
++AC_CACHE_CHECK(
++ [whether $CC understands -c and -o together],
++ [am_cv_prog_cc_c_o],
++ [AC_LANG_CONFTEST([AC_LANG_PROGRAM([])])
++ # Make sure it works both with $CC and with simple cc.
++ # Following AC_PROG_CC_C_O, we do the test twice because some
++ # compilers refuse to overwrite an existing .o file with -o,
++ # though they will create one.
++ am_cv_prog_cc_c_o=yes
++ for am_i in 1 2; do
++ if AM_RUN_LOG([$CC -c conftest.$ac_ext -o conftest2.$ac_objext]) \
++ && test -f conftest2.$ac_objext; then
++ : OK
++ else
++ am_cv_prog_cc_c_o=no
++ break
++ fi
++ done
++ rm -f core conftest*
++ unset am_i])
++if test "$am_cv_prog_cc_c_o" != yes; then
++ # Losing compiler, so override with the script.
++ # FIXME: It is wrong to rewrite CC.
++ # But if we don't then we get into trouble of one sort or another.
++ # A longer-term fix would be to have automake use am__CC in this case,
++ # and then we could set am__CC="\$(top_srcdir)/compile \$(CC)"
++ CC="$am_aux_dir/compile $CC"
++fi
++AC_LANG_POP([C])])
++
++# For backward compatibility.
++AC_DEFUN_ONCE([AM_PROG_CC_C_O], [AC_REQUIRE([AC_PROG_CC])])
++
++# Copyright (C) 2001-2013 Free Software Foundation, Inc.
++#
++# This file is free software; the Free Software Foundation
++# gives unlimited permission to copy and/or distribute it,
++# with or without modifications, as long as this notice is preserved.
++
++# AM_RUN_LOG(COMMAND)
++# -------------------
++# Run COMMAND, save the exit status in ac_status, and log it.
++# (This has been adapted from Autoconf's _AC_RUN_LOG macro.)
++AC_DEFUN([AM_RUN_LOG],
++[{ echo "$as_me:$LINENO: $1" >&AS_MESSAGE_LOG_FD
++ ($1) >&AS_MESSAGE_LOG_FD 2>&AS_MESSAGE_LOG_FD
++ ac_status=$?
++ echo "$as_me:$LINENO: \$? = $ac_status" >&AS_MESSAGE_LOG_FD
++ (exit $ac_status); }])
++
+ # Check to make sure that the build environment is sane. -*- Autoconf -*-
+
+ # Copyright (C) 1996-2013 Free Software Foundation, Inc.
+diff --git a/configure b/configure
+index 875c58f..d8e5286 100755
+--- a/configure
++++ b/configure
+@@ -1,7 +1,7 @@
+ #! /bin/sh
+ # From configure.in Revision: 1.19 .
+ # Guess values for system-dependent variables and create Makefiles.
+-# Generated by GNU Autoconf 2.69 for libpki 0.8.8.
++# Generated by GNU Autoconf 2.69 for libpki 0.8.9.
+ #
+ # Report bugs to <[email protected]>.
+ #
+@@ -593,8 +593,8 @@ MAKEFLAGS=
+ # Identity of this package.
+ PACKAGE_NAME='libpki'
+ PACKAGE_TARNAME='libpki'
+-PACKAGE_VERSION='0.8.8'
+-PACKAGE_STRING='libpki 0.8.8'
++PACKAGE_VERSION='0.8.9'
++PACKAGE_STRING='libpki 0.8.9'
+ PACKAGE_BUGREPORT='[email protected]'
+ PACKAGE_URL=''
+
+@@ -1475,7 +1475,7 @@ if test "$ac_init_help" = "long"; then
+ # Omit some internal or obsolete options to make the list less imposing.
+ # This message is too long to be a string in the A/UX 3.1 sh.
+ cat <<_ACEOF
+-\`configure' configures libpki 0.8.8 to adapt to many kinds of systems.
++\`configure' configures libpki 0.8.9 to adapt to many kinds of systems.
+
+ Usage: $0 [OPTION]... [VAR=VALUE]...
+
+@@ -1546,7 +1546,7 @@ fi
+
+ if test -n "$ac_init_help"; then
+ case $ac_init_help in
+- short | recursive ) echo "Configuration of libpki 0.8.8:";;
++ short | recursive ) echo "Configuration of libpki 0.8.9:";;
+ esac
+ cat <<\_ACEOF
+
+@@ -1699,7 +1699,7 @@ fi
+ test -n "$ac_init_help" && exit $ac_status
+ if $ac_init_version; then
+ cat <<\_ACEOF
+-libpki configure 0.8.8
++libpki configure 0.8.9
+ generated by GNU Autoconf 2.69
+
+ Copyright (C) 2012 Free Software Foundation, Inc.
+@@ -2124,7 +2124,7 @@ cat >config.log <<_ACEOF
+ This file contains any messages produced by compilers while
+ running configure, to aid debugging if configure makes a mistake.
+
+-It was created by libpki $as_me 0.8.8, which was
++It was created by libpki $as_me 0.8.9, which was
+ generated by GNU Autoconf 2.69. Invocation command line was
+
+ $ $0 $@
+@@ -2871,6 +2871,9 @@ esac
+
+
+
++# expand $ac_aux_dir to an absolute path
++am_aux_dir=`cd $ac_aux_dir && pwd`
++
+ ac_ext=c
+ ac_cpp='$CPP $CPPFLAGS'
+ ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+@@ -3660,6 +3663,65 @@ ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
++ac_ext=c
++ac_cpp='$CPP $CPPFLAGS'
++ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
++ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
++ac_compiler_gnu=$ac_cv_c_compiler_gnu
++{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC understands -c and -o together" >&5
++$as_echo_n "checking whether $CC understands -c and -o together... " >&6; }
++if ${am_cv_prog_cc_c_o+:} false; then :
++ $as_echo_n "(cached) " >&6
++else
++ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
++/* end confdefs.h. */
++
++int
++main ()
++{
++
++ ;
++ return 0;
++}
++_ACEOF
++ # Make sure it works both with $CC and with simple cc.
++ # Following AC_PROG_CC_C_O, we do the test twice because some
++ # compilers refuse to overwrite an existing .o file with -o,
++ # though they will create one.
++ am_cv_prog_cc_c_o=yes
++ for am_i in 1 2; do
++ if { echo "$as_me:$LINENO: $CC -c conftest.$ac_ext -o conftest2.$ac_objext" >&5
++ ($CC -c conftest.$ac_ext -o conftest2.$ac_objext) >&5 2>&5
++ ac_status=$?
++ echo "$as_me:$LINENO: \$? = $ac_status" >&5
++ (exit $ac_status); } \
++ && test -f conftest2.$ac_objext; then
++ : OK
++ else
++ am_cv_prog_cc_c_o=no
++ break
++ fi
++ done
++ rm -f core conftest*
++ unset am_i
++fi
++{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_prog_cc_c_o" >&5
++$as_echo "$am_cv_prog_cc_c_o" >&6; }
++if test "$am_cv_prog_cc_c_o" != yes; then
++ # Losing compiler, so override with the script.
++ # FIXME: It is wrong to rewrite CC.
++ # But if we don't then we get into trouble of one sort or another.
++ # A longer-term fix would be to have automake use am__CC in this case,
++ # and then we could set am__CC="\$(top_srcdir)/compile \$(CC)"
++ CC="$am_aux_dir/compile $CC"
++fi
++ac_ext=c
++ac_cpp='$CPP $CPPFLAGS'
++ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
++ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
++ac_compiler_gnu=$ac_cv_c_compiler_gnu
++
++
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for a sed that does not truncate output" >&5
+ $as_echo_n "checking for a sed that does not truncate output... " >&6; }
+ if ${ac_cv_path_SED+:} false; then :
+@@ -11201,7 +11263,7 @@ $as_echo "$ac_cv_path_EGREP" >&6; }
+ CPU=`uname -p`
+
+
+-am__api_version='1.13'
++am__api_version='1.14'
+
+ # Find a good install program. We prefer a C program (faster),
+ # so one script is as good as another. But avoid the broken or
+@@ -11373,9 +11435,6 @@ test "$program_suffix" != NONE &&
+ ac_script='s/[\\$]/&&/g;s/;s,x,x,$//'
+ program_transform_name=`$as_echo "$program_transform_name" | sed "$ac_script"`
+
+-# expand $ac_aux_dir to an absolute path
+-am_aux_dir=`cd $ac_aux_dir && pwd`
+-
+ if test x"${MISSING+set}" != xset; then
+ case $am_aux_dir in
+ *\ * | *\ *)
+@@ -11708,7 +11767,7 @@ fi
+
+ # Define the identity of the package.
+ PACKAGE='libpki'
+- VERSION='0.8.8'
++ VERSION='0.8.9'
+
+
+ cat >>confdefs.h <<_ACEOF
+@@ -11887,6 +11946,47 @@ fi
+
+
+
++# POSIX will say in a future version that running "rm -f" with no argument
++# is OK; and we want to be able to make that assumption in our Makefile
++# recipes. So use an aggressive probe to check that the usage we want is
++# actually supported "in the wild" to an acceptable degree.
++# See automake bug#10828.
++# To make any issue more visible, cause the running configure to be aborted
++# by default if the 'rm' program in use doesn't match our expectations; the
++# user can still override this though.
++if rm -f && rm -fr && rm -rf; then : OK; else
++ cat >&2 <<'END'
++Oops!
++
++Your 'rm' program seems unable to run without file operands specified
++on the command line, even when the '-f' option is present. This is contrary
++to the behaviour of most rm programs out there, and not conforming with
++the upcoming POSIX standard: <http://austingroupbugs.net/view.php?id=542>
++
++Please tell [email protected] about your system, including the value
++of your $PATH and any error possibly output before this message. This
++can help us improve future automake versions.
++
++END
++ if test x"$ACCEPT_INFERIOR_RM_PROGRAM" = x"yes"; then
++ echo 'Configuration will proceed anyway, since you have set the' >&2
++ echo 'ACCEPT_INFERIOR_RM_PROGRAM variable to "yes"' >&2
++ echo >&2
++ else
++ cat >&2 <<'END'
++Aborting the configuration process, to ensure you take notice of the issue.
++
++You can download and install GNU coreutils to get an 'rm' implementation
++that behaves properly: <http://www.gnu.org/software/coreutils/>.
++
++If you want to complete the configuration process using your problematic
++'rm' anyway, export the environment variable ACCEPT_INFERIOR_RM_PROGRAM
++to "yes", and re-run configure.
++
++END
++ as_fn_error $? "Your 'rm' program is bad, sorry." "$LINENO" 5
++ fi
++fi
+
+ myarch=
+
+@@ -12291,131 +12391,6 @@ AR="$AR $ar_opt"
+ if [ "x$iphone_build" = "xno" ] ; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: Not an iPhone Build" >&5
+ $as_echo "Not an iPhone Build" >&6; }
+- if test "x$CC" != xcc; then
+- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC and cc understand -c and -o together" >&5
+-$as_echo_n "checking whether $CC and cc understand -c and -o together... " >&6; }
+-else
+- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether cc understands -c and -o together" >&5
+-$as_echo_n "checking whether cc understands -c and -o together... " >&6; }
+-fi
+-set dummy $CC; ac_cc=`$as_echo "$2" |
+- sed 's/[^a-zA-Z0-9_]/_/g;s/^[0-9]/_/'`
+-if eval \${ac_cv_prog_cc_${ac_cc}_c_o+:} false; then :
+- $as_echo_n "(cached) " >&6
+-else
+- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+-/* end confdefs.h. */
+-
+-int
+-main ()
+-{
+-
+- ;
+- return 0;
+-}
+-_ACEOF
+-# Make sure it works both with $CC and with simple cc.
+-# We do the test twice because some compilers refuse to overwrite an
+-# existing .o file with -o, though they will create one.
+-ac_try='$CC -c conftest.$ac_ext -o conftest2.$ac_objext >&5'
+-rm -f conftest2.*
+-if { { case "(($ac_try" in
+- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+- *) ac_try_echo=$ac_try;;
+-esac
+-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+-$as_echo "$ac_try_echo"; } >&5
+- (eval "$ac_try") 2>&5
+- ac_status=$?
+- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+- test $ac_status = 0; } &&
+- test -f conftest2.$ac_objext && { { case "(($ac_try" in
+- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+- *) ac_try_echo=$ac_try;;
+-esac
+-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+-$as_echo "$ac_try_echo"; } >&5
+- (eval "$ac_try") 2>&5
+- ac_status=$?
+- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+- test $ac_status = 0; };
+-then
+- eval ac_cv_prog_cc_${ac_cc}_c_o=yes
+- if test "x$CC" != xcc; then
+- # Test first that cc exists at all.
+- if { ac_try='cc -c conftest.$ac_ext >&5'
+- { { case "(($ac_try" in
+- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+- *) ac_try_echo=$ac_try;;
+-esac
+-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+-$as_echo "$ac_try_echo"; } >&5
+- (eval "$ac_try") 2>&5
+- ac_status=$?
+- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+- test $ac_status = 0; }; }; then
+- ac_try='cc -c conftest.$ac_ext -o conftest2.$ac_objext >&5'
+- rm -f conftest2.*
+- if { { case "(($ac_try" in
+- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+- *) ac_try_echo=$ac_try;;
+-esac
+-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+-$as_echo "$ac_try_echo"; } >&5
+- (eval "$ac_try") 2>&5
+- ac_status=$?
+- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+- test $ac_status = 0; } &&
+- test -f conftest2.$ac_objext && { { case "(($ac_try" in
+- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+- *) ac_try_echo=$ac_try;;
+-esac
+-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+-$as_echo "$ac_try_echo"; } >&5
+- (eval "$ac_try") 2>&5
+- ac_status=$?
+- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+- test $ac_status = 0; };
+- then
+- # cc works too.
+- :
+- else
+- # cc exists but doesn't like -o.
+- eval ac_cv_prog_cc_${ac_cc}_c_o=no
+- fi
+- fi
+- fi
+-else
+- eval ac_cv_prog_cc_${ac_cc}_c_o=no
+-fi
+-rm -f core conftest*
+-
+-fi
+-if eval test \$ac_cv_prog_cc_${ac_cc}_c_o = yes; then
+- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+-$as_echo "yes" >&6; }
+-else
+- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+-$as_echo "no" >&6; }
+-
+-$as_echo "#define NO_MINUS_C_MINUS_O 1" >>confdefs.h
+-
+-fi
+-
+-# FIXME: we rely on the cache variable name because
+-# there is no other way.
+-set dummy $CC
+-am_cc=`echo $2 | sed 's/[^a-zA-Z0-9_]/_/g;s/^[0-9]/_/'`
+-eval am_t=\$ac_cv_prog_cc_${am_cc}_c_o
+-if test "$am_t" != yes; then
+- # Losing compiler, so override with the script.
+- # FIXME: It is wrong to rewrite CC.
+- # But if we don't then we get into trouble of one sort or another.
+- # A longer-term fix would be to have automake use am__CC in this case,
+- # and then we could set am__CC="\$(top_srcdir)/compile \$(CC)"
+- CC="$am_aux_dir/compile $CC"
+-fi
+-
+
+ fi
+
+@@ -17520,7 +17495,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+ # report actual input values of CONFIG_FILES etc. instead of their
+ # values after options handling.
+ ac_log="
+-This file was extended by libpki $as_me 0.8.8, which was
++This file was extended by libpki $as_me 0.8.9, which was
+ generated by GNU Autoconf 2.69. Invocation command line was
+
+ CONFIG_FILES = $CONFIG_FILES
+@@ -17586,7 +17561,7 @@ _ACEOF
+ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+ ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
+ ac_cs_version="\\
+-libpki config.status 0.8.8
++libpki config.status 0.8.9
+ configured by $0, generated by GNU Autoconf 2.69,
+ with options \\"\$ac_cs_config\\"
+
+diff --git a/configure.in b/configure.in
+index d9877d1..f8308d1 100644
+--- a/configure.in
++++ b/configure.in
+@@ -4,7 +4,7 @@ AC_COPYRIGHT([Copyright 2007-2015 by Massimiliano Pala and OpenCA Labs])
+ # AC_CONFIG_SUBDIRS(src/core/openca.c)
+
+ dnl Autoconf
+-AC_INIT(libpki, 0.8.8, [[email protected]], [libpki])
++AC_INIT(libpki, 0.8.9, [[email protected]], [libpki])
+ AC_PREREQ(2.13)
+ AC_CONFIG_AUX_DIR(build)
+ AC_CONFIG_MACRO_DIR([m4])
+diff --git a/contrib/CVS/Entries b/contrib/CVS/Entries
+deleted file mode 100644
+index 85839be..0000000
+--- a/contrib/CVS/Entries
++++ /dev/null
+@@ -1,8 +0,0 @@
+-/build-rpm.sh/1.1.1.1/Sat Apr 6 00:52:50 2013//
+-/libpki-inst.xml.in/1.1.1.1/Sat Apr 6 00:52:50 2013//
+-/libpki.pc.in/1.1.1.1/Sat Apr 6 00:52:50 2013//
+-/rebuild.sh/1.1.1.1/Sat Apr 6 00:52:50 2013//
+-/repackage.sh/1.1.1.1/Sat Apr 6 00:52:50 2013//
+-/solaris-libtool.patch/1.1.1.1/Sat Apr 6 00:52:50 2013//
+-D/images////
+-/libpki.spec.orig/1.1/Sat Aug 3 19:14:24 2013//
+diff --git a/contrib/CVS/Repository b/contrib/CVS/Repository
+deleted file mode 100644
+index 3605386..0000000
+--- a/contrib/CVS/Repository
++++ /dev/null
+@@ -1 +0,0 @@
+-libpki/contrib
+diff --git a/contrib/CVS/Root b/contrib/CVS/Root
+deleted file mode 100644
+index 322ca10..0000000
+--- a/contrib/CVS/Root
++++ /dev/null
+@@ -1 +0,0 @@
+-:ext:[email protected]:/cvsroot/projects
+diff --git a/contrib/images/CVS/Entries b/contrib/images/CVS/Entries
+deleted file mode 100644
+index 5a1f0a8..0000000
+--- a/contrib/images/CVS/Entries
++++ /dev/null
+@@ -1,3 +0,0 @@
+-/openca_installer.png/1.1.1.1/Sat Apr 6 00:52:50 2013//
+-/openca_splash.png/1.1.1.1/Sat Apr 6 00:52:50 2013//
+-D
+diff --git a/contrib/images/CVS/Repository b/contrib/images/CVS/Repository
+deleted file mode 100644
+index 49c89a5..0000000
+--- a/contrib/images/CVS/Repository
++++ /dev/null
+@@ -1 +0,0 @@
+-libpki/contrib/images
+diff --git a/contrib/images/CVS/Root b/contrib/images/CVS/Root
+deleted file mode 100644
+index 322ca10..0000000
+--- a/contrib/images/CVS/Root
++++ /dev/null
+@@ -1 +0,0 @@
+-:ext:[email protected]:/cvsroot/projects
+diff --git a/docs/Makefile.in b/docs/Makefile.in
+index c0dc599..81ce0d5 100644
+--- a/docs/Makefile.in
++++ b/docs/Makefile.in
+@@ -1,4 +1,4 @@
+-# Makefile.in generated by automake 1.13.4 from Makefile.am.
++# Makefile.in generated by automake 1.14.1 from Makefile.am.
+ # @configure_input@
+
+ # Copyright (C) 1994-2013 Free Software Foundation, Inc.
+diff --git a/etc/Makefile.in b/etc/Makefile.in
+index c8cffe6..8b7e2a8 100644
+--- a/etc/Makefile.in
++++ b/etc/Makefile.in
+@@ -1,4 +1,4 @@
+-# Makefile.in generated by automake 1.13.4 from Makefile.am.
++# Makefile.in generated by automake 1.14.1 from Makefile.am.
+ # @configure_input@
+
+ # Copyright (C) 1994-2013 Free Software Foundation, Inc.
+diff --git a/examples/crl/CVS/Entries b/examples/crl/CVS/Entries
+deleted file mode 100644
+index dcd89ed..0000000
+--- a/examples/crl/CVS/Entries
++++ /dev/null
+@@ -1,4 +0,0 @@
+-/Makefile.in/1.1.1.1/Sat Apr 6 00:52:50 2013//
+-/test/1.1.1.1/Sat Apr 6 00:52:50 2013//
+-/test.c/1.1.1.1/Sat Apr 6 00:52:50 2013//
+-D
+diff --git a/examples/crl/CVS/Repository b/examples/crl/CVS/Repository
+deleted file mode 100644
+index 073d0b1..0000000
+--- a/examples/crl/CVS/Repository
++++ /dev/null
+@@ -1 +0,0 @@
+-libpki/examples/crl
+diff --git a/examples/crl/CVS/Root b/examples/crl/CVS/Root
+deleted file mode 100644
+index 322ca10..0000000
+--- a/examples/crl/CVS/Root
++++ /dev/null
+@@ -1 +0,0 @@
+-:ext:[email protected]:/cvsroot/projects
+diff --git a/examples/profiles/CVS/Entries b/examples/profiles/CVS/Entries
+deleted file mode 100644
+index f7026b7..0000000
+--- a/examples/profiles/CVS/Entries
++++ /dev/null
+@@ -1,2 +0,0 @@
+-/Makefile.in/1.1.1.1/Sat Apr 6 00:52:50 2013//
+-D
+diff --git a/examples/profiles/CVS/Repository b/examples/profiles/CVS/Repository
+deleted file mode 100644
+index bd18c6d..0000000
+--- a/examples/profiles/CVS/Repository
++++ /dev/null
+@@ -1 +0,0 @@
+-libpki/examples/profiles
+diff --git a/examples/profiles/CVS/Root b/examples/profiles/CVS/Root
+deleted file mode 100644
+index 322ca10..0000000
+--- a/examples/profiles/CVS/Root
++++ /dev/null
+@@ -1 +0,0 @@
+-:ext:[email protected]:/cvsroot/projects
+diff --git a/examples/prqp/CVS/Entries b/examples/prqp/CVS/Entries
+deleted file mode 100644
+index ad7a845..0000000
+--- a/examples/prqp/CVS/Entries
++++ /dev/null
+@@ -1,7 +0,0 @@
+-/Makefile.in/1.1.1.1/Sat Apr 6 00:52:50 2013//
+-/prqp_client/1.1.1.1/Sat Apr 6 00:52:50 2013//
+-/prqp_client.c/1.1.1.1/Sat Apr 6 00:52:50 2013//
+-/prqp_client_simple/1.1.1.1/Sat Apr 6 00:52:50 2013//
+-/prqp_client_simple.c/1.1.1.1/Sat Apr 6 00:52:50 2013//
+-/req.pem/1.1.1.1/Sat Apr 6 00:52:50 2013//
+-D/certs////
+diff --git a/examples/prqp/CVS/Repository b/examples/prqp/CVS/Repository
+deleted file mode 100644
+index 4fbb69a..0000000
+--- a/examples/prqp/CVS/Repository
++++ /dev/null
+@@ -1 +0,0 @@
+-libpki/examples/prqp
+diff --git a/examples/prqp/CVS/Root b/examples/prqp/CVS/Root
+deleted file mode 100644
+index 322ca10..0000000
+--- a/examples/prqp/CVS/Root
++++ /dev/null
+@@ -1 +0,0 @@
+-:ext:[email protected]:/cvsroot/projects
+diff --git a/examples/prqp/certs/CVS/Entries b/examples/prqp/certs/CVS/Entries
+deleted file mode 100644
+index 3b0ca1a..0000000
+--- a/examples/prqp/certs/CVS/Entries
++++ /dev/null
+@@ -1,3 +0,0 @@
+-/openca_cacert.crt/1.1.1.1/Sat Apr 6 00:52:50 2013//
+-/openca_cacert2.crt/1.1.1.1/Sat Apr 6 00:52:50 2013//
+-D
+diff --git a/examples/prqp/certs/CVS/Repository b/examples/prqp/certs/CVS/Repository
+deleted file mode 100644
+index 8960bae..0000000
+--- a/examples/prqp/certs/CVS/Repository
++++ /dev/null
+@@ -1 +0,0 @@
+-libpki/examples/prqp/certs
+diff --git a/examples/prqp/certs/CVS/Root b/examples/prqp/certs/CVS/Root
+deleted file mode 100644
+index 322ca10..0000000
+--- a/examples/prqp/certs/CVS/Root
++++ /dev/null
+@@ -1 +0,0 @@
+-:ext:[email protected]:/cvsroot/projects
+diff --git a/examples/token/CVS/Entries b/examples/token/CVS/Entries
+deleted file mode 100644
+index 867d34b..0000000
+--- a/examples/token/CVS/Entries
++++ /dev/null
+@@ -1,7 +0,0 @@
+-/Makefile.in/1.1.1.1/Sat Apr 6 00:52:50 2013//
+-/key.pem/1.1.1.1/Sat Apr 6 00:52:50 2013//
+-/test-tpm/1.1.1.1/Sat Apr 6 00:52:50 2013//
+-/test-tpm.c/1.1.1.1/Sat Apr 6 00:52:50 2013//
+-/test.c/1.1.1.1/Sat Apr 6 00:52:50 2013//
+-D/etc////
+-D/results////
+diff --git a/examples/token/CVS/Repository b/examples/token/CVS/Repository
+deleted file mode 100644
+index 0aa69c1..0000000
+--- a/examples/token/CVS/Repository
++++ /dev/null
+@@ -1 +0,0 @@
+-libpki/examples/token
+diff --git a/examples/token/CVS/Root b/examples/token/CVS/Root
+deleted file mode 100644
+index 322ca10..0000000
+--- a/examples/token/CVS/Root
++++ /dev/null
+@@ -1 +0,0 @@
+-:ext:[email protected]:/cvsroot/projects
+diff --git a/examples/token/etc/CVS/Entries b/examples/token/etc/CVS/Entries
+deleted file mode 100644
+index 4aead88..0000000
+--- a/examples/token/etc/CVS/Entries
++++ /dev/null
+@@ -1,4 +0,0 @@
+-/objectIdentifiers.xml/1.1.1.1/Sat Apr 6 00:52:50 2013//
+-D/hsm.d////
+-D/profile.d////
+-D/token.d////
+diff --git a/examples/token/etc/CVS/Repository b/examples/token/etc/CVS/Repository
+deleted file mode 100644
+index de479cd..0000000
+--- a/examples/token/etc/CVS/Repository
++++ /dev/null
+@@ -1 +0,0 @@
+-libpki/examples/token/etc
+diff --git a/examples/token/etc/CVS/Root b/examples/token/etc/CVS/Root
+deleted file mode 100644
+index 322ca10..0000000
+--- a/examples/token/etc/CVS/Root
++++ /dev/null
+@@ -1 +0,0 @@
+-:ext:[email protected]:/cvsroot/projects
+diff --git a/examples/token/etc/hsm.d/CVS/Entries b/examples/token/etc/hsm.d/CVS/Entries
+deleted file mode 100644
+index 6e69c4d..0000000
+--- a/examples/token/etc/hsm.d/CVS/Entries
++++ /dev/null
+@@ -1,4 +0,0 @@
+-/etoken.xml.in/1.1.1.1/Sat Apr 6 00:52:50 2013//
+-/tpm.xml/1.1.1.1/Sat Apr 6 00:52:50 2013//
+-/tpm.xml.in/1.1.1.1/Sat Apr 6 00:52:50 2013//
+-D
+diff --git a/examples/token/etc/hsm.d/CVS/Repository b/examples/token/etc/hsm.d/CVS/Repository
+deleted file mode 100644
+index 644a898..0000000
+--- a/examples/token/etc/hsm.d/CVS/Repository
++++ /dev/null
+@@ -1 +0,0 @@
+-libpki/examples/token/etc/hsm.d
+diff --git a/examples/token/etc/hsm.d/CVS/Root b/examples/token/etc/hsm.d/CVS/Root
+deleted file mode 100644
+index 322ca10..0000000
+--- a/examples/token/etc/hsm.d/CVS/Root
++++ /dev/null
+@@ -1 +0,0 @@
+-:ext:[email protected]:/cvsroot/projects
+diff --git a/examples/token/etc/profile.d/CVS/Entries b/examples/token/etc/profile.d/CVS/Entries
+deleted file mode 100644
+index ca8f5d0..0000000
+--- a/examples/token/etc/profile.d/CVS/Entries
++++ /dev/null
+@@ -1,4 +0,0 @@
+-/server.xml/1.1.1.1/Sat Apr 6 00:52:50 2013//
+-/test.xml/1.1.1.1/Sat Apr 6 00:52:50 2013//
+-/user.xml/1.1.1.1/Sat Apr 6 00:52:50 2013//
+-D
+diff --git a/examples/token/etc/profile.d/CVS/Repository b/examples/token/etc/profile.d/CVS/Repository
+deleted file mode 100644
+index 135b9a6..0000000
+--- a/examples/token/etc/profile.d/CVS/Repository
++++ /dev/null
+@@ -1 +0,0 @@
+-libpki/examples/token/etc/profile.d
+diff --git a/examples/token/etc/profile.d/CVS/Root b/examples/token/etc/profile.d/CVS/Root
+deleted file mode 100644
+index 322ca10..0000000
+--- a/examples/token/etc/profile.d/CVS/Root
++++ /dev/null
+@@ -1 +0,0 @@
+-:ext:[email protected]:/cvsroot/projects
+diff --git a/examples/token/etc/token.d/CVS/Entries b/examples/token/etc/token.d/CVS/Entries
+deleted file mode 100644
+index a1a4e94..0000000
+--- a/examples/token/etc/token.d/CVS/Entries
++++ /dev/null
+@@ -1,3 +0,0 @@
+-/software.xml/1.1.1.1/Sat Apr 6 00:52:50 2013//
+-/tpm.xml/1.1.1.1/Sat Apr 6 00:52:50 2013//
+-D
+diff --git a/examples/token/etc/token.d/CVS/Repository b/examples/token/etc/token.d/CVS/Repository
+deleted file mode 100644
+index ae56f18..0000000
+--- a/examples/token/etc/token.d/CVS/Repository
++++ /dev/null
+@@ -1 +0,0 @@
+-libpki/examples/token/etc/token.d
+diff --git a/examples/token/etc/token.d/CVS/Root b/examples/token/etc/token.d/CVS/Root
+deleted file mode 100644
+index 322ca10..0000000
+--- a/examples/token/etc/token.d/CVS/Root
++++ /dev/null
+@@ -1 +0,0 @@
+-:ext:[email protected]:/cvsroot/projects
+diff --git a/examples/token/results/CVS/Entries b/examples/token/results/CVS/Entries
+deleted file mode 100644
+index 8ea45dc..0000000
+--- a/examples/token/results/CVS/Entries
++++ /dev/null
+@@ -1,3 +0,0 @@
+-/test4_cert1.pem/1.1.1.1/Sat Apr 6 00:52:50 2013//
+-/test4_req1.pem/1.1.1.1/Sat Apr 6 00:52:50 2013//
+-D
+diff --git a/examples/token/results/CVS/Repository b/examples/token/results/CVS/Repository
+deleted file mode 100644
+index 06e6217..0000000
+--- a/examples/token/results/CVS/Repository
++++ /dev/null
+@@ -1 +0,0 @@
+-libpki/examples/token/results
+diff --git a/examples/token/results/CVS/Root b/examples/token/results/CVS/Root
+deleted file mode 100644
+index 322ca10..0000000
+--- a/examples/token/results/CVS/Root
++++ /dev/null
+@@ -1 +0,0 @@
+-:ext:[email protected]:/cvsroot/projects
+diff --git a/src/Makefile.in b/src/Makefile.in
+index b5ae4c2..12d74ef 100644
+--- a/src/Makefile.in
++++ b/src/Makefile.in
+@@ -1,4 +1,4 @@
+-# Makefile.in generated by automake 1.13.4 from Makefile.am.
++# Makefile.in generated by automake 1.14.1 from Makefile.am.
+ # @configure_input@
+
+ # Copyright (C) 1994-2013 Free Software Foundation, Inc.
+@@ -687,14 +687,14 @@ distclean-compile:
+ @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+ @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $<
++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
+
+ .c.obj:
+ @am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+ @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+ @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'`
++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
+
+ .c.lo:
+ @am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+diff --git a/src/cms/Makefile.in b/src/cms/Makefile.in
+index 5713b21..e4b2b86 100644
+--- a/src/cms/Makefile.in
++++ b/src/cms/Makefile.in
+@@ -1,4 +1,4 @@
+-# Makefile.in generated by automake 1.13.4 from Makefile.am.
++# Makefile.in generated by automake 1.14.1 from Makefile.am.
+ # @configure_input@
+
+ # Copyright (C) 1994-2013 Free Software Foundation, Inc.
+@@ -464,14 +464,14 @@ distclean-compile:
+ @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+ @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $<
++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
+
+ .c.obj:
+ @am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+ @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+ @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'`
++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
+
+ .c.lo:
+ @am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+diff --git a/src/drivers/Makefile.in b/src/drivers/Makefile.in
+index 4af8d40..1e40872 100644
+--- a/src/drivers/Makefile.in
++++ b/src/drivers/Makefile.in
+@@ -1,4 +1,4 @@
+-# Makefile.in generated by automake 1.13.4 from Makefile.am.
++# Makefile.in generated by automake 1.14.1 from Makefile.am.
+ # @configure_input@
+
+ # Copyright (C) 1994-2013 Free Software Foundation, Inc.
+@@ -520,14 +520,14 @@ distclean-compile:
+ @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+ @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $<
++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
+
+ .c.obj:
+ @am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+ @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+ @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'`
++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
+
+ .c.lo:
+ @am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+diff --git a/src/drivers/engine/Makefile.in b/src/drivers/engine/Makefile.in
+index a91f90b..f734edd 100644
+--- a/src/drivers/engine/Makefile.in
++++ b/src/drivers/engine/Makefile.in
+@@ -1,4 +1,4 @@
+-# Makefile.in generated by automake 1.13.4 from Makefile.am.
++# Makefile.in generated by automake 1.14.1 from Makefile.am.
+ # @configure_input@
+
+ # Copyright (C) 1994-2013 Free Software Foundation, Inc.
+@@ -468,14 +468,14 @@ distclean-compile:
+ @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+ @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $<
++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
+
+ .c.obj:
+ @am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+ @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+ @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'`
++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
+
+ .c.lo:
+ @am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+diff --git a/src/drivers/kmf/Makefile.in b/src/drivers/kmf/Makefile.in
+index d465f4a..e6f001b 100644
+--- a/src/drivers/kmf/Makefile.in
++++ b/src/drivers/kmf/Makefile.in
+@@ -1,4 +1,4 @@
+-# Makefile.in generated by automake 1.13.4 from Makefile.am.
++# Makefile.in generated by automake 1.14.1 from Makefile.am.
+ # @configure_input@
+
+ # Copyright (C) 1994-2013 Free Software Foundation, Inc.
+@@ -471,14 +471,14 @@ distclean-compile:
+ @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+ @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $<
++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
+
+ .c.obj:
+ @am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+ @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+ @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'`
++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
+
+ .c.lo:
+ @am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+diff --git a/src/drivers/openssl/Makefile.in b/src/drivers/openssl/Makefile.in
+index 06cb838..5e4012a 100644
+--- a/src/drivers/openssl/Makefile.in
++++ b/src/drivers/openssl/Makefile.in
+@@ -1,4 +1,4 @@
+-# Makefile.in generated by automake 1.13.4 from Makefile.am.
++# Makefile.in generated by automake 1.14.1 from Makefile.am.
+ # @configure_input@
+
+ # Copyright (C) 1994-2013 Free Software Foundation, Inc.
+@@ -470,14 +470,14 @@ distclean-compile:
+ @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+ @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $<
++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
+
+ .c.obj:
+ @am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+ @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+ @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'`
++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
+
+ .c.lo:
+ @am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+diff --git a/src/drivers/pkcs11/Makefile.in b/src/drivers/pkcs11/Makefile.in
+index 1e90398..6b684a1 100644
+--- a/src/drivers/pkcs11/Makefile.in
++++ b/src/drivers/pkcs11/Makefile.in
+@@ -1,4 +1,4 @@
+-# Makefile.in generated by automake 1.13.4 from Makefile.am.
++# Makefile.in generated by automake 1.14.1 from Makefile.am.
+ # @configure_input@
+
+ # Copyright (C) 1994-2013 Free Software Foundation, Inc.
+@@ -471,14 +471,14 @@ distclean-compile:
+ @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+ @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $<
++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
+
+ .c.obj:
+ @am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+ @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+ @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'`
++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
+
+ .c.lo:
+ @am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+diff --git a/src/io/Makefile.in b/src/io/Makefile.in
+index d85a3f2..af28dbb 100644
+--- a/src/io/Makefile.in
++++ b/src/io/Makefile.in
+@@ -1,4 +1,4 @@
+-# Makefile.in generated by automake 1.13.4 from Makefile.am.
++# Makefile.in generated by automake 1.14.1 from Makefile.am.
+ # @configure_input@
+
+ # Copyright (C) 1994-2013 Free Software Foundation, Inc.
+@@ -490,14 +490,14 @@ distclean-compile:
+ @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+ @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $<
++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
+
+ .c.obj:
+ @am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+ @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+ @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'`
++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
+
+ .c.lo:
+ @am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+diff --git a/src/lirt/Makefile.in b/src/lirt/Makefile.in
+index 6680c66..0f02cb4 100644
+--- a/src/lirt/Makefile.in
++++ b/src/lirt/Makefile.in
+@@ -1,4 +1,4 @@
+-# Makefile.in generated by automake 1.13.4 from Makefile.am.
++# Makefile.in generated by automake 1.14.1 from Makefile.am.
+ # @configure_input@
+
+ # Copyright (C) 1994-2013 Free Software Foundation, Inc.
+@@ -466,14 +466,14 @@ distclean-compile:
+ @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+ @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $<
++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
+
+ .c.obj:
+ @am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+ @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+ @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'`
++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
+
+ .c.lo:
+ @am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+diff --git a/src/net/Makefile.in b/src/net/Makefile.in
+index f75bb3a..525839b 100644
+--- a/src/net/Makefile.in
++++ b/src/net/Makefile.in
+@@ -1,4 +1,4 @@
+-# Makefile.in generated by automake 1.13.4 from Makefile.am.
++# Makefile.in generated by automake 1.14.1 from Makefile.am.
+ # @configure_input@
+
+ # Copyright (C) 1994-2013 Free Software Foundation, Inc.
+@@ -480,14 +480,14 @@ distclean-compile:
+ @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+ @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $<
++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
+
+ .c.obj:
+ @am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+ @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+ @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'`
++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
+
+ .c.lo:
+ @am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+diff --git a/src/openssl/Makefile.in b/src/openssl/Makefile.in
+index 3f49b46..d9d509a 100644
+--- a/src/openssl/Makefile.in
++++ b/src/openssl/Makefile.in
+@@ -1,4 +1,4 @@
+-# Makefile.in generated by automake 1.13.4 from Makefile.am.
++# Makefile.in generated by automake 1.14.1 from Makefile.am.
+ # @configure_input@
+
+ # Copyright (C) 1994-2013 Free Software Foundation, Inc.
+@@ -529,14 +529,14 @@ distclean-compile:
+ @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+ @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $<
++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
+
+ .c.obj:
+ @am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+ @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+ @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'`
++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
+
+ .c.lo:
+ @am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+diff --git a/src/prqp/Makefile.in b/src/prqp/Makefile.in
+index c475abe..ba4f885 100644
+--- a/src/prqp/Makefile.in
++++ b/src/prqp/Makefile.in
+@@ -1,4 +1,4 @@
+-# Makefile.in generated by automake 1.13.4 from Makefile.am.
++# Makefile.in generated by automake 1.14.1 from Makefile.am.
+ # @configure_input@
+
+ # Copyright (C) 1994-2013 Free Software Foundation, Inc.
+@@ -478,14 +478,14 @@ distclean-compile:
+ @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+ @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $<
++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
+
+ .c.obj:
+ @am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+ @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+ @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'`
++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
+
+ .c.lo:
+ @am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+diff --git a/src/scep/Makefile.in b/src/scep/Makefile.in
+index 6108e12..e468ce8 100644
+--- a/src/scep/Makefile.in
++++ b/src/scep/Makefile.in
+@@ -1,4 +1,4 @@
+-# Makefile.in generated by automake 1.13.4 from Makefile.am.
++# Makefile.in generated by automake 1.14.1 from Makefile.am.
+ # @configure_input@
+
+ # Copyright (C) 1994-2013 Free Software Foundation, Inc.
+@@ -474,14 +474,14 @@ distclean-compile:
+ @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+ @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $<
++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
+
+ .c.obj:
+ @am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+ @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+ @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'`
++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
+
+ .c.lo:
+ @am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+diff --git a/src/tests/CVS/Entries b/src/tests/CVS/Entries
+deleted file mode 100644
+index 26fd2e4..0000000
+--- a/src/tests/CVS/Entries
++++ /dev/null
+@@ -1,12 +0,0 @@
+-/Makefile.am/1.1.1.1/Sat Apr 6 00:52:50 2013//
+-/test1.c/1.1.1.1/Sat Apr 6 00:52:50 2013//
+-/test2.c/1.1.1.1/Sat Apr 6 00:52:50 2013//
+-/test3.c/1.1.1.1/Sat Apr 6 00:52:50 2013//
+-/test4.c/1.1.1.1/Sat Apr 6 00:52:50 2013//
+-/test5.c/1.1.1.1/Sat Apr 6 00:52:50 2013//
+-/test6.c/1.1.1.1/Sat Apr 6 00:52:50 2013//
+-/test7.c/1.1.1.1/Sat Apr 6 00:52:50 2013//
+-/test8.c/1.1.1.1/Sat Apr 6 00:52:50 2013//
+-/test9.c/1.1.1.1/Sat Apr 6 00:52:50 2013//
+-/Makefile.in/1.4/Sun May 11 19:27:02 2014//
+-D
+diff --git a/src/tests/CVS/Repository b/src/tests/CVS/Repository
+deleted file mode 100644
+index ad40a7e..0000000
+--- a/src/tests/CVS/Repository
++++ /dev/null
+@@ -1 +0,0 @@
+-libpki/src/tests
+diff --git a/src/tests/CVS/Root b/src/tests/CVS/Root
+deleted file mode 100644
+index 322ca10..0000000
+--- a/src/tests/CVS/Root
++++ /dev/null
+@@ -1 +0,0 @@
+-:ext:[email protected]:/cvsroot/projects
+diff --git a/src/tests/Makefile.in b/src/tests/Makefile.in
+index b8d72cd..8152920 100644
+--- a/src/tests/Makefile.in
++++ b/src/tests/Makefile.in
+@@ -1,4 +1,4 @@
+-# Makefile.in generated by automake 1.13.4 from Makefile.am.
++# Makefile.in generated by automake 1.14.1 from Makefile.am.
+ # @configure_input@
+
+ # Copyright (C) 1994-2013 Free Software Foundation, Inc.
+@@ -624,14 +624,14 @@ distclean-compile:
+ @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+ @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $<
++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
+
+ .c.obj:
+ @am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+ @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+ @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'`
++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
+
+ .c.lo:
+ @am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+diff --git a/src/tools/Makefile.in b/src/tools/Makefile.in
+index e407612..0436b27 100644
+--- a/src/tools/Makefile.in
++++ b/src/tools/Makefile.in
+@@ -1,4 +1,4 @@
+-# Makefile.in generated by automake 1.13.4 from Makefile.am.
++# Makefile.in generated by automake 1.14.1 from Makefile.am.
+ # @configure_input@
+
+ # Copyright (C) 1994-2013 Free Software Foundation, Inc.
+@@ -661,14 +661,14 @@ distclean-compile:
+ @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+ @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $<
++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
+
+ .c.obj:
+ @am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+ @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+ @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'`
++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
+
+ .c.lo:
+ @am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/libpki/patches/003-0cf50956edc44a6d08b7585656e2670e66631565.patch Wed Jul 06 18:39:47 2016 -0700
@@ -0,0 +1,159 @@
+From 0cf50956edc44a6d08b7585656e2670e66631565 Mon Sep 17 00:00:00 2001
+From: a157634 <[email protected]>
+Date: Tue, 7 Apr 2015 21:28:10 +0200
+Subject: [PATCH] Fixed typo in example config files
+
+Changed config item 'passwd' to 'password'
+---
+ etc/hsm.d/eracom-sdk.xml | 2 +-
+ etc/hsm.d/etoken-engine.xml | 2 +-
+ etc/hsm.d/etoken-pkcs11.xml | 2 +-
+ etc/hsm.d/etoken.xml | 2 +-
+ etc/hsm.d/opencryptoki.xml | 2 +-
+ etc/hsm.d/tpm.xml | 2 +-
+ etc/token.d/etoken-engine.xml | 2 +-
+ examples/token/etc/hsm.d/etoken.xml.in | 2 +-
+ examples/token/etc/hsm.d/tpm.xml | 2 +-
+ examples/token/etc/hsm.d/tpm.xml.in | 2 +-
+ examples/token/etc/token.d/software.xml | 2 +-
+ examples/token/etc/token.d/tpm.xml | 2 +-
+ 12 files changed, 12 insertions(+), 12 deletions(-)
+
+diff --git a/etc/hsm.d/eracom-sdk.xml b/etc/hsm.d/eracom-sdk.xml
+index bb48975..011100d 100644
+--- a/etc/hsm.d/eracom-sdk.xml
++++ b/etc/hsm.d/eracom-sdk.xml
+@@ -19,5 +19,5 @@
+ go -->
+ <pki:passin>stdin</pki:passin>
+ <!-- ... or simply specify the password here -->
+- <!-- <pki:passwd></pki:passwd> -->
++ <!-- <pki:password></pki:password> -->
+ </pki:hsm>
+diff --git a/etc/hsm.d/etoken-engine.xml b/etc/hsm.d/etoken-engine.xml
+index 08d601f..915dd74 100644
+--- a/etc/hsm.d/etoken-engine.xml
++++ b/etc/hsm.d/etoken-engine.xml
+@@ -45,5 +45,5 @@
+ go -->
+ <pki:passin>stdin</pki:passin>
+ <!-- ... or simply specify the password here -->
+- <!-- <pki:passwd></pki:passwd> -->
++ <!-- <pki:password></pki:password> -->
+ </pki:hsm>
+diff --git a/etc/hsm.d/etoken-pkcs11.xml b/etc/hsm.d/etoken-pkcs11.xml
+index f037d64..ac24139 100644
+--- a/etc/hsm.d/etoken-pkcs11.xml
++++ b/etc/hsm.d/etoken-pkcs11.xml
+@@ -19,5 +19,5 @@
+ go -->
+ <pki:passin>stdin</pki:passin>
+ <!-- ... or simply specify the password here -->
+- <!-- <pki:passwd></pki:passwd> -->
++ <!-- <pki:password></pki:password> -->
+ </pki:hsm>
+diff --git a/etc/hsm.d/etoken.xml b/etc/hsm.d/etoken.xml
+index facdd89..d8d9695 100644
+--- a/etc/hsm.d/etoken.xml
++++ b/etc/hsm.d/etoken.xml
+@@ -40,5 +40,5 @@
+ go -->
+ <pki:passin>env:etoken</pki:passin>
+ <!-- ... or simply specify the password here -->
+- <!-- <pki:passwd></pki:passwd> -->
++ <!-- <pki:password></pki:password> -->
+ </pki:hsm>
+diff --git a/etc/hsm.d/opencryptoki.xml b/etc/hsm.d/opencryptoki.xml
+index 2571cd2..fa99a39 100644
+--- a/etc/hsm.d/opencryptoki.xml
++++ b/etc/hsm.d/opencryptoki.xml
+@@ -19,5 +19,5 @@
+ go -->
+ <pki:passin>stdin</pki:passin>
+ <!-- ... or simply specify the password here -->
+- <!-- <pki:passwd></pki:passwd> -->
++ <!-- <pki:password></pki:password> -->
+ </pki:hsm>
+diff --git a/etc/hsm.d/tpm.xml b/etc/hsm.d/tpm.xml
+index b758d15..92a985b 100644
+--- a/etc/hsm.d/tpm.xml
++++ b/etc/hsm.d/tpm.xml
+@@ -36,5 +36,5 @@
+ go -->
+ <pki:passin>stdin</pki:passin>
+ <!-- ... or simply specify the password here -->
+- <!-- <pki:passwd></pki:passwd> -->
++ <!-- <pki:password></pki:password> -->
+ </pki:hsm>
+diff --git a/etc/token.d/etoken-engine.xml b/etc/token.d/etoken-engine.xml
+index 3bf2a52..d9d60f0 100644
+--- a/etc/token.d/etoken-engine.xml
++++ b/etc/token.d/etoken-engine.xml
+@@ -17,7 +17,7 @@
+ <!-- Where the Password should be read from -->
+ <pki:passin>stdin</pki:passin>
+ <!-- ... or simply specify the password here -->
+- <!-- <pki:passwd></pki:passwd> -->
++ <!-- <pki:password></pki:password> -->
+ <!-- Certificates -->
+ <pki:otherCerts>file:://$HOME/.libpki/certs.pem</pki:otherCerts>
+ <pki:trustedCerts>file:://$HOME/.libpki/certs.pem</pki:trustedCerts>
+diff --git a/examples/token/etc/hsm.d/etoken.xml.in b/examples/token/etc/hsm.d/etoken.xml.in
+index facdd89..d8d9695 100644
+--- a/examples/token/etc/hsm.d/etoken.xml.in
++++ b/examples/token/etc/hsm.d/etoken.xml.in
+@@ -40,5 +40,5 @@
+ go -->
+ <pki:passin>env:etoken</pki:passin>
+ <!-- ... or simply specify the password here -->
+- <!-- <pki:passwd></pki:passwd> -->
++ <!-- <pki:password></pki:password> -->
+ </pki:hsm>
+diff --git a/examples/token/etc/hsm.d/tpm.xml b/examples/token/etc/hsm.d/tpm.xml
+index 73ac526..1f43443 100644
+--- a/examples/token/etc/hsm.d/tpm.xml
++++ b/examples/token/etc/hsm.d/tpm.xml
+@@ -39,5 +39,5 @@
+ go -->
+ <pki:passin>env:tpm</pki:passin>
+ <!-- ... or simply specify the password here -->
+- <!-- <pki:passwd></pki:passwd> -->
++ <!-- <pki:password></pki:password> -->
+ </pki:hsm>
+diff --git a/examples/token/etc/hsm.d/tpm.xml.in b/examples/token/etc/hsm.d/tpm.xml.in
+index fdbf8f1..decdfc1 100644
+--- a/examples/token/etc/hsm.d/tpm.xml.in
++++ b/examples/token/etc/hsm.d/tpm.xml.in
+@@ -39,5 +39,5 @@
+ go -->
+ <pki:passin>env:etoken</pki:passin>
+ <!-- ... or simply specify the password here -->
+- <!-- <pki:passwd></pki:passwd> -->
++ <!-- <pki:password></pki:password> -->
+ </pki:hsm>
+diff --git a/examples/token/etc/token.d/software.xml b/examples/token/etc/token.d/software.xml
+index bfd21df..5ddfebf 100644
+--- a/examples/token/etc/token.d/software.xml
++++ b/examples/token/etc/token.d/software.xml
+@@ -16,7 +16,7 @@
+ <!-- Where the Password should be read from -->
+ <pki:passin>$passwd</pki:passin>
+ <!-- ... or simply specify the password here -->
+- <pki:passwd></pki:passwd>
++ <pki:password></pki:password>
+ <!-- Certificates -->
+ <pki:othercerts>file:://$USER/.pki/certs.pem</pki:othercerts>
+ <!-- Or you can specify a .p12 file where all the data are loaded
+diff --git a/examples/token/etc/token.d/tpm.xml b/examples/token/etc/token.d/tpm.xml
+index 9d0b2fd..9cc358f 100644
+--- a/examples/token/etc/token.d/tpm.xml
++++ b/examples/token/etc/token.d/tpm.xml
+@@ -20,7 +20,7 @@
+ <!-- Where the Password should be read from -->
+ <pki:passin>$passwd</pki:passin>
+ <!-- ... or simply specify the password here -->
+- <pki:passwd></pki:passwd>
++ <pki:password></pki:password>
+ <!-- Certificates -->
+ <pki:othercerts>file:://$USER/.pki/tpm-certs.pem</pki:othercerts>
+ <!-- Or you can specify a .p12 file where all the data are loaded
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/libpki/patches/004-b46aebcadb62b78af0ef4ce21198cc18082c5dcb.patch Wed Jul 06 18:39:47 2016 -0700
@@ -0,0 +1,927 @@
+From b46aebcadb62b78af0ef4ce21198cc18082c5dcb Mon Sep 17 00:00:00 2001
+From: madwolf <[email protected]>
+Date: Sun, 3 May 2015 18:18:40 -0400
+Subject: [PATCH] Intermediate Commint. Refactored internals for PKI_SSL
+ interface.
+
+---
+ src/libpki/errors.h | 32 ++++++
+ src/libpki/net/ssl.h | 175 ++++++++++++++++++++++++++++---
+ src/net/ssl.c | 289 +++++++++++++++++++++++++++++++--------------------
+ src/tools/url-tool.c | 51 +++++----
+ 4 files changed, 401 insertions(+), 146 deletions(-)
+
+diff --git a/src/libpki/errors.h b/src/libpki/errors.h
+index 9f6b1e6..fc14300 100644
+--- a/src/libpki/errors.h
++++ b/src/libpki/errors.h
+@@ -111,6 +111,21 @@ typedef enum {
+ /* Signatures Related Errors */
+ PKI_ERR_SIGN_,
+ PKI_ERR_SIGN_VERIFY,
++ /* Network Related Errors */
++ PKI_ERR_NET_OPEN,
++ PKI_ERR_NET_,
++ /* SSL/TLS Related Errors */
++ PKI_ERR_NET_SSL_NOT_SUPPORTED,
++ PKI_ERR_NET_SSL_NO_CIPHER,
++ PKI_ERR_NET_SSL_VERIFY,
++ PKI_ERR_NET_SSL_SET_SOCKET,
++ PKI_ERR_NET_SSL_SET_CIPHER,
++ PKI_ERR_NET_SSL_SET_FLAGS,
++ PKI_ERR_NET_SSL_INIT,
++ PKI_ERR_NET_SSL_START,
++ PKI_ERR_NET_SSL_CONNECT,
++ PKI_ERR_NET_SSL_PEER_CERTIFICATE,
++ PKI_ERR_NET_SSL_,
+ } PKI_ERR_CODE;
+
+ typedef struct pki_err_st {
+@@ -227,6 +242,23 @@ const PKI_ERR_ST __libpki_errors_st[] = {
+ /* Signatures Related Errors */
+ { PKI_ERR_SIGN_, "" },
+ { PKI_ERR_SIGN_VERIFY, "" },
++ /* Network Related Errors */
++ { PKI_ERR_NET_OPEN, "Can not open socket connection" },
++ { PKI_ERR_NET_, "" },
++ /* SSL/TLS Related Errors */
++ { PKI_ERR_NET_SSL_NOT_SUPPORTED , "Not supported by SSL/TLS" },
++ { PKI_ERR_NET_SSL_NO_CIPHER , "No valid cipher (algorithm)" },
++ { PKI_ERR_NET_SSL_VERIFY , "TLS/SSL certificate verify error" },
++ { PKI_ERR_NET_SSL_SET_SOCKET , "Can not set the socket FD for SSL/TLS" },
++ { PKI_ERR_NET_SSL_SET_CIPHER , "Can not set the selected ciphers list" },
++ { PKI_ERR_NET_SSL_SET_FLAGS , "Can not set the selected flags for SSL/TLS" },
++ { PKI_ERR_NET_SSL_INIT , "Can not init the SSL/TLS protocol" },
++ { PKI_ERR_NET_SSL_START , "Can not start the SSL/TLS protocol" },
++ { PKI_ERR_NET_SSL_CONNECT , "Can not connect via SSL/TLS protocol" },
++ { PKI_ERR_NET_SSL_PEER_CERTIFICATE , "Can not process peer certificate" },
++ { PKI_ERR_NET_SSL_ , "" },
++ /* List Boundary */
++ { 0, 0 }
+ };
+
+ static const int __libpki_err_size = sizeof ( __libpki_errors_st ) / sizeof ( PKI_ERR_ST );
+diff --git a/src/libpki/net/ssl.h b/src/libpki/net/ssl.h
+index 20ee8e0..e426f88 100644
+--- a/src/libpki/net/ssl.h
++++ b/src/libpki/net/ssl.h
+@@ -20,26 +20,128 @@
+ #include <openssl/ssl.h>
+
+ /*! \brief Algorithms for PKI_SSL connections */
+-#define PKI_SSL_ALGOR SSL_METHOD
++typedef SSL_METHOD PKI_SSL_ALGOR;
+
+ /* Client Algorithms */
++#define PKI_SSL_CLIENT_ALGOR_UNKNOWN 0
++
++#ifdef SSL2_VERSION
+ #define PKI_SSL_CLIENT_ALGOR_SSL2 SSLv2_client_method()
++#else
++#define PKI_SSL_CLIENT_ALGOR_SSL2 PKI_SSL_CLIENT_ALGOR_UNKNOWN
++#endif
++
++#ifdef SSL3_VERSION
+ #define PKI_SSL_CLIENT_ALGOR_SSL3 SSLv3_client_method()
++#else
++#define PKI_SSL_CLIENT_ALGOR_SSL3 PKI_SSL_CLIENT_ALGOR_UNKNOWN
++#endif
++
++#ifdef TLS1_VERSION
+ #define PKI_SSL_CLIENT_ALGOR_TLS1 TLSv1_client_method()
++#else
++#define PKI_SSL_CLIENT_ALGOR_TLS1 PKI_SSL_CLIENT_ALGOR_UNKNOWN
++#endif
++
++#ifdef TLS1_1_VERSION
++#define PKI_SSL_CLIENT_ALGOR_TLS1_1 TLSv1_1_client_method()
++#else
++#define PKI_SSL_CLIENT_ALGOR_TLS1_1 PKI_SSL_CLIENT_ALGOR_UNKNOWN
++#endif
++
++#ifdef TLS1_2_VERSION
++#define PKI_SSL_CLIENT_ALGOR_TLS1_2 TLSv1_2_client_method()
++#else
++#define PKI_SSL_CLIENT_ALGOR_TLS1_2 PKI_SSL_CLIENT_ALGOR_UNKNOWN
++#endif
++
++#ifdef DTLSv1_client_method
+ #define PKI_SSL_CLIENT_ALGOR_DTLS1 DTLSv1_client_method()
++#else
++#define PKI_SSL_CLIENT_ALGOR_DTLS1 PKI_SSL_CLIENT_ALGOR_UNKNOWN
++#endif
++
++/* Generic method that implements all SSLv2, SSLv3, TLSv1.0,
++ * TLSv1.1, and TLSv1.2 */
++#define PKI_SSL_CLIENT_ALGOR_ALL SSLv23_client_method()
++
++/* Default Client Method */
++#define PKI_SSL_CLIENT_ALGOR_DEFAULT PKI_SSL_CLIENT_ALGOR_ALL
+
+ /* Server Algorithms */
++#define PKI_SSL_SERVER_ALGOR_UNKNOWN 0
++
++#ifdef SSL2_VERSION
+ #define PKI_SSL_SERVER_ALGOR_SSL2 SSLv2_server_method()
++#else
++#define PKI_SSL_SERVER_ALGOR_SSL2 PKI_SSL_SERVER_ALGOR_UNKNOWN
++#endif
++
++#ifdef SSL3_VERSION
+ #define PKI_SSL_SERVER_ALGOR_SSL3 SSLv3_server_method()
++#else
++#define PKI_SSL_SERVER_ALGOR_SSL3 PKI_SSL_SERVER_ALGOR_UNKNOWN
++#endif
++
++#ifdef TLS1_VERSION
+ #define PKI_SSL_SERVER_ALGOR_TLS1 TLSv1_server_method()
++#else
++#define PKI_SSL_SERVER_ALGOR_TLS1 PKI_SSL_SERVER_ALGOR_UNKNOWN
++#endif
++
++#ifdef TLS1_1_VERSION
++#define PKI_SSL_SERVER_ALGOR_TLS1_1 TLSv1_1_server_method()
++#else
++#define PKI_SSL_SERVER_ALGOR_TLS1_1 PKI_SSL_SERVER_ALGOR_UNKNOWN
++#endif
++
++#ifdef TLS1_2_VERSION
++#define PKI_SSL_SERVER_ALGOR_TLS1_2 TLSv1_2_server_method()
++#else
++#define PKI_SSL_SERVER_ALGOR_TLS1_2 PKI_SSL_SERVER_ALGOR_UNKNOWN
++#endif
++
++#ifdef DTLSv1_server_method
+ #define PKI_SSL_SERVER_ALGOR_DTLS1 DTLSv1_server_method()
++#else
++#define PKI_SSL_SERVER_ALGOR_DTLS1 PKI_SSL_SERVER_ALGOR_UNKNOWN
++#endif
++
++/* Generic method that implements all SSLv2, SSLv3, TLSv1.0,
++ * TLSv1.1, and TLSv1.2 */
++#define PKI_SSL_SERVER_ALGOR_ALL SSLv23_server_method()
++
++/* Default Server Method */
++#define PKI_SSL_SERVER_ALGOR_DEFAULT PKI_SSL_SERVER_ALGOR_TLS1_2
+
+ /*! \brief Flags for algorithm exclusion in PKI_SSL connections */
+
+ typedef enum {
++#ifdef SSL_OP_NO_SSLv2
+ PKI_SSL_FLAGS_NO_SSL2 = SSL_OP_NO_SSLv2,
++#else
++ PKI_SSL_FLAGS_NO_SSL2 = 0,
++#endif
++#ifdef SSL_OP_NO_SSLv3
+ PKI_SSL_FLAGS_NO_SSL3 = SSL_OP_NO_SSLv3,
++#else
++ PKI_SSL_FLAGS_NO_SSL3 = 0,
++#endif
++#ifdef SSL_OP_NO_TLSv1
+ PKI_SSL_FLAGS_NO_TLS1 = SSL_OP_NO_TLSv1,
++#else
++ PKI_SSL_FLAGS_NO_TLS1 = 0,
++#endif
++#ifdef SSL_OP_NO_TLSv1_1
++ PKI_SSL_FLAGS_NO_TLS1_1 = SSL_OP_NO_TLSv1_1,
++#else
++ PKI_SSL_FLAGS_NO_TLS1_1 = 0,
++#endif
++#ifdef SSL_OP_NO_TLSv1_2
++ PKI_SSL_FLAGS_NO_TLS1_2 = SSL_OP_NO_TLSv1_2,
++#else
++ PKI_SSL_FLAGS_NO_TLS1_2 = 0,
++#endif
+ #ifdef SSL_OP_NO_DTLSv1
+ PKI_SSL_FLAGS_NO_DTLS1 = SSL_OP_NO_DTLSv1,
+ #else
+@@ -48,18 +150,21 @@ typedef enum {
+
+ } PKI_SSL_FLAGS;
+
++#define PKI_SSL_FLAGS_DEFAULT \
++ (PKI_SSL_FLAGS_NO_SSL2 | PKI_SSL_FLAGS_NO_SSL3)
++
+ /*! \brief Flags for Verify Behavior: PRQP, CRL, OCSP */
+
+ typedef enum {
+- PKI_SSL_VERIFY_NONE = 0,
+- PKI_SSL_VERIFY_PEER = 1,
+- PKI_SSL_VERIFY_PEER_REQUIRE = 2,
+- PKI_SSL_VERIFY_CRL = 4,
+- PKI_SSL_VERIFY_CRL_REQUIRE = 8,
+- PKI_SSL_VERIFY_OCSP = 16,
+- PKI_SSL_VERIFY_OCSP_REQUIRE = 32,
+- PKI_SSL_VERIFY_NO_SELFSIGNED = 64,
+- PKI_SSL_VERIFY_ENABLE_PRQP = 128,
++ PKI_SSL_VERIFY_NONE = 0,
++ PKI_SSL_VERIFY_PEER = 1,
++ PKI_SSL_VERIFY_PEER_REQUIRE = 2,
++ PKI_SSL_VERIFY_CRL = 4,
++ PKI_SSL_VERIFY_CRL_REQUIRE = 8,
++ PKI_SSL_VERIFY_OCSP = 16,
++ PKI_SSL_VERIFY_OCSP_REQUIRE = 32,
++ PKI_SSL_VERIFY_NO_SELFSIGNED = 64,
++ PKI_SSL_VERIFY_ENABLE_PRQP = 128,
+ } PKI_SSL_VERIFY;
+
+ #define PKI_SSL_VERIFY_NORMAL \
+@@ -72,6 +177,52 @@ typedef enum {
+ PKI_SSL_VERIFY_OCSP_REQUIRE | \
+ PKI_SSL_VERIFY_ENABLE_PRQP
+
++/* Ciphers for the different protocols */
++#define PKI_SSL_CIPHERS_SSL3 \
++ "HIGH:MEDIUM:!NULL"
++
++#define PKI_SSL_CIPHERS_TLS1 \
++ "ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA" \
++ ":DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA" \
++ ":ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA" \
++ ":ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA" \
++ ":DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA" \
++ ":PSK-AES128-CBC-SHA"
++
++#define PKI_SSL_CIPHERS_TLS1_1 \
++ ":TLS_RSA_WITH_IDEA_CBC_SHA:TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA:" \
++ ":TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA:" \
++ ":ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA" \
++ ":DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA" \
++ ":ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA" \
++ ":ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA" \
++ ":DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA" \
++ ":PSK-AES128-CBC-SHA"
++
++#define PKI_SSL_CIPHERS_TLS1_2 \
++ "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384" \
++ ":ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384" \
++ ":DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256" \
++ ":ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384" \
++ ":ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384" \
++ ":ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256" \
++ ":ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256" \
++ ":DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256" \
++ ":ECDH-RSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-GCM-SHA256" \
++ ":ECDH-RSA-AES128-SHA256:ECDH-ECDSA-AES128-SHA256" \
++ ":AES256-GCM-SHA384:AES256-SHA256" \
++ ":AES128-GCM-SHA256:AES128-SHA256"
++
++#define PKI_SSL_CIPHERS_ALL \
++ PKI_SSL_CIPHERS_TLS1_2 \
++ PKI_SSL_CIPHERS_TLS1_1 \
++ PKI_SSL_CIPHERS_TLS1 \
++ PKI_SSL_CIPHERS_SSL3
++
++/* Default SSL/TLS Ciphers */
++#define PKI_SSL_CIPHERS_DEFAULT \
++ PKI_SSL_CIPHERS_TLS1_2
++
+ /*! \brief PKI_SSL data structure for SSL/TLS */
+
+ typedef struct pki_ssl_t {
+@@ -86,7 +237,7 @@ typedef struct pki_ssl_t {
+ SSL *ssl;
+ SSL_CTX *ssl_ctx;
+ char *cipher;
+- PKI_SSL_ALGOR *algor;
++ const PKI_SSL_ALGOR *algor;
+
+ /* Pointer to the PKI_TOKEN to be used for the communication */
+ struct pki_token_st *tk;
+@@ -117,7 +268,7 @@ typedef struct pki_ssl_t {
+ #include <libpki/net/url.h>
+
+ /* SSL helper functions */
+-PKI_SSL * PKI_SSL_new ( PKI_SSL_ALGOR *algor );
++PKI_SSL * PKI_SSL_new ( const PKI_SSL_ALGOR *algor );
+ PKI_SSL *PKI_SSL_dup ( PKI_SSL *ssl );
+ void PKI_SSL_free ( PKI_SSL *ssl );
+
+diff --git a/src/net/ssl.c b/src/net/ssl.c
+index 276e25b..09cd316 100644
+--- a/src/net/ssl.c
++++ b/src/net/ssl.c
+@@ -11,54 +11,63 @@
+ #define BUFF_MAX_SIZE 2048
+
+ /* Static Function - used only internally */
+-static int __ssl_find_trusted ( X509_STORE_CTX *ctx, PKI_X509_CERT_VALUE *x ) {
++static int __ssl_find_trusted(X509_STORE_CTX *ctx,
++ PKI_X509_CERT_VALUE *x ) {
+ int i = 0;
+ int idx = 0;
+- int ret = PKI_ERR;
++ int trusted_certs_num = 0;
++
+ int ctx_err = X509_V_OK;
+
++ int ret = PKI_ERR;
++
+ SSL *ssl = NULL;
+ PKI_SSL *pki_ssl = NULL;
+
+ PKI_X509_CERT *curr_cert = NULL;
+
++ // Retrieves the store CTX context
+ if((ssl = X509_STORE_CTX_get_ex_data(ctx,
+- SSL_get_ex_data_X509_STORE_CTX_idx())) == NULL ) {
+- PKI_log_debug("Memory Error");
++ SSL_get_ex_data_X509_STORE_CTX_idx())) == 0 ) {
++ PKI_ERROR(PKI_ERR_MEMORY_ALLOC, "Can not retrieve trust store context");
+ return PKI_ERR;
+ }
+
+- if((pki_ssl = SSL_get_ex_data(ssl, idx)) == NULL ) {
+- PKI_log_debug("Memory Error");
++ // Retrieves the SSL context extra data
++ if ((pki_ssl = SSL_get_ex_data(ssl, idx)) == 0 ) {
++ PKI_ERROR(PKI_ERR_MEMORY_ALLOC, "Can not retrieve SSL/TLS context");
+ return PKI_ERR;
+ }
+
++ // Process current certificate
++ curr_cert = PKI_X509_new_dup_value(PKI_DATATYPE_X509_CERT, x, 0);
++ if (curr_cert == 0) return PKI_ERROR(PKI_ERR_MEMORY_ALLOC, 0);
+
+- if(( curr_cert = PKI_X509_new_dup_value ( PKI_DATATYPE_X509_CERT,
+- x, NULL )) == NULL ) {
+- PKI_log_debug("Memory Error");
+- return PKI_ERR;
+- }
++ // Gets the number of trusted certificates
++ trusted_certs_num = PKI_STACK_X509_CERT_elements(pki_ssl->trusted_certs);
++
++ // Debuggin
++ PKI_log_err("Trusted Certificates are: %d", trusted_certs_num);
+
+ // Check if a certificate is among the trusted ones
+- for (i = 0; i < PKI_STACK_X509_CERT_elements(pki_ssl->trusted_certs);
+- i++){
++ for (i = 0; i < trusted_certs_num; i++){
++
+ PKI_X509_CERT *issuer = NULL;
+ PKI_X509_CERT_VALUE *issuer_val = NULL;
+
+ issuer = PKI_STACK_X509_CERT_get_num(pki_ssl->trusted_certs, i);
+- issuer_val = PKI_X509_get_value ( issuer );
++ issuer_val = PKI_X509_get_value(issuer);
+
+- if(X509_cmp ( issuer_val, x ) == 0 ) {
++ if(X509_cmp( issuer_val, x) == 0) {
+ /* The certificate is present among the trusted ones */
+- // PKI_log_debug("Same Certificate Found in Chain!");
++ PKI_log_debug("Same Certificate Found in Chain!");
+ ret = PKI_OK;
+ break;
+ }
+
+ if((ctx_err = X509_check_issued(issuer_val, x)) == X509_V_OK ) {
+ /* The cert has been issued by a trusted one */
+- // PKI_log_debug("__ssl_find_trusted()-> Found Issuer");
++ PKI_log_debug("__ssl_find_trusted()-> Found Issuer");
+ ret = PKI_OK;
+ break;
+ }
+@@ -91,20 +100,24 @@ static int __ssl_verify_cb ( int code, X509_STORE_CTX *ctx) {
+ err = X509_STORE_CTX_get_error( ctx );
+ depth = X509_STORE_CTX_get_error_depth ( ctx );
+
+- if((ssl = X509_STORE_CTX_get_ex_data(ctx,
+- SSL_get_ex_data_X509_STORE_CTX_idx())) == NULL ) {
+- PKI_log_debug("Memory Error");
++ // Gets the extra data from the SSL context
++ ssl = X509_STORE_CTX_get_ex_data(ctx,
++ SSL_get_ex_data_X509_STORE_CTX_idx());
++ if (ssl == 0) {
++ PKI_ERROR(PKI_ERR_MEMORY_ALLOC, 0);
+ return 0;
+ }
+
+- if((pki_ssl = SSL_get_ex_data(ssl, idx)) == NULL ) {
+- PKI_log_debug("PKI_SSL not found in SSL data structure");
++ // Gets the PKI extra data
++ pki_ssl = SSL_get_ex_data(ssl, idx);
++ if (pki_ssl == 0) {
++ PKI_ERROR(PKI_ERR_MEMORY_ALLOC, 0);
+ return 0;
+ }
+
+ if(( x = PKI_X509_new_dup_value ( PKI_DATATYPE_X509_CERT,
+ err_cert, NULL )) == NULL ) {
+- PKI_log_debug("Memory Error");
++ PKI_ERROR(PKI_ERR_MEMORY_ALLOC, 0);
+ return 0;
+ }
+
+@@ -148,9 +161,7 @@ static int __ssl_verify_cb ( int code, X509_STORE_CTX *ctx) {
+ }
+ }
+
+- if ( code == 1 ) {
+- ctx->error = X509_V_OK;
+- }
++ if (code == 1) ctx->error = X509_V_OK;
+
+ /*
+ if( 1 ) {
+@@ -282,7 +293,7 @@ static int __ssl_verify_cb ( int code, X509_STORE_CTX *ctx) {
+ case X509_V_ERR_CERT_UNTRUSTED:
+ PKI_log_debug("Certificate Not Trusted [%d::%s]",
+ depth, X509_verify_cert_error_string(err));
+- if( pki_ssl->auth != 0 ) {
++ if (pki_ssl->auth != 0) {
+ PKI_log_debug("Cert not trusted, Ignored");
+ pki_ssl->verify_ok = PKI_ERR;
+ ret = 1;
+@@ -336,6 +347,7 @@ static int __ssl_verify_cb ( int code, X509_STORE_CTX *ctx) {
+ depth, X509_verify_cert_error_string(err));
+ break;
+ #endif
++
+ #ifdef X509_V_ERR_UNSUPPORTED_NAME_SYNTAX
+ case X509_V_ERR_UNSUPPORTED_NAME_SYNTAX:
+ PKI_log_debug("Certificate Name Error [%d::%s]",
+@@ -356,56 +368,73 @@ static int __ssl_verify_cb ( int code, X509_STORE_CTX *ctx) {
+ /* No error */
+ ret = 1;
+ break;
++
+ default:
+ PKI_log_debug("General Error [%d:%s]", err,
+ X509_verify_cert_error_string(err));
+ }
+
+- if ( pki_ssl->verify_flags == PKI_SSL_VERIFY_NONE ) {
++ // Checks the flags we set for the SSL/TLS connection
++ if (pki_ssl->verify_flags == PKI_SSL_VERIFY_NONE) {
+ pki_ssl->auth = 0;
+ }
+
+ /* Check if we don't really care about the authentication */
+- if ( (pki_ssl->auth == 0) || (ret == 1) ) {
+- ret = 1;
+- }
++ if (pki_ssl->auth == 0 || ret == 1) ret = 1;
+
+ /* We add the Cert to the peer_chain only if we have an "ok" return
+- * code to avoid duplicates */
++ * code to avoid duplicates */
++ if (pki_ssl->peer_chain == 0) {
+
+- if( pki_ssl->peer_chain == NULL ) {
+- if((pki_ssl->peer_chain = PKI_STACK_X509_CERT_new()) == NULL ) {
+- PKI_log_debug("Memory Error");
++ // Generates an empty stack of certs
++ pki_ssl->peer_chain = PKI_STACK_X509_CERT_new();
++
++ // If we can not allocate that, let's log the error and
++ // return '0' value
++ if (pki_ssl->peer_chain == 0) {
++ PKI_ERROR(PKI_ERR_MEMORY_ALLOC, 0);
+ return 0;
+- };
++ }
+ }
+
+- if ( ret == 1 ) {
+- PKI_STACK_X509_CERT_push ( pki_ssl->peer_chain,
+- PKI_X509_dup ( x ) );
++ if (ret == 1) {
++ PKI_log_err("DEBUG: Adding peer certificate - depth: %d", depth);
++ PKI_STACK_X509_CERT_push(pki_ssl->peer_chain,
++ PKI_X509_dup(x));
++ } else {
++ PKI_log_err("DEBUG: skipping peer certificate - depth: %d", depth);
+ }
+
++ PKI_log_err("DEBUG: peer chain has %d certs",
++ PKI_STACK_X509_CERT_elements(pki_ssl->peer_chain));
++
+ /* Check for the verify_ok --- it should be OK in depth 0. We use
+- * this variable to keep track if at least one cert in the chain is
+- * explicitly trusted */
+- if (( depth == 0 ) && ( pki_ssl->verify_ok != PKI_OK )) {
+- PKI_X509_CERT_STACK *sk_x = NULL;
+- PKI_X509_CERT *sk_cert = NULL;
++ * this variable to keep track if at least one cert in the chain is
++ * explicitly trusted */
++ if (depth == 0 &&
++ pki_ssl->auth != 0 &&
++ pki_ssl->verify_ok != PKI_OK) {
++
++ PKI_X509_CERT_STACK *sk_x = 0;
++ PKI_X509_CERT *sk_cert = 0;
++
+ int k = 0;
+ int ok = PKI_ERR;
+
+ sk_x = pki_ssl->peer_chain;
+
+- if( pki_ssl->peer_chain ) {
+- for(k=0; k<PKI_STACK_X509_CERT_elements(sk_x); k++) {
+- PKI_log_debug("Checking PEER Cert %d", k );
++ if (sk_x != 0) {
++ for (k = 0; k < PKI_STACK_X509_CERT_elements(sk_x); k++) {
+
+- sk_cert = PKI_STACK_X509_CERT_get_num( sk_x, k);
++ // Gets the certificate from the stack
++ sk_cert = PKI_STACK_X509_CERT_get_num(sk_x, k);
+
+- ok = __ssl_find_trusted ( ctx,
+- (X509 *) sk_cert->value );
++ // Checks if we can find the certificate in the list of
++ // trusted certificates for the SSL/TLS connection
++ ok = __ssl_find_trusted(ctx, (X509 *) sk_cert->value);
+
+- if ( ok == PKI_OK ) break;
++ // If we have found the certificate, let's break
++ if (ok == PKI_OK) break;
+ }
+ }
+
+@@ -421,7 +450,7 @@ static int __ssl_verify_cb ( int code, X509_STORE_CTX *ctx) {
+ }
+
+ /* Free Allocated Memory for PKI_X509_CERT object */
+- if ( x ) PKI_X509_CERT_free ( x );
++ if (x) PKI_X509_CERT_free(x);
+
+ return ret;
+ }
+@@ -571,31 +600,36 @@ int __pki_ssl_start_ssl ( PKI_SSL *ssl ) {
+ int idx = -1;
+ int rv = -1;
+
+- if (!ssl || !ssl->ssl ) return PKI_ERR;
++ if (!ssl || !ssl->ssl )
++ return PKI_ERROR(PKI_ERR_PARAM_NULL, 0);
+
+ idx = SSL_get_ex_new_index(0, "pki_ssl index", NULL, NULL, NULL);
+ if((SSL_set_ex_data(ssl->ssl, idx, ssl)) == 0 ) {
+- PKI_log_err("Memory Error");
+- return PKI_ERR;
+- };
++ return PKI_ERROR(PKI_ERR_MEMORY_ALLOC, 0);
++ }
+
++ // Connect
+ if((rv = SSL_connect(ssl->ssl)) < 0 ) {
+- /* Error in Connecting */
+- PKI_log_err("Can not connect to HTTPS (%s)",
+- ERR_error_string(ERR_get_error(), NULL));
+- /* Use rv = SSL_get_error ( ssl, int ret ); */
+- return PKI_ERR;
++ // Can not connect the SSL/TLS interface
++ return PKI_ERROR(PKI_ERR_NET_SSL_CONNECT,
++ ERR_error_string(ERR_get_error(), 0));
+ }
++
++ // Sets the connected bit
+ ssl->connected = 1;
+
+- if ( (SSL_get_peer_certificate ( ssl->ssl ) != NULL ) &&
+- (SSL_get_verify_result (ssl->ssl) != X509_V_OK ) &&
+- ( ssl->verify_ok != PKI_OK) ) {
++ // Peer certificate processing
++ if (SSL_get_peer_certificate(ssl->ssl) != 0 &&
++ SSL_get_verify_result(ssl->ssl) != X509_V_OK &&
++ ssl->verify_ok != PKI_OK) {
++
++ /*
+ PKI_log_err ("PEER VERIFY::SSL Verify Error [%d::%s]",
+- SSL_get_verify_result( ssl->ssl ),
+- X509_verify_cert_error_string (
+- SSL_get_verify_result( ssl->ssl )));
+- return PKI_ERR;
++ SSL_get_verify_result(ssl->ssl),
++ X509_verify_cert_error_string(SSL_get_verify_result(ssl->ssl)));
++ */
++
++ return PKI_ERROR(PKI_ERR_NET_SSL_VERIFY, 0);
+ }
+
+ return PKI_OK;
+@@ -603,32 +637,37 @@ int __pki_ssl_start_ssl ( PKI_SSL *ssl ) {
+
+ /*! \brief Sets the options for a new PKI_SSL object */
+
+-PKI_SSL * PKI_SSL_new ( PKI_SSL_ALGOR *algor ) {
++PKI_SSL * PKI_SSL_new (const PKI_SSL_ALGOR *algor) {
+
+- PKI_SSL *ret = NULL;
+- PKI_SSL_ALGOR *al2 = (PKI_SSL_ALGOR *) PKI_SSL_CLIENT_ALGOR_SSL3;
++ PKI_SSL *ret = 0;
++ PKI_SSL_ALGOR *al2 = 0;
+
+ SSL_library_init();
+
+- if (( ret = PKI_Malloc ( sizeof( PKI_SSL ))) == NULL ) {
+- PKI_log_debug("Memory Error");
++ if ((ret = PKI_Malloc(sizeof( PKI_SSL ))) == 0)
++ {
++ PKI_ERROR(PKI_ERR_MEMORY_ALLOC, 0);
+ return (NULL);
+ }
+
+- if ( algor ) al2 = algor;
+-
+- ret->algor = al2;
++ if (algor != 0) {
++ ret->algor = al2;
++ } else {
++ ret->algor = PKI_SSL_CLIENT_ALGOR_DEFAULT;
++ }
+
+- if((ret->ssl_ctx = SSL_CTX_new( al2 )) == NULL ) {
++ if ((ret->ssl_ctx = SSL_CTX_new(ret->algor)) == 0)
++ {
+ PKI_log_debug("Can not create a new PKI_SSL object (%s)",
+ ERR_error_string(ERR_get_error(), NULL ));
+ goto err;
+ }
+
+ // Enables CRL, OCSP, and PRQP (no REQUIRE)
+- PKI_SSL_set_verify ( ret, PKI_SSL_VERIFY_NORMAL );
+- PKI_SSL_set_flags ( ret, PKI_SSL_FLAGS_NO_SSL2 );
+- PKI_SSL_set_cipher ( ret, "HIGH:MEDIUM");
++ PKI_SSL_set_verify(ret, PKI_SSL_VERIFY_NORMAL);
++ PKI_SSL_set_cipher(ret, PKI_SSL_CIPHERS_TLS1_2);
++ // PKI_SSL_set_cipher(ret, "HIGH:MEDIUM:!NULL");
++ PKI_SSL_set_flags(ret, PKI_SSL_FLAGS_DEFAULT);
+
+ ret->verify_ok = PKI_OK;
+
+@@ -670,11 +709,13 @@ PKI_SSL *PKI_SSL_dup ( PKI_SSL *ssl ) {
+
+ /*! \brief Sets the protocol for a new PKI_SSL object */
+
+-int PKI_SSL_set_algor ( PKI_SSL *ssl, PKI_SSL_ALGOR *algor ) {
++int PKI_SSL_set_algor(PKI_SSL *ssl, PKI_SSL_ALGOR *algor) {
+
+- if( !ssl || !ssl->ssl_ctx || !algor ) return PKI_ERR;
++ if( !ssl || !ssl->ssl_ctx || !algor )
++ return PKI_ERROR(PKI_ERR_PARAM_NULL, 0);
+
+- if(!SSL_CTX_set_ssl_version(ssl->ssl_ctx, algor)) return PKI_ERR;
++ if(!SSL_CTX_set_ssl_version(ssl->ssl_ctx, algor))
++ return PKI_ERROR(PKI_ERR_NET_SSL_SET_CIPHER, 0);
+
+ return PKI_OK;
+ }
+@@ -682,7 +723,8 @@ int PKI_SSL_set_algor ( PKI_SSL *ssl, PKI_SSL_ALGOR *algor ) {
+ /*! \brief Sets the SSL connection flags */
+
+ int PKI_SSL_set_flags ( PKI_SSL *ssl, PKI_SSL_FLAGS flags ) {
+- if ( !ssl ) return PKI_ERR;
++
++ if ( !ssl ) return PKI_ERROR(PKI_ERR_PARAM_NULL, 0);
+
+ ssl->auth = flags;
+
+@@ -692,13 +734,14 @@ int PKI_SSL_set_flags ( PKI_SSL *ssl, PKI_SSL_FLAGS flags ) {
+ /*! \brief Sets the Chiphers to be used */
+
+ int PKI_SSL_set_cipher ( PKI_SSL *ssl, char *cipher ) {
+- if ( !ssl || !cipher || !ssl->ssl_ctx ) return PKI_ERR;
+
+- if ( ssl->cipher ) {
+- PKI_Free ( ssl->cipher );
+- }
++ // Input Checks
++ if ( ssl == 0 || ssl->ssl_ctx == 0 || cipher == 0)
++ return PKI_ERROR(PKI_ERR_PARAM_NULL, 0);
++
++ if (ssl->cipher != 0) PKI_Free ( ssl->cipher );
+
+- ssl->cipher = strdup ( cipher );
++ ssl->cipher = strdup(cipher);
+
+ if (!SSL_CTX_set_cipher_list ( ssl->ssl_ctx, cipher )) {
+ PKI_log_err("Can not set ciphers (%s)",
+@@ -724,10 +767,8 @@ int PKI_SSL_set_verify ( PKI_SSL *ssl, PKI_SSL_VERIFY vflags ) {
+
+ int PKI_SSL_check_verify(PKI_SSL *ssl, PKI_SSL_VERIFY flag)
+ {
+- if (!ssl)
+- {
+- PKI_ERROR(PKI_ERR_PARAM_NULL, NULL);
+- return PKI_ERR;
++ if (!ssl) {
++ return PKI_ERROR(PKI_ERR_PARAM_NULL, NULL);
+ }
+
+ if (ssl->verify_flags & flag) return PKI_OK;
+@@ -738,7 +779,10 @@ int PKI_SSL_check_verify(PKI_SSL *ssl, PKI_SSL_VERIFY flag)
+ /*! \brief Sets the underlying socket descriptor */
+
+ int PKI_SSL_set_fd ( PKI_SSL *ssl, int fd ) {
+- if ( !ssl || !ssl->ssl ) return PKI_ERR;
++
++ if ( !ssl || !ssl->ssl ) {
++ return PKI_ERROR(PKI_ERR_PARAM_NULL, 0);
++ }
+
+ return SSL_set_fd ( ssl->ssl, fd );
+ }
+@@ -746,59 +790,80 @@ int PKI_SSL_set_fd ( PKI_SSL *ssl, int fd ) {
+ /*! \brief Returns the underlying socket descriptor */
+
+ int PKI_SSL_get_fd ( PKI_SSL *ssl ) {
++
+ if ( !ssl || !ssl->ssl ) return -1;
+
+ return SSL_get_fd ( ssl->ssl );
+ }
+
+ /*! \brief Initiates an SSL connection to a URL passed as a URL object */
+-int PKI_SSL_connect_url ( PKI_SSL *ssl, URL *url, int timeout ) {
+-
+- int ssl_socket = -1;
++int PKI_SSL_connect_url(PKI_SSL *ssl, URL *url, int timeout) {
++
++ int rv = PKI_OK;
++ int ssl_socket = -1;
++
++ // Input checking
++ if (ssl == 0 || url == 0) {
++ return PKI_ERROR(PKI_ERR_PARAM_NULL, 0);
++ }
+
+- if ( __pki_ssl_init_ssl ( ssl ) == PKI_ERR ) {
++ if (( rv = __pki_ssl_init_ssl(ssl)) != PKI_OK) {
++ rv = PKI_ERROR(PKI_ERR_NET_SSL_INIT, 0);
+ goto err;
+ }
+
+ /* Connect the socket first */
+- if((ssl_socket = PKI_NET_open ( url, timeout )) < 0 ) {
++ if ((ssl_socket = PKI_NET_open(url, timeout)) < 0) {
+ /* Can not connect to the server */
+- PKI_log_debug ("Failed to connect (%s:%d)", __FILE__, __LINE__);
++ rv = PKI_ERROR(PKI_ERR_NET_OPEN, "[url = %s]", url->url_s);
+ goto err;
+ }
+
+- PKI_SSL_set_fd( ssl, ssl_socket );
++ // Starts the TLS/SSL protocol
++ return PKI_SSL_start_ssl(ssl, ssl_socket);
+
+- if ( __pki_ssl_start_ssl ( ssl ) == PKI_ERR ) {
++ /*
++ // Sets the FD for the socket
++ if (PKI_SSL_set_fd( ssl, ssl_socket ) != PKI_OK) {
++ rv PKI_ERROR(PKI_ERR_NET_SSL_SET_SOCKET, 0);
+ goto err;
+ }
+
+- // PKI_log_debug("PKI_SSL::Server Name => %s",
+- // PKI_SSL_get_servername(ssl));
++ // Starts the SSL/TLS protocol
++ if ( __pki_ssl_start_ssl( ssl ) != PKI_OK) {
++ rv = PKI_ERROR(PKI_ERR_NET_SSL_START, 0);
++ goto err;
++ }
+
+- return ( PKI_OK );
++ // All Done, Ok.
++ return PKI_OK;
++ */
+
+ err:
+- if ( ssl_socket > 0 ) close ( ssl_socket );
++ if (ssl_socket > 0) close(ssl_socket);
+ ssl->connected = 0;
+
+- return ( PKI_ERR );
++ return rv;
+ }
+
+ /*! \brief Initiates an SSL connection over an already connected socket */
+
+ int PKI_SSL_start_ssl ( PKI_SSL *ssl, int fd ) {
+
+- if ( !ssl || fd <= 0 ) return PKI_ERR;
++ if (ssl == 0) return PKI_ERROR(PKI_ERR_PARAM_NULL, 0);
++
++ if (fd <= 0) return PKI_ERROR(PKI_ERR_PARAM_TYPE, 0);
+
+ if ( __pki_ssl_init_ssl ( ssl ) == PKI_ERR ) {
+- return PKI_ERR;
++ return PKI_ERROR(PKI_ERR_NET_SSL_INIT, 0);
+ }
+
+- PKI_SSL_set_fd( ssl, fd );
++ if (PKI_SSL_set_fd( ssl, fd ) != PKI_OK) {
++ return PKI_ERROR(PKI_ERR_NET_SSL_SET_SOCKET, 0);
++ }
+
+- if ( __pki_ssl_start_ssl ( ssl ) == PKI_ERR ) {
+- return PKI_ERR;
++ if ( __pki_ssl_start_ssl( ssl ) != PKI_OK) {
++ return PKI_ERROR(PKI_ERR_NET_SSL_START, 0);
+ }
+
+ return PKI_OK;
+diff --git a/src/tools/url-tool.c b/src/tools/url-tool.c
+index c4b6578..f66ed7e 100644
+--- a/src/tools/url-tool.c
++++ b/src/tools/url-tool.c
+@@ -118,41 +118,46 @@ int main (int argc, char *argv[]) {
+ //
+ // -------------------------- Setup the SSL Options ------------------------
+ //
+- if(( ssl = PKI_SSL_new( NULL )) == NULL ) {
++ if ((ssl = PKI_SSL_new(NULL)) == 0) {
+ fprintf(stderr, "ERROR: Memory allocation error (PKI_SSL_new)\n");
+ return ( 1 );
+ }
+
+ if ( trusted_certs ) {
++
+ PKI_X509_CERT_STACK *sk = NULL;
+
+- if(( sk = PKI_X509_CERT_STACK_get ( trusted_certs, NULL, NULL))
+- == NULL ) {
+- PKI_log_err ("Can't load Trusted Certs from %s",
+- trusted_certs );
++ if ((sk = PKI_X509_CERT_STACK_get(trusted_certs, NULL, NULL)) == 0) {
++ fprintf(stderr, "Can't load Trusted Certs from %s", trusted_certs);
+ return 1;
+ }
+
+- PKI_SSL_set_trusted ( ssl, sk );
+-
+- if ( verify_chain ) {
+- PKI_SSL_set_verify(ssl, PKI_SSL_VERIFY_PEER_REQUIRE);
+- } else {
+- PKI_SSL_set_verify(ssl, PKI_SSL_VERIFY_PEER);
++ if (PKI_SSL_set_trusted(ssl, sk) != PKI_OK) {
++ PKI_log_err("Can not set the stack of trusted certificates from %s",
++ trusted_certs);
++ return 1;
+ }
++
++ PKI_log_debug("Added %d certificates to the trusted list (from %s)\n",
++ PKI_STACK_X509_CERT_elements(sk), trusted_certs);
+ }
+
+- if ( verify_chain == 0 ) {
+- PKI_SSL_set_verify ( ssl, PKI_SSL_VERIFY_NONE );
+- fprintf(stderr, "WARNING: no verify set!\n");
++ if (verify_chain != 0) {
++ PKI_SSL_set_verify(ssl, PKI_SSL_VERIFY_PEER_REQUIRE);
++ } else {
++ PKI_SSL_set_verify(ssl, PKI_SSL_VERIFY_NONE );
++ PKI_log_debug("WARNING: no verify set!");
+ }
+
+- if(( sock = PKI_SOCKET_new ()) == NULL ) {
++ if ((sock = PKI_SOCKET_new()) == 0) {
+ fprintf(stderr, "ERROR, can not create a new Socket!\n\n");
+- exit(1);
++ return 1;
+ }
+
+- PKI_SOCKET_set_ssl ( sock, ssl );
++ if (PKI_SOCKET_set_ssl(sock, ssl) != PKI_OK) {
++ fprintf(stderr, "ERROR, can not set the socket for SSL/TLS!\n\n");
++ return 1;
++ }
+
+ //
+ // ------------------------------ Retrieve Data -----------------------------
+@@ -194,19 +199,21 @@ int main (int argc, char *argv[]) {
+ "ERROR: Can not dump cert (no SSL)\n");
+ }
+
+- if((x_sk = PKI_SSL_get_peer_chain ( ssl )) == NULL ) {
++ if ((x_sk = PKI_SSL_get_peer_chain(ssl)) == NULL ) {
+ fprintf( stderr,
+ "ERROR: No certificate chain is available\n");
+ }
+
+- if( PKI_X509_CERT_STACK_put ( x_sk, PKI_DATA_FORMAT_PEM,
+- dump_chain, NULL, NULL, NULL ) == PKI_ERR){
++ if (PKI_X509_CERT_STACK_put(x_sk,
++ PKI_DATA_FORMAT_PEM,
++ dump_chain,
++ NULL, NULL, NULL ) != PKI_OK) {
+ fprintf(stderr, "ERROR: can not write Peer cert to "
+ "%s\n", dump_cert );
+ }
+ }
+
+- if((sk = URL_get_data_socket ( sock, timeout, 0 )) == NULL ) {
++ if ((sk = URL_get_data_socket(sock, timeout, 0)) == 0) {
+ fprintf(stderr, "ERROR, can not retrieve data!\n\n");
+ return(-1);
+ }
+@@ -216,7 +223,7 @@ int main (int argc, char *argv[]) {
+ }
+ else // Get Data via the usual URL socket-less approach
+ {
+- sk = URL_get_data_url (url, timeout, 0, ssl);
++ sk = URL_get_data_url(url, timeout, 0, ssl);
+ }
+
+ PKI_log_debug("URL: Number of retrieved entries is %d",
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/libpki/patches/01-configure.patch Wed Jul 06 18:39:47 2016 -0700
@@ -0,0 +1,376 @@
+Patch origin: in-house
+Patch status: not Solaris-specific; suitable for upstream
+
+Need to add architectures for Oracle build environments.
+
+Need to disable rpath to avoid including 32-bit runpath in 64-bit binary.
+
+Need to add AC_LANG_SOURCE to resolve autoreconf warnings.
+
+Need to use an appropriate path for ldap.h.
+On S12, we build with OpenLDAP.
+On S11.3, the default is to build with OpenLDAP, but we can specifiy to build
+with Mozilla LDAP instead by using --enable-openldap=no configure option.
+
+--- libpki-0.8.9/configure.in 2016-06-01 15:47:12.987843577 -0700
++++ libpki-0.8.9/configure.in 2016-06-20 11:13:17.409345800 -0700
+@@ -36,11 +36,20 @@
+ mybits="64"
+ mybits_install="64"
+ ;;
++ *i86pc)
++ mybits="64"
++ mybits_install="64"
++ ;;
+ *sparc*)
+ mybits="64"
+ mybits_install="64"
+ is_sparc="yes"
+ ;;
++ *sun4v*)
++ mybits="64"
++ mybits_install="64"
++ is_sparc="yes"
++ ;;
+ *aix*)
+ mybits="64"
+ mybits_install="64"
+@@ -203,11 +212,13 @@
+ *sun*) myarch=solaris
+ shlext=so
+ rpath_opt="-R "
++ enable_rpath=no
+ ;;
+ *solaris*)
+ myarch=solaris
+ shlext=so
+ rpath_opt="-R "
++ enable_rpath=no
+ ;;
+ *hpux*) myarch=hpux
+ shlext=so
+@@ -545,6 +556,7 @@
+
+ ldap_vendor=
+ ldap="yes"
++openldap="yes"
+ ldap_prefix=""
+ ldap_path=""
+ ldap_cflags=""
+@@ -562,6 +574,11 @@
+ [enable ldap support ( default is yes)]),
+ ldap=$enableval, ldap=yes )
+
++AC_ARG_ENABLE(openldap,
++ AC_HELP_STRING( [--enable-openldap],
++ [enable openldap support on Solaris 11.3 (default is yes)]),
++ openldap=$enableval, openldap=yes )
++
+ if [[ "x$enable_iphone" = "xyes" ]] ; then
+ ldap="no"
+ fi
+@@ -780,12 +797,12 @@
+ LDFLAGS="$mysql_ldflags $mysql_ldadd"
+ ok=0
+
+- AC_RUN_IFELSE( [
++ AC_RUN_IFELSE([AC_LANG_SOURCE([
+ #include <mysql.h>
+ int main(void) {
+ MYSQL *x;
+ return(0);
+- }], [ ok=1 ], [ ok=0 ])
++ }])], [ ok=1 ], [ ok=0 ])
+
+ CFLAGS="$OLD_CFLAGS"
+ LDFLAGS="$OLD_LDFLAGS"
+@@ -884,12 +901,12 @@
+ LDFLAGS="$pg_ldflags $pg_ldadd"
+ ok=0
+
+- AC_RUN_IFELSE( [
++ AC_RUN_IFELSE([AC_LANG_SOURCE([
+ #include <libpq-fe.h>
+ int main(void) {
+ PGconn *sql;
+ return(0);
+- }], [ ok=1 ], [ ok=0 ])
++ }])], [ ok=1 ], [ ok=0 ])
+
+ CFLAGS="$OLD_CFLAGS"
+ LDFLAGS="$OLD_LDFLAGS"
+--- libpki-0.8.9/acinclude.m4 2016-06-01 15:47:48.803434658 -0700
++++ libpki-0.8.9/acinclude.m4 2016-06-16 13:16:34.558401470 -0700
+@@ -293,12 +293,12 @@
+
+ dnl AC_MSG_RESULT([LD_LIBRARY_PATH=$library_path]);
+
+-AC_RUN_IFELSE( [
++AC_RUN_IFELSE([AC_LANG_SOURCE([
+ #include <openssl/x509.h>
+ int main(void) {
+ X509 *x = NULL;
+ return(0);
+-}], [ ok=1 ], [ ok=0 ])
++}])], [ ok=1 ], [ ok=0 ])
+
+ CFLAGS=$old_cflags
+ LDFLAGS=$old_ldflags
+@@ -337,12 +337,12 @@
+
+ AC_MSG_CHECKING([checking for $1 support]);
+
+-AC_RUN_IFELSE( [
++AC_RUN_IFELSE([AC_LANG_SOURCE([
+ #include <stdlib.h>
+ int main(void)
+ {
+ return(0);
+-}], [ _supported=yes ], [ _supported=no])
++}])], [ _supported=yes ], [ _supported=no])
+
+ if [[ $_supported = no ]] ; then
+ AC_MSG_RESULT([not supported]);
+@@ -367,84 +367,62 @@
+ AC_MSG_CHECKING([checking for ldap vendor]);
+
+ if ! [[ "$_prefix" = "" ]] ; then
+- if $EGREP "Sun" "$_prefix/include/ldap.h" 2>&1 >/dev/null ; then
+- AC_DEFINE(LDAP_VENDOR_SUN)
+- AC_MSG_RESULT([yes])
+- ldap_vendor="SUN"
+- else
+- if $EGREP "OpenLDAP" "$_prefix/include/ldap.h" 2>&1 >/dev/null ; then
+- AC_DEFINE(LDAP_VENDOR_OPENLDAP)
+- ldap_vendor="OPENLDAP"
+- library_ldflags=[-L$_prefix/lib]
+- library_ldadd=[-lldap_r]
++ dnl A directory path where ldap.h exists.
++ dnl The deafult is $_prefix/include, but it can be different depending on
++ dnl operating systems and versions.
++ ldap_include_dir=$_prefix/include
++
++ if [[ "$myarch" = "solaris" ]] ; then
++ if [[ "$DIST_VERSION" = "5.12" ]] ; then
++ dnl On Solaris 12, we force to build with OpenLDAP.
++ AC_DEFINE(LDAP_VENDOR_OPENLDAP)
++ AC_MSG_RESULT([yes])
++ ldap_include_dir=$ldap_include_dir/openldap
++ ldap_vendor="OPENLDAP"
++ library_ldflags=[-L$_prefix/lib]
++ library_ldadd=[-lldap_r]
++ else
++ dnl On Solaris 11.3, the default is to build with OpenLDAP,
++ dnl but when --enable-openldap=no configure option is specified,
++ dnl we build with Mozilla LDAP instead.
++ if [[ "x$openldap" = "xyes" ]] ; then
++ AC_DEFINE(LDAP_VENDOR_OPENLDAP)
++ AC_MSG_RESULT([yes])
++ ldap_include_dir=$ldap_include_dir/openldap
++ ldap_vendor="OPENLDAP"
++ library_ldflags=[-L$_prefix/lib]
++ library_ldadd=[-lldap_r]
++ else
++ AC_DEFINE(LDAP_VENDOR_SUN)
++ AC_MSG_RESULT([yes])
++ ldap_vendor="SUN"
++ ldap_lib=`ls "${_prefix}/lib/libldap.${shlext}" | head -n 1`;
++ if [[ -z "$ldap_lib" ]] ; then
++ AC_MSG_ERROR([*** LDAP: missing $_prefix/lib/libldap.$shlext!])
++ fi
++ library_ldflags=[-L$_prefix/lib]
++ library_ldadd=[-lldap]
++ fi
++ fi
+ else
+- AC_MSG_ERROR([*** LDAP::No supported vendors found in ($_prefix)***])
+- fi
+- fi
+-
+- if [[ "$ldap_vendor" = "SUN" ]] ; then
+- ldap_lib=`ls "${_prefix}/lib/libldap.${shlext}" | head -n 1`;
+- if [[ -z "$ldap_lib" ]] ; then
+- AC_MSG_ERROR([*** LDAP: missing $_prefix/lib/libldap.$shlext!])
++ if $EGREP "OpenLDAP" "$ldap_include_dir/ldap.h" 2>&1 >/dev/null ; then
++ AC_DEFINE(LDAP_VENDOR_OPENLDAP)
++ AC_MSG_RESULT([yes])
++ ldap_vendor="OPENLDAP"
++ library_ldflags=[-L$_prefix/lib]
++ library_ldadd=[-lldap_r]
++ else
++ AC_MSG_ERROR([*** LDAP::No supported vendors found in ($ldap_include_dir)***])
+ fi
+- library_ldflags=[-L$_prefix/lib]
+- library_ldadd=[-lldap]
+ fi
+
+ library_prefix=$_prefix;
+- library_cflags=[-I${_prefix}/include]
+-
+-old_cflags=$CFLAGS
+-old_ldflags=$LDFLAGS
+-old_ldadd=$LDADD
+-
+-CFLAGS=$library_cflags
+-LDFLAGS=$library_ldflags
+-LDADD=$library_ldadd
+-
+-AC_MSG_RESULT([LDAP SEARCH: CFLAGS: $library_cflags])
+-AC_MSG_RESULT([LDAP SEARCH: LDFLAGS: $library_ldflags])
+-AC_MSG_RESULT([LDAP SEARCH: LDADD: $library_ldadd])
+-
+-dnl AC_MSG_RESULT([LDAP VENDOR ===> searching for Sun])
+- AC_EGREP_CPP( [Sun],
+-[
+-#include <ldap.h>
+-
+-int main(void) {
+- char *p = LDAP_VENDOR_NAME;
+- return(0);
+-}],
+- [
+- AC_DEFINE(LDAP_VENDOR_SUN)
+- ldap_vendor="SUN"
+- ])
+-
+- if ! [[ "$ldap_vendor" = "SUN" ]] ; then
+- dnl AC_MSG_CHECKING([checking for OpenLDAP vendor ($_prefix) ]);
+- AC_EGREP_CPP( [OpenLDAP],
+-[
+-#include <ldap.h>
+-
+-int main(void) {
+- char *p = LDAP_VENDOR_NAME;
+- return(0);
+-}],
+- [
+- AC_DEFINE(LDAP_VENDOR_OPENLDAP)
+- dnl AC_MSG_CHECKING([checking for OpenLDAP vendor ($_prefix) ]);
+- ldap_vendor="OPENLDAP"
+- ])
+- fi
+-
+-LDFLAGS=$old_ldflags
+-CFLAGS=$old_cflags
+-LDADD=$old_ldadd
++ library_cflags=[-I$ldap_include_dir]
+
+ else
+
+- AC_MSG_RESULT([LDAP VENDOR ($_prefix) ===> searching for Sun])
+- AC_EGREP_CPP( [Sun],
++ AC_MSG_RESULT([LDAP VENDOR ===> searching for Sun])
++ AC_EGREP_CPP( [Sun],
+ [
+ #include <ldap.h>
+
+@@ -452,15 +430,15 @@
+ char *p = LDAP_VENDOR_NAME;
+ return(0);
+ }],
+- [
+- AC_DEFINE(LDAP_VENDOR_SUN)
+- ldap_vendor="SUN"
++ [
++ AC_DEFINE(LDAP_VENDOR_SUN)
++ ldap_vendor="SUN"
+ library_ldadd="-lldap"
+- ])
++ ])
+
+- if ! [[ "x$ldap_vendor" = "SUN" ]] ; then
+- AC_MSG_CHECKING([checking for OpenLDAP vendor ($_prefix) ]);
+- AC_EGREP_CPP( [OpenLDAP],
++ if ! [[ "x$ldap_vendor" = "SUN" ]] ; then
++ AC_MSG_CHECKING([checking for OpenLDAP vendor]);
++ AC_EGREP_CPP( [OpenLDAP],
+ [
+ #include <ldap.h>
+
+@@ -468,16 +446,13 @@
+ char *p = LDAP_VENDOR_NAME;
+ return(0);
+ }],
+- [
+- AC_DEFINE(LDAP_VENDOR_OPENLDAP)
+- ldap_vendor="OPENLDAP"
++ [
++ AC_DEFINE(LDAP_VENDOR_OPENLDAP)
++ ldap_vendor="OPENLDAP"
+ library_ldadd="-lldap_r"
+ ])
+- fi
++ fi
+ fi
+-
+- AC_MSG_RESULT([LDAP VENDOR: $ldap_vendor]);
+-
+ ])
+
+ AC_DEFUN(CHECK_EC, [
+@@ -548,7 +523,7 @@
+ dnl fi
+ dnl ])
+
+-dnl AC_RUN_IFELSE( [
++dnl AC_RUN_IFELSE([AC_LANG_SOURCE([
+ dnl #include <openssl/ec.h>
+ dnl #include <openssl/ecdsa.h>
+ dnl #include <openssl/opensslconf.h>
+@@ -559,7 +534,7 @@
+ dnl #endif
+ dnl EC_KEY *d = NULL;
+ dnl return(0);
+-dnl }], [
++dnl }])], [
+ dnl AC_DEFINE([ENABLE_ECDSA], 1, [ECC Support for OpenSSL])
+ dnl activate_ecdsa=yes
+ dnl ], [activate_ecdsa=no])
+@@ -576,13 +551,13 @@
+ dnl fi
+
+ AC_DEFUN(AC_OPENSSL_OCSP,
+-[ AC_RUN_IFELSE( [
++[ AC_RUN_IFELSE([AC_LANG_SOURCE([
+ #include <openssl/ocsp.h>
+ int main(void)
+ {
+ OCSP_CERTID *cid = NULL;
+ return(0);
+-}], [ AC_DEFINE(HAVE_OCSP) ], [ocsp_error=1])
++}])], [ AC_DEFINE(HAVE_OCSP) ], [ocsp_error=1])
+
+ if [[ ocsp_error = 1 ]] ; then
+ AC_MSG_RESULT([checking for OpenSSL OCSP support ... no])
+@@ -611,19 +586,19 @@
+ ])
+
+ AC_DEFUN(AC_GCC_CHECK_PRAGMA_IGNORED,
+-[ AC_RUN_IFELSE( [
++[ AC_RUN_IFELSE([AC_LANG_SOURCE([
+ #include <stdio.h>
+ #pragma GCC diagnostic ignored "-Wconversion"
+ int main(void)
+ {
+ return(0);
+ }
+-],[ AC_DEFINE(HAVE_GCC_PRAGMA_IGNORED, 1, [GCC pragma ignored]) ], [])
++])],[ AC_DEFINE(HAVE_GCC_PRAGMA_IGNORED, 1, [GCC pragma ignored]) ], [])
+
+ ])
+
+ AC_DEFUN(AC_GCC_CHECK_PRAGMA_POP,
+-[ AC_RUN_IFELSE( [
++[ AC_RUN_IFELSE([AC_LANG_SOURCE([
+ #include <stdio.h>
+ #pragma GCC diagnostic ignored "-Wconversion"
+ int main(void)
+@@ -631,7 +606,7 @@
+ return(0);
+ }
+ #pragma GCC diagnostic pop
+-], [ AC_DEFINE(HAVE_GCC_PRAGMA_POP, 1, [GCC pragma pop]) ], [])
++])], [ AC_DEFINE(HAVE_GCC_PRAGMA_POP, 1, [GCC pragma pop]) ], [])
+
+ ])
+
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/libpki/patches/02-makefile.patch Wed Jul 06 18:39:47 2016 -0700
@@ -0,0 +1,146 @@
+Patch origin: in-house
+Patch status: Solaris-specific; not suitable for upstream
+
+There are nine test cases included in this component, but test 7 & 8 are
+intentionally disabled because test 7 requires us to set up mysql server,
+ldap serves, etc, and because test 8 uses libeTPkcs11.so, which is a
+commercial product.
+
+Documents should be installed under /usr/share/doc/libpki instead of
+/usr/share/libpki.
+
+Configuration files should be installed under /etc/libpki.
+
+Need to include $(top_srcdir)/src because not all headers are available in
+$(top_builddir)/src/libpki.
+
+The option -ggdb doesn't work with Studio.
+
+--- libpki-0.8.9/Makefile.am 2016-06-01 15:47:17.703517449 -0700
++++ libpki-0.8.9/Makefile.am 2016-06-01 18:14:09.941087309 -0700
+@@ -89,8 +89,6 @@
+ src/tests/test4 \
+ src/tests/test5 \
+ src/tests/test6 \
+- src/tests/test7 \
+- src/tests/test8 \
+ src/tests/test9
+
+ rebuild::
+--- libpki-0.8.9/docs/Makefile.am 2016-06-01 15:47:48.571731471 -0700
++++ libpki-0.8.9/docs/Makefile.am 2016-06-01 18:16:44.901744754 -0700
+@@ -36,10 +36,11 @@
+ install-data-am: install-man
+ @$(NORMAL_INSTALL) ; \
+ $(mkinstalldirs) $(DESTDIR)$(exec_prefix)/share; \
+- $(mkinstalldirs) $(DESTDIR)$(exec_prefix)/share/libpki; \
++ $(mkinstalldirs) $(DESTDIR)$(exec_prefix)/share/doc; \
++ $(mkinstalldirs) $(DESTDIR)$(exec_prefix)/share/doc/libpki; \
+ for file in $(EXTRA_DIST) latex/refman.pdf; do \
+ if test -f $$file; then \
+- $(INSTALL_DATA) $$file $(DESTDIR)$(exec_prefix)/share/libpki; \
++ $(INSTALL_DATA) $$file $(DESTDIR)$(exec_prefix)/share/doc/libpki; \
+ fi \
+ done
+
+--- libpki-0.8.9/etc/Makefile.am 2016-06-01 15:47:16.927275667 -0700
++++ libpki-0.8.9/etc/Makefile.am 2016-06-07 14:20:52.853719021 -0700
+@@ -12,42 +12,42 @@
+ HSMS = hsm.d/*.xml
+ STORES = store.d/*.xml
+ CONFIGS = *.xml
+-PKI_CONFIG = pki.conf
++PKI_CONFIG = $(srcdir)/pki.conf
+
+ EXTRA_DIST = $(PROFILES) $(TOKENS) $(HSMS) $(STORES) $(CONFIGS) $(PKI_CONFIG)
+
+ install-data-local:
+ @$(NORMAL_INSTALL) ; \
+- $(mkinstalldirs) $(DESTDIR)$(exec_prefix)/etc/libpki; \
+- $(mkinstalldirs) $(DESTDIR)$(exec_prefix)/etc/libpki/hsm.d; \
+- $(mkinstalldirs) $(DESTDIR)$(exec_prefix)/etc/libpki/token.d; \
+- $(mkinstalldirs) $(DESTDIR)$(exec_prefix)/etc/libpki/store.d; \
+- $(mkinstalldirs) $(DESTDIR)$(exec_prefix)/etc/libpki/profile.d; \
++ $(mkinstalldirs) $(DESTDIR)/etc/libpki; \
++ $(mkinstalldirs) $(DESTDIR)/etc/libpki/hsm.d; \
++ $(mkinstalldirs) $(DESTDIR)/etc/libpki/token.d; \
++ $(mkinstalldirs) $(DESTDIR)/etc/libpki/store.d; \
++ $(mkinstalldirs) $(DESTDIR)/etc/libpki/profile.d; \
+ for file in $(PROFILES) ; do \
+ if test -f $$file; then \
+- $(INSTALL_DATA) $$file $(DESTDIR)$(exec_prefix)/etc/libpki/profile.d; \
++ $(INSTALL_DATA) $$file $(DESTDIR)/etc/libpki/profile.d; \
+ fi \
+ done
+ @for file in $(TOKENS) ; do \
+ if test -f $$file; then \
+- $(INSTALL_DATA) $$file $(DESTDIR)$(exec_prefix)/etc/libpki/token.d; \
++ $(INSTALL_DATA) $$file $(DESTDIR)/etc/libpki/token.d; \
+ fi \
+ done
+ @for file in $(HSMS) ; do \
+ if test -f $$file; then \
+- $(INSTALL_DATA) $$file $(DESTDIR)$(exec_prefix)/etc/libpki/hsm.d; \
++ $(INSTALL_DATA) $$file $(DESTDIR)/etc/libpki/hsm.d; \
+ fi \
+ done
+ @for file in $(STORES) ; do \
+ if test -f $$file; then \
+- $(INSTALL_DATA) $$file $(DESTDIR)$(exec_prefix)/etc/libpki/store.d; \
++ $(INSTALL_DATA) $$file $(DESTDIR)/etc/libpki/store.d; \
+ fi \
+ done
+ @for file in $(CONFIGS) ; do \
+ if test -f $$file; then \
+- $(INSTALL_DATA) $$file $(DESTDIR)$(exec_prefix)/etc/libpki; \
++ $(INSTALL_DATA) $$file $(DESTDIR)/etc/libpki; \
+ fi \
+ done
+- @$(INSTALL_DATA) $(PKI_CONFIG) $(DESTDIR)$(exec_prefix)/etc
++ @$(INSTALL_DATA) $(PKI_CONFIG) $(DESTDIR)/etc
+
+
+--- libpki-0.8.9/src/Makefile.am 2016-06-01 15:47:17.732926831 -0700
++++ libpki-0.8.9/src/Makefile.am 2016-06-09 14:49:11.713859300 -0700
+@@ -27,19 +27,20 @@
+
+ nobase_include_HEADERS = \
+ libpki/*.h \
+- libpki/net/*.h \
+- libpki/io/*.h \
+- libpki/scep/*.h \
+- libpki/prqp/*.h \
+- libpki/lirt/*.h \
+- libpki/cms/*.h \
+- libpki/openssl/*.h \
+- libpki/drivers/*.h \
+- libpki/drivers/openssl/*.h \
+- libpki/drivers/engine/*.h \
+- libpki/drivers/pkcs11/*.h \
+- libpki/drivers/pkcs11/rsa/*.h \
+- libpki/drivers/kmf/*.h
++ $(top_srcdir)/src/libpki/*.h \
++ $(top_srcdir)/src/libpki/net/*.h \
++ $(top_srcdir)/src/libpki/io/*.h \
++ $(top_srcdir)/src/libpki/scep/*.h \
++ $(top_srcdir)/src/libpki/prqp/*.h \
++ $(top_srcdir)/src/libpki/lirt/*.h \
++ $(top_srcdir)/src/libpki/cms/*.h \
++ $(top_srcdir)/src/libpki/openssl/*.h \
++ $(top_srcdir)/src/libpki/drivers/*.h \
++ $(top_srcdir)/src/libpki/drivers/openssl/*.h \
++ $(top_srcdir)/src/libpki/drivers/engine/*.h \
++ $(top_srcdir)/src/libpki/drivers/pkcs11/*.h \
++ $(top_srcdir)/src/libpki/drivers/pkcs11/rsa/*.h \
++ $(top_srcdir)/src/libpki/drivers/kmf/*.h
+
+ SRCS = \
+ pki_init.c \
+--- libpki-0.8.9/src/tests/Makefile.am 2016-06-01 15:47:33.304908175 -0700
++++ libpki-0.8.9/src/tests/Makefile.am 2016-06-07 15:21:44.869944846 -0700
+@@ -73,4 +73,4 @@
+ test9_SOURCES = test9.c
+ test9_LDFLAGS = $(testLDFLAGS)
+ test9_LDADD = $(testLDADD)
+-test9_CFLAGS = -I$(TOP) $(LIBPKI_CFLAGS) -ggdb
++test9_CFLAGS = -I$(TOP) $(LIBPKI_CFLAGS)
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/libpki/patches/03-libtool.patch Wed Jul 06 18:39:47 2016 -0700
@@ -0,0 +1,16 @@
+Patch origin: in-house
+Patch status: Solaris-specific; not suitable for upstream
+
+eval doesn't work as expected with quotes on Solaris.
+
+--- libpki-0.8.9/build/ltmain.sh Tue Nov 10 13:50:30 2015
++++ libpki-0.8.9/build/ltmain.sh Wed Nov 11 14:43:19 2015
+@@ -657,7 +657,7 @@
+ }
+
+ if ${opt_dry_run-false}; then :; else
+- eval "$my_cmd"
++ eval $my_cmd
+ my_status=$?
+ if test "$my_status" -eq 0; then :; else
+ eval "(exit $my_status); $my_fail_exp"
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/libpki/patches/04-studio.patch Wed Jul 06 18:39:47 2016 -0700
@@ -0,0 +1,36 @@
+Patch origin: in-house
+Patch status: Solaris-specific; not suitable for upstream
+
+Need to add a dummy variable to struct dsa because Studio doesn't allow
+zero-sized struct/union.
+
+void function cannot return value. gcc just ignores it, but Studio considers
+it as an error.
+
+--- libpki-0.8.9/src/libpki/openssl/data_st.h 2015-11-10 13:50:27.428271277 -0800
++++ libpki-0.8.9/src/libpki/openssl/data_st.h 2016-02-05 10:23:52.741804145 -0800
+@@ -425,7 +425,9 @@
+ int exponent;
+ } rsa;
+ // DSA scheme parameters
+- struct {} dsa;
++ struct {
++ int dummy;
++ } dsa;
+
+ #ifdef ENABLE_ECDSA
+ // EC scheme parameters
+--- libpki-0.8.9/src/pki_mem.c 2015-11-10 13:50:29.132816749 -0800
++++ libpki-0.8.9/src/pki_mem.c 2016-02-05 10:42:12.359660890 -0800
+@@ -322,7 +322,10 @@
+ if (!pnt) return;
+
+ /* If No size is provided, normal PKI_Free() is used */
+- if ( size <= 0 ) return PKI_Free ( pnt );
++ if ( size <= 0 ) {
++ PKI_Free ( pnt );
++ return;
++ }
+
+ /* Zeroize the Memory */
+ memset( pnt, '\xFF', size );
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/libpki/patches/05-tests.patch Wed Jul 06 18:39:47 2016 -0700
@@ -0,0 +1,165 @@
+Patchin: in-house
+Patch status: Solaris-specific; not suitable for upstream
+
+Need to add sample pem files to make component tests work.
+
+--- libpki-0.8.9/src/token.c Tue Nov 10 13:50:28 2015
++++ libpki-0.8.9/src/token.c Wed Jan 20 14:21:10 2016
+@@ -120,7 +120,7 @@
+ if (PKI_get_init_status() == PKI_STATUS_NOT_INIT) PKI_init_all();
+
+ // Sets the default callback for getting the credentials
+- PKI_TOKEN_cred_set_cb(tk, PKI_TOKEN_cred_cb_stdin, NULL);
++ PKI_TOKEN_cred_set_cb(tk, PKI_TOKEN_cred_cb_env, NULL);
+
+ // Initializes the token
+ PKI_TOKEN_init( tk, NULL, NULL );
+--- libpki-0.8.9/etc/token.d/default.xml Tue Nov 10 13:50:29 2015
++++ libpki-0.8.9/etc/token.d/default.xml Wed Jan 20 14:31:35 2016
+@@ -12,10 +12,10 @@
+ <!-- CA Certificate -->
+ <pki:cacert>file:///$HOME/.libpki/certs/cacert.pem</pki:cacert>
+ <!-- Certificates -->
+- <pki:othercerts>file::///$HOME/.libpki/certs/other-certs.pem</pki:othercerts>
+- <pki:trustedcerts>file::///$HOME/.libpki/certs/trusted-certs.pem</pki:trustedcerts>
++ <!-- <pki:othercerts>file::///$HOME/.libpki/certs/other-certs.pem</pki:othercerts> -->
++ <!-- <pki:trustedcerts>file::///$HOME/.libpki/certs/trusted-certs.pem</pki:trustedcerts> -->
+ <!-- Where the Password should be read from -->
+- <pki:passin>stdin</pki:passin>
++ <pki:passin>env</pki:passin>
+ <!-- ... or simply specify the password here -->
+ <!-- <pki:password></pki:password> -->
+ </pki:tokenConfig>
+--- libpki-0.8.9/etc/.libpki/certs/cacert.pem 1969-12-31 16:00:00.000000000 -0800
++++ libpki-0.8.9/etc/.libpki/certs/cacert.pem 2016-01-15 15:57:07.721997458 -0800
+@@ -0,0 +1,25 @@
++-----BEGIN CERTIFICATE-----
++MIIEOTCCAyGgAwIBAgIJAMvfuAXWxNmsMA0GCSqGSIb3DQEBCwUAMIGyMQswCQYD
++VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEUMBIGA1UEBwwLU2FudGEgQ2xh
++cmExHTAbBgNVBAoMFE9yYWNsZSBBbWVyaWNhLCBJbmMuMRQwEgYDVQQLDAtVc2Vy
++bGFuZCBDQTEfMB0GA1UEAwwWdXNlcmxhbmQudXMub3JhY2xlLmNvbTEiMCAGCSqG
++SIb3DQEJARYTdXNlcmxhbmRAb3JhY2xlLmNvbTAeFw0xNjAxMTEyMTM4MzdaFw0x
++NjAyMTAyMTM4MzdaMIGyMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5p
++YTEUMBIGA1UEBwwLU2FudGEgQ2xhcmExHTAbBgNVBAoMFE9yYWNsZSBBbWVyaWNh
++LCBJbmMuMRQwEgYDVQQLDAtVc2VybGFuZCBDQTEfMB0GA1UEAwwWdXNlcmxhbmQu
++dXMub3JhY2xlLmNvbTEiMCAGCSqGSIb3DQEJARYTdXNlcmxhbmRAb3JhY2xlLmNv
++bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMzwfyDlWbVLMKqmAUhG
++KuRhjLS03DrOumIuYwI1oQvLXZz4u4wnbMc5GgViUNw04AC7geJjWYunI1U5LAG5
++dQpbrMK1xL1iDMA0vc8EHvuUFY59tzjcGY1CAYtCNok1dau8FUWBfxV9wWEW00t3
++PEGREPuz5UtUcor7KX+JJ6r9/sT7pAKj6Y0G4v77RBDLtJ6hBXEJhqZ8eahtzOv3
++DBDSlOEimkCLxvlZnk0vTgpKCRmksIp7xq4MM61JiWuKNx9oJUgrEMgk2gP8Ox09
++RX1sG3GvDwW3L8rxKxCftWXPo22GV9OB5FAiHoqi+aLaSMXxHEyAlwXX2Fs9ZV8U
++iKkCAwEAAaNQME4wHQYDVR0OBBYEFJizE+yWESOeJaEhBGEkYSlrMldCMB8GA1Ud
++IwQYMBaAFJizE+yWESOeJaEhBGEkYSlrMldCMAwGA1UdEwQFMAMBAf8wDQYJKoZI
++hvcNAQELBQADggEBAI5UFjJJtPP4tsEdzAiH8dvEBG2tuDkPRpxbVd1G8lfDFLsD
++9MgawSeM8F4e0NQg4mP7/sshp3JpZ+NJMMNZkY57UYs28FuXa7WKx05aiMaXCxOH
++IDs/H8YCfcZq7JcpX5mdiiRqCU0w3h0/1w0b38JGSQF5tj6InjkNqD+jqrYiQeTj
++MPysxoAGiEDIq0AOuYgAG0kD7WytQRj6p3uxR2eWGIE2GYr715DiBjleaZoX1YQM
++AXTPEyqtES4ma+J3mRFUNWAvQTfsBpYS4/a32H2j+5tZchJd2T3AUvNcG5p+PvZB
++Ckks3qIQUXinjtZLtO3ZpSySW3XjRUeWpW+ij+A=
++-----END CERTIFICATE-----
+--- libpki-0.8.9/etc/.libpki/certs/cert.pem 1969-12-31 16:00:00.000000000 -0800
++++ libpki-0.8.9/etc/.libpki/certs/cert.pem 2016-01-15 15:57:07.747595458 -0800
+@@ -0,0 +1,72 @@
++Certificate:
++ Data:
++ Version: 1 (0x0)
++ Serial Number: 0 (0x0)
++ Signature Algorithm: sha1WithRSAEncryption
++ Issuer: C=US, ST=California, L=Santa Clara, O=Oracle America, Inc., OU=Userland CA, CN=userland.us.oracle.com/[email protected]
++ Validity
++ Not Before: Jan 11 21:40:47 2016 GMT
++ Not After : Jan 10 21:40:47 2021 GMT
++ Subject: C=US, ST=California, L=Santa Clara, O=Oracle America, Inc., OU=Userland, CN=userland.us.oracle.com/[email protected]
++ Subject Public Key Info:
++ Public Key Algorithm: rsaEncryption
++ Public-Key: (2048 bit)
++ Modulus:
++ 00:f1:dc:ab:d3:72:2d:8f:7b:71:7d:15:46:32:8a:
++ da:97:db:91:70:ce:37:a8:18:dd:1f:aa:5d:83:c0:
++ bc:44:23:fb:b0:da:2c:14:e8:b0:56:05:ef:98:22:
++ 54:28:a0:53:c4:24:7a:1c:d3:23:97:8d:8f:ea:ee:
++ ff:6b:d4:b8:65:0f:33:28:35:3c:71:9c:6c:e5:bf:
++ 03:87:5c:51:5e:5a:23:da:24:8e:6d:92:56:c7:93:
++ d5:73:54:42:aa:59:23:8b:ce:87:ea:bb:5a:06:c4:
++ ac:ce:6a:44:ba:b7:14:6b:f6:88:49:8d:3f:d5:b7:
++ ab:4f:2a:8a:32:15:4a:87:78:e6:d4:18:49:b0:6c:
++ c3:29:25:ab:15:82:b1:e0:59:ef:d7:ef:c2:5e:e3:
++ b7:bb:63:c3:d4:f1:c8:fe:8e:eb:fd:5c:6c:63:7d:
++ 17:88:62:24:86:5d:cb:ad:93:e2:fb:4d:02:c3:15:
++ 49:43:d0:15:5d:21:63:9b:d1:49:41:f6:b5:52:c9:
++ 5e:3b:42:61:53:dd:20:6c:9e:4b:4e:ab:c2:e1:15:
++ 30:12:ad:73:f1:42:ad:4e:84:10:ec:29:4d:55:69:
++ ee:32:88:8b:81:50:09:d5:dc:9b:90:87:cb:42:8d:
++ 5b:1f:94:e7:10:be:81:1a:13:2a:92:df:8d:2d:78:
++ 5e:89
++ Exponent: 65537 (0x10001)
++ Signature Algorithm: sha1WithRSAEncryption
++ 91:5d:fb:3e:f8:4d:45:98:18:68:d1:12:a0:34:93:30:ce:80:
++ fa:13:43:bb:65:90:07:6c:e1:c1:7b:b8:30:72:81:02:e9:a1:
++ ae:1f:3a:f4:72:20:bc:9a:90:84:5e:0e:1f:db:15:aa:90:cc:
++ 0a:ad:7b:08:0e:88:99:3d:93:31:f5:8f:d2:3f:bf:12:2a:45:
++ 96:ad:48:e6:2f:37:93:1d:ae:95:61:a2:01:ec:5d:ae:43:b4:
++ 7e:b7:02:92:6e:98:0f:94:9c:68:e5:f8:b4:ea:89:5a:55:fb:
++ 46:81:0c:1d:2a:74:95:95:ba:ad:6a:a4:08:40:2e:8d:e1:39:
++ 4c:74:c4:3c:39:68:18:93:da:2e:f1:ea:6e:96:8c:54:9f:33:
++ 58:76:2a:d9:a9:25:fc:87:03:f2:d8:e1:91:17:fe:55:8e:9a:
++ c0:dd:d2:98:02:ae:65:b3:79:a6:98:f3:01:4c:d7:d1:f1:00:
++ 17:20:5c:04:48:77:5d:84:c0:bc:99:7a:4e:7a:0f:31:1b:b9:
++ be:c4:4b:5b:b1:e5:3d:8b:34:f1:5a:c0:97:c7:b6:be:70:dc:
++ 74:03:fe:be:96:2d:be:0c:0e:0b:5b:67:d4:1d:21:cf:21:1d:
++ 67:b5:b6:4a:50:1e:bd:d1:f6:00:87:c3:cb:98:9f:6c:3a:d4:
++ f3:a2:ee:d1
++-----BEGIN CERTIFICATE-----
++MIID1zCCAr8CAQAwDQYJKoZIhvcNAQEFBQAwgbIxCzAJBgNVBAYTAlVTMRMwEQYD
++VQQIDApDYWxpZm9ybmlhMRQwEgYDVQQHDAtTYW50YSBDbGFyYTEdMBsGA1UECgwU
++T3JhY2xlIEFtZXJpY2EsIEluYy4xFDASBgNVBAsMC1VzZXJsYW5kIENBMR8wHQYD
++VQQDDBZ1c2VybGFuZC51cy5vcmFjbGUuY29tMSIwIAYJKoZIhvcNAQkBFhN1c2Vy
++bGFuZEBvcmFjbGUuY29tMB4XDTE2MDExMTIxNDA0N1oXDTIxMDExMDIxNDA0N1ow
++ga8xCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRQwEgYDVQQHDAtT
++YW50YSBDbGFyYTEdMBsGA1UECgwUT3JhY2xlIEFtZXJpY2EsIEluYy4xETAPBgNV
++BAsMCFVzZXJsYW5kMR8wHQYDVQQDDBZ1c2VybGFuZC51cy5vcmFjbGUuY29tMSIw
++IAYJKoZIhvcNAQkBFhN1c2VybGFuZEBvcmFjbGUuY29tMIIBIjANBgkqhkiG9w0B
++AQEFAAOCAQ8AMIIBCgKCAQEA8dyr03Itj3txfRVGMoral9uRcM43qBjdH6pdg8C8
++RCP7sNosFOiwVgXvmCJUKKBTxCR6HNMjl42P6u7/a9S4ZQ8zKDU8cZxs5b8Dh1xR
++Xloj2iSObZJWx5PVc1RCqlkji86H6rtaBsSszmpEurcUa/aISY0/1berTyqKMhVK
++h3jm1BhJsGzDKSWrFYKx4Fnv1+/CXuO3u2PD1PHI/o7r/VxsY30XiGIkhl3LrZPi
+++00CwxVJQ9AVXSFjm9FJQfa1UsleO0JhU90gbJ5LTqvC4RUwEq1z8UKtToQQ7ClN
++VWnuMoiLgVAJ1dybkIfLQo1bH5TnEL6BGhMqkt+NLXheiQIDAQABMA0GCSqGSIb3
++DQEBBQUAA4IBAQCRXfs++E1FmBho0RKgNJMwzoD6E0O7ZZAHbOHBe7gwcoEC6aGu
++Hzr0ciC8mpCEXg4f2xWqkMwKrXsIDoiZPZMx9Y/SP78SKkWWrUjmLzeTHa6VYaIB
++7F2uQ7R+twKSbpgPlJxo5fi06olaVftGgQwdKnSVlbqtaqQIQC6N4TlMdMQ8OWgY
++k9ou8epuloxUnzNYdirZqSX8hwPy2OGRF/5VjprA3dKYAq5ls3mmmPMBTNfR8QAX
++IFwESHddhMC8mXpOeg8xG7m+xEtbseU9izTxWsCXx7a+cNx0A/6+li2+DA4LW2fU
++HSHPIR1ntbZKUB690fYAh8PLmJ9sOtTzou7R
++-----END CERTIFICATE-----
+--- libpki-0.8.9/etc/.libpki/private/key.pem 1969-12-31 16:00:00.000000000 -0800
++++ libpki-0.8.9/etc/.libpki/private/key.pem 2016-01-15 15:57:07.794138570 -0800
+@@ -0,0 +1,27 @@
++-----BEGIN RSA PRIVATE KEY-----
++MIIEpgIBAAKCAQEA8dyr03Itj3txfRVGMoral9uRcM43qBjdH6pdg8C8RCP7sNos
++FOiwVgXvmCJUKKBTxCR6HNMjl42P6u7/a9S4ZQ8zKDU8cZxs5b8Dh1xRXloj2iSO
++bZJWx5PVc1RCqlkji86H6rtaBsSszmpEurcUa/aISY0/1berTyqKMhVKh3jm1BhJ
++sGzDKSWrFYKx4Fnv1+/CXuO3u2PD1PHI/o7r/VxsY30XiGIkhl3LrZPi+00CwxVJ
++Q9AVXSFjm9FJQfa1UsleO0JhU90gbJ5LTqvC4RUwEq1z8UKtToQQ7ClNVWnuMoiL
++gVAJ1dybkIfLQo1bH5TnEL6BGhMqkt+NLXheiQIDAQABAoIBAQCjCZBCfws7V4lP
++OlIRrAxipb5K/pgCFpCo0d0r/XZrsJ3vv4JLrfeAZYv3T9zPbhRJehVe7O1nMiQ7
++yFQhyklqxm5Dwm82Xq4ByVuFmbO4GKdmW5IvRqB89KjEj55I2sHdcqGomBa9zUJ3
+++qbN/rAjfxKsEi1f0eoG+bQiwrt0ybmqshFeW3c9c6HVZBT9nC1v/+Z6Wz0Na0E+
++eixIrZww3sxz/fsc5iUGehCB7z+poVvdHLVgsZ9fh3UEZfua9AqlHIfQujx/rtVw
++flk99rWjjYWozFN65dyXhSKYDIXhMg/61L6iFUdsu1pYNt9lf6FrBKDwhcPGLWDe
++sN20G2oBAoGBAP9JUnX9JKEkRkY0cTVNynMBfFH69kmG5ZNZuJmqZNMLLH2m+C7P
++GptHH5WbY+glDFPEqM3tlxUnB/yUrCMRm9EsCf3GKoEL516FZkVQ1dyFKpcYkNv2
++biYfhAhWG+DxV2jAC1qkcr69fE2fIUrRnBo3sJPSDlsBsOaU/phEDuwhAoGBAPKJ
++vip62Qbh+7YXoc7k9HXw4PfqjXAx01hT2IBDxwx5FUHrzT6D+9WGgBpxFV9quyz6
++936npQC270WDEMxLo4NiVXd9b/ji0o2+K43+BXEzEX8VkTeMWfveu6Szfq0bskaC
++3FrtgebMwBXUR9Od4WTRX45s+O3UI2jnX52mIOVpAoGBAJpP+P+HUF/zrGL9ijz9
++U9Xm3P41JDDX0OgcAOEqRZ3okDE3/6dT2zJncKkfb+nAk04Df0JTTtMjb8l3GQJt
++v3FWHIgBBGpTBr11B5f4v/13pYIGAHJl6Lk0rbvYSSvU1tBj3bkh1JaFtaC6AwbV
++43VZmmwQOks6n3MSNz9VTGvhAoGBAMFF9M2jQckTUmPEJ0RY/VnzD0NgnT9X5URQ
++5Ikp+be90avLfa4gvRFl8jWgAdkck3X/tDQw4fNU1A1/qWYzrGSpetQSmKUsE3+y
++mMC5OZsAiCPOiv9KD/b/gmZ4Ry0pkgJQi8rF06uZZETA+k/vU0rk8hHsUt4rG+Cf
++6HkXhsVpAoGBAOYLL5vjqV1DyX4smWk4SHnZS27E0fT8yCCMh0ZGRv9AZNTixs9f
++jZ8YI74uVd6WzrR720H/VLCqSQk7hqzZXGF589xlDENQoMxrdNy7oDYblVjv8/Rk
++T5YG6xxJnnCfM30waRWG3fatt6+c+Hy2SfVDpiJnP2+pbMzxgqnznhIq
++-----END RSA PRIVATE KEY-----