10 files changed, 27 insertions, 12 deletions

diff --git a/openssl/trunk/Configure b/openssl/trunk/Configure
index 0f0e3d38..a989a7eb 100755
--- a/openssl/trunk/Configure
+++ b/openssl/trunk/Configure
@@ -147,7 +147,8 @@ my %table=(
 # Our development configs
 "purify",	"purify gcc:-g -DPURIFY -Wall::(unknown)::-lsocket -lnsl::::",
 "debug",	"gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror::(unknown)::-lefence::::",
-"debug-sra",	"gcc:-DDEBUG_SAFESTACK -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -ggdb -g2 -Wall -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror::(unknown)::::::",
+"debug-sra",	"gcc:-DOPENSSL_RFC3779 -DDEBUG_SAFESTACK -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -ggdb -g2 -Wall -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror::(unknown)::::::",
+"debug-sra-norfc3779",	"gcc:-DDEBUG_SAFESTACK -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -ggdb -g2 -Wall -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror::(unknown)::::::",
 "debug-ben",	"gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown):::::bn86-elf.o co86-elf.o",
 "debug-ben-openbsd","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::",
 "debug-ben-openbsd-debug","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::",
diff --git a/openssl/trunk/Makefile b/openssl/trunk/Makefile
index 8aa72cc1..8ec1c9e0 100644
--- a/openssl/trunk/Makefile
+++ b/openssl/trunk/Makefile
@@ -60,7 +60,7 @@ OPENSSLDIR=/usr/local/ssl
 # PKCS1_CHECK - pkcs1 tests.
 
 CC= gcc
-CFLAG= -DDEBUG_SAFESTACK -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -ggdb -g2 -Wall -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror
+CFLAG= -DOPENSSL_RFC3779 -DDEBUG_SAFESTACK -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -ggdb -g2 -Wall -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror
 DEPFLAG= -DOPENSSL_NO_GMP -DOPENSSL_NO_MDC2 -DOPENSSL_NO_RC5 
 PEX_LIBS= 
 EX_LIBS= 
diff --git a/openssl/trunk/crypto/asn1/x_x509.c b/openssl/trunk/crypto/asn1/x_x509.c
index 01c586f4..0744555e 100644
--- a/openssl/trunk/crypto/asn1/x_x509.c
+++ b/openssl/trunk/crypto/asn1/x_x509.c
@@ -94,8 +94,10 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
 		ret->ex_pathlen = -1;
 		ret->skid = NULL;
 		ret->akid = NULL;
+#ifdef OPENSSL_RFC3779
 		ret->rfc3779_addr = NULL;
 		ret->rfc3779_asid = NULL;
+#endif
 		ret->aux = NULL;
 		CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data);
 		break;
@@ -111,8 +113,10 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
 		ASN1_OCTET_STRING_free(ret->skid);
 		AUTHORITY_KEYID_free(ret->akid);
 		policy_cache_free(ret->policy_cache);
+#ifdef OPENSSL_RFC3779
 		sk_IPAddressFamily_pop_free(ret->rfc3779_addr, IPAddressFamily_free);
 		ASIdentifiers_free(ret->rfc3779_asid);
+#endif
 
 		if (ret->name != NULL) OPENSSL_free(ret->name);
 		break;
diff --git a/openssl/trunk/crypto/x509/x509.h b/openssl/trunk/crypto/x509/x509.h
index 16d7bbf5..efbc95f5 100644
--- a/openssl/trunk/crypto/x509/x509.h
+++ b/openssl/trunk/crypto/x509/x509.h
@@ -288,8 +288,10 @@ struct x509_st
 	ASN1_OCTET_STRING *skid;
 	struct AUTHORITY_KEYID_st *akid;
 	X509_POLICY_CACHE *policy_cache;
+#ifdef OPENSSL_RFC3779
 	STACK_OF(IPAddressFamily) *rfc3779_addr;
 	struct ASIdentifiers_st *rfc3779_asid;
+#endif
 #ifndef OPENSSL_NO_SHA
 	unsigned char sha1_hash[SHA_DIGEST_LENGTH];
 #endif
diff --git a/openssl/trunk/crypto/x509/x509_vfy.c b/openssl/trunk/crypto/x509/x509_vfy.c
index ecee8164..00981706 100644
--- a/openssl/trunk/crypto/x509/x509_vfy.c
+++ b/openssl/trunk/crypto/x509/x509_vfy.c
@@ -312,11 +312,13 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
 		ok=internal_verify(ctx);
 	if(!ok) goto end;
 
+#ifdef OPENSSL_RFC3779
 	/* RFC 3779 path validation, now that CRL check has been done */
 	ok = v3_asid_validate_path(ctx);
 	if (!ok) goto end;
 	ok = v3_addr_validate_path(ctx);
 	if (!ok) goto end;
+#endif
 
 	/* If we get this far evaluate policies */
 	if (!bad_chain && (ctx->param->flags & X509_V_FLAG_POLICY_CHECK))
diff --git a/openssl/trunk/crypto/x509v3/ext_dat.h b/openssl/trunk/crypto/x509v3/ext_dat.h
index 3cf3d3e6..07464f53 100644
--- a/openssl/trunk/crypto/x509v3/ext_dat.h
+++ b/openssl/trunk/crypto/x509v3/ext_dat.h
@@ -100,8 +100,10 @@ static X509V3_EXT_METHOD *standard_exts[] = {
 #endif
 &v3_sxnet,
 &v3_info,
+#ifdef OPENSSL_RFC3779
 &v3_addr,
 &v3_asid,
+#endif
 #ifndef OPENSSL_NO_OCSP
 &v3_ocsp_nonce,
 &v3_ocsp_crlid,
diff --git a/openssl/trunk/crypto/x509v3/v3_addr.c b/openssl/trunk/crypto/x509v3/v3_addr.c
index 78f60ed4..fa8d42ab 100644
--- a/openssl/trunk/crypto/x509v3/v3_addr.c
+++ b/openssl/trunk/crypto/x509v3/v3_addr.c
@@ -29,6 +29,8 @@
 #include <openssl/asn1t.h>
 #include <openssl/x509v3.h>
 
+#ifdef OPENSSL_RFC3779
+
 /*
  * OpenSSL ASN.1 template translation of RFC 3779 2.2.3.
  */
@@ -1212,3 +1214,5 @@ int v3_addr_validate_resource_set(STACK_OF(X509) *chain,
     return 0;
   return v3_addr_validate_path_internal(NULL, chain, ext);
 }
+
+#endif /* OPENSSL_RFC3779 */
diff --git a/openssl/trunk/crypto/x509v3/v3_asid.c b/openssl/trunk/crypto/x509v3/v3_asid.c
index 70bd5581..180407b1 100644
--- a/openssl/trunk/crypto/x509v3/v3_asid.c
+++ b/openssl/trunk/crypto/x509v3/v3_asid.c
@@ -31,6 +31,8 @@
 #include <openssl/x509.h>
 #include <openssl/bn.h>
 
+#ifdef OPENSSL_RFC3779
+
 /*
  * OpenSSL ASN.1 template translation of RFC 3779 3.2.3.
  */
@@ -776,3 +778,5 @@ int v3_asid_validate_resource_set(STACK_OF(X509) *chain,
     return 0;
   return v3_asid_validate_path_internal(NULL, chain, ext);
 }
+
+#endif /* OPENSSL_RFC3779 */
diff --git a/openssl/trunk/crypto/x509v3/v3_purp.c b/openssl/trunk/crypto/x509v3/v3_purp.c
index 5ad2047e..717c2f3b 100644
--- a/openssl/trunk/crypto/x509v3/v3_purp.c
+++ b/openssl/trunk/crypto/x509v3/v3_purp.c
@@ -287,8 +287,10 @@ int X509_supported_extension(X509_EXTENSION *ex)
 		NID_basic_constraints,	/* 87 */
 		NID_certificate_policies, /* 89 */
         	NID_ext_key_usage,	/* 126 */
+#ifdef OPENSSL_RFC3779
 		NID_sbgp_ipAddrBlock,	/* 290 */
 		NID_sbgp_autonomousSysNum, /* 291 */
+#endif
 		NID_proxyCertInfo	/* 661 */
 	};
 
@@ -413,9 +415,11 @@ static void x509v3_cache_extensions(X509 *x)
 	}
 	x->skid =X509_get_ext_d2i(x, NID_subject_key_identifier, NULL, NULL);
 	x->akid =X509_get_ext_d2i(x, NID_authority_key_identifier, NULL, NULL);
+#ifdef OPENSSL_RFC3779
 	x->rfc3779_addr =X509_get_ext_d2i(x, NID_sbgp_ipAddrBlock, NULL, NULL);
 	x->rfc3779_asid =X509_get_ext_d2i(x, NID_sbgp_autonomousSysNum,
 					  NULL, NULL);
+#endif
 	for (i = 0; i < X509_get_ext_count(x); i++)
 		{
 		ex = X509_get_ext(x, i);
diff --git a/openssl/trunk/crypto/x509v3/x509v3.h b/openssl/trunk/crypto/x509v3/x509v3.h
index fc0570b2..289fbc27 100644
--- a/openssl/trunk/crypto/x509v3/x509v3.h
+++ b/openssl/trunk/crypto/x509v3/x509v3.h
@@ -626,13 +626,7 @@ int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE)*dn_sk,
 
 void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent);
 
-/*
- * [sra] Begin RFC 3779 stuff
- *
- * The following definitions and declarations will need to be merged
- * into the the rest of this file more cleanly.  Right now they're
- * organized as a unit to make it easier to see what I've added.
- */
+#ifdef OPENSSL_RFC3779
 
 typedef struct ASRange_st {
   ASN1_INTEGER *min, *max;
@@ -753,9 +747,7 @@ int v3_addr_validate_resource_set(STACK_OF(X509) *chain,
 				  IPAddrBlocks *ext,
 				  int allow_inheritance);
 
-/*
- * [sra] End RFC 3779 stuff
- */
+#endif /* OPENSSL_RFC3779 */
 
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes