369 files changed, 11352 insertions, 9654 deletions

diff --git a/app/build.gradle b/app/build.gradle
index 9207ff84..7d6d0a2c 100644
--- a/app/build.gradle
+++ b/app/build.gradle
@@ -1,16 +1,9 @@
 apply plugin: 'android'
-import org.ajoberstar.grgit.*
+//import org.ajoberstar.grgit.*
 
 android {
-  compileSdkVersion 19
-  buildToolsVersion "20"
-
-  defaultConfig {
-    minSdkVersion 14
-    targetSdkVersion 19
-
-    testInstrumentationRunner "android.test.InstrumentationTestRunner"
-  }
+  compileSdkVersion 21
+  buildToolsVersion "21.1.2"
 
   signingConfigs {
     release {
@@ -47,6 +40,9 @@ android {
 
 dependencies {
   androidTestCompile 'com.jayway.android.robotium:robotium-solo:5.2.1'
+  compile 'com.jakewharton:butterknife:6.0.0+'
+  provided 'com.squareup.dagger:dagger-compiler:1.2.2+'
+  compile 'com.github.pedrovgs:renderers:1.3+'
   compile 'com.intellij:annotations:12.0'
 }
 
@@ -58,24 +54,16 @@ def processFileInplace(file, Closure processText) {
 
 task checkoutStrippedIcsOpenVPN ( type: Copy ) {
   //FIXME Checkout ics-openvpn-stripped from branch "ics-openvpn-upstream"
-  grgit = Grgit.open(project.file('../'))
+  //grgit = Grgit.open(project.file('../'))
   
   from '../../bitmask_android_tmp/ics-openvpn-stripped'
   into '../ics-openvpn-stripped'
 }
 
-task copyIcsOpenVPNClasses( type: Copy, dependsOn: 'checkoutStrippedIcsOpenVPN' ) {
+task copyIcsOpenVPNClasses( type: Copy ) {
   from ('../ics-openvpn-stripped/main/') {
     include '**/*.java'
     include '**/*.aidl'
-    include '**/strings.xml'
-    include '**/log_*.xml'
-    include '**/vpnstatus.xml'
-    include '**/styles.xml'
-    include '**/dimens.xml'
-    include '**/logmenu.xml'
-
-    rename 'strings.xml', 'strings-icsopenvpn.xml'
     filter {
       line -> line.replaceAll('de.blinkt.openvpn.R', 'se.leap.bitmaskclient.R')
     }
@@ -88,14 +76,45 @@ task copyIcsOpenVPNClasses( type: Copy, dependsOn: 'checkoutStrippedIcsOpenVPN'
     filter {      
       line -> line.replace('package de.blinkt.openvpn.fragments;', 'package de.blinkt.openvpn.fragments;\n\nimport se.leap.bitmaskclient.R;')
     }
+  } into '.'
+}
+
+task copyIcsOpenVPNXml( type: Copy ) {
+  from ('../ics-openvpn-stripped/main/') {
+    include '**/strings.xml'
+    include '**/log_*.xml'
+    include '**/vpnstatus.xml'
+    include '**/styles.xml'
+    include '**/dimens.xml'
+    include '**/refs.xml'
+    include '**/colours.xml'    
+    include '**/logmenu.xml'
+
+    rename 'strings.xml', 'strings-icsopenvpn.xml'
     filter {
       line -> line.replaceAll('.*name="app".*', '')
     }
   } into '.'
 }
 
+task copyIcsOpenVPNImages( type: Copy ) {
+  from ('../ics-openvpn-stripped/main/') {
+    include '**/ic_filter*.png'
+    include '**/ic_delete*.png'
+    include '**/ic_share*.png'
+    include '**/ic_close*.png'
+    include '**/ic_edit*.png'
+  } into '.'
+}
+
+task copyIcsOpenVPNFiles( type: Copy, dependsOn: 'checkoutStrippedIcsOpenVPN' ) {
+  copyIcsOpenVPNClasses.execute()
+  copyIcsOpenVPNXml.execute()
+  copyIcsOpenVPNImages.execute()
+}
+
 // thanks to http://pleac.sourceforge.net/pleac_groovy/fileaccess.html
-task removeDuplicatedStrings( dependsOn: 'copyIcsOpenVPNClasses' ) << {
+task removeDuplicatedStrings( dependsOn: 'copyIcsOpenVPNFiles' ) << {
   new File('app').eachFileRecurse {
     if(it.name.equals('strings.xml')) {
       def ics_openvpn_file = file(it.absolutePath.replace('strings.xml', 'strings-icsopenvpn.xml'))
@@ -145,9 +164,10 @@ task mergeUntranslatable( type: Copy, dependsOn: 'removeDuplicatedStrings') {
   delete ics_openvpn_untranslatable
 }
 
-task updateIcsOpenVpn( type: Copy, dependsOn: 'mergeUntranslatable') {
-  from('../ics-openvpn-stripped/main') { 
+task updateIcsOpenVpn( type: Copy, dependsOn: 'mergeUntranslatable') << {
+  from('../ics-openvpn-stripped/main/src/') {
     include 'openvpn/**'
+    include 'openssl/**'    
     include 'lzo/**'
     include 'jni/**'
     include 'misc/**'
@@ -157,13 +177,7 @@ task updateIcsOpenVpn( type: Copy, dependsOn: 'mergeUntranslatable') {
 }
 
 task buildNative ( type: Exec ) {
-  
   commandLine 'sh', 'misc/build-native.sh', 'USE_BREAKPAD=0', '-j 8'
 }
 
-preBuild.dependsOn buildNative
-
-//assembleRelease.dependsOn connectedCheck
-afterEvaluate {
-  //installRelease.dependsOn connectedCheck
-}
+preBuild.dependsOn buildNative
\ No newline at end of file
diff --git a/app/jni/Application.mk b/app/jni/Application.mk
index b7af50cd..21718248 100644
--- a/app/jni/Application.mk
+++ b/app/jni/Application.mk
@@ -8,4 +8,4 @@ APP_STL:=stlport_shared
 
 #LOCAL_ARM_MODE := arm
 
-#NDK_TOOLCHAIN_VERSION=clang
+#NDK_TOOLCHAIN_VERSION=clang
\ No newline at end of file
diff --git a/app/misc/build-native.bat b/app/misc/build-native.bat
index 73a19a00..9885557a 100644
--- a/app/misc/build-native.bat
+++ b/app/misc/build-native.bat
@@ -1,22 +1,25 @@
 
 @echo on
-echo Currently broken, feel free to fix and send me a patch, see .sh file
+echo Currently broken, feel free to fix and send me a patch, see the build-native.sh file how native libraries are build on UNIX
 exit 1
 
-call ndk-build APP_API=all -j 8
+call ndk-build APP_ABI=x86_64 -j 8 USE_BREAKPAD=0
 
 
 cd libs
-mkdir ..\assets
-mkdir ..\build\
+mkdir ..\ovpnlibs
+mkdir ..\ovpnlibs\assets
 
 for /D %%f in (*) do (
-	copy %%f\minivpn ..\assets\minivpn.%%f
+	copy %%f\nopievpn ..\ovpnlibs\assets\nopievpn.%%f
+	copy %%f\pievpn ..\ovpnlibs\assets\pievpn.%%f
+
 	del %%f\libcrypto.so
 	del %%f\libssl.so
 
-	mkdir ..\build\native-libs\%%f\
-	copy %%f\*.so  ..\build\native-libs\%%f\
+    mkdir ..\ovpnlibs\jniLibs
+	mkdir ..\ovpnlibs\jniLibs\%%f\
+	copy %%f\*.so  ..\ovpnlibs\jniLibs\%%f\
 )
 
 cd ..
diff --git a/app/misc/build-native.sh b/app/misc/build-native.sh
index f27384cd..7382efc9 100755
--- a/app/misc/build-native.sh
+++ b/app/misc/build-native.sh
@@ -23,7 +23,7 @@ if [ -d openvpn/.git ]; then
 fi
 
 if [ "x$1" = "x" ]; then
-    ndk-build APP_API=all -j 8
+    ndk-build  -j 8 USE_BREAKPAD=0
 else
   ndk-build $@
 fi
diff --git a/app/misc/fetchtranslations.sh b/app/misc/fetchtranslations.sh
index 3529a646..356748d6 100755
--- a/app/misc/fetchtranslations.sh
+++ b/app/misc/fetchtranslations.sh
@@ -1,38 +1,36 @@
-#! /bin/sh
-
+#! /bin/zsh
+set -o shwordsplit
 
 if [ "$ICSCROWDAPIKEY" != "" ]
 then
 	echo "Generating new translation archives"
-	fetch -q -1 -o - http://api.crowdin.net/api/project/ics-openvpn/export?key=$ICSCROWDAPIKEY
+	fetch -q -1 -o - "http://api.crowdin.net/api/project/ics-openvpn/export?key=$ICSCROWDAPIKEY"
 fi
 
 echo "Fetch translation archive"
 fetch -q http://crowdin.net/download/project/ics-openvpn.zip
 
-langtoinclude="ca cs de es et fr hu it ja ko no nl pl ro ru sv tr uk"
-
-for lang in $langtoinclude
-do
-    tar -xvf ics-openvpn.zip -C src/main res/values-$lang/
-done
 
 # Chinese language require zh-CN and zh-TW
 
-for lang in zh-CN zh-TW id
+typeset -A langhash
+langhash=(zh-CN zh-rCN zh-TW zh-rTW id-ID in ca-ES ca cs-CZ cs et-EE et ja-JP ja ko-KR ko sv-SE sv uk-UA uk)
+
+langtoinclude="de es fr hu it no nl pl pt ro ru tr"
+
+for lang in $langtoinclude ${(k)langhash}
 do
-	if [ $lang = "zh-CN" ] ; then
-		rlang="zh-rCN"
-    elif [ $lang = "zh-TW" ] ; then
-        rlang="zh-rTW"
-    elif [ $lang = "id" ] ; then
-        rlang="in"
-	fi
-
-	echo "Fetch archive for $lang"
-	fetch http://crowdin.net/download/project/ics-openvpn/$lang.zip
-	tar -xv -C src/main/res/values-$rlang/ --strip-components 3 -f $lang.zip
-    rm $lang.zip
+    if (( ${+langhash[$lang]} )); then
+        alang=$lang
+        rlang=${langhash[$lang]}
+    else
+        alang=$lang-${lang:u}
+        rlang=$lang
+    fi
+
+    mkdir -p src/main/res/values-$rlang/
+    echo "$alang -> $rlang"
+    tar -xv -C src/main/res/values-$rlang/ --strip-components 2 -f ics-openvpn.zip res/values-$alang/
 done
 
-rm -v ics-openvpn.zip
+rm ics-openvpn.zip
diff --git a/app/misc/genFAQ.py b/app/misc/genFAQ.py
index b1506420..09381caa 100755
--- a/app/misc/genFAQ.py
+++ b/app/misc/genFAQ.py
@@ -112,7 +112,7 @@ def checkFormatString(lang):
             int = tstr.find(f)==-1
 
             if ino != int:
-                print "Mismatch",strid,f,ostr,tstr
+                print "Mismatch StringID(%s): " % lang,strid,"Original String:",ostr,"Translated String:",tstr
                 
 if __name__=="__main__":
     main()
diff --git a/app/openssl/Apps-config-host.mk b/app/openssl/Apps-config-host.mk
index 5c1604e0..c6ebf817 100644
--- a/app/openssl/Apps-config-host.mk
+++ b/app/openssl/Apps-config-host.mk
@@ -1,6 +1,6 @@
 # Auto-generated - DO NOT EDIT!
 # To regenerate, edit openssl.config, then run:
-#     ./import_openssl.sh import /path/to/openssl-1.0.1h.tar.gz
+#     ./import_openssl.sh import /path/to/openssl-1.0.1j.tar.gz
 #
 # This script will append to the following variables:
 #
@@ -74,30 +74,40 @@ common_c_includes := \
   external/openssl/. \
   external/openssl/include \
 
+arm_clang_asflags :=
+
 arm_cflags :=
 
 arm_src_files :=
 
 arm_exclude_files :=
 
+arm64_clang_asflags :=
+
 arm64_cflags :=
 
 arm64_src_files :=
 
 arm64_exclude_files :=
 
+x86_clang_asflags :=
+
 x86_cflags :=
 
 x86_src_files :=
 
 x86_exclude_files :=
 
+x86_64_clang_asflags :=
+
 x86_64_cflags :=
 
 x86_64_src_files :=
 
 x86_64_exclude_files :=
 
+mips_clang_asflags :=
+
 mips_cflags :=
 
 mips_src_files :=
diff --git a/app/openssl/Apps-config-target.mk b/app/openssl/Apps-config-target.mk
index 0c567d4d..fe600c0a 100644
--- a/app/openssl/Apps-config-target.mk
+++ b/app/openssl/Apps-config-target.mk
@@ -1,6 +1,6 @@
 # Auto-generated - DO NOT EDIT!
 # To regenerate, edit openssl.config, then run:
-#     ./import_openssl.sh import /path/to/openssl-1.0.1h.tar.gz
+#     ./import_openssl.sh import /path/to/openssl-1.0.1j.tar.gz
 #
 # This script will append to the following variables:
 #
@@ -74,30 +74,40 @@ common_c_includes := \
   external/openssl/. \
   external/openssl/include \
 
+arm_clang_asflags :=
+
 arm_cflags :=
 
 arm_src_files :=
 
 arm_exclude_files :=
 
+arm64_clang_asflags :=
+
 arm64_cflags :=
 
 arm64_src_files :=
 
 arm64_exclude_files :=
 
+x86_clang_asflags :=
+
 x86_cflags :=
 
 x86_src_files :=
 
 x86_exclude_files :=
 
+x86_64_clang_asflags :=
+
 x86_64_cflags :=
 
 x86_64_src_files :=
 
 x86_64_exclude_files :=
 
+mips_clang_asflags :=
+
 mips_cflags :=
 
 mips_src_files :=
@@ -110,15 +120,20 @@ LOCAL_C_INCLUDES += $(common_c_includes)
 
 LOCAL_SRC_FILES_arm += $(filter-out $(arm_exclude_files),$(common_src_files) $(arm_src_files))
 LOCAL_CFLAGS_arm += $(arm_cflags)
+LOCAL_CLANG_ASFLAGS_arm += $(arm_clang_asflags)
 
 LOCAL_SRC_FILES_arm64 += $(filter-out $(arm64_exclude_files),$(common_src_files) $(arm64_src_files))
 LOCAL_CFLAGS_arm64 += $(arm64_cflags)
+LOCAL_CLANG_ASFLAGS_arm64 += $(arm64_clang_asflags)
 
 LOCAL_SRC_FILES_x86 += $(filter-out $(x86_exclude_files),$(common_src_files) $(x86_src_files))
 LOCAL_CFLAGS_x86 += $(x86_cflags)
+LOCAL_CLANG_ASFLAGS_x86 += $(x86_clang_asflags)
 
 LOCAL_SRC_FILES_x86_64 += $(filter-out $(x86_64_exclude_files),$(common_src_files) $(x86_64_src_files))
 LOCAL_CFLAGS_x86_64 += $(x86_64_cflags)
+LOCAL_CLANG_ASFLAGS_x86_64 += $(x86_64_clang_asflags)
 
 LOCAL_SRC_FILES_mips += $(filter-out $(mips_exclude_files),$(common_src_files) $(mips_src_files))
 LOCAL_CFLAGS_mips += $(mips_cflags)
+LOCAL_CLANG_ASFLAGS_mips += $(mips_clang_asflags)
diff --git a/app/openssl/Crypto-config-host.mk b/app/openssl/Crypto-config-host.mk
index 5b643792..1e94f10b 100644
--- a/app/openssl/Crypto-config-host.mk
+++ b/app/openssl/Crypto-config-host.mk
@@ -1,6 +1,6 @@
 # Auto-generated - DO NOT EDIT!
 # To regenerate, edit openssl.config, then run:
-#     ./import_openssl.sh import /path/to/openssl-1.0.1h.tar.gz
+#     ./import_openssl.sh import /path/to/openssl-1.0.1j.tar.gz
 #
 # This script will append to the following variables:
 #
@@ -184,6 +184,7 @@ common_src_files := \
   crypto/conf/conf_mall.c \
   crypto/conf/conf_mod.c \
   crypto/conf/conf_sap.c \
+  crypto/constant_time_locl.h \
   crypto/cpt_err.c \
   crypto/cryptlib.c \
   crypto/cversion.c \
@@ -540,6 +541,9 @@ common_c_includes := \
   external/openssl/include \
   external/openssl/include/openssl \
 
+arm_clang_asflags := \
+  -no-integrated-as \
+
 arm_cflags := \
   -DAES_ASM \
   -DBSAES_ASM \
@@ -570,6 +574,9 @@ arm_exclude_files := \
   crypto/aes/aes_core.c \
   crypto/mem_clr.c \
 
+arm64_clang_asflags := \
+  -no-integrated-as \
+
 arm64_cflags := \
   -DDES_UNROLL \
   -DOPENSSL_CPUID_OBJ \
@@ -588,6 +595,8 @@ arm64_src_files := \
 
 arm64_exclude_files :=
 
+x86_clang_asflags :=
+
 x86_cflags := \
   -DAES_ASM \
   -DDES_PTR \
@@ -634,6 +643,8 @@ x86_exclude_files := \
   crypto/des/fcrypt_b.c \
   crypto/mem_clr.c \
 
+x86_64_clang_asflags :=
+
 x86_64_cflags := \
   -DAES_ASM \
   -DBSAES_ASM \
@@ -678,6 +689,8 @@ x86_64_exclude_files := \
   crypto/rc4/rc4_enc.c \
   crypto/rc4/rc4_skey.c \
 
+mips_clang_asflags :=
+
 mips_cflags := \
   -DAES_ASM \
   -DOPENSSL_BN_ASM_MONT \
diff --git a/app/openssl/Crypto-config-target.mk b/app/openssl/Crypto-config-target.mk
index bd29dfe5..43de9567 100644
--- a/app/openssl/Crypto-config-target.mk
+++ b/app/openssl/Crypto-config-target.mk
@@ -1,6 +1,6 @@
 # Auto-generated - DO NOT EDIT!
 # To regenerate, edit openssl.config, then run:
-#     ./import_openssl.sh import /path/to/openssl-1.0.1h.tar.gz
+#     ./import_openssl.sh import /path/to/openssl-1.0.1j.tar.gz
 #
 # This script will append to the following variables:
 #
@@ -184,6 +184,7 @@ common_src_files := \
   crypto/conf/conf_mall.c \
   crypto/conf/conf_mod.c \
   crypto/conf/conf_sap.c \
+  crypto/constant_time_locl.h \
   crypto/cpt_err.c \
   crypto/cryptlib.c \
   crypto/cversion.c \
@@ -540,6 +541,9 @@ common_c_includes := \
   openssl/include \
   openssl/include/openssl \
 
+arm_clang_asflags := \
+  -no-integrated-as \
+
 arm_cflags := \
   -DAES_ASM \
   -DBSAES_ASM \
@@ -570,6 +574,9 @@ arm_exclude_files := \
   crypto/aes/aes_core.c \
   crypto/mem_clr.c \
 
+arm64_clang_asflags := \
+  -no-integrated-as \
+
 arm64_cflags := \
   -DDES_UNROLL \
   -DOPENSSL_CPUID_OBJ \
@@ -588,6 +595,8 @@ arm64_src_files := \
 
 arm64_exclude_files :=
 
+x86_clang_asflags :=
+
 x86_cflags := \
   -DAES_ASM \
   -DDES_PTR \
@@ -634,6 +643,8 @@ x86_exclude_files := \
   crypto/des/fcrypt_b.c \
   crypto/mem_clr.c \
 
+x86_64_clang_asflags :=
+
 x86_64_cflags := \
   -DAES_ASM \
   -DBSAES_ASM \
@@ -678,6 +689,8 @@ x86_64_exclude_files := \
   crypto/rc4/rc4_enc.c \
   crypto/rc4/rc4_skey.c \
 
+mips_clang_asflags :=
+
 mips_cflags := \
   -DAES_ASM \
   -DOPENSSL_BN_ASM_MONT \
@@ -701,15 +714,20 @@ LOCAL_C_INCLUDES += $(common_c_includes)
 
 LOCAL_SRC_FILES_arm += $(filter-out $(arm_exclude_files),$(common_src_files) $(arm_src_files))
 LOCAL_CFLAGS_arm += $(arm_cflags)
+LOCAL_CLANG_ASFLAGS_arm += $(arm_clang_asflags)
 
 LOCAL_SRC_FILES_arm64 += $(filter-out $(arm64_exclude_files),$(common_src_files) $(arm64_src_files))
 LOCAL_CFLAGS_arm64 += $(arm64_cflags)
+LOCAL_CLANG_ASFLAGS_arm64 += $(arm64_clang_asflags)
 
 LOCAL_SRC_FILES_x86 += $(filter-out $(x86_exclude_files),$(common_src_files) $(x86_src_files))
 LOCAL_CFLAGS_x86 += $(x86_cflags)
+LOCAL_CLANG_ASFLAGS_x86 += $(x86_clang_asflags)
 
 LOCAL_SRC_FILES_x86_64 += $(filter-out $(x86_64_exclude_files),$(common_src_files) $(x86_64_src_files))
 LOCAL_CFLAGS_x86_64 += $(x86_64_cflags)
+LOCAL_CLANG_ASFLAGS_x86_64 += $(x86_64_clang_asflags)
 
 LOCAL_SRC_FILES_mips += $(filter-out $(mips_exclude_files),$(common_src_files) $(mips_src_files))
 LOCAL_CFLAGS_mips += $(mips_cflags)
+LOCAL_CLANG_ASFLAGS_mips += $(mips_clang_asflags)
diff --git a/app/openssl/Crypto-config-trusty.mk b/app/openssl/Crypto-config-trusty.mk
index 59915986..c1b01d50 100644
--- a/app/openssl/Crypto-config-trusty.mk
+++ b/app/openssl/Crypto-config-trusty.mk
@@ -1,6 +1,6 @@
 # Auto-generated - DO NOT EDIT!
 # To regenerate, edit openssl.config, then run:
-#     ./import_openssl.sh import /path/to/openssl-1.0.1h.tar.gz
+#     ./import_openssl.sh import /path/to/openssl-1.0.1j.tar.gz
 #
 # This script will append to the following variables:
 #
@@ -199,6 +199,8 @@ common_c_includes := \
   external/openssl/include \
   external/openssl/include/openssl \
 
+arm_clang_asflags :=
+
 arm_cflags := \
   -DAES_ASM \
   -DGHASH_ASM \
@@ -218,24 +220,32 @@ arm_src_files := \
 
 arm_exclude_files :=
 
+arm64_clang_asflags :=
+
 arm64_cflags :=
 
 arm64_src_files :=
 
 arm64_exclude_files :=
 
+x86_clang_asflags :=
+
 x86_cflags :=
 
 x86_src_files :=
 
 x86_exclude_files :=
 
+x86_64_clang_asflags :=
+
 x86_64_cflags :=
 
 x86_64_src_files :=
 
 x86_64_exclude_files :=
 
+mips_clang_asflags :=
+
 mips_cflags :=
 
 mips_src_files :=
@@ -248,15 +258,20 @@ LOCAL_C_INCLUDES += $(common_c_includes)
 
 LOCAL_SRC_FILES_arm += $(filter-out $(arm_exclude_files),$(common_src_files) $(arm_src_files))
 LOCAL_CFLAGS_arm += $(arm_cflags)
+LOCAL_CLANG_ASFLAGS_arm += $(arm_clang_asflags)
 
 LOCAL_SRC_FILES_arm64 += $(filter-out $(arm64_exclude_files),$(common_src_files) $(arm64_src_files))
 LOCAL_CFLAGS_arm64 += $(arm64_cflags)
+LOCAL_CLANG_ASFLAGS_arm64 += $(arm64_clang_asflags)
 
 LOCAL_SRC_FILES_x86 += $(filter-out $(x86_exclude_files),$(common_src_files) $(x86_src_files))
 LOCAL_CFLAGS_x86 += $(x86_cflags)
+LOCAL_CLANG_ASFLAGS_x86 += $(x86_clang_asflags)
 
 LOCAL_SRC_FILES_x86_64 += $(filter-out $(x86_64_exclude_files),$(common_src_files) $(x86_64_src_files))
 LOCAL_CFLAGS_x86_64 += $(x86_64_cflags)
+LOCAL_CLANG_ASFLAGS_x86_64 += $(x86_64_clang_asflags)
 
 LOCAL_SRC_FILES_mips += $(filter-out $(mips_exclude_files),$(common_src_files) $(mips_src_files))
 LOCAL_CFLAGS_mips += $(mips_cflags)
+LOCAL_CLANG_ASFLAGS_mips += $(mips_clang_asflags)
diff --git a/app/openssl/Ssl-config-host.mk b/app/openssl/Ssl-config-host.mk
index 57ea3775..83c60267 100644
--- a/app/openssl/Ssl-config-host.mk
+++ b/app/openssl/Ssl-config-host.mk
@@ -1,6 +1,6 @@
 # Auto-generated - DO NOT EDIT!
 # To regenerate, edit openssl.config, then run:
-#     ./import_openssl.sh import /path/to/openssl-1.0.1h.tar.gz
+#     ./import_openssl.sh import /path/to/openssl-1.0.1j.tar.gz
 #
 # This script will append to the following variables:
 #
@@ -68,30 +68,40 @@ common_c_includes := \
   external/openssl/crypto \
   external/openssl/include \
 
+arm_clang_asflags :=
+
 arm_cflags :=
 
 arm_src_files :=
 
 arm_exclude_files :=
 
+arm64_clang_asflags :=
+
 arm64_cflags :=
 
 arm64_src_files :=
 
 arm64_exclude_files :=
 
+x86_clang_asflags :=
+
 x86_cflags :=
 
 x86_src_files :=
 
 x86_exclude_files :=
 
+x86_64_clang_asflags :=
+
 x86_64_cflags :=
 
 x86_64_src_files :=
 
 x86_64_exclude_files :=
 
+mips_clang_asflags :=
+
 mips_cflags :=
 
 mips_src_files :=
diff --git a/app/openssl/Ssl-config-target.mk b/app/openssl/Ssl-config-target.mk
index c08a971d..bf1671f0 100644
--- a/app/openssl/Ssl-config-target.mk
+++ b/app/openssl/Ssl-config-target.mk
@@ -1,6 +1,6 @@
 # Auto-generated - DO NOT EDIT!
 # To regenerate, edit openssl.config, then run:
-#     ./import_openssl.sh import /path/to/openssl-1.0.1h.tar.gz
+#     ./import_openssl.sh import /path/to/openssl-1.0.1j.tar.gz
 #
 # This script will append to the following variables:
 #
@@ -68,30 +68,40 @@ common_c_includes := \
   openssl/crypto \
   openssl/include \
 
+arm_clang_asflags :=
+
 arm_cflags :=
 
 arm_src_files :=
 
 arm_exclude_files :=
 
+arm64_clang_asflags :=
+
 arm64_cflags :=
 
 arm64_src_files :=
 
 arm64_exclude_files :=
 
+x86_clang_asflags :=
+
 x86_cflags :=
 
 x86_src_files :=
 
 x86_exclude_files :=
 
+x86_64_clang_asflags :=
+
 x86_64_cflags :=
 
 x86_64_src_files :=
 
 x86_64_exclude_files :=
 
+mips_clang_asflags :=
+
 mips_cflags :=
 
 mips_src_files :=
@@ -104,15 +114,20 @@ LOCAL_C_INCLUDES += $(common_c_includes)
 
 LOCAL_SRC_FILES_arm += $(filter-out $(arm_exclude_files),$(common_src_files) $(arm_src_files))
 LOCAL_CFLAGS_arm += $(arm_cflags)
+LOCAL_CLANG_ASFLAGS_arm += $(arm_clang_asflags)
 
 LOCAL_SRC_FILES_arm64 += $(filter-out $(arm64_exclude_files),$(common_src_files) $(arm64_src_files))
 LOCAL_CFLAGS_arm64 += $(arm64_cflags)
+LOCAL_CLANG_ASFLAGS_arm64 += $(arm64_clang_asflags)
 
 LOCAL_SRC_FILES_x86 += $(filter-out $(x86_exclude_files),$(common_src_files) $(x86_src_files))
 LOCAL_CFLAGS_x86 += $(x86_cflags)
+LOCAL_CLANG_ASFLAGS_x86 += $(x86_clang_asflags)
 
 LOCAL_SRC_FILES_x86_64 += $(filter-out $(x86_64_exclude_files),$(common_src_files) $(x86_64_src_files))
 LOCAL_CFLAGS_x86_64 += $(x86_64_cflags)
+LOCAL_CLANG_ASFLAGS_x86_64 += $(x86_64_clang_asflags)
 
 LOCAL_SRC_FILES_mips += $(filter-out $(mips_exclude_files),$(common_src_files) $(mips_src_files))
 LOCAL_CFLAGS_mips += $(mips_cflags)
+LOCAL_CLANG_ASFLAGS_mips += $(mips_clang_asflags)
diff --git a/app/openssl/Ssl.mk b/app/openssl/Ssl.mk
index 0cb93eac..f3263ff0 100644
--- a/app/openssl/Ssl.mk
+++ b/app/openssl/Ssl.mk
@@ -1,5 +1,6 @@
 #######################################
 # target static library
+
 include $(CLEAR_VARS)
 include $(LOCAL_PATH)/ndk-build-clear.mk
 
@@ -25,6 +26,7 @@ include $(BUILD_STATIC_LIBRARY)
 # target shared library
 include $(CLEAR_VARS)
 include $(LOCAL_PATH)/ndk-build-clear.mk
+
 LOCAL_SHARED_LIBRARIES := $(log_shared_libraries)
 LOCAL_C_INCLUDES := $(log_c_includes)
 
diff --git a/app/openssl/android-config.mk b/app/openssl/android-config.mk
index 2a091130..675a65b3 100644
--- a/app/openssl/android-config.mk
+++ b/app/openssl/android-config.mk
@@ -41,6 +41,8 @@ LOCAL_CFLAGS_32 := $(filter-out -DDSO_DLFCN -DHAVE_DLFCN_H,$(LOCAL_CFLAGS_32))
 LOCAL_CFLAGS_64 := $(filter-out -DDSO_DLFCN -DHAVE_DLFCN_H,$(LOCAL_CFLAGS_64))
 endif
 
+LOCAL_CFLAGS += -Wno-missing-field-initializers -Wno-unused-parameter
+
 # Debug
 # LOCAL_CFLAGS += -DCIPHER_DEBUG
 
diff --git a/app/openssl/android.testssl/testssl b/app/openssl/android.testssl/testssl
index 5ff48604..66b87361 100755
--- a/app/openssl/android.testssl/testssl
+++ b/app/openssl/android.testssl/testssl
@@ -176,6 +176,12 @@ else
 
   echo test tls1 with SRP via BIO pair
   $ssltest -bio_pair -tls1 -cipher SRP -srpuser test -srppass abc123
+
+  echo test tls1 with SRP auth
+  $ssltest -tls1 -cipher aSRP -srpuser test -srppass abc123
+
+  echo test tls1 with SRP auth via BIO pair
+  $ssltest -bio_pair -tls1 -cipher aSRP -srpuser test -srppass abc123
 fi
 
 exit 0
diff --git a/app/openssl/apps/apps.c b/app/openssl/apps/apps.c
index b76db10a..3e18289a 100644
--- a/app/openssl/apps/apps.c
+++ b/app/openssl/apps/apps.c
@@ -390,6 +390,8 @@ int chopup_args(ARGS *arg, char *buf, int *argc, char **argv[])
 		{
 		arg->count=20;
 		arg->data=(char **)OPENSSL_malloc(sizeof(char *)*arg->count);
+		if (arg->data == NULL)
+			return 0;
 		}
 	for (i=0; i<arg->count; i++)
 		arg->data[i]=NULL;
@@ -1542,6 +1544,8 @@ char *make_config_name()
 
 	len=strlen(t)+strlen(OPENSSL_CONF)+2;
 	p=OPENSSL_malloc(len);
+	if (p == NULL)
+		return NULL;
 	BUF_strlcpy(p,t,len);
 #ifndef OPENSSL_SYS_VMS
 	BUF_strlcat(p,"/",len);
diff --git a/app/openssl/apps/ca.c b/app/openssl/apps/ca.c
index 1cf50e00..9c25026a 100644
--- a/app/openssl/apps/ca.c
+++ b/app/openssl/apps/ca.c
@@ -1620,12 +1620,14 @@ static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
 		{
 		ok=0;
 		BIO_printf(bio_err,"Signature verification problems....\n");
+		ERR_print_errors(bio_err);
 		goto err;
 		}
 	if (i == 0)
 		{
 		ok=0;
 		BIO_printf(bio_err,"Signature did not match the certificate request\n");
+		ERR_print_errors(bio_err);
 		goto err;
 		}
 	else
@@ -2777,6 +2779,9 @@ char *make_revocation_str(int rev_type, char *rev_arg)
 
 	revtm = X509_gmtime_adj(NULL, 0);
 
+	if (!revtm)
+		return NULL;
+
 	i = revtm->length + 1;
 
 	if (reason) i += strlen(reason) + 1;
diff --git a/app/openssl/apps/ciphers.c b/app/openssl/apps/ciphers.c
index 5f2b7397..93dce1c4 100644
--- a/app/openssl/apps/ciphers.c
+++ b/app/openssl/apps/ciphers.c
@@ -96,13 +96,7 @@ int MAIN(int argc, char **argv)
 	char buf[512];
 	BIO *STDout=NULL;
 
-#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
 	meth=SSLv23_server_method();
-#elif !defined(OPENSSL_NO_SSL3)
-	meth=SSLv3_server_method();
-#elif !defined(OPENSSL_NO_SSL2)
-	meth=SSLv2_server_method();
-#endif
 
 	apps_startup();
 
diff --git a/app/openssl/apps/crl2p7.c b/app/openssl/apps/crl2p7.c
index bbc83774..42c6886b 100644
--- a/app/openssl/apps/crl2p7.c
+++ b/app/openssl/apps/crl2p7.c
@@ -141,7 +141,13 @@ int MAIN(int argc, char **argv)
 			{
 			if (--argc < 1) goto bad;
 			if(!certflst) certflst = sk_OPENSSL_STRING_new_null();
-			sk_OPENSSL_STRING_push(certflst,*(++argv));
+			if (!certflst)
+				goto end;
+			if (!sk_OPENSSL_STRING_push(certflst,*(++argv)))
+				{
+				sk_OPENSSL_STRING_free(certflst);
+				goto end;
+				}
 			}
 		else
 			{
diff --git a/app/openssl/apps/enc.c b/app/openssl/apps/enc.c
index 19ea3df9..c8cb0212 100644
--- a/app/openssl/apps/enc.c
+++ b/app/openssl/apps/enc.c
@@ -67,7 +67,9 @@
 #include <openssl/x509.h>
 #include <openssl/rand.h>
 #include <openssl/pem.h>
+#ifndef OPENSSL_NO_COMP
 #include <openssl/comp.h>
+#endif
 #include <ctype.h>
 
 int set_hex(char *in,unsigned char *out,int size);
@@ -337,6 +339,12 @@ bad:
 		goto end;
 		}
 
+	if (cipher && (EVP_CIPHER_mode(cipher) == EVP_CIPH_XTS_MODE))
+		{
+		BIO_printf(bio_err, "Ciphers in XTS mode are not supported by the enc utility\n");
+		goto end;
+		}
+
 	if (md && (dgst=EVP_get_digestbyname(md)) == NULL)
 		{
 		BIO_printf(bio_err,"%s is an unsupported message digest type\n",md);
diff --git a/app/openssl/apps/md4.c b/app/openssl/apps/md4.c
index 7f457b2a..141415ad 120000..100644
--- a/app/openssl/apps/md4.c
+++ b/app/openssl/apps/md4.c
@@ -1 +1,127 @@
-../crypto/md4/md4.c
\ No newline at end of file
+/* crypto/md4/md4.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/md4.h>
+
+#define BUFSIZE	1024*16
+
+void do_fp(FILE *f);
+void pt(unsigned char *md);
+#if !defined(_OSD_POSIX) && !defined(__DJGPP__)
+int read(int, void *, unsigned int);
+#endif
+
+int main(int argc, char **argv)
+	{
+	int i,err=0;
+	FILE *IN;
+
+	if (argc == 1)
+		{
+		do_fp(stdin);
+		}
+	else
+		{
+		for (i=1; i<argc; i++)
+			{
+			IN=fopen(argv[i],"r");
+			if (IN == NULL)
+				{
+				perror(argv[i]);
+				err++;
+				continue;
+				}
+			printf("MD4(%s)= ",argv[i]);
+			do_fp(IN);
+			fclose(IN);
+			}
+		}
+	exit(err);
+	}
+
+void do_fp(FILE *f)
+	{
+	MD4_CTX c;
+	unsigned char md[MD4_DIGEST_LENGTH];
+	int fd;
+	int i;
+	static unsigned char buf[BUFSIZE];
+
+	fd=fileno(f);
+	MD4_Init(&c);
+	for (;;)
+		{
+		i=read(fd,buf,sizeof buf);
+		if (i <= 0) break;
+		MD4_Update(&c,buf,(unsigned long)i);
+		}
+	MD4_Final(&(md[0]),&c);
+	pt(md);
+	}
+
+void pt(unsigned char *md)
+	{
+	int i;
+
+	for (i=0; i<MD4_DIGEST_LENGTH; i++)
+		printf("%02x",md[i]);
+	printf("\n");
+	}
+
diff --git a/app/openssl/apps/ocsp.c b/app/openssl/apps/ocsp.c
index 767f12c6..04263ffd 100644
--- a/app/openssl/apps/ocsp.c
+++ b/app/openssl/apps/ocsp.c
@@ -1419,7 +1419,7 @@ OCSP_RESPONSE *process_responder(BIO *err, OCSP_REQUEST *req,
 		}
 	resp = query_responder(err, cbio, path, headers, req, req_timeout);
 	if (!resp)
-		BIO_printf(bio_err, "Error querying OCSP responsder\n");
+		BIO_printf(bio_err, "Error querying OCSP responder\n");
 	end:
 	if (cbio)
 		BIO_free_all(cbio);
diff --git a/app/openssl/apps/progs.h b/app/openssl/apps/progs.h
index dd2298b5..b162055d 100644
--- a/app/openssl/apps/progs.h
+++ b/app/openssl/apps/progs.h
@@ -107,16 +107,16 @@ FUNCTION functions[] = {
 	{FUNC_TYPE_GENERAL,"gendsa",gendsa_main},
 #endif
 	{FUNC_TYPE_GENERAL,"genpkey",genpkey_main},
-#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3))
+#if !defined(OPENSSL_NO_SOCK)
 	{FUNC_TYPE_GENERAL,"s_server",s_server_main},
 #endif
-#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3))
+#if !defined(OPENSSL_NO_SOCK)
 	{FUNC_TYPE_GENERAL,"s_client",s_client_main},
 #endif
 #ifndef OPENSSL_NO_SPEED
 	{FUNC_TYPE_GENERAL,"speed",speed_main},
 #endif
-#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3))
+#if !defined(OPENSSL_NO_SOCK)
 	{FUNC_TYPE_GENERAL,"s_time",s_time_main},
 #endif
 	{FUNC_TYPE_GENERAL,"version",version_main},
@@ -126,7 +126,7 @@ FUNCTION functions[] = {
 #endif
 	{FUNC_TYPE_GENERAL,"crl2pkcs7",crl2pkcs7_main},
 	{FUNC_TYPE_GENERAL,"sess_id",sess_id_main},
-#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3))
+#if !defined(OPENSSL_NO_SOCK)
 	{FUNC_TYPE_GENERAL,"ciphers",ciphers_main},
 #endif
 	{FUNC_TYPE_GENERAL,"nseq",nseq_main},
diff --git a/app/openssl/apps/progs.pl b/app/openssl/apps/progs.pl
index 39ca8f71..fa6258cf 100644
--- a/app/openssl/apps/progs.pl
+++ b/app/openssl/apps/progs.pl
@@ -32,7 +32,7 @@ foreach (@ARGV)
 	push(@files,$_);
 	$str="\t{FUNC_TYPE_GENERAL,\"$_\",${_}_main},\n";
 	if (($_ =~ /^s_/) || ($_ =~ /^ciphers$/))
-		{ print "#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3))\n${str}#endif\n"; } 
+		{ print "#if !defined(OPENSSL_NO_SOCK)\n${str}#endif\n"; } 
 	elsif ( ($_ =~ /^speed$/))
 		{ print "#ifndef OPENSSL_NO_SPEED\n${str}#endif\n"; }
 	elsif ( ($_ =~ /^engine$/))
diff --git a/app/openssl/apps/s_client.c b/app/openssl/apps/s_client.c
index 0c705803..dfe2de1f 100644
--- a/app/openssl/apps/s_client.c
+++ b/app/openssl/apps/s_client.c
@@ -290,6 +290,7 @@ static void sc_usage(void)
 	BIO_printf(bio_err," -connect host:port - who to connect to (default is %s:%s)\n",SSL_HOST_NAME,PORT_STR);
 
 	BIO_printf(bio_err," -verify arg   - turn on peer certificate verification\n");
+	BIO_printf(bio_err," -verify_return_error - return verification errors\n");
 	BIO_printf(bio_err," -cert arg     - certificate file to use, PEM format assumed\n");
 	BIO_printf(bio_err," -certform arg - certificate format (PEM or DER) PEM default\n");
 	BIO_printf(bio_err," -key arg      - Private key file to use, in cert file if\n");
@@ -300,6 +301,7 @@ static void sc_usage(void)
 	BIO_printf(bio_err," -CAfile arg   - PEM format file of CA's\n");
 	BIO_printf(bio_err," -reconnect    - Drop and re-make the connection with the same Session-ID\n");
 	BIO_printf(bio_err," -pause        - sleep(1) after each read(2) and write(2) system call\n");
+	BIO_printf(bio_err," -prexit       - print session information even on connection failure\n");
 	BIO_printf(bio_err," -showcerts    - show all certificates in the chain\n");
 	BIO_printf(bio_err," -debug        - extra output\n");
 #ifdef WATT32
@@ -335,6 +337,7 @@ static void sc_usage(void)
 	BIO_printf(bio_err," -tls1_1       - just use TLSv1.1\n");
 	BIO_printf(bio_err," -tls1         - just use TLSv1\n");
 	BIO_printf(bio_err," -dtls1        - just use DTLSv1\n");    
+	BIO_printf(bio_err," -fallback_scsv - send TLS_FALLBACK_SCSV\n");
 	BIO_printf(bio_err," -mtu          - set the link layer MTU\n");
 	BIO_printf(bio_err," -no_tls1_2/-no_tls1_1/-no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol\n");
 	BIO_printf(bio_err," -bugs         - Switch on all SSL implementation bug workarounds\n");
@@ -621,6 +624,7 @@ int MAIN(int argc, char **argv)
 	char *sess_out = NULL;
 	struct sockaddr peer;
 	int peerlen = sizeof(peer);
+	int fallback_scsv = 0;
 	int enable_timeouts = 0 ;
 	long socket_mtu = 0;
 #ifndef OPENSSL_NO_JPAKE
@@ -827,6 +831,10 @@ int MAIN(int argc, char **argv)
 			meth=DTLSv1_client_method();
 			socket_type=SOCK_DGRAM;
 			}
+		else if (strcmp(*argv,"-fallback_scsv") == 0)
+			{
+			fallback_scsv = 1;
+			}
 		else if (strcmp(*argv,"-timeout") == 0)
 			enable_timeouts=1;
 		else if (strcmp(*argv,"-mtu") == 0)
@@ -1273,6 +1281,10 @@ bad:
 		SSL_set_session(con, sess);
 		SSL_SESSION_free(sess);
 		}
+
+	if (fallback_scsv)
+		SSL_set_mode(con, SSL_MODE_SEND_FALLBACK_SCSV);
+
 #ifndef OPENSSL_NO_TLSEXT
 	if (servername != NULL)
 		{
diff --git a/app/openssl/apps/s_server.c b/app/openssl/apps/s_server.c
index 8198d7f0..fe7ad882 100644
--- a/app/openssl/apps/s_server.c
+++ b/app/openssl/apps/s_server.c
@@ -463,6 +463,7 @@ static void sv_usage(void)
 	BIO_printf(bio_err," -context arg  - set session ID context\n");
 	BIO_printf(bio_err," -verify arg   - turn on peer certificate verification\n");
 	BIO_printf(bio_err," -Verify arg   - turn on peer certificate verification, must have a cert.\n");
+	BIO_printf(bio_err," -verify_return_error - return verification errors\n");
 	BIO_printf(bio_err," -cert arg     - certificate file to use\n");
 	BIO_printf(bio_err,"                 (default is %s)\n",TEST_CERT);
 	BIO_printf(bio_err," -crl_check    - check the peer certificate has not been revoked by its CA.\n" \
@@ -534,6 +535,7 @@ static void sv_usage(void)
 	BIO_printf(bio_err," -no_ecdhe     - Disable ephemeral ECDH\n");
 #endif
 	BIO_printf(bio_err," -bugs         - Turn on SSL bug compatibility\n");
+	BIO_printf(bio_err," -hack         - workaround for early Netscape code\n");
 	BIO_printf(bio_err," -www          - Respond to a 'GET /' with a status page\n");
 	BIO_printf(bio_err," -WWW          - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
 	BIO_printf(bio_err," -HTTP         - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
@@ -562,6 +564,10 @@ static void sv_usage(void)
 #endif
 	BIO_printf(bio_err," -keymatexport label   - Export keying material using label\n");
 	BIO_printf(bio_err," -keymatexportlen len  - Export len bytes of keying material (default 20)\n");
+	BIO_printf(bio_err," -status           - respond to certificate status requests\n");
+	BIO_printf(bio_err," -status_verbose   - enable status request verbose printout\n");
+	BIO_printf(bio_err," -status_timeout n - status request responder timeout\n");
+	BIO_printf(bio_err," -status_url URL   - status request fallback URL\n");
 	}
 
 static int local_argc=0;
@@ -739,7 +745,7 @@ static int MS_CALLBACK ssl_servername_cb(SSL *s, int *ad, void *arg)
 	
 	if (servername)
 		{
-    		if (strcmp(servername,p->servername)) 
+    		if (strcasecmp(servername,p->servername)) 
 			return p->extension_error;
 		if (ctx2)
 			{
@@ -1356,6 +1362,14 @@ bad:
 		sv_usage();
 		goto end;
 		}
+#ifndef OPENSSL_NO_DTLS1
+	if (www && socket_type == SOCK_DGRAM)
+		{
+		BIO_printf(bio_err,
+				"Can't use -HTTP, -www or -WWW with DTLS\n");
+		goto end;
+		}
+#endif
 
 #if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK)
 	if (jpake_secret)
diff --git a/app/openssl/build-config-32.mk b/app/openssl/build-config-32.mk
index d035f1e4..9f1380b9 100644
--- a/app/openssl/build-config-32.mk
+++ b/app/openssl/build-config-32.mk
@@ -1,6 +1,6 @@
 # Auto-generated - DO NOT EDIT!
 # To regenerate, edit openssl.config, then run:
-#     ./import_openssl.sh import /path/to/openssl-1.0.1h.tar.gz
+#     ./import_openssl.sh import /path/to/openssl-1.0.1j.tar.gz
 #
 openssl_cflags_32 := \
   -DOPENSSL_THREADS \
@@ -31,6 +31,7 @@ openssl_cflags_32 := \
   -DOPENSSL_NO_SHA0 \
   -DOPENSSL_NO_STATIC_ENGINE \
   -DOPENSSL_NO_STORE \
+  -DOPENSSL_NO_UNIT_TEST \
   -DOPENSSL_NO_WHIRLPOOL \
 
 openssl_cflags_static_32 := \
@@ -60,5 +61,6 @@ openssl_cflags_static_32 := \
   -DOPENSSL_NO_SHA0 \
   -DOPENSSL_NO_STATIC_ENGINE \
   -DOPENSSL_NO_STORE \
+  -DOPENSSL_NO_UNIT_TEST \
   -DOPENSSL_NO_WHIRLPOOL \
 
diff --git a/app/openssl/build-config-64.mk b/app/openssl/build-config-64.mk
index 45a8141d..2475c2ed 100644
--- a/app/openssl/build-config-64.mk
+++ b/app/openssl/build-config-64.mk
@@ -1,6 +1,6 @@
 # Auto-generated - DO NOT EDIT!
 # To regenerate, edit openssl.config, then run:
-#     ./import_openssl.sh import /path/to/openssl-1.0.1h.tar.gz
+#     ./import_openssl.sh import /path/to/openssl-1.0.1j.tar.gz
 #
 openssl_cflags_64 := \
   -DOPENSSL_THREADS \
@@ -31,6 +31,7 @@ openssl_cflags_64 := \
   -DOPENSSL_NO_SHA0 \
   -DOPENSSL_NO_STATIC_ENGINE \
   -DOPENSSL_NO_STORE \
+  -DOPENSSL_NO_UNIT_TEST \
   -DOPENSSL_NO_WHIRLPOOL \
 
 openssl_cflags_static_64 := \
@@ -60,5 +61,6 @@ openssl_cflags_static_64 := \
   -DOPENSSL_NO_SHA0 \
   -DOPENSSL_NO_STATIC_ENGINE \
   -DOPENSSL_NO_STORE \
+  -DOPENSSL_NO_UNIT_TEST \
   -DOPENSSL_NO_WHIRLPOOL \
 
diff --git a/app/openssl/build-config-trusty.mk b/app/openssl/build-config-trusty.mk
index 4d6fb58c..34574f34 100644
--- a/app/openssl/build-config-trusty.mk
+++ b/app/openssl/build-config-trusty.mk
@@ -1,6 +1,6 @@
 # Auto-generated - DO NOT EDIT!
 # To regenerate, edit openssl.config, then run:
-#     ./import_openssl.sh import /path/to/openssl-1.0.1h.tar.gz
+#     ./import_openssl.sh import /path/to/openssl-1.0.1j.tar.gz
 #
 openssl_cflags_trusty := \
   -DL_ENDIAN \
@@ -48,6 +48,7 @@ openssl_cflags_trusty := \
   -DOPENSSL_NO_TS \
   -DOPENSSL_NO_TXT_DB \
   -DOPENSSL_NO_UI \
+  -DOPENSSL_NO_UNIT_TEST \
   -DOPENSSL_NO_WHIRLPOOL \
 
 openssl_cflags_static_trusty := \
@@ -96,5 +97,6 @@ openssl_cflags_static_trusty := \
   -DOPENSSL_NO_TS \
   -DOPENSSL_NO_TXT_DB \
   -DOPENSSL_NO_UI \
+  -DOPENSSL_NO_UNIT_TEST \
   -DOPENSSL_NO_WHIRLPOOL \
 
diff --git a/app/openssl/crypto/LPdir_win.c b/app/openssl/crypto/LPdir_win.c
index 702dbc73..d5b5e2c9 100644
--- a/app/openssl/crypto/LPdir_win.c
+++ b/app/openssl/crypto/LPdir_win.c
@@ -1,4 +1,3 @@
-/* $LP: LPlib/source/LPdir_win.c,v 1.10 2004/08/26 13:36:05 _cvs_levitte Exp $ */
 /*
  * Copyright (c) 2004, Richard Levitte <richard@levitte.org>
  * All rights reserved.
@@ -63,6 +62,16 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
   errno = 0;
   if (*ctx == NULL)
     {
+      const char *extdir = directory;
+      char *extdirbuf = NULL;
+      size_t dirlen = strlen (directory);
+
+      if (dirlen == 0)
+	{
+	  errno = ENOENT;
+	  return 0;
+	}
+
       *ctx = (LP_DIR_CTX *)malloc(sizeof(LP_DIR_CTX));
       if (*ctx == NULL)
 	{
@@ -71,15 +80,35 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
 	}
       memset(*ctx, '\0', sizeof(LP_DIR_CTX));
 
+      if (directory[dirlen-1] != '*')
+	{
+	  extdirbuf = (char *)malloc(dirlen + 3);
+	  if (extdirbuf == NULL)
+	    {
+	      free(*ctx);
+	      *ctx = NULL;
+	      errno = ENOMEM;
+	      return 0;
+	    }
+	  if (directory[dirlen-1] != '/' && directory[dirlen-1] != '\\')
+	    extdir = strcat(strcpy (extdirbuf,directory),"/*");
+	  else
+	    extdir = strcat(strcpy (extdirbuf,directory),"*");
+	}
+
       if (sizeof(TCHAR) != sizeof(char))
 	{
 	  TCHAR *wdir = NULL;
 	  /* len_0 denotes string length *with* trailing 0 */ 
-	  size_t index = 0,len_0 = strlen(directory) + 1;
+	  size_t index = 0,len_0 = strlen(extdir) + 1;
 
-	  wdir = (TCHAR *)malloc(len_0 * sizeof(TCHAR));
+	  wdir = (TCHAR *)calloc(len_0, sizeof(TCHAR));
 	  if (wdir == NULL)
 	    {
+	      if (extdirbuf != NULL)
+		{
+		  free (extdirbuf);
+		}
 	      free(*ctx);
 	      *ctx = NULL;
 	      errno = ENOMEM;
@@ -87,17 +116,23 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
 	    }
 
 #ifdef LP_MULTIBYTE_AVAILABLE
-	  if (!MultiByteToWideChar(CP_ACP, 0, directory, len_0, (WCHAR *)wdir, len_0))
+	  if (!MultiByteToWideChar(CP_ACP, 0, extdir, len_0, (WCHAR *)wdir, len_0))
 #endif
 	    for (index = 0; index < len_0; index++)
-	      wdir[index] = (TCHAR)directory[index];
+	      wdir[index] = (TCHAR)extdir[index];
 
 	  (*ctx)->handle = FindFirstFile(wdir, &(*ctx)->ctx);
 
 	  free(wdir);
 	}
       else
-	(*ctx)->handle = FindFirstFile((TCHAR *)directory, &(*ctx)->ctx);
+	{
+	  (*ctx)->handle = FindFirstFile((TCHAR *)extdir, &(*ctx)->ctx);
+	}
+      if (extdirbuf != NULL)
+	{
+	  free (extdirbuf);
+	}
 
       if ((*ctx)->handle == INVALID_HANDLE_VALUE)
 	{
@@ -114,7 +149,6 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
 	  return 0;
 	}
     }
-
   if (sizeof(TCHAR) != sizeof(char))
     {
       TCHAR *wdir = (*ctx)->ctx.cFileName;
diff --git a/app/openssl/crypto/aes/asm/aesni-x86_64.pl b/app/openssl/crypto/aes/asm/aesni-x86_64.pl
index 0dbb194b..c9270dfd 100644
--- a/app/openssl/crypto/aes/asm/aesni-x86_64.pl
+++ b/app/openssl/crypto/aes/asm/aesni-x86_64.pl
@@ -525,6 +525,16 @@ $code.=<<___;
 .type	aesni_ecb_encrypt,\@function,5
 .align	16
 aesni_ecb_encrypt:
+___
+$code.=<<___ if ($win64);
+	lea	-0x58(%rsp),%rsp
+	movaps	%xmm6,(%rsp)
+	movaps	%xmm7,0x10(%rsp)
+	movaps	%xmm8,0x20(%rsp)
+	movaps	%xmm9,0x30(%rsp)
+.Lecb_enc_body:
+___
+$code.=<<___;
 	and	\$-16,$len
 	jz	.Lecb_ret
 
@@ -805,6 +815,16 @@ $code.=<<___;
 	movups	$inout5,0x50($out)
 
 .Lecb_ret:
+___
+$code.=<<___ if ($win64);
+	movaps	(%rsp),%xmm6
+	movaps	0x10(%rsp),%xmm7
+	movaps	0x20(%rsp),%xmm8
+	movaps	0x30(%rsp),%xmm9
+	lea	0x58(%rsp),%rsp
+.Lecb_enc_ret:
+___
+$code.=<<___;
 	ret
 .size	aesni_ecb_encrypt,.-aesni_ecb_encrypt
 ___
@@ -2730,28 +2750,9 @@ $code.=<<___;
 .extern	__imp_RtlVirtualUnwind
 ___
 $code.=<<___ if ($PREFIX eq "aesni");
-.type	ecb_se_handler,\@abi-omnipotent
-.align	16
-ecb_se_handler:
-	push	%rsi
-	push	%rdi
-	push	%rbx
-	push	%rbp
-	push	%r12
-	push	%r13
-	push	%r14
-	push	%r15
-	pushfq
-	sub	\$64,%rsp
-
-	mov	152($context),%rax	# pull context->Rsp
-
-	jmp	.Lcommon_seh_tail
-.size	ecb_se_handler,.-ecb_se_handler
-
-.type	ccm64_se_handler,\@abi-omnipotent
+.type	ecb_ccm64_se_handler,\@abi-omnipotent
 .align	16
-ccm64_se_handler:
+ecb_ccm64_se_handler:
 	push	%rsi
 	push	%rdi
 	push	%rbx
@@ -2788,7 +2789,7 @@ ccm64_se_handler:
 	lea	0x58(%rax),%rax		# adjust stack pointer
 
 	jmp	.Lcommon_seh_tail
-.size	ccm64_se_handler,.-ccm64_se_handler
+.size	ecb_ccm64_se_handler,.-ecb_ccm64_se_handler
 
 .type	ctr32_se_handler,\@abi-omnipotent
 .align	16
@@ -2993,14 +2994,15 @@ ___
 $code.=<<___ if ($PREFIX eq "aesni");
 .LSEH_info_ecb:
 	.byte	9,0,0,0
-	.rva	ecb_se_handler
+	.rva	ecb_ccm64_se_handler
+	.rva	.Lecb_enc_body,.Lecb_enc_ret		# HandlerData[]
 .LSEH_info_ccm64_enc:
 	.byte	9,0,0,0
-	.rva	ccm64_se_handler
+	.rva	ecb_ccm64_se_handler
 	.rva	.Lccm64_enc_body,.Lccm64_enc_ret	# HandlerData[]
 .LSEH_info_ccm64_dec:
 	.byte	9,0,0,0
-	.rva	ccm64_se_handler
+	.rva	ecb_ccm64_se_handler
 	.rva	.Lccm64_dec_body,.Lccm64_dec_ret	# HandlerData[]
 .LSEH_info_ctr32:
 	.byte	9,0,0,0
diff --git a/app/openssl/crypto/asn1/a_object.c b/app/openssl/crypto/asn1/a_object.c
index 3978c915..77b27689 100644
--- a/app/openssl/crypto/asn1/a_object.c
+++ b/app/openssl/crypto/asn1/a_object.c
@@ -283,17 +283,29 @@ err:
 	ASN1err(ASN1_F_D2I_ASN1_OBJECT,i);
 	return(NULL);
 }
+
 ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
 	     long len)
 	{
 	ASN1_OBJECT *ret=NULL;
 	const unsigned char *p;
 	unsigned char *data;
-	int i;
-	/* Sanity check OID encoding: can't have leading 0x80 in
-	 * subidentifiers, see: X.690 8.19.2
+	int i, length;
+
+	/* Sanity check OID encoding.
+	 * Need at least one content octet.
+	 * MSB must be clear in the last octet.
+	 * can't have leading 0x80 in subidentifiers, see: X.690 8.19.2
 	 */
-	for (i = 0, p = *pp; i < len; i++, p++)
+	if (len <= 0 || len > INT_MAX || pp == NULL || (p = *pp) == NULL ||
+	    p[len - 1] & 0x80)
+		{
+		ASN1err(ASN1_F_C2I_ASN1_OBJECT,ASN1_R_INVALID_OBJECT_ENCODING);
+		return NULL;
+		}
+	/* Now 0 < len <= INT_MAX, so the cast is safe. */
+	length = (int)len;
+	for (i = 0; i < length; i++, p++)
 		{
 		if (*p == 0x80 && (!i || !(p[-1] & 0x80)))
 			{
@@ -316,23 +328,23 @@ ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
 	data = (unsigned char *)ret->data;
 	ret->data = NULL;
 	/* once detached we can change it */
-	if ((data == NULL) || (ret->length < len))
+	if ((data == NULL) || (ret->length < length))
 		{
 		ret->length=0;
 		if (data != NULL) OPENSSL_free(data);
-		data=(unsigned char *)OPENSSL_malloc(len ? (int)len : 1);
+		data=(unsigned char *)OPENSSL_malloc(length);
 		if (data == NULL)
 			{ i=ERR_R_MALLOC_FAILURE; goto err; }
 		ret->flags|=ASN1_OBJECT_FLAG_DYNAMIC_DATA;
 		}
-	memcpy(data,p,(int)len);
+	memcpy(data,p,length);
 	/* reattach data to object, after which it remains const */
 	ret->data  =data;
-	ret->length=(int)len;
+	ret->length=length;
 	ret->sn=NULL;
 	ret->ln=NULL;
 	/* ret->flags=ASN1_OBJECT_FLAG_DYNAMIC; we know it is dynamic */
-	p+=len;
+	p+=length;
 
 	if (a != NULL) (*a)=ret;
 	*pp=p;
diff --git a/app/openssl/crypto/asn1/a_strex.c b/app/openssl/crypto/asn1/a_strex.c
index ead37ac3..8fb4193b 100644
--- a/app/openssl/crypto/asn1/a_strex.c
+++ b/app/openssl/crypto/asn1/a_strex.c
@@ -568,6 +568,7 @@ int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in)
 	mbflag |= MBSTRING_FLAG;
 	stmp.data = NULL;
 	stmp.length = 0;
+	stmp.flags = 0;
 	ret = ASN1_mbstring_copy(&str, in->data, in->length, mbflag, B_ASN1_UTF8STRING);
 	if(ret < 0) return ret;
 	*out = stmp.data;
diff --git a/app/openssl/crypto/asn1/a_utctm.c b/app/openssl/crypto/asn1/a_utctm.c
index 072e2365..bbdc9b32 100644
--- a/app/openssl/crypto/asn1/a_utctm.c
+++ b/app/openssl/crypto/asn1/a_utctm.c
@@ -196,24 +196,29 @@ ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t,
 	struct tm *ts;
 	struct tm data;
 	size_t len = 20;
+	int free_s = 0;
 
 	if (s == NULL)
+		{
+		free_s = 1;
 		s=M_ASN1_UTCTIME_new();
+		}
 	if (s == NULL)
-		return(NULL);
+		goto err;
+
 
 	ts=OPENSSL_gmtime(&t, &data);
 	if (ts == NULL)
-		return(NULL);
+		goto err;
 
 	if (offset_day || offset_sec)
 		{ 
 		if (!OPENSSL_gmtime_adj(ts, offset_day, offset_sec))
-			return NULL;
+			goto err;
 		}
 
 	if((ts->tm_year < 50) || (ts->tm_year >= 150))
-		return NULL;
+		goto err;
 
 	p=(char *)s->data;
 	if ((p == NULL) || ((size_t)s->length < len))
@@ -222,7 +227,7 @@ ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t,
 		if (p == NULL)
 			{
 			ASN1err(ASN1_F_ASN1_UTCTIME_ADJ,ERR_R_MALLOC_FAILURE);
-			return(NULL);
+			goto err;
 			}
 		if (s->data != NULL)
 			OPENSSL_free(s->data);
@@ -237,6 +242,10 @@ ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t,
 	ebcdic2ascii(s->data, s->data, s->length);
 #endif
 	return(s);
+	err:
+	if (free_s && s)
+		M_ASN1_UTCTIME_free(s);
+	return NULL;
 	}
 
 
@@ -261,6 +270,11 @@ int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t)
 	t -= offset*60; /* FIXME: may overflow in extreme cases */
 
 	tm = OPENSSL_gmtime(&t, &data);
+	/* NB: -1, 0, 1 already valid return values so use -2 to
+	 * indicate error.
+	 */
+	if (tm == NULL)
+		return -2;
 	
 #define return_cmp(a,b) if ((a)<(b)) return -1; else if ((a)>(b)) return 1
 	year = g2(s->data);
diff --git a/app/openssl/crypto/asn1/ameth_lib.c b/app/openssl/crypto/asn1/ameth_lib.c
index a19e058f..ef153d46 100644
--- a/app/openssl/crypto/asn1/ameth_lib.c
+++ b/app/openssl/crypto/asn1/ameth_lib.c
@@ -258,7 +258,12 @@ int EVP_PKEY_asn1_add_alias(int to, int from)
 	if (!ameth)
 		return 0;
 	ameth->pkey_base_id = to;
-	return EVP_PKEY_asn1_add0(ameth);
+	if (!EVP_PKEY_asn1_add0(ameth))
+		{
+		EVP_PKEY_asn1_free(ameth);
+		return 0;
+		}
+	return 1;
 	}
 
 int EVP_PKEY_asn1_get0_info(int *ppkey_id, int *ppkey_base_id, int *ppkey_flags,
diff --git a/app/openssl/crypto/asn1/asn1_lib.c b/app/openssl/crypto/asn1/asn1_lib.c
index 1bcb44ae..fa04b08e 100644
--- a/app/openssl/crypto/asn1/asn1_lib.c
+++ b/app/openssl/crypto/asn1/asn1_lib.c
@@ -131,6 +131,9 @@ int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag,
 	*pclass=xclass;
 	if (!asn1_get_length(&p,&inf,plength,(int)max)) goto err;
 
+	if (inf && !(ret & V_ASN1_CONSTRUCTED))
+		goto err;
+
 #if 0
 	fprintf(stderr,"p=%d + *plength=%ld > omax=%ld + *pp=%d  (%d > %d)\n", 
 		(int)p,*plength,omax,(int)*pp,(int)(p+ *plength),
diff --git a/app/openssl/crypto/asn1/asn_mime.c b/app/openssl/crypto/asn1/asn_mime.c
index 54a704a9..13d003bc 100644
--- a/app/openssl/crypto/asn1/asn_mime.c
+++ b/app/openssl/crypto/asn1/asn_mime.c
@@ -667,6 +667,8 @@ static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio)
 	int len, state, save_state = 0;
 
 	headers = sk_MIME_HEADER_new(mime_hdr_cmp);
+	if (!headers)
+		return NULL;
 	while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) {
 	/* If whitespace at line start then continuation line */
 	if(mhdr && isspace((unsigned char)linebuf[0])) state = MIME_NAME;
diff --git a/app/openssl/crypto/asn1/asn_pack.c b/app/openssl/crypto/asn1/asn_pack.c
index ad738217..00dbf5ad 100644
--- a/app/openssl/crypto/asn1/asn_pack.c
+++ b/app/openssl/crypto/asn1/asn_pack.c
@@ -134,15 +134,23 @@ ASN1_STRING *ASN1_pack_string(void *obj, i2d_of_void *i2d, ASN1_STRING **oct)
 		
 	if (!(octmp->length = i2d(obj, NULL))) {
 		ASN1err(ASN1_F_ASN1_PACK_STRING,ASN1_R_ENCODE_ERROR);
-		return NULL;
+		goto err;
 	}
 	if (!(p = OPENSSL_malloc (octmp->length))) {
 		ASN1err(ASN1_F_ASN1_PACK_STRING,ERR_R_MALLOC_FAILURE);
-		return NULL;
+		goto err;
 	}
 	octmp->data = p;
 	i2d (obj, &p);
 	return octmp;
+	err:
+	if (!oct || !*oct)
+		{
+		ASN1_STRING_free(octmp);
+		if (oct)
+			*oct = NULL;
+		}
+	return NULL;
 }
 
 #endif
diff --git a/app/openssl/crypto/asn1/bio_asn1.c b/app/openssl/crypto/asn1/bio_asn1.c
index dc7efd55..bca4eebf 100644
--- a/app/openssl/crypto/asn1/bio_asn1.c
+++ b/app/openssl/crypto/asn1/bio_asn1.c
@@ -154,7 +154,10 @@ static int asn1_bio_new(BIO *b)
 	if (!ctx)
 		return 0;
 	if (!asn1_bio_init(ctx, DEFAULT_ASN1_BUF_SIZE))
+		{
+		OPENSSL_free(ctx);
 		return 0;
+		}
 	b->init = 1;
 	b->ptr = (char *)ctx;
 	b->flags = 0;
diff --git a/app/openssl/crypto/asn1/charmap.pl b/app/openssl/crypto/asn1/charmap.pl
index 2875c598..25ebf2c2 100644
--- a/app/openssl/crypto/asn1/charmap.pl
+++ b/app/openssl/crypto/asn1/charmap.pl
@@ -1,5 +1,8 @@
 #!/usr/local/bin/perl -w
 
+# Written by Dr Stephen N Henson (steve@openssl.org).
+# Licensed under the terms of the OpenSSL license.
+
 use strict;
 
 my ($i, @arr);
diff --git a/app/openssl/crypto/asn1/evp_asn1.c b/app/openssl/crypto/asn1/evp_asn1.c
index f3d98048..1b944597 100644
--- a/app/openssl/crypto/asn1/evp_asn1.c
+++ b/app/openssl/crypto/asn1/evp_asn1.c
@@ -66,7 +66,11 @@ int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, unsigned char *data, int len)
 	ASN1_STRING *os;
 
 	if ((os=M_ASN1_OCTET_STRING_new()) == NULL) return(0);
-	if (!M_ASN1_OCTET_STRING_set(os,data,len)) return(0);
+	if (!M_ASN1_OCTET_STRING_set(os,data,len))
+		{
+		M_ASN1_OCTET_STRING_free(os);
+		return 0;
+		}
 	ASN1_TYPE_set(a,V_ASN1_OCTET_STRING,os);
 	return(1);
 	}
diff --git a/app/openssl/crypto/asn1/t_x509.c b/app/openssl/crypto/asn1/t_x509.c
index edbb39a0..8e961f5e 100644
--- a/app/openssl/crypto/asn1/t_x509.c
+++ b/app/openssl/crypto/asn1/t_x509.c
@@ -475,6 +475,8 @@ int X509_NAME_print(BIO *bp, X509_NAME *name, int obase)
 	l=80-2-obase;
 
 	b=X509_NAME_oneline(name,NULL,0);
+	if (!b)
+		return 0;
 	if (!*b)
 		{
 		OPENSSL_free(b);
diff --git a/app/openssl/crypto/asn1/tasn_enc.c b/app/openssl/crypto/asn1/tasn_enc.c
index 936ad1f7..1390e5e6 100644
--- a/app/openssl/crypto/asn1/tasn_enc.c
+++ b/app/openssl/crypto/asn1/tasn_enc.c
@@ -453,9 +453,14 @@ static int asn1_set_seq_out(STACK_OF(ASN1_VALUE) *sk, unsigned char **out,
 			{
 			derlst = OPENSSL_malloc(sk_ASN1_VALUE_num(sk)
 						* sizeof(*derlst));
+			if (!derlst)
+				return 0;
 			tmpdat = OPENSSL_malloc(skcontlen);
-			if (!derlst || !tmpdat)
+			if (!tmpdat)
+				{
+				OPENSSL_free(derlst);
 				return 0;
+				}
 			}
 		}
 	/* If not sorting just output each item */
diff --git a/app/openssl/crypto/asn1/x_crl.c b/app/openssl/crypto/asn1/x_crl.c
index c51c690b..3f03efbe 100644
--- a/app/openssl/crypto/asn1/x_crl.c
+++ b/app/openssl/crypto/asn1/x_crl.c
@@ -270,6 +270,7 @@ static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
 				{
 				/* We handle IDP and deltas */
 				if ((nid == NID_issuing_distribution_point)
+					|| (nid == NID_authority_key_identifier)
 					|| (nid == NID_delta_crl))
 					break;;
 				crl->flags |= EXFLAG_CRITICAL;
diff --git a/app/openssl/crypto/bio/bio_lib.c b/app/openssl/crypto/bio/bio_lib.c
index 9c9646af..4793a453 100644
--- a/app/openssl/crypto/bio/bio_lib.c
+++ b/app/openssl/crypto/bio/bio_lib.c
@@ -132,8 +132,8 @@ int BIO_free(BIO *a)
 
 	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, a, &a->ex_data);
 
-	if ((a->method == NULL) || (a->method->destroy == NULL)) return(1);
-	a->method->destroy(a);
+	if ((a->method != NULL) && (a->method->destroy != NULL))
+		a->method->destroy(a);
 	OPENSSL_free(a);
 	return(1);
 	}
diff --git a/app/openssl/crypto/bn/asm/x86_64-gcc.c b/app/openssl/crypto/bn/asm/x86_64-gcc.c
index 329946e5..6bcf32f6 100644
--- a/app/openssl/crypto/bn/asm/x86_64-gcc.c
+++ b/app/openssl/crypto/bn/asm/x86_64-gcc.c
@@ -189,7 +189,7 @@ BN_ULONG bn_add_words (BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int
 
 	if (n <= 0) return 0;
 
-	asm (
+	asm volatile (
 	"	subq	%2,%2		\n"
 	".p2align 4			\n"
 	"1:	movq	(%4,%2,8),%0	\n"
@@ -200,7 +200,7 @@ BN_ULONG bn_add_words (BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int
 	"	sbbq	%0,%0		\n"
 		: "=&a"(ret),"+c"(n),"=&r"(i)
 		: "r"(rp),"r"(ap),"r"(bp)
-		: "cc"
+		: "cc", "memory"
 	);
 
   return ret&1;
@@ -212,7 +212,7 @@ BN_ULONG bn_sub_words (BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int
 
 	if (n <= 0) return 0;
 
-	asm (
+	asm volatile (
 	"	subq	%2,%2		\n"
 	".p2align 4			\n"
 	"1:	movq	(%4,%2,8),%0	\n"
@@ -223,7 +223,7 @@ BN_ULONG bn_sub_words (BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int
 	"	sbbq	%0,%0		\n"
 		: "=&a"(ret),"+c"(n),"=&r"(i)
 		: "r"(rp),"r"(ap),"r"(bp)
-		: "cc"
+		: "cc", "memory"
 	);
 
   return ret&1;
diff --git a/app/openssl/crypto/bn/bn_exp.c b/app/openssl/crypto/bn/bn_exp.c
index 2abf6fd6..611fa326 100644
--- a/app/openssl/crypto/bn/bn_exp.c
+++ b/app/openssl/crypto/bn/bn_exp.c
@@ -680,7 +680,7 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
 
     /* Dedicated window==4 case improves 512-bit RSA sign by ~15%, but as
      * 512-bit RSA is hardly relevant, we omit it to spare size... */ 
-    if (window==5)
+    if (window==5 && top>1)
 	{
 	void bn_mul_mont_gather5(BN_ULONG *rp,const BN_ULONG *ap,
 			const void *table,const BN_ULONG *np,
@@ -874,7 +874,14 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p,
 	bits = BN_num_bits(p);
 	if (bits == 0)
 		{
-		ret = BN_one(rr);
+		/* x**0 mod 1 is still zero. */
+		if (BN_is_one(m))
+			{
+			ret = 1;
+			BN_zero(rr);
+			}
+		else
+			ret = BN_one(rr);
 		return ret;
 		}
 	if (a == 0)
diff --git a/app/openssl/crypto/bn/bn_lib.c b/app/openssl/crypto/bn/bn_lib.c
index 5461e6ee..d5a211e2 100644
--- a/app/openssl/crypto/bn/bn_lib.c
+++ b/app/openssl/crypto/bn/bn_lib.c
@@ -320,6 +320,15 @@ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words)
 		BNerr(BN_F_BN_EXPAND_INTERNAL,ERR_R_MALLOC_FAILURE);
 		return(NULL);
 		}
+#ifdef PURIFY
+	/* Valgrind complains in BN_consttime_swap because we process the whole
+	 * array even if it's not initialised yet. This doesn't matter in that
+	 * function - what's important is constant time operation (we're not
+	 * actually going to use the data)
+	*/
+	memset(a, 0, sizeof(BN_ULONG)*words);
+#endif
+
 #if 1
 	B=b->d;
 	/* Check if the previous number needs to be copied */
diff --git a/app/openssl/crypto/bn/bn_nist.c b/app/openssl/crypto/bn/bn_nist.c
index e22968d4..abb15708 100644
--- a/app/openssl/crypto/bn/bn_nist.c
+++ b/app/openssl/crypto/bn/bn_nist.c
@@ -1088,9 +1088,9 @@ int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
 	/* ... and right shift */
 	for (val=t_d[0],i=0; i<BN_NIST_521_TOP-1; i++)
 		{
-		tmp = val>>BN_NIST_521_RSHIFT;
-		val = t_d[i+1];
-		t_d[i] = (tmp | val<<BN_NIST_521_LSHIFT) & BN_MASK2;
+		t_d[i] = ( val>>BN_NIST_521_RSHIFT |
+			  (tmp=t_d[i+1])<<BN_NIST_521_LSHIFT ) & BN_MASK2;
+		val=tmp;
 		}
 	t_d[i] = val>>BN_NIST_521_RSHIFT;
 	/* lower 521 bits */
diff --git a/app/openssl/crypto/bn/bn_sqr.c b/app/openssl/crypto/bn/bn_sqr.c
index 270d0cd3..65bbf165 100644
--- a/app/openssl/crypto/bn/bn_sqr.c
+++ b/app/openssl/crypto/bn/bn_sqr.c
@@ -77,6 +77,7 @@ int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)
 	if (al <= 0)
 		{
 		r->top=0;
+		r->neg = 0;
 		return 1;
 		}
 
diff --git a/app/openssl/crypto/bn/exptest.c b/app/openssl/crypto/bn/exptest.c
index 074a8e88..5fa02a12 100644
--- a/app/openssl/crypto/bn/exptest.c
+++ b/app/openssl/crypto/bn/exptest.c
@@ -71,6 +71,43 @@
 
 static const char rnd_seed[] = "string to make the random number generator think it has entropy";
 
+/* test_exp_mod_zero tests that x**0 mod 1 == 0. It returns zero on success. */
+static int test_exp_mod_zero() {
+	BIGNUM a, p, m;
+	BIGNUM r;
+	BN_CTX *ctx = BN_CTX_new();
+	int ret = 1;
+
+	BN_init(&m);
+	BN_one(&m);
+
+	BN_init(&a);
+	BN_one(&a);
+
+	BN_init(&p);
+	BN_zero(&p);
+
+	BN_init(&r);
+	BN_mod_exp(&r, &a, &p, &m, ctx);
+	BN_CTX_free(ctx);
+
+	if (BN_is_zero(&r))
+		ret = 0;
+	else
+		{
+		printf("1**0 mod 1 = ");
+		BN_print_fp(stdout, &r);
+		printf(", should be 0\n");
+		}
+
+	BN_free(&r);
+	BN_free(&a);
+	BN_free(&p);
+	BN_free(&m);
+
+	return ret;
+}
+
 int main(int argc, char *argv[])
 	{
 	BN_CTX *ctx;
@@ -190,7 +227,13 @@ int main(int argc, char *argv[])
 	ERR_remove_thread_state(NULL);
 	CRYPTO_mem_leaks(out);
 	BIO_free(out);
-	printf(" done\n");
+	printf("\n");
+
+	if (test_exp_mod_zero() != 0)
+		goto err;
+
+	printf("done\n");
+
 	EXIT(0);
 err:
 	ERR_load_crypto_strings();
diff --git a/app/openssl/crypto/cms/cms_pwri.c b/app/openssl/crypto/cms/cms_pwri.c
index b79612a1..71f2ddb4 100644
--- a/app/openssl/crypto/cms/cms_pwri.c
+++ b/app/openssl/crypto/cms/cms_pwri.c
@@ -93,9 +93,10 @@ CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms,
 	X509_ALGOR *encalg = NULL;
 	unsigned char iv[EVP_MAX_IV_LENGTH];
 	int ivlen;
+
 	env = cms_get0_enveloped(cms);
 	if (!env)
-		goto err;
+		return NULL;
 
 	if (wrap_nid <= 0)
 		wrap_nid = NID_id_alg_PWRI_KEK;
diff --git a/app/openssl/crypto/conf/conf_def.c b/app/openssl/crypto/conf/conf_def.c
index cf951320..f0b27687 100644
--- a/app/openssl/crypto/conf/conf_def.c
+++ b/app/openssl/crypto/conf/conf_def.c
@@ -321,7 +321,7 @@ again:
 			p=eat_ws(conf, end);
 			if (*p != ']')
 				{
-				if (*p != '\0')
+				if (*p != '\0' && ss != p)
 					{
 					ss=p;
 					goto again;
diff --git a/app/openssl/crypto/constant_time_locl.h b/app/openssl/crypto/constant_time_locl.h
new file mode 100644
index 00000000..c0483939
--- /dev/null
+++ b/app/openssl/crypto/constant_time_locl.h
@@ -0,0 +1,216 @@
+/* crypto/constant_time_locl.h */
+/*
+ * Utilities for constant-time cryptography.
+ *
+ * Author: Emilia Kasper (emilia@openssl.org)
+ * Based on previous work by Bodo Moeller, Emilia Kasper, Adam Langley
+ * (Google).
+ * ====================================================================
+ * Copyright (c) 2014 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_CONSTANT_TIME_LOCL_H
+#define HEADER_CONSTANT_TIME_LOCL_H
+
+#include "e_os.h"  /* For 'inline' */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+ * The boolean methods return a bitmask of all ones (0xff...f) for true
+ * and 0 for false. This is useful for choosing a value based on the result
+ * of a conditional in constant time. For example,
+ *
+ * if (a < b) {
+ *   c = a;
+ * } else {
+ *   c = b;
+ * }
+ *
+ * can be written as
+ *
+ * unsigned int lt = constant_time_lt(a, b);
+ * c = constant_time_select(lt, a, b);
+ */
+
+/*
+ * Returns the given value with the MSB copied to all the other
+ * bits. Uses the fact that arithmetic shift shifts-in the sign bit.
+ * However, this is not ensured by the C standard so you may need to
+ * replace this with something else on odd CPUs.
+ */
+static inline unsigned int constant_time_msb(unsigned int a);
+
+/*
+ * Returns 0xff..f if a < b and 0 otherwise.
+ */
+static inline unsigned int constant_time_lt(unsigned int a, unsigned int b);
+/* Convenience method for getting an 8-bit mask. */
+static inline unsigned char constant_time_lt_8(unsigned int a, unsigned int b);
+
+/*
+ * Returns 0xff..f if a >= b and 0 otherwise.
+ */
+static inline unsigned int constant_time_ge(unsigned int a, unsigned int b);
+/* Convenience method for getting an 8-bit mask. */
+static inline unsigned char constant_time_ge_8(unsigned int a, unsigned int b);
+
+/*
+ * Returns 0xff..f if a == 0 and 0 otherwise.
+ */
+static inline unsigned int constant_time_is_zero(unsigned int a);
+/* Convenience method for getting an 8-bit mask. */
+static inline unsigned char constant_time_is_zero_8(unsigned int a);
+
+
+/*
+ * Returns 0xff..f if a == b and 0 otherwise.
+ */
+static inline unsigned int constant_time_eq(unsigned int a, unsigned int b);
+/* Convenience method for getting an 8-bit mask. */
+static inline unsigned char constant_time_eq_8(unsigned int a, unsigned int b);
+/* Signed integers. */
+static inline unsigned int constant_time_eq_int(int a, int b);
+/* Convenience method for getting an 8-bit mask. */
+static inline unsigned char constant_time_eq_int_8(int a, int b);
+
+
+/*
+ * Returns (mask & a) | (~mask & b).
+ *
+ * When |mask| is all 1s or all 0s (as returned by the methods above),
+ * the select methods return either |a| (if |mask| is nonzero) or |b|
+ * (if |mask| is zero).
+ */
+static inline unsigned int constant_time_select(unsigned int mask,
+	unsigned int a, unsigned int b);
+/* Convenience method for unsigned chars. */
+static inline unsigned char constant_time_select_8(unsigned char mask,
+	unsigned char a, unsigned char b);
+/* Convenience method for signed integers. */
+static inline int constant_time_select_int(unsigned int mask, int a, int b);
+
+static inline unsigned int constant_time_msb(unsigned int a)
+	{
+	return (unsigned int)((int)(a) >> (sizeof(int) * 8 - 1));
+	}
+
+static inline unsigned int constant_time_lt(unsigned int a, unsigned int b)
+	{
+	unsigned int lt;
+	/* Case 1: msb(a) == msb(b). a < b iff the MSB of a - b is set.*/
+	lt = ~(a ^ b) & (a - b);
+	/* Case 2: msb(a) != msb(b). a < b iff the MSB of b is set. */
+	lt |= ~a & b;
+	return constant_time_msb(lt);
+	}
+
+static inline unsigned char constant_time_lt_8(unsigned int a, unsigned int b)
+	{
+	return (unsigned char)(constant_time_lt(a, b));
+	}
+
+static inline unsigned int constant_time_ge(unsigned int a, unsigned int b)
+	{
+	unsigned int ge;
+	/* Case 1: msb(a) == msb(b). a >= b iff the MSB of a - b is not set.*/
+	ge = ~((a ^ b) | (a - b));
+	/* Case 2: msb(a) != msb(b). a >= b iff the MSB of a is set. */
+	ge |= a & ~b;
+	return constant_time_msb(ge);
+	}
+
+static inline unsigned char constant_time_ge_8(unsigned int a, unsigned int b)
+	{
+	return (unsigned char)(constant_time_ge(a, b));
+	}
+
+static inline unsigned int constant_time_is_zero(unsigned int a)
+	{
+	return constant_time_msb(~a & (a - 1));
+	}
+
+static inline unsigned char constant_time_is_zero_8(unsigned int a)
+	{
+	return (unsigned char)(constant_time_is_zero(a));
+	}
+
+static inline unsigned int constant_time_eq(unsigned int a, unsigned int b)
+	{
+	return constant_time_is_zero(a ^ b);
+	}
+
+static inline unsigned char constant_time_eq_8(unsigned int a, unsigned int b)
+	{
+	return (unsigned char)(constant_time_eq(a, b));
+	}
+
+static inline unsigned int constant_time_eq_int(int a, int b)
+	{
+	return constant_time_eq((unsigned)(a), (unsigned)(b));
+	}
+
+static inline unsigned char constant_time_eq_int_8(int a, int b)
+	{
+	return constant_time_eq_8((unsigned)(a), (unsigned)(b));
+	}
+
+static inline unsigned int constant_time_select(unsigned int mask,
+	unsigned int a, unsigned int b)
+	{
+	return (mask & a) | (~mask & b);
+	}
+
+static inline unsigned char constant_time_select_8(unsigned char mask,
+	unsigned char a, unsigned char b)
+	{
+	return (unsigned char)(constant_time_select(mask, a, b));
+	}
+
+inline int constant_time_select_int(unsigned int mask, int a, int b)
+	{
+	return (int)(constant_time_select(mask, (unsigned)(a), (unsigned)(b)));
+	}
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif  /* HEADER_CONSTANT_TIME_LOCL_H */
diff --git a/app/openssl/crypto/dsa/dsa_ameth.c b/app/openssl/crypto/dsa/dsa_ameth.c
index 376156ec..5af76ead 100644
--- a/app/openssl/crypto/dsa/dsa_ameth.c
+++ b/app/openssl/crypto/dsa/dsa_ameth.c
@@ -307,6 +307,12 @@ static int dsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
 	unsigned char *dp = NULL;
 	int dplen;
 
+	if (!pkey->pkey.dsa || !pkey->pkey.dsa->priv_key)
+		{
+		DSAerr(DSA_F_DSA_PRIV_ENCODE,DSA_R_MISSING_PARAMETERS);
+		goto err;
+		}
+
 	params = ASN1_STRING_new();
 
 	if (!params)
@@ -701,4 +707,3 @@ const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[] =
 		old_dsa_priv_encode
 		}
 	};
-
diff --git a/app/openssl/crypto/ebcdic.h b/app/openssl/crypto/ebcdic.h
index 6d65afcf..85f3cf7f 100644
--- a/app/openssl/crypto/ebcdic.h
+++ b/app/openssl/crypto/ebcdic.h
@@ -5,6 +5,10 @@
 
 #include <sys/types.h>
 
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
 /* Avoid name clashes with other applications */
 #define os_toascii   _openssl_os_toascii
 #define os_toebcdic  _openssl_os_toebcdic
@@ -16,4 +20,7 @@ extern const unsigned char os_toebcdic[256];
 void *ebcdic2ascii(void *dest, const void *srce, size_t count);
 void *ascii2ebcdic(void *dest, const void *srce, size_t count);
 
+#ifdef  __cplusplus
+}
+#endif
 #endif
diff --git a/app/openssl/crypto/ec/ec.h b/app/openssl/crypto/ec/ec.h
index d008a0da..b6e745b8 100644
--- a/app/openssl/crypto/ec/ec.h
+++ b/app/openssl/crypto/ec/ec.h
@@ -629,7 +629,7 @@ int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN
 int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx);
 int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[], BN_CTX *ctx);
 
-/** Computes r = generator * n sum_{i=0}^num p[i] * m[i]
+/** Computes r = generator * n sum_{i=0}^{num-1} p[i] * m[i]
  *  \param  group  underlying EC_GROUP object
  *  \param  r      EC_POINT object for the result
  *  \param  n      BIGNUM with the multiplier for the group generator (optional)
diff --git a/app/openssl/crypto/ec/ec2_smpl.c b/app/openssl/crypto/ec/ec2_smpl.c
index e0e59c7d..62223cbb 100644
--- a/app/openssl/crypto/ec/ec2_smpl.c
+++ b/app/openssl/crypto/ec/ec2_smpl.c
@@ -80,9 +80,6 @@
 
 const EC_METHOD *EC_GF2m_simple_method(void)
 	{
-#ifdef OPENSSL_FIPS
-	return fips_ec_gf2m_simple_method();
-#else
 	static const EC_METHOD ret = {
 		EC_FLAGS_DEFAULT_OCT,
 		NID_X9_62_characteristic_two_field,
@@ -125,8 +122,12 @@ const EC_METHOD *EC_GF2m_simple_method(void)
 		0 /* field_decode */,
 		0 /* field_set_to_one */ };
 
-	return &ret;
+#ifdef OPENSSL_FIPS
+	if (FIPS_mode())
+		return fips_ec_gf2m_simple_method();
 #endif
+
+	return &ret;
 	}
 
 
diff --git a/app/openssl/crypto/ec/ec_ameth.c b/app/openssl/crypto/ec/ec_ameth.c
index f715a238..11283769 100644
--- a/app/openssl/crypto/ec/ec_ameth.c
+++ b/app/openssl/crypto/ec/ec_ameth.c
@@ -453,14 +453,16 @@ static int do_EC_KEY_print(BIO *bp, const EC_KEY *x, int off, int ktype)
 	if (ktype > 0)
 		{
 		public_key = EC_KEY_get0_public_key(x);
-		if ((pub_key = EC_POINT_point2bn(group, public_key,
-			EC_KEY_get_conv_form(x), NULL, ctx)) == NULL)
+		if (public_key != NULL)
 			{
-			reason = ERR_R_EC_LIB;
-			goto err;
-			}
-		if (pub_key)
+			if ((pub_key = EC_POINT_point2bn(group, public_key,
+				EC_KEY_get_conv_form(x), NULL, ctx)) == NULL)
+				{
+				reason = ERR_R_EC_LIB;
+				goto err;
+				}
 			buf_len = (size_t)BN_num_bytes(pub_key);
+			}
 		}
 
 	if (ktype == 2)
diff --git a/app/openssl/crypto/ec/ec_asn1.c b/app/openssl/crypto/ec/ec_asn1.c
index e94f34e1..52d31c2f 100644
--- a/app/openssl/crypto/ec/ec_asn1.c
+++ b/app/openssl/crypto/ec/ec_asn1.c
@@ -1183,29 +1183,46 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len)
 		goto err;
 		}
 
+	if (ret->pub_key)
+		EC_POINT_clear_free(ret->pub_key);
+	ret->pub_key = EC_POINT_new(ret->group);
+	if (ret->pub_key == NULL)
+		{
+		ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB);
+		goto err;
+		}
+
 	if (priv_key->publicKey)
 		{
 		const unsigned char *pub_oct;
-		size_t pub_oct_len;
+		int pub_oct_len;
 
-		if (ret->pub_key)
-			EC_POINT_clear_free(ret->pub_key);
-		ret->pub_key = EC_POINT_new(ret->group);
-		if (ret->pub_key == NULL)
+		pub_oct     = M_ASN1_STRING_data(priv_key->publicKey);
+		pub_oct_len = M_ASN1_STRING_length(priv_key->publicKey);
+		/* The first byte - point conversion form - must be present. */
+                if (pub_oct_len <= 0)
 			{
-			ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB);
+			ECerr(EC_F_D2I_ECPRIVATEKEY, EC_R_BUFFER_TOO_SMALL);
 			goto err;
 			}
-		pub_oct     = M_ASN1_STRING_data(priv_key->publicKey);
-		pub_oct_len = M_ASN1_STRING_length(priv_key->publicKey);
-		/* save the point conversion form */
+		/* Save the point conversion form. */
 		ret->conv_form = (point_conversion_form_t)(pub_oct[0] & ~0x01);
 		if (!EC_POINT_oct2point(ret->group, ret->pub_key,
-			pub_oct, pub_oct_len, NULL))
+					pub_oct, (size_t)(pub_oct_len), NULL))
+			{
+			ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB);
+			goto err;
+			}
+		}
+	else
+		{
+		if (!EC_POINT_mul(ret->group, ret->pub_key, ret->priv_key, NULL, NULL, NULL))
 			{
 			ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB);
 			goto err;
 			}
+		/* Remember the original private-key-only encoding. */
+		ret->enc_flag |= EC_PKEY_NO_PUBKEY;
 		}
 
 	ok = 1;
@@ -1230,7 +1247,8 @@ int	i2d_ECPrivateKey(EC_KEY *a, unsigned char **out)
 	size_t          buf_len=0, tmp_len;
 	EC_PRIVATEKEY   *priv_key=NULL;
 
-	if (a == NULL || a->group == NULL || a->priv_key == NULL)
+	if (a == NULL || a->group == NULL || a->priv_key == NULL ||
+	    (!(a->enc_flag & EC_PKEY_NO_PUBKEY) && a->pub_key == NULL))
 		{
 		ECerr(EC_F_I2D_ECPRIVATEKEY,
                       ERR_R_PASSED_NULL_PARAMETER);
diff --git a/app/openssl/crypto/ec/ec_lib.c b/app/openssl/crypto/ec/ec_lib.c
index de9a0cc2..e2c4741b 100644
--- a/app/openssl/crypto/ec/ec_lib.c
+++ b/app/openssl/crypto/ec/ec_lib.c
@@ -942,7 +942,7 @@ int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *
 
 int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx)
 	{
-	if (group->meth->dbl == 0)
+	if (group->meth->invert == 0)
 		{
 		ECerr(EC_F_EC_POINT_INVERT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
 		return 0;
diff --git a/app/openssl/crypto/ec/ecp_mont.c b/app/openssl/crypto/ec/ecp_mont.c
index f04f132c..3c5ec196 100644
--- a/app/openssl/crypto/ec/ecp_mont.c
+++ b/app/openssl/crypto/ec/ecp_mont.c
@@ -72,9 +72,6 @@
 
 const EC_METHOD *EC_GFp_mont_method(void)
 	{
-#ifdef OPENSSL_FIPS
-	return fips_ec_gfp_mont_method();
-#else
 	static const EC_METHOD ret = {
 		EC_FLAGS_DEFAULT_OCT,
 		NID_X9_62_prime_field,
@@ -114,8 +111,12 @@ const EC_METHOD *EC_GFp_mont_method(void)
 		ec_GFp_mont_field_decode,
 		ec_GFp_mont_field_set_to_one };
 
-	return &ret;
+#ifdef OPENSSL_FIPS
+	if (FIPS_mode())
+		return fips_ec_gfp_mont_method();
 #endif
+
+	return &ret;
 	}
 
 
diff --git a/app/openssl/crypto/ec/ecp_nist.c b/app/openssl/crypto/ec/ecp_nist.c
index aad2d5f4..db3b99e0 100644
--- a/app/openssl/crypto/ec/ecp_nist.c
+++ b/app/openssl/crypto/ec/ecp_nist.c
@@ -73,9 +73,6 @@
 
 const EC_METHOD *EC_GFp_nist_method(void)
 	{
-#ifdef OPENSSL_FIPS
-	return fips_ec_gfp_nist_method();
-#else
 	static const EC_METHOD ret = {
 		EC_FLAGS_DEFAULT_OCT,
 		NID_X9_62_prime_field,
@@ -115,8 +112,12 @@ const EC_METHOD *EC_GFp_nist_method(void)
 		0 /* field_decode */,
 		0 /* field_set_to_one */ };
 
-	return &ret;
+#ifdef OPENSSL_FIPS
+	if (FIPS_mode())
+		return fips_ec_gfp_nist_method();
 #endif
+
+	return &ret;
 	}
 
 int ec_GFp_nist_group_copy(EC_GROUP *dest, const EC_GROUP *src)
diff --git a/app/openssl/crypto/ec/ecp_smpl.c b/app/openssl/crypto/ec/ecp_smpl.c
index 7cbb321f..2d1f3576 100644
--- a/app/openssl/crypto/ec/ecp_smpl.c
+++ b/app/openssl/crypto/ec/ecp_smpl.c
@@ -73,9 +73,6 @@
 
 const EC_METHOD *EC_GFp_simple_method(void)
 	{
-#ifdef OPENSSL_FIPS
-	return fips_ec_gfp_simple_method();
-#else
 	static const EC_METHOD ret = {
 		EC_FLAGS_DEFAULT_OCT,
 		NID_X9_62_prime_field,
@@ -115,8 +112,12 @@ const EC_METHOD *EC_GFp_simple_method(void)
 		0 /* field_decode */,
 		0 /* field_set_to_one */ };
 
-	return &ret;
+#ifdef OPENSSL_FIPS
+	if (FIPS_mode())
+		return fips_ec_gfp_simple_method();
 #endif
+
+	return &ret;
 	}
 
 
@@ -1181,9 +1182,8 @@ int ec_GFp_simple_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ct
 int ec_GFp_simple_points_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[], BN_CTX *ctx)
 	{
 	BN_CTX *new_ctx = NULL;
-	BIGNUM *tmp0, *tmp1;
-	size_t pow2 = 0;
-	BIGNUM **heap = NULL;
+	BIGNUM *tmp, *tmp_Z;
+	BIGNUM **prod_Z = NULL;
 	size_t i;
 	int ret = 0;
 
@@ -1198,124 +1198,104 @@ int ec_GFp_simple_points_make_affine(const EC_GROUP *group, size_t num, EC_POINT
 		}
 
 	BN_CTX_start(ctx);
-	tmp0 = BN_CTX_get(ctx);
-	tmp1 = BN_CTX_get(ctx);
-	if (tmp0  == NULL || tmp1 == NULL) goto err;
+	tmp = BN_CTX_get(ctx);
+	tmp_Z = BN_CTX_get(ctx);
+	if (tmp == NULL || tmp_Z == NULL) goto err;
 
-	/* Before converting the individual points, compute inverses of all Z values.
-	 * Modular inversion is rather slow, but luckily we can do with a single
-	 * explicit inversion, plus about 3 multiplications per input value.
-	 */
+	prod_Z = OPENSSL_malloc(num * sizeof prod_Z[0]);
+	if (prod_Z == NULL) goto err;
+	for (i = 0; i < num; i++)
+		{
+		prod_Z[i] = BN_new();
+		if (prod_Z[i] == NULL) goto err;
+		}
 
-	pow2 = 1;
-	while (num > pow2)
-		pow2 <<= 1;
-	/* Now pow2 is the smallest power of 2 satifsying pow2 >= num.
-	 * We need twice that. */
-	pow2 <<= 1;
+	/* Set each prod_Z[i] to the product of points[0]->Z .. points[i]->Z,
+	 * skipping any zero-valued inputs (pretend that they're 1). */
 
-	heap = OPENSSL_malloc(pow2 * sizeof heap[0]);
-	if (heap == NULL) goto err;
-	
-	/* The array is used as a binary tree, exactly as in heapsort:
-	 *
-	 *                               heap[1]
-	 *                 heap[2]                     heap[3]
-	 *          heap[4]       heap[5]       heap[6]       heap[7]
-	 *   heap[8]heap[9] heap[10]heap[11] heap[12]heap[13] heap[14] heap[15]
-	 *
-	 * We put the Z's in the last line;
-	 * then we set each other node to the product of its two child-nodes (where
-	 * empty or 0 entries are treated as ones);
-	 * then we invert heap[1];
-	 * then we invert each other node by replacing it by the product of its
-	 * parent (after inversion) and its sibling (before inversion).
-	 */
-	heap[0] = NULL;
-	for (i = pow2/2 - 1; i > 0; i--)
-		heap[i] = NULL;
-	for (i = 0; i < num; i++)
-		heap[pow2/2 + i] = &points[i]->Z;
-	for (i = pow2/2 + num; i < pow2; i++)
-		heap[i] = NULL;
-	
-	/* set each node to the product of its children */
-	for (i = pow2/2 - 1; i > 0; i--)
+	if (!BN_is_zero(&points[0]->Z))
 		{
-		heap[i] = BN_new();
-		if (heap[i] == NULL) goto err;
-		
-		if (heap[2*i] != NULL)
+		if (!BN_copy(prod_Z[0], &points[0]->Z)) goto err;
+		}
+	else
+		{
+		if (group->meth->field_set_to_one != 0)
 			{
-			if ((heap[2*i + 1] == NULL) || BN_is_zero(heap[2*i + 1]))
-				{
-				if (!BN_copy(heap[i], heap[2*i])) goto err;
-				}
-			else
-				{
-				if (BN_is_zero(heap[2*i]))
-					{
-					if (!BN_copy(heap[i], heap[2*i + 1])) goto err;
-					}
-				else
-					{
-					if (!group->meth->field_mul(group, heap[i],
-						heap[2*i], heap[2*i + 1], ctx)) goto err;
-					}
-				}
+			if (!group->meth->field_set_to_one(group, prod_Z[0], ctx)) goto err;
+			}
+		else
+			{
+			if (!BN_one(prod_Z[0])) goto err;
 			}
 		}
 
-	/* invert heap[1] */
-	if (!BN_is_zero(heap[1]))
+	for (i = 1; i < num; i++)
 		{
-		if (!BN_mod_inverse(heap[1], heap[1], &group->field, ctx))
+		if (!BN_is_zero(&points[i]->Z))
 			{
-			ECerr(EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE, ERR_R_BN_LIB);
-			goto err;
+			if (!group->meth->field_mul(group, prod_Z[i], prod_Z[i - 1], &points[i]->Z, ctx)) goto err;
+			}
+		else
+			{
+			if (!BN_copy(prod_Z[i], prod_Z[i - 1])) goto err;
 			}
 		}
+
+	/* Now use a single explicit inversion to replace every
+	 * non-zero points[i]->Z by its inverse. */
+
+	if (!BN_mod_inverse(tmp, prod_Z[num - 1], &group->field, ctx))
+		{
+		ECerr(EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE, ERR_R_BN_LIB);
+		goto err;
+		}
 	if (group->meth->field_encode != 0)
 		{
-		/* in the Montgomery case, we just turned  R*H  (representing H)
+		/* In the Montgomery case, we just turned  R*H  (representing H)
 		 * into  1/(R*H),  but we need  R*(1/H)  (representing 1/H);
-		 * i.e. we have need to multiply by the Montgomery factor twice */
-		if (!group->meth->field_encode(group, heap[1], heap[1], ctx)) goto err;
-		if (!group->meth->field_encode(group, heap[1], heap[1], ctx)) goto err;
+		 * i.e. we need to multiply by the Montgomery factor twice. */
+		if (!group->meth->field_encode(group, tmp, tmp, ctx)) goto err;
+		if (!group->meth->field_encode(group, tmp, tmp, ctx)) goto err;
 		}
 
-	/* set other heap[i]'s to their inverses */
-	for (i = 2; i < pow2/2 + num; i += 2)
+	for (i = num - 1; i > 0; --i)
 		{
-		/* i is even */
-		if ((heap[i + 1] != NULL) && !BN_is_zero(heap[i + 1]))
-			{
-			if (!group->meth->field_mul(group, tmp0, heap[i/2], heap[i + 1], ctx)) goto err;
-			if (!group->meth->field_mul(group, tmp1, heap[i/2], heap[i], ctx)) goto err;
-			if (!BN_copy(heap[i], tmp0)) goto err;
-			if (!BN_copy(heap[i + 1], tmp1)) goto err;
-			}
-		else
+		/* Loop invariant: tmp is the product of the inverses of
+		 * points[0]->Z .. points[i]->Z (zero-valued inputs skipped). */
+		if (!BN_is_zero(&points[i]->Z))
 			{
-			if (!BN_copy(heap[i], heap[i/2])) goto err;
+			/* Set tmp_Z to the inverse of points[i]->Z (as product
+			 * of Z inverses 0 .. i, Z values 0 .. i - 1). */
+			if (!group->meth->field_mul(group, tmp_Z, prod_Z[i - 1], tmp, ctx)) goto err;
+			/* Update tmp to satisfy the loop invariant for i - 1. */
+			if (!group->meth->field_mul(group, tmp, tmp, &points[i]->Z, ctx)) goto err;
+			/* Replace points[i]->Z by its inverse. */
+			if (!BN_copy(&points[i]->Z, tmp_Z)) goto err;
 			}
 		}
 
-	/* we have replaced all non-zero Z's by their inverses, now fix up all the points */
+	if (!BN_is_zero(&points[0]->Z))
+		{
+		/* Replace points[0]->Z by its inverse. */
+		if (!BN_copy(&points[0]->Z, tmp)) goto err;
+		}
+
+	/* Finally, fix up the X and Y coordinates for all points. */
+
 	for (i = 0; i < num; i++)
 		{
 		EC_POINT *p = points[i];
-		
+
 		if (!BN_is_zero(&p->Z))
 			{
 			/* turn  (X, Y, 1/Z)  into  (X/Z^2, Y/Z^3, 1) */
 
-			if (!group->meth->field_sqr(group, tmp1, &p->Z, ctx)) goto err;
-			if (!group->meth->field_mul(group, &p->X, &p->X, tmp1, ctx)) goto err;
+			if (!group->meth->field_sqr(group, tmp, &p->Z, ctx)) goto err;
+			if (!group->meth->field_mul(group, &p->X, &p->X, tmp, ctx)) goto err;
+
+			if (!group->meth->field_mul(group, tmp, tmp, &p->Z, ctx)) goto err;
+			if (!group->meth->field_mul(group, &p->Y, &p->Y, tmp, ctx)) goto err;
 
-			if (!group->meth->field_mul(group, tmp1, tmp1, &p->Z, ctx)) goto err;
-			if (!group->meth->field_mul(group, &p->Y, &p->Y, tmp1, ctx)) goto err;
-		
 			if (group->meth->field_set_to_one != 0)
 				{
 				if (!group->meth->field_set_to_one(group, &p->Z, ctx)) goto err;
@@ -1329,20 +1309,19 @@ int ec_GFp_simple_points_make_affine(const EC_GROUP *group, size_t num, EC_POINT
 		}
 
 	ret = 1;
-		
+
  err:
 	BN_CTX_end(ctx);
 	if (new_ctx != NULL)
 		BN_CTX_free(new_ctx);
-	if (heap != NULL)
+	if (prod_Z != NULL)
 		{
-		/* heap[pow2/2] .. heap[pow2-1] have not been allocated locally! */
-		for (i = pow2/2 - 1; i > 0; i--)
+		for (i = 0; i < num; i++)
 			{
-			if (heap[i] != NULL)
-				BN_clear_free(heap[i]);
+			if (prod_Z[i] == NULL) break;
+			BN_clear_free(prod_Z[i]);
 			}
-		OPENSSL_free(heap);
+		OPENSSL_free(prod_Z);
 		}
 	return ret;
 	}
diff --git a/app/openssl/crypto/ec/ectest.c b/app/openssl/crypto/ec/ectest.c
index 102eaa9b..d1bf9805 100644
--- a/app/openssl/crypto/ec/ectest.c
+++ b/app/openssl/crypto/ec/ectest.c
@@ -199,6 +199,7 @@ static void group_order_tests(EC_GROUP *group)
 	EC_POINT *P = EC_POINT_new(group);
 	EC_POINT *Q = EC_POINT_new(group);
 	BN_CTX *ctx = BN_CTX_new();
+	int i;
 
 	n1 = BN_new(); n2 = BN_new(); order = BN_new();
 	fprintf(stdout, "verify group order ...");
@@ -212,21 +213,56 @@ static void group_order_tests(EC_GROUP *group)
 	if (!EC_POINT_mul(group, Q, order, NULL, NULL, ctx)) ABORT;
 	if (!EC_POINT_is_at_infinity(group, Q)) ABORT;
 	fprintf(stdout, " ok\n");
-	fprintf(stdout, "long/negative scalar tests ... ");
-	if (!BN_one(n1)) ABORT;
-	/* n1 = 1 - order */
-	if (!BN_sub(n1, n1, order)) ABORT;
-	if(!EC_POINT_mul(group, Q, NULL, P, n1, ctx)) ABORT;
-	if (0 != EC_POINT_cmp(group, Q, P, ctx)) ABORT;
-	/* n2 = 1 + order */
-	if (!BN_add(n2, order, BN_value_one())) ABORT;
-	if(!EC_POINT_mul(group, Q, NULL, P, n2, ctx)) ABORT;
-	if (0 != EC_POINT_cmp(group, Q, P, ctx)) ABORT;
-	/* n2 = (1 - order) * (1 + order) */
-	if (!BN_mul(n2, n1, n2, ctx)) ABORT;
-	if(!EC_POINT_mul(group, Q, NULL, P, n2, ctx)) ABORT;
-	if (0 != EC_POINT_cmp(group, Q, P, ctx)) ABORT;
+	fprintf(stdout, "long/negative scalar tests ");
+        for (i = 1; i <= 2; i++)
+		{
+		const BIGNUM *scalars[6];
+		const EC_POINT *points[6];
+
+		fprintf(stdout, i == 1 ?
+			"allowing precomputation ... " :
+			"without precomputation ... ");
+		if (!BN_set_word(n1, i)) ABORT;
+		/* If i == 1, P will be the predefined generator for which
+		 * EC_GROUP_precompute_mult has set up precomputation. */
+		if (!EC_POINT_mul(group, P, n1, NULL, NULL, ctx)) ABORT;
+
+		if (!BN_one(n1)) ABORT;
+		/* n1 = 1 - order */
+		if (!BN_sub(n1, n1, order)) ABORT;
+		if (!EC_POINT_mul(group, Q, NULL, P, n1, ctx)) ABORT;
+		if (0 != EC_POINT_cmp(group, Q, P, ctx)) ABORT;
+
+		/* n2 = 1 + order */
+		if (!BN_add(n2, order, BN_value_one())) ABORT;
+		if (!EC_POINT_mul(group, Q, NULL, P, n2, ctx)) ABORT;
+		if (0 != EC_POINT_cmp(group, Q, P, ctx)) ABORT;
+
+		/* n2 = (1 - order) * (1 + order) = 1 - order^2 */
+		if (!BN_mul(n2, n1, n2, ctx)) ABORT;
+		if (!EC_POINT_mul(group, Q, NULL, P, n2, ctx)) ABORT;
+		if (0 != EC_POINT_cmp(group, Q, P, ctx)) ABORT;
+
+		/* n2 = order^2 - 1 */
+		BN_set_negative(n2, 0);
+		if (!EC_POINT_mul(group, Q, NULL, P, n2, ctx)) ABORT;
+		/* Add P to verify the result. */
+		if (!EC_POINT_add(group, Q, Q, P, ctx)) ABORT;
+		if (!EC_POINT_is_at_infinity(group, Q)) ABORT;
+
+		/* Exercise EC_POINTs_mul, including corner cases. */
+		if (EC_POINT_is_at_infinity(group, P)) ABORT;
+		scalars[0] = n1; points[0] = Q; /* => infinity */
+		scalars[1] = n2; points[1] = P; /* => -P */
+		scalars[2] = n1; points[2] = Q; /* => infinity */
+		scalars[3] = n2; points[3] = Q; /* => infinity */
+		scalars[4] = n1; points[4] = P; /* => P */
+		scalars[5] = n2; points[5] = Q; /* => infinity */
+		if (!EC_POINTs_mul(group, P, NULL, 6, points, scalars, ctx)) ABORT;
+		if (!EC_POINT_is_at_infinity(group, P)) ABORT;
+		}
 	fprintf(stdout, "ok\n");
+
 	EC_POINT_free(P);
 	EC_POINT_free(Q);
 	BN_free(n1);
diff --git a/app/openssl/crypto/err/openssl.ec b/app/openssl/crypto/err/openssl.ec
index e0554b43..bafbc35d 100644
--- a/app/openssl/crypto/err/openssl.ec
+++ b/app/openssl/crypto/err/openssl.ec
@@ -71,6 +71,7 @@ R SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION		1060
 R SSL_R_TLSV1_ALERT_PROTOCOL_VERSION		1070
 R SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY	1071
 R SSL_R_TLSV1_ALERT_INTERNAL_ERROR		1080
+R SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK	1086
 R SSL_R_TLSV1_ALERT_USER_CANCELLED		1090
 R SSL_R_TLSV1_ALERT_NO_RENEGOTIATION		1100
 R SSL_R_TLSV1_UNSUPPORTED_EXTENSION		1110
diff --git a/app/openssl/crypto/evp/e_aes.c b/app/openssl/crypto/evp/e_aes.c
index ad0f7a4a..85d5aaa4 100644
--- a/app/openssl/crypto/evp/e_aes.c
+++ b/app/openssl/crypto/evp/e_aes.c
@@ -166,7 +166,7 @@ extern unsigned int OPENSSL_ia32cap_P[];
 #define VPAES_CAPABLE	(OPENSSL_ia32cap_P[1]&(1<<(41-32)))
 #endif
 #ifdef BSAES_ASM
-#define BSAES_CAPABLE	VPAES_CAPABLE
+#define BSAES_CAPABLE	(OPENSSL_ia32cap_P[1]&(1<<(41-32)))
 #endif
 /*
  * AES-NI section
@@ -873,6 +873,28 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
 		/* Extra padding: tag appended to record */
 		return EVP_GCM_TLS_TAG_LEN;
 
+	case EVP_CTRL_COPY:
+		{
+			EVP_CIPHER_CTX *out = ptr;
+			EVP_AES_GCM_CTX *gctx_out = out->cipher_data;
+			if (gctx->gcm.key)
+				{
+				if (gctx->gcm.key != &gctx->ks)
+					return 0;
+				gctx_out->gcm.key = &gctx_out->ks;
+				}
+			if (gctx->iv == c->iv)
+				gctx_out->iv = out->iv;
+			else
+			{
+				gctx_out->iv = OPENSSL_malloc(gctx->ivlen);
+				if (!gctx_out->iv)
+					return 0;
+				memcpy(gctx_out->iv, gctx->iv, gctx->ivlen);
+			}
+			return 1;
+		}
+
 	default:
 		return -1;
 
@@ -1112,7 +1134,8 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 
 #define CUSTOM_FLAGS	(EVP_CIPH_FLAG_DEFAULT_ASN1 \
 		| EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \
-		| EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT)
+		| EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT \
+		| EVP_CIPH_CUSTOM_COPY)
 
 BLOCK_CIPHER_custom(NID_aes,128,1,12,gcm,GCM,
 		EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_AEAD_CIPHER|CUSTOM_FLAGS)
@@ -1124,7 +1147,25 @@ BLOCK_CIPHER_custom(NID_aes,256,1,12,gcm,GCM,
 static int aes_xts_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
 	{
 	EVP_AES_XTS_CTX *xctx = c->cipher_data;
-	if (type != EVP_CTRL_INIT)
+	if (type == EVP_CTRL_COPY)
+		{
+		EVP_CIPHER_CTX *out = ptr;
+		EVP_AES_XTS_CTX *xctx_out = out->cipher_data;
+		if (xctx->xts.key1)
+			{
+			if (xctx->xts.key1 != &xctx->ks1)
+				return 0;
+			xctx_out->xts.key1 = &xctx_out->ks1;
+			}
+		if (xctx->xts.key2)
+			{
+			if (xctx->xts.key2 != &xctx->ks2)
+				return 0;
+			xctx_out->xts.key2 = &xctx_out->ks2;
+			}
+		return 1;
+		}
+	else if (type != EVP_CTRL_INIT)
 		return -1;
 	/* key1 and key2 are used as an indicator both key and IV are set */
 	xctx->xts.key1 = NULL;
@@ -1256,7 +1297,8 @@ static int aes_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 #define aes_xts_cleanup NULL
 
 #define XTS_FLAGS	(EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CUSTOM_IV \
-			 | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT)
+			 | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT \
+			 | EVP_CIPH_CUSTOM_COPY)
 
 BLOCK_CIPHER_custom(NID_aes,128,1,16,xts,XTS,EVP_CIPH_FLAG_FIPS|XTS_FLAGS)
 BLOCK_CIPHER_custom(NID_aes,256,1,16,xts,XTS,EVP_CIPH_FLAG_FIPS|XTS_FLAGS)
@@ -1306,6 +1348,19 @@ static int aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
 		cctx->len_set = 0;
 		return 1;
 
+	case EVP_CTRL_COPY:
+		{
+			EVP_CIPHER_CTX *out = ptr;
+			EVP_AES_CCM_CTX *cctx_out = out->cipher_data;
+			if (cctx->ccm.key)
+				{
+				if (cctx->ccm.key != &cctx->ks)
+					return 0;
+				cctx_out->ccm.key = &cctx_out->ks;
+				}
+			return 1;
+		}
+
 	default:
 		return -1;
 
diff --git a/app/openssl/crypto/evp/evp_enc.c b/app/openssl/crypto/evp/evp_enc.c
index 0c54f05e..7b1842a5 100644
--- a/app/openssl/crypto/evp/evp_enc.c
+++ b/app/openssl/crypto/evp/evp_enc.c
@@ -67,6 +67,7 @@
 #ifdef OPENSSL_FIPS
 #include <openssl/fips.h>
 #endif
+#include "constant_time_locl.h"
 #include "evp_locl.h"
 
 #ifdef OPENSSL_FIPS
@@ -500,21 +501,21 @@ int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
 
 int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
 	{
-	int i,n;
-	unsigned int b;
+	unsigned int i, b;
+        unsigned char pad, padding_good;
 	*outl=0;
 
 	if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER)
 		{
-		i = M_do_cipher(ctx, out, NULL, 0);
-		if (i < 0)
+		int ret = M_do_cipher(ctx, out, NULL, 0);
+		if (ret < 0)
 			return 0;
 		else
-			*outl = i;
+			*outl = ret;
 		return 1;
 		}
 
-	b=ctx->cipher->block_size;
+	b=(unsigned int)(ctx->cipher->block_size);
 	if (ctx->flags & EVP_CIPH_NO_PADDING)
 		{
 		if(ctx->buf_len)
@@ -533,28 +534,34 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
 			return(0);
 			}
 		OPENSSL_assert(b <= sizeof ctx->final);
-		n=ctx->final[b-1];
-		if (n == 0 || n > (int)b)
-			{
-			EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_BAD_DECRYPT);
-			return(0);
-			}
-		for (i=0; i<n; i++)
+		pad=ctx->final[b-1];
+
+		padding_good = (unsigned char)(~constant_time_is_zero_8(pad));
+		padding_good &= constant_time_ge_8(b, pad);
+
+                for (i = 1; i < b; ++i)
 			{
-			if (ctx->final[--b] != n)
-				{
-				EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_BAD_DECRYPT);
-				return(0);
-				}
+			unsigned char is_pad_index = constant_time_lt_8(i, pad);
+			unsigned char pad_byte_good = constant_time_eq_8(ctx->final[b-i-1], pad);
+			padding_good &= constant_time_select_8(is_pad_index, pad_byte_good, 0xff);
 			}
-		n=ctx->cipher->block_size-n;
-		for (i=0; i<n; i++)
-			out[i]=ctx->final[i];
-		*outl=n;
+
+		/*
+		 * At least 1 byte is always padding, so we always write b - 1
+		 * bytes to avoid a timing leak. The caller is required to have |b|
+		 * bytes space in |out| by the API contract.
+		 */
+		for (i = 0; i < b - 1; ++i)
+			out[i] = ctx->final[i] & padding_good;
+		/* Safe cast: for a good padding, EVP_MAX_IV_LENGTH >= b >= pad */
+		*outl = padding_good & ((unsigned char)(b - pad));
+		return padding_good & 1;
 		}
 	else
-		*outl=0;
-	return(1);
+		{
+		*outl = 0;
+		return 1;
+		}
 	}
 
 void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx)
@@ -678,4 +685,3 @@ int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in)
 		return in->cipher->ctrl((EVP_CIPHER_CTX *)in, EVP_CTRL_COPY, 0, out);
 	return 1;
 	}
-
diff --git a/app/openssl/crypto/evp/evp_pbe.c b/app/openssl/crypto/evp/evp_pbe.c
index f8c32d82..59696959 100644
--- a/app/openssl/crypto/evp/evp_pbe.c
+++ b/app/openssl/crypto/evp/evp_pbe.c
@@ -259,7 +259,7 @@ int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md,
 	{
 	int cipher_nid, md_nid;
 	if (cipher)
-		cipher_nid = EVP_CIPHER_type(cipher);
+		cipher_nid = EVP_CIPHER_nid(cipher);
 	else
 		cipher_nid = -1;
 	if (md)
diff --git a/app/openssl/crypto/md5/asm/md5-x86_64.pl b/app/openssl/crypto/md5/asm/md5-x86_64.pl
index f11224d1..381bf77e 100755
--- a/app/openssl/crypto/md5/asm/md5-x86_64.pl
+++ b/app/openssl/crypto/md5/asm/md5-x86_64.pl
@@ -108,6 +108,7 @@ sub round4_step
 EOF
 }
 
+no warnings qw(uninitialized);
 my $flavour = shift;
 my $output  = shift;
 if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
@@ -119,7 +120,6 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; my $dir=$1; my $xlate;
 ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
 die "can't locate x86_64-xlate.pl";
 
-no warnings qw(uninitialized);
 open OUT,"| \"$^X\" $xlate $flavour $output";
 *STDOUT=*OUT;
 
diff --git a/app/openssl/crypto/objects/obj_dat.c b/app/openssl/crypto/objects/obj_dat.c
index 8a342ba3..0b2f4424 100644
--- a/app/openssl/crypto/objects/obj_dat.c
+++ b/app/openssl/crypto/objects/obj_dat.c
@@ -471,11 +471,12 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name)
 	const unsigned char *p;
 	char tbuf[DECIMAL_SIZE(i)+DECIMAL_SIZE(l)+2];
 
-	if ((a == NULL) || (a->data == NULL)) {
-		buf[0]='\0';
-		return(0);
-	}
+	/* Ensure that, at every state, |buf| is NUL-terminated. */
+	if (buf && buf_len > 0)
+		buf[0] = '\0';
 
+	if ((a == NULL) || (a->data == NULL))
+		return(0);
 
 	if (!no_name && (nid=OBJ_obj2nid(a)) != NID_undef)
 		{
@@ -554,9 +555,10 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name)
 				i=(int)(l/40);
 				l-=(long)(i*40);
 				}
-			if (buf && (buf_len > 0))
+			if (buf && (buf_len > 1))
 				{
 				*buf++ = i + '0';
+				*buf = '\0';
 				buf_len--;
 				}
 			n++;
@@ -571,9 +573,10 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name)
 			i = strlen(bndec);
 			if (buf)
 				{
-				if (buf_len > 0)
+				if (buf_len > 1)
 					{
 					*buf++ = '.';
+					*buf = '\0';
 					buf_len--;
 					}
 				BUF_strlcpy(buf,bndec,buf_len);
@@ -807,4 +810,3 @@ err:
 	OPENSSL_free(buf);
 	return(ok);
 	}
-
diff --git a/app/openssl/crypto/objects/obj_dat.h b/app/openssl/crypto/objects/obj_dat.h
index d404ad07..bc69665b 100644
--- a/app/openssl/crypto/objects/obj_dat.h
+++ b/app/openssl/crypto/objects/obj_dat.h
@@ -67,1908 +67,1901 @@
 #define NUM_LN 913
 #define NUM_OBJ 857
 
-static const unsigned char lvalues[5980]={
-0x00,                                        /* [  0] OBJ_undef */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,               /* [  1] OBJ_rsadsi */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,          /* [  7] OBJ_pkcs */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x02,     /* [ 14] OBJ_md2 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x05,     /* [ 22] OBJ_md5 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x04,     /* [ 30] OBJ_rc4 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x01,/* [ 38] OBJ_rsaEncryption */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x02,/* [ 47] OBJ_md2WithRSAEncryption */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x04,/* [ 56] OBJ_md5WithRSAEncryption */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x01,/* [ 65] OBJ_pbeWithMD2AndDES_CBC */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x03,/* [ 74] OBJ_pbeWithMD5AndDES_CBC */
-0x55,                                        /* [ 83] OBJ_X500 */
-0x55,0x04,                                   /* [ 84] OBJ_X509 */
-0x55,0x04,0x03,                              /* [ 86] OBJ_commonName */
-0x55,0x04,0x06,                              /* [ 89] OBJ_countryName */
-0x55,0x04,0x07,                              /* [ 92] OBJ_localityName */
-0x55,0x04,0x08,                              /* [ 95] OBJ_stateOrProvinceName */
-0x55,0x04,0x0A,                              /* [ 98] OBJ_organizationName */
-0x55,0x04,0x0B,                              /* [101] OBJ_organizationalUnitName */
-0x55,0x08,0x01,0x01,                         /* [104] OBJ_rsa */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,     /* [108] OBJ_pkcs7 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x01,/* [116] OBJ_pkcs7_data */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x02,/* [125] OBJ_pkcs7_signed */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x03,/* [134] OBJ_pkcs7_enveloped */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x04,/* [143] OBJ_pkcs7_signedAndEnveloped */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x05,/* [152] OBJ_pkcs7_digest */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x06,/* [161] OBJ_pkcs7_encrypted */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x03,     /* [170] OBJ_pkcs3 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x03,0x01,/* [178] OBJ_dhKeyAgreement */
-0x2B,0x0E,0x03,0x02,0x06,                    /* [187] OBJ_des_ecb */
-0x2B,0x0E,0x03,0x02,0x09,                    /* [192] OBJ_des_cfb64 */
-0x2B,0x0E,0x03,0x02,0x07,                    /* [197] OBJ_des_cbc */
-0x2B,0x0E,0x03,0x02,0x11,                    /* [202] OBJ_des_ede_ecb */
-0x2B,0x06,0x01,0x04,0x01,0x81,0x3C,0x07,0x01,0x01,0x02,/* [207] OBJ_idea_cbc */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x02,     /* [218] OBJ_rc2_cbc */
-0x2B,0x0E,0x03,0x02,0x12,                    /* [226] OBJ_sha */
-0x2B,0x0E,0x03,0x02,0x0F,                    /* [231] OBJ_shaWithRSAEncryption */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x07,     /* [236] OBJ_des_ede3_cbc */
-0x2B,0x0E,0x03,0x02,0x08,                    /* [244] OBJ_des_ofb64 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,     /* [249] OBJ_pkcs9 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x01,/* [257] OBJ_pkcs9_emailAddress */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x02,/* [266] OBJ_pkcs9_unstructuredName */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x03,/* [275] OBJ_pkcs9_contentType */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x04,/* [284] OBJ_pkcs9_messageDigest */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x05,/* [293] OBJ_pkcs9_signingTime */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x06,/* [302] OBJ_pkcs9_countersignature */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x07,/* [311] OBJ_pkcs9_challengePassword */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x08,/* [320] OBJ_pkcs9_unstructuredAddress */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x09,/* [329] OBJ_pkcs9_extCertAttributes */
-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,          /* [338] OBJ_netscape */
-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,     /* [345] OBJ_netscape_cert_extension */
-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x02,     /* [353] OBJ_netscape_data_type */
-0x2B,0x0E,0x03,0x02,0x1A,                    /* [361] OBJ_sha1 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,/* [366] OBJ_sha1WithRSAEncryption */
-0x2B,0x0E,0x03,0x02,0x0D,                    /* [375] OBJ_dsaWithSHA */
-0x2B,0x0E,0x03,0x02,0x0C,                    /* [380] OBJ_dsa_2 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0B,/* [385] OBJ_pbeWithSHA1AndRC2_CBC */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0C,/* [394] OBJ_id_pbkdf2 */
-0x2B,0x0E,0x03,0x02,0x1B,                    /* [403] OBJ_dsaWithSHA1_2 */
-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x01,/* [408] OBJ_netscape_cert_type */
-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x02,/* [417] OBJ_netscape_base_url */
-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x03,/* [426] OBJ_netscape_revocation_url */
-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x04,/* [435] OBJ_netscape_ca_revocation_url */
-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x07,/* [444] OBJ_netscape_renewal_url */
-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x08,/* [453] OBJ_netscape_ca_policy_url */
-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x0C,/* [462] OBJ_netscape_ssl_server_name */
-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x0D,/* [471] OBJ_netscape_comment */
-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x02,0x05,/* [480] OBJ_netscape_cert_sequence */
-0x55,0x1D,                                   /* [489] OBJ_id_ce */
-0x55,0x1D,0x0E,                              /* [491] OBJ_subject_key_identifier */
-0x55,0x1D,0x0F,                              /* [494] OBJ_key_usage */
-0x55,0x1D,0x10,                              /* [497] OBJ_private_key_usage_period */
-0x55,0x1D,0x11,                              /* [500] OBJ_subject_alt_name */
-0x55,0x1D,0x12,                              /* [503] OBJ_issuer_alt_name */
-0x55,0x1D,0x13,                              /* [506] OBJ_basic_constraints */
-0x55,0x1D,0x14,                              /* [509] OBJ_crl_number */
-0x55,0x1D,0x20,                              /* [512] OBJ_certificate_policies */
-0x55,0x1D,0x23,                              /* [515] OBJ_authority_key_identifier */
-0x2B,0x06,0x01,0x04,0x01,0x97,0x55,0x01,0x02,/* [518] OBJ_bf_cbc */
-0x55,0x08,0x03,0x65,                         /* [527] OBJ_mdc2 */
-0x55,0x08,0x03,0x64,                         /* [531] OBJ_mdc2WithRSA */
-0x55,0x04,0x2A,                              /* [535] OBJ_givenName */
-0x55,0x04,0x04,                              /* [538] OBJ_surname */
-0x55,0x04,0x2B,                              /* [541] OBJ_initials */
-0x55,0x1D,0x1F,                              /* [544] OBJ_crl_distribution_points */
-0x2B,0x0E,0x03,0x02,0x03,                    /* [547] OBJ_md5WithRSA */
-0x55,0x04,0x05,                              /* [552] OBJ_serialNumber */
-0x55,0x04,0x0C,                              /* [555] OBJ_title */
-0x55,0x04,0x0D,                              /* [558] OBJ_description */
-0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x0A,/* [561] OBJ_cast5_cbc */
-0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x0C,/* [570] OBJ_pbeWithMD5AndCast5_CBC */
-0x2A,0x86,0x48,0xCE,0x38,0x04,0x03,          /* [579] OBJ_dsaWithSHA1 */
-0x2B,0x0E,0x03,0x02,0x1D,                    /* [586] OBJ_sha1WithRSA */
-0x2A,0x86,0x48,0xCE,0x38,0x04,0x01,          /* [591] OBJ_dsa */
-0x2B,0x24,0x03,0x02,0x01,                    /* [598] OBJ_ripemd160 */
-0x2B,0x24,0x03,0x03,0x01,0x02,               /* [603] OBJ_ripemd160WithRSA */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x08,     /* [609] OBJ_rc5_cbc */
-0x29,0x01,0x01,0x85,0x1A,0x01,               /* [617] OBJ_rle_compression */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x08,/* [623] OBJ_zlib_compression */
-0x55,0x1D,0x25,                              /* [634] OBJ_ext_key_usage */
-0x2B,0x06,0x01,0x05,0x05,0x07,               /* [637] OBJ_id_pkix */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,          /* [643] OBJ_id_kp */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x01,     /* [650] OBJ_server_auth */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x02,     /* [658] OBJ_client_auth */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x03,     /* [666] OBJ_code_sign */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x04,     /* [674] OBJ_email_protect */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x08,     /* [682] OBJ_time_stamp */
-0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x15,/* [690] OBJ_ms_code_ind */
-0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x16,/* [700] OBJ_ms_code_com */
-0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x01,/* [710] OBJ_ms_ctl_sign */
-0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x03,/* [720] OBJ_ms_sgc */
-0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x04,/* [730] OBJ_ms_efs */
-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x04,0x01,/* [740] OBJ_ns_sgc */
-0x55,0x1D,0x1B,                              /* [749] OBJ_delta_crl */
-0x55,0x1D,0x15,                              /* [752] OBJ_crl_reason */
-0x55,0x1D,0x18,                              /* [755] OBJ_invalidity_date */
-0x2B,0x65,0x01,0x04,0x01,                    /* [758] OBJ_sxnet */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x01,/* [763] OBJ_pbe_WithSHA1And128BitRC4 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x02,/* [773] OBJ_pbe_WithSHA1And40BitRC4 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x03,/* [783] OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x04,/* [793] OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x05,/* [803] OBJ_pbe_WithSHA1And128BitRC2_CBC */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x06,/* [813] OBJ_pbe_WithSHA1And40BitRC2_CBC */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x01,/* [823] OBJ_keyBag */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x02,/* [834] OBJ_pkcs8ShroudedKeyBag */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x03,/* [845] OBJ_certBag */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x04,/* [856] OBJ_crlBag */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x05,/* [867] OBJ_secretBag */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x06,/* [878] OBJ_safeContentsBag */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x14,/* [889] OBJ_friendlyName */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x15,/* [898] OBJ_localKeyID */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x16,0x01,/* [907] OBJ_x509Certificate */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x16,0x02,/* [917] OBJ_sdsiCertificate */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x17,0x01,/* [927] OBJ_x509Crl */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0D,/* [937] OBJ_pbes2 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0E,/* [946] OBJ_pbmac1 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x07,     /* [955] OBJ_hmacWithSHA1 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x01,     /* [963] OBJ_id_qt_cps */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x02,     /* [971] OBJ_id_qt_unotice */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x0F,/* [979] OBJ_SMIMECapabilities */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x04,/* [988] OBJ_pbeWithMD2AndRC2_CBC */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x06,/* [997] OBJ_pbeWithMD5AndRC2_CBC */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0A,/* [1006] OBJ_pbeWithSHA1AndDES_CBC */
-0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x0E,/* [1015] OBJ_ms_ext_req */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x0E,/* [1025] OBJ_ext_req */
-0x55,0x04,0x29,                              /* [1034] OBJ_name */
-0x55,0x04,0x2E,                              /* [1037] OBJ_dnQualifier */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,          /* [1040] OBJ_id_pe */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,          /* [1047] OBJ_id_ad */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x01,     /* [1054] OBJ_info_access */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,     /* [1062] OBJ_ad_OCSP */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x02,     /* [1070] OBJ_ad_ca_issuers */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x09,     /* [1078] OBJ_OCSP_sign */
-0x28,                                        /* [1086] OBJ_iso */
-0x2A,                                        /* [1087] OBJ_member_body */
-0x2A,0x86,0x48,                              /* [1088] OBJ_ISO_US */
-0x2A,0x86,0x48,0xCE,0x38,                    /* [1091] OBJ_X9_57 */
-0x2A,0x86,0x48,0xCE,0x38,0x04,               /* [1096] OBJ_X9cm */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,     /* [1102] OBJ_pkcs1 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,     /* [1110] OBJ_pkcs5 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,/* [1118] OBJ_SMIME */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,/* [1127] OBJ_id_smime_mod */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,/* [1137] OBJ_id_smime_ct */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,/* [1147] OBJ_id_smime_aa */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,/* [1157] OBJ_id_smime_alg */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x04,/* [1167] OBJ_id_smime_cd */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,/* [1177] OBJ_id_smime_spq */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,/* [1187] OBJ_id_smime_cti */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x01,/* [1197] OBJ_id_smime_mod_cms */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x02,/* [1208] OBJ_id_smime_mod_ess */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x03,/* [1219] OBJ_id_smime_mod_oid */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x04,/* [1230] OBJ_id_smime_mod_msg_v3 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x05,/* [1241] OBJ_id_smime_mod_ets_eSignature_88 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x06,/* [1252] OBJ_id_smime_mod_ets_eSignature_97 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x07,/* [1263] OBJ_id_smime_mod_ets_eSigPolicy_88 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x08,/* [1274] OBJ_id_smime_mod_ets_eSigPolicy_97 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x01,/* [1285] OBJ_id_smime_ct_receipt */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x02,/* [1296] OBJ_id_smime_ct_authData */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x03,/* [1307] OBJ_id_smime_ct_publishCert */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x04,/* [1318] OBJ_id_smime_ct_TSTInfo */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x05,/* [1329] OBJ_id_smime_ct_TDTInfo */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x06,/* [1340] OBJ_id_smime_ct_contentInfo */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x07,/* [1351] OBJ_id_smime_ct_DVCSRequestData */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x08,/* [1362] OBJ_id_smime_ct_DVCSResponseData */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x01,/* [1373] OBJ_id_smime_aa_receiptRequest */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x02,/* [1384] OBJ_id_smime_aa_securityLabel */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x03,/* [1395] OBJ_id_smime_aa_mlExpandHistory */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x04,/* [1406] OBJ_id_smime_aa_contentHint */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x05,/* [1417] OBJ_id_smime_aa_msgSigDigest */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x06,/* [1428] OBJ_id_smime_aa_encapContentType */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x07,/* [1439] OBJ_id_smime_aa_contentIdentifier */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x08,/* [1450] OBJ_id_smime_aa_macValue */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x09,/* [1461] OBJ_id_smime_aa_equivalentLabels */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0A,/* [1472] OBJ_id_smime_aa_contentReference */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0B,/* [1483] OBJ_id_smime_aa_encrypKeyPref */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0C,/* [1494] OBJ_id_smime_aa_signingCertificate */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0D,/* [1505] OBJ_id_smime_aa_smimeEncryptCerts */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0E,/* [1516] OBJ_id_smime_aa_timeStampToken */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0F,/* [1527] OBJ_id_smime_aa_ets_sigPolicyId */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x10,/* [1538] OBJ_id_smime_aa_ets_commitmentType */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x11,/* [1549] OBJ_id_smime_aa_ets_signerLocation */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x12,/* [1560] OBJ_id_smime_aa_ets_signerAttr */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x13,/* [1571] OBJ_id_smime_aa_ets_otherSigCert */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x14,/* [1582] OBJ_id_smime_aa_ets_contentTimestamp */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x15,/* [1593] OBJ_id_smime_aa_ets_CertificateRefs */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x16,/* [1604] OBJ_id_smime_aa_ets_RevocationRefs */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x17,/* [1615] OBJ_id_smime_aa_ets_certValues */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x18,/* [1626] OBJ_id_smime_aa_ets_revocationValues */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x19,/* [1637] OBJ_id_smime_aa_ets_escTimeStamp */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1A,/* [1648] OBJ_id_smime_aa_ets_certCRLTimestamp */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1B,/* [1659] OBJ_id_smime_aa_ets_archiveTimeStamp */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1C,/* [1670] OBJ_id_smime_aa_signatureType */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1D,/* [1681] OBJ_id_smime_aa_dvcs_dvc */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x01,/* [1692] OBJ_id_smime_alg_ESDHwith3DES */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x02,/* [1703] OBJ_id_smime_alg_ESDHwithRC2 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x03,/* [1714] OBJ_id_smime_alg_3DESwrap */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x04,/* [1725] OBJ_id_smime_alg_RC2wrap */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x05,/* [1736] OBJ_id_smime_alg_ESDH */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x06,/* [1747] OBJ_id_smime_alg_CMS3DESwrap */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x07,/* [1758] OBJ_id_smime_alg_CMSRC2wrap */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x04,0x01,/* [1769] OBJ_id_smime_cd_ldap */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,0x01,/* [1780] OBJ_id_smime_spq_ets_sqt_uri */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,0x02,/* [1791] OBJ_id_smime_spq_ets_sqt_unotice */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x01,/* [1802] OBJ_id_smime_cti_ets_proofOfOrigin */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x02,/* [1813] OBJ_id_smime_cti_ets_proofOfReceipt */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x03,/* [1824] OBJ_id_smime_cti_ets_proofOfDelivery */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x04,/* [1835] OBJ_id_smime_cti_ets_proofOfSender */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x05,/* [1846] OBJ_id_smime_cti_ets_proofOfApproval */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x06,/* [1857] OBJ_id_smime_cti_ets_proofOfCreation */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x04,     /* [1868] OBJ_md4 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,          /* [1876] OBJ_id_pkix_mod */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x02,          /* [1883] OBJ_id_qt */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,          /* [1890] OBJ_id_it */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x05,          /* [1897] OBJ_id_pkip */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x06,          /* [1904] OBJ_id_alg */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,          /* [1911] OBJ_id_cmc */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x08,          /* [1918] OBJ_id_on */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x09,          /* [1925] OBJ_id_pda */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,          /* [1932] OBJ_id_aca */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0B,          /* [1939] OBJ_id_qcs */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,          /* [1946] OBJ_id_cct */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x01,     /* [1953] OBJ_id_pkix1_explicit_88 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x02,     /* [1961] OBJ_id_pkix1_implicit_88 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x03,     /* [1969] OBJ_id_pkix1_explicit_93 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x04,     /* [1977] OBJ_id_pkix1_implicit_93 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x05,     /* [1985] OBJ_id_mod_crmf */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x06,     /* [1993] OBJ_id_mod_cmc */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x07,     /* [2001] OBJ_id_mod_kea_profile_88 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x08,     /* [2009] OBJ_id_mod_kea_profile_93 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x09,     /* [2017] OBJ_id_mod_cmp */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0A,     /* [2025] OBJ_id_mod_qualified_cert_88 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0B,     /* [2033] OBJ_id_mod_qualified_cert_93 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0C,     /* [2041] OBJ_id_mod_attribute_cert */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0D,     /* [2049] OBJ_id_mod_timestamp_protocol */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0E,     /* [2057] OBJ_id_mod_ocsp */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0F,     /* [2065] OBJ_id_mod_dvcs */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x10,     /* [2073] OBJ_id_mod_cmp2000 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x02,     /* [2081] OBJ_biometricInfo */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x03,     /* [2089] OBJ_qcStatements */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x04,     /* [2097] OBJ_ac_auditEntity */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x05,     /* [2105] OBJ_ac_targeting */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x06,     /* [2113] OBJ_aaControls */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x07,     /* [2121] OBJ_sbgp_ipAddrBlock */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x08,     /* [2129] OBJ_sbgp_autonomousSysNum */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x09,     /* [2137] OBJ_sbgp_routerIdentifier */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x03,     /* [2145] OBJ_textNotice */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x05,     /* [2153] OBJ_ipsecEndSystem */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x06,     /* [2161] OBJ_ipsecTunnel */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x07,     /* [2169] OBJ_ipsecUser */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x0A,     /* [2177] OBJ_dvcs */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x01,     /* [2185] OBJ_id_it_caProtEncCert */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x02,     /* [2193] OBJ_id_it_signKeyPairTypes */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x03,     /* [2201] OBJ_id_it_encKeyPairTypes */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x04,     /* [2209] OBJ_id_it_preferredSymmAlg */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x05,     /* [2217] OBJ_id_it_caKeyUpdateInfo */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x06,     /* [2225] OBJ_id_it_currentCRL */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x07,     /* [2233] OBJ_id_it_unsupportedOIDs */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x08,     /* [2241] OBJ_id_it_subscriptionRequest */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x09,     /* [2249] OBJ_id_it_subscriptionResponse */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0A,     /* [2257] OBJ_id_it_keyPairParamReq */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0B,     /* [2265] OBJ_id_it_keyPairParamRep */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0C,     /* [2273] OBJ_id_it_revPassphrase */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0D,     /* [2281] OBJ_id_it_implicitConfirm */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0E,     /* [2289] OBJ_id_it_confirmWaitTime */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0F,     /* [2297] OBJ_id_it_origPKIMessage */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,     /* [2305] OBJ_id_regCtrl */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02,     /* [2313] OBJ_id_regInfo */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x01,/* [2321] OBJ_id_regCtrl_regToken */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x02,/* [2330] OBJ_id_regCtrl_authenticator */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x03,/* [2339] OBJ_id_regCtrl_pkiPublicationInfo */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x04,/* [2348] OBJ_id_regCtrl_pkiArchiveOptions */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x05,/* [2357] OBJ_id_regCtrl_oldCertID */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x06,/* [2366] OBJ_id_regCtrl_protocolEncrKey */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02,0x01,/* [2375] OBJ_id_regInfo_utf8Pairs */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02,0x02,/* [2384] OBJ_id_regInfo_certReq */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x01,     /* [2393] OBJ_id_alg_des40 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x02,     /* [2401] OBJ_id_alg_noSignature */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x03,     /* [2409] OBJ_id_alg_dh_sig_hmac_sha1 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x04,     /* [2417] OBJ_id_alg_dh_pop */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x01,     /* [2425] OBJ_id_cmc_statusInfo */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x02,     /* [2433] OBJ_id_cmc_identification */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x03,     /* [2441] OBJ_id_cmc_identityProof */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x04,     /* [2449] OBJ_id_cmc_dataReturn */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x05,     /* [2457] OBJ_id_cmc_transactionId */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x06,     /* [2465] OBJ_id_cmc_senderNonce */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x07,     /* [2473] OBJ_id_cmc_recipientNonce */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x08,     /* [2481] OBJ_id_cmc_addExtensions */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x09,     /* [2489] OBJ_id_cmc_encryptedPOP */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0A,     /* [2497] OBJ_id_cmc_decryptedPOP */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0B,     /* [2505] OBJ_id_cmc_lraPOPWitness */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0F,     /* [2513] OBJ_id_cmc_getCert */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x10,     /* [2521] OBJ_id_cmc_getCRL */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x11,     /* [2529] OBJ_id_cmc_revokeRequest */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x12,     /* [2537] OBJ_id_cmc_regInfo */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x13,     /* [2545] OBJ_id_cmc_responseInfo */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x15,     /* [2553] OBJ_id_cmc_queryPending */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x16,     /* [2561] OBJ_id_cmc_popLinkRandom */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x17,     /* [2569] OBJ_id_cmc_popLinkWitness */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x18,     /* [2577] OBJ_id_cmc_confirmCertAcceptance */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x08,0x01,     /* [2585] OBJ_id_on_personalData */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x01,     /* [2593] OBJ_id_pda_dateOfBirth */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x02,     /* [2601] OBJ_id_pda_placeOfBirth */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x03,     /* [2609] OBJ_id_pda_gender */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x04,     /* [2617] OBJ_id_pda_countryOfCitizenship */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x05,     /* [2625] OBJ_id_pda_countryOfResidence */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x01,     /* [2633] OBJ_id_aca_authenticationInfo */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x02,     /* [2641] OBJ_id_aca_accessIdentity */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x03,     /* [2649] OBJ_id_aca_chargingIdentity */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x04,     /* [2657] OBJ_id_aca_group */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x05,     /* [2665] OBJ_id_aca_role */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0B,0x01,     /* [2673] OBJ_id_qcs_pkixQCSyntax_v1 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x01,     /* [2681] OBJ_id_cct_crs */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x02,     /* [2689] OBJ_id_cct_PKIData */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x03,     /* [2697] OBJ_id_cct_PKIResponse */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x03,     /* [2705] OBJ_ad_timeStamping */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x04,     /* [2713] OBJ_ad_dvcs */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x01,/* [2721] OBJ_id_pkix_OCSP_basic */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x02,/* [2730] OBJ_id_pkix_OCSP_Nonce */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x03,/* [2739] OBJ_id_pkix_OCSP_CrlID */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x04,/* [2748] OBJ_id_pkix_OCSP_acceptableResponses */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x05,/* [2757] OBJ_id_pkix_OCSP_noCheck */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x06,/* [2766] OBJ_id_pkix_OCSP_archiveCutoff */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x07,/* [2775] OBJ_id_pkix_OCSP_serviceLocator */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x08,/* [2784] OBJ_id_pkix_OCSP_extendedStatus */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x09,/* [2793] OBJ_id_pkix_OCSP_valid */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x0A,/* [2802] OBJ_id_pkix_OCSP_path */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x0B,/* [2811] OBJ_id_pkix_OCSP_trustRoot */
-0x2B,0x0E,0x03,0x02,                         /* [2820] OBJ_algorithm */
-0x2B,0x0E,0x03,0x02,0x0B,                    /* [2824] OBJ_rsaSignature */
-0x55,0x08,                                   /* [2829] OBJ_X500algorithms */
-0x2B,                                        /* [2831] OBJ_org */
-0x2B,0x06,                                   /* [2832] OBJ_dod */
-0x2B,0x06,0x01,                              /* [2834] OBJ_iana */
-0x2B,0x06,0x01,0x01,                         /* [2837] OBJ_Directory */
-0x2B,0x06,0x01,0x02,                         /* [2841] OBJ_Management */
-0x2B,0x06,0x01,0x03,                         /* [2845] OBJ_Experimental */
-0x2B,0x06,0x01,0x04,                         /* [2849] OBJ_Private */
-0x2B,0x06,0x01,0x05,                         /* [2853] OBJ_Security */
-0x2B,0x06,0x01,0x06,                         /* [2857] OBJ_SNMPv2 */
-0x2B,0x06,0x01,0x07,                         /* [2861] OBJ_Mail */
-0x2B,0x06,0x01,0x04,0x01,                    /* [2865] OBJ_Enterprises */
-0x2B,0x06,0x01,0x04,0x01,0x8B,0x3A,0x82,0x58,/* [2870] OBJ_dcObject */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x19,/* [2879] OBJ_domainComponent */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0D,/* [2889] OBJ_Domain */
-0x00,                                        /* [2899] OBJ_joint_iso_ccitt */
-0x55,0x01,0x05,                              /* [2900] OBJ_selected_attribute_types */
-0x55,0x01,0x05,0x37,                         /* [2903] OBJ_clearance */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x03,/* [2907] OBJ_md4WithRSAEncryption */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0A,     /* [2916] OBJ_ac_proxying */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0B,     /* [2924] OBJ_sinfo_access */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x06,     /* [2932] OBJ_id_aca_encAttrs */
-0x55,0x04,0x48,                              /* [2940] OBJ_role */
-0x55,0x1D,0x24,                              /* [2943] OBJ_policy_constraints */
-0x55,0x1D,0x37,                              /* [2946] OBJ_target_information */
-0x55,0x1D,0x38,                              /* [2949] OBJ_no_rev_avail */
-0x00,                                        /* [2952] OBJ_ccitt */
-0x2A,0x86,0x48,0xCE,0x3D,                    /* [2953] OBJ_ansi_X9_62 */
-0x2A,0x86,0x48,0xCE,0x3D,0x01,0x01,          /* [2958] OBJ_X9_62_prime_field */
-0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,          /* [2965] OBJ_X9_62_characteristic_two_field */
-0x2A,0x86,0x48,0xCE,0x3D,0x02,0x01,          /* [2972] OBJ_X9_62_id_ecPublicKey */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x01,     /* [2979] OBJ_X9_62_prime192v1 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x02,     /* [2987] OBJ_X9_62_prime192v2 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x03,     /* [2995] OBJ_X9_62_prime192v3 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x04,     /* [3003] OBJ_X9_62_prime239v1 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x05,     /* [3011] OBJ_X9_62_prime239v2 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x06,     /* [3019] OBJ_X9_62_prime239v3 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x07,     /* [3027] OBJ_X9_62_prime256v1 */
-0x2A,0x86,0x48,0xCE,0x3D,0x04,0x01,          /* [3035] OBJ_ecdsa_with_SHA1 */
-0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x11,0x01,/* [3042] OBJ_ms_csp_name */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x01,/* [3051] OBJ_aes_128_ecb */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x02,/* [3060] OBJ_aes_128_cbc */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x03,/* [3069] OBJ_aes_128_ofb128 */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x04,/* [3078] OBJ_aes_128_cfb128 */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x15,/* [3087] OBJ_aes_192_ecb */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x16,/* [3096] OBJ_aes_192_cbc */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x17,/* [3105] OBJ_aes_192_ofb128 */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x18,/* [3114] OBJ_aes_192_cfb128 */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x29,/* [3123] OBJ_aes_256_ecb */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2A,/* [3132] OBJ_aes_256_cbc */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2B,/* [3141] OBJ_aes_256_ofb128 */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2C,/* [3150] OBJ_aes_256_cfb128 */
-0x55,0x1D,0x17,                              /* [3159] OBJ_hold_instruction_code */
-0x2A,0x86,0x48,0xCE,0x38,0x02,0x01,          /* [3162] OBJ_hold_instruction_none */
-0x2A,0x86,0x48,0xCE,0x38,0x02,0x02,          /* [3169] OBJ_hold_instruction_call_issuer */
-0x2A,0x86,0x48,0xCE,0x38,0x02,0x03,          /* [3176] OBJ_hold_instruction_reject */
-0x09,                                        /* [3183] OBJ_data */
-0x09,0x92,0x26,                              /* [3184] OBJ_pss */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,          /* [3187] OBJ_ucl */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,     /* [3194] OBJ_pilot */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,/* [3202] OBJ_pilotAttributeType */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,/* [3211] OBJ_pilotAttributeSyntax */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,/* [3220] OBJ_pilotObjectClass */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x0A,/* [3229] OBJ_pilotGroups */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,0x04,/* [3238] OBJ_iA5StringSyntax */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,0x05,/* [3248] OBJ_caseIgnoreIA5StringSyntax */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x03,/* [3258] OBJ_pilotObject */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x04,/* [3268] OBJ_pilotPerson */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x05,/* [3278] OBJ_account */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x06,/* [3288] OBJ_document */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x07,/* [3298] OBJ_room */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x09,/* [3308] OBJ_documentSeries */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0E,/* [3318] OBJ_rFC822localPart */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0F,/* [3328] OBJ_dNSDomain */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x11,/* [3338] OBJ_domainRelatedObject */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x12,/* [3348] OBJ_friendlyCountry */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x13,/* [3358] OBJ_simpleSecurityObject */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x14,/* [3368] OBJ_pilotOrganization */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x15,/* [3378] OBJ_pilotDSA */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x16,/* [3388] OBJ_qualityLabelledData */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x01,/* [3398] OBJ_userId */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x02,/* [3408] OBJ_textEncodedORAddress */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x03,/* [3418] OBJ_rfc822Mailbox */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x04,/* [3428] OBJ_info */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x05,/* [3438] OBJ_favouriteDrink */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x06,/* [3448] OBJ_roomNumber */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x07,/* [3458] OBJ_photo */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x08,/* [3468] OBJ_userClass */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x09,/* [3478] OBJ_host */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0A,/* [3488] OBJ_manager */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0B,/* [3498] OBJ_documentIdentifier */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0C,/* [3508] OBJ_documentTitle */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0D,/* [3518] OBJ_documentVersion */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0E,/* [3528] OBJ_documentAuthor */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0F,/* [3538] OBJ_documentLocation */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x14,/* [3548] OBJ_homeTelephoneNumber */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x15,/* [3558] OBJ_secretary */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x16,/* [3568] OBJ_otherMailbox */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x17,/* [3578] OBJ_lastModifiedTime */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x18,/* [3588] OBJ_lastModifiedBy */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1A,/* [3598] OBJ_aRecord */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1B,/* [3608] OBJ_pilotAttributeType27 */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1C,/* [3618] OBJ_mXRecord */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1D,/* [3628] OBJ_nSRecord */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1E,/* [3638] OBJ_sOARecord */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1F,/* [3648] OBJ_cNAMERecord */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x25,/* [3658] OBJ_associatedDomain */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x26,/* [3668] OBJ_associatedName */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x27,/* [3678] OBJ_homePostalAddress */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x28,/* [3688] OBJ_personalTitle */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x29,/* [3698] OBJ_mobileTelephoneNumber */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2A,/* [3708] OBJ_pagerTelephoneNumber */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2B,/* [3718] OBJ_friendlyCountryName */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2D,/* [3728] OBJ_organizationalStatus */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2E,/* [3738] OBJ_janetMailbox */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2F,/* [3748] OBJ_mailPreferenceOption */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x30,/* [3758] OBJ_buildingName */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x31,/* [3768] OBJ_dSAQuality */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x32,/* [3778] OBJ_singleLevelQuality */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x33,/* [3788] OBJ_subtreeMinimumQuality */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x34,/* [3798] OBJ_subtreeMaximumQuality */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x35,/* [3808] OBJ_personalSignature */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x36,/* [3818] OBJ_dITRedirect */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x37,/* [3828] OBJ_audio */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x38,/* [3838] OBJ_documentPublisher */
-0x55,0x04,0x2D,                              /* [3848] OBJ_x500UniqueIdentifier */
-0x2B,0x06,0x01,0x07,0x01,                    /* [3851] OBJ_mime_mhs */
-0x2B,0x06,0x01,0x07,0x01,0x01,               /* [3856] OBJ_mime_mhs_headings */
-0x2B,0x06,0x01,0x07,0x01,0x02,               /* [3862] OBJ_mime_mhs_bodies */
-0x2B,0x06,0x01,0x07,0x01,0x01,0x01,          /* [3868] OBJ_id_hex_partial_message */
-0x2B,0x06,0x01,0x07,0x01,0x01,0x02,          /* [3875] OBJ_id_hex_multipart_message */
-0x55,0x04,0x2C,                              /* [3882] OBJ_generationQualifier */
-0x55,0x04,0x41,                              /* [3885] OBJ_pseudonym */
-0x67,0x2A,                                   /* [3888] OBJ_id_set */
-0x67,0x2A,0x00,                              /* [3890] OBJ_set_ctype */
-0x67,0x2A,0x01,                              /* [3893] OBJ_set_msgExt */
-0x67,0x2A,0x03,                              /* [3896] OBJ_set_attr */
-0x67,0x2A,0x05,                              /* [3899] OBJ_set_policy */
-0x67,0x2A,0x07,                              /* [3902] OBJ_set_certExt */
-0x67,0x2A,0x08,                              /* [3905] OBJ_set_brand */
-0x67,0x2A,0x00,0x00,                         /* [3908] OBJ_setct_PANData */
-0x67,0x2A,0x00,0x01,                         /* [3912] OBJ_setct_PANToken */
-0x67,0x2A,0x00,0x02,                         /* [3916] OBJ_setct_PANOnly */
-0x67,0x2A,0x00,0x03,                         /* [3920] OBJ_setct_OIData */
-0x67,0x2A,0x00,0x04,                         /* [3924] OBJ_setct_PI */
-0x67,0x2A,0x00,0x05,                         /* [3928] OBJ_setct_PIData */
-0x67,0x2A,0x00,0x06,                         /* [3932] OBJ_setct_PIDataUnsigned */
-0x67,0x2A,0x00,0x07,                         /* [3936] OBJ_setct_HODInput */
-0x67,0x2A,0x00,0x08,                         /* [3940] OBJ_setct_AuthResBaggage */
-0x67,0x2A,0x00,0x09,                         /* [3944] OBJ_setct_AuthRevReqBaggage */
-0x67,0x2A,0x00,0x0A,                         /* [3948] OBJ_setct_AuthRevResBaggage */
-0x67,0x2A,0x00,0x0B,                         /* [3952] OBJ_setct_CapTokenSeq */
-0x67,0x2A,0x00,0x0C,                         /* [3956] OBJ_setct_PInitResData */
-0x67,0x2A,0x00,0x0D,                         /* [3960] OBJ_setct_PI_TBS */
-0x67,0x2A,0x00,0x0E,                         /* [3964] OBJ_setct_PResData */
-0x67,0x2A,0x00,0x10,                         /* [3968] OBJ_setct_AuthReqTBS */
-0x67,0x2A,0x00,0x11,                         /* [3972] OBJ_setct_AuthResTBS */
-0x67,0x2A,0x00,0x12,                         /* [3976] OBJ_setct_AuthResTBSX */
-0x67,0x2A,0x00,0x13,                         /* [3980] OBJ_setct_AuthTokenTBS */
-0x67,0x2A,0x00,0x14,                         /* [3984] OBJ_setct_CapTokenData */
-0x67,0x2A,0x00,0x15,                         /* [3988] OBJ_setct_CapTokenTBS */
-0x67,0x2A,0x00,0x16,                         /* [3992] OBJ_setct_AcqCardCodeMsg */
-0x67,0x2A,0x00,0x17,                         /* [3996] OBJ_setct_AuthRevReqTBS */
-0x67,0x2A,0x00,0x18,                         /* [4000] OBJ_setct_AuthRevResData */
-0x67,0x2A,0x00,0x19,                         /* [4004] OBJ_setct_AuthRevResTBS */
-0x67,0x2A,0x00,0x1A,                         /* [4008] OBJ_setct_CapReqTBS */
-0x67,0x2A,0x00,0x1B,                         /* [4012] OBJ_setct_CapReqTBSX */
-0x67,0x2A,0x00,0x1C,                         /* [4016] OBJ_setct_CapResData */
-0x67,0x2A,0x00,0x1D,                         /* [4020] OBJ_setct_CapRevReqTBS */
-0x67,0x2A,0x00,0x1E,                         /* [4024] OBJ_setct_CapRevReqTBSX */
-0x67,0x2A,0x00,0x1F,                         /* [4028] OBJ_setct_CapRevResData */
-0x67,0x2A,0x00,0x20,                         /* [4032] OBJ_setct_CredReqTBS */
-0x67,0x2A,0x00,0x21,                         /* [4036] OBJ_setct_CredReqTBSX */
-0x67,0x2A,0x00,0x22,                         /* [4040] OBJ_setct_CredResData */
-0x67,0x2A,0x00,0x23,                         /* [4044] OBJ_setct_CredRevReqTBS */
-0x67,0x2A,0x00,0x24,                         /* [4048] OBJ_setct_CredRevReqTBSX */
-0x67,0x2A,0x00,0x25,                         /* [4052] OBJ_setct_CredRevResData */
-0x67,0x2A,0x00,0x26,                         /* [4056] OBJ_setct_PCertReqData */
-0x67,0x2A,0x00,0x27,                         /* [4060] OBJ_setct_PCertResTBS */
-0x67,0x2A,0x00,0x28,                         /* [4064] OBJ_setct_BatchAdminReqData */
-0x67,0x2A,0x00,0x29,                         /* [4068] OBJ_setct_BatchAdminResData */
-0x67,0x2A,0x00,0x2A,                         /* [4072] OBJ_setct_CardCInitResTBS */
-0x67,0x2A,0x00,0x2B,                         /* [4076] OBJ_setct_MeAqCInitResTBS */
-0x67,0x2A,0x00,0x2C,                         /* [4080] OBJ_setct_RegFormResTBS */
-0x67,0x2A,0x00,0x2D,                         /* [4084] OBJ_setct_CertReqData */
-0x67,0x2A,0x00,0x2E,                         /* [4088] OBJ_setct_CertReqTBS */
-0x67,0x2A,0x00,0x2F,                         /* [4092] OBJ_setct_CertResData */
-0x67,0x2A,0x00,0x30,                         /* [4096] OBJ_setct_CertInqReqTBS */
-0x67,0x2A,0x00,0x31,                         /* [4100] OBJ_setct_ErrorTBS */
-0x67,0x2A,0x00,0x32,                         /* [4104] OBJ_setct_PIDualSignedTBE */
-0x67,0x2A,0x00,0x33,                         /* [4108] OBJ_setct_PIUnsignedTBE */
-0x67,0x2A,0x00,0x34,                         /* [4112] OBJ_setct_AuthReqTBE */
-0x67,0x2A,0x00,0x35,                         /* [4116] OBJ_setct_AuthResTBE */
-0x67,0x2A,0x00,0x36,                         /* [4120] OBJ_setct_AuthResTBEX */
-0x67,0x2A,0x00,0x37,                         /* [4124] OBJ_setct_AuthTokenTBE */
-0x67,0x2A,0x00,0x38,                         /* [4128] OBJ_setct_CapTokenTBE */
-0x67,0x2A,0x00,0x39,                         /* [4132] OBJ_setct_CapTokenTBEX */
-0x67,0x2A,0x00,0x3A,                         /* [4136] OBJ_setct_AcqCardCodeMsgTBE */
-0x67,0x2A,0x00,0x3B,                         /* [4140] OBJ_setct_AuthRevReqTBE */
-0x67,0x2A,0x00,0x3C,                         /* [4144] OBJ_setct_AuthRevResTBE */
-0x67,0x2A,0x00,0x3D,                         /* [4148] OBJ_setct_AuthRevResTBEB */
-0x67,0x2A,0x00,0x3E,                         /* [4152] OBJ_setct_CapReqTBE */
-0x67,0x2A,0x00,0x3F,                         /* [4156] OBJ_setct_CapReqTBEX */
-0x67,0x2A,0x00,0x40,                         /* [4160] OBJ_setct_CapResTBE */
-0x67,0x2A,0x00,0x41,                         /* [4164] OBJ_setct_CapRevReqTBE */
-0x67,0x2A,0x00,0x42,                         /* [4168] OBJ_setct_CapRevReqTBEX */
-0x67,0x2A,0x00,0x43,                         /* [4172] OBJ_setct_CapRevResTBE */
-0x67,0x2A,0x00,0x44,                         /* [4176] OBJ_setct_CredReqTBE */
-0x67,0x2A,0x00,0x45,                         /* [4180] OBJ_setct_CredReqTBEX */
-0x67,0x2A,0x00,0x46,                         /* [4184] OBJ_setct_CredResTBE */
-0x67,0x2A,0x00,0x47,                         /* [4188] OBJ_setct_CredRevReqTBE */
-0x67,0x2A,0x00,0x48,                         /* [4192] OBJ_setct_CredRevReqTBEX */
-0x67,0x2A,0x00,0x49,                         /* [4196] OBJ_setct_CredRevResTBE */
-0x67,0x2A,0x00,0x4A,                         /* [4200] OBJ_setct_BatchAdminReqTBE */
-0x67,0x2A,0x00,0x4B,                         /* [4204] OBJ_setct_BatchAdminResTBE */
-0x67,0x2A,0x00,0x4C,                         /* [4208] OBJ_setct_RegFormReqTBE */
-0x67,0x2A,0x00,0x4D,                         /* [4212] OBJ_setct_CertReqTBE */
-0x67,0x2A,0x00,0x4E,                         /* [4216] OBJ_setct_CertReqTBEX */
-0x67,0x2A,0x00,0x4F,                         /* [4220] OBJ_setct_CertResTBE */
-0x67,0x2A,0x00,0x50,                         /* [4224] OBJ_setct_CRLNotificationTBS */
-0x67,0x2A,0x00,0x51,                         /* [4228] OBJ_setct_CRLNotificationResTBS */
-0x67,0x2A,0x00,0x52,                         /* [4232] OBJ_setct_BCIDistributionTBS */
-0x67,0x2A,0x01,0x01,                         /* [4236] OBJ_setext_genCrypt */
-0x67,0x2A,0x01,0x03,                         /* [4240] OBJ_setext_miAuth */
-0x67,0x2A,0x01,0x04,                         /* [4244] OBJ_setext_pinSecure */
-0x67,0x2A,0x01,0x05,                         /* [4248] OBJ_setext_pinAny */
-0x67,0x2A,0x01,0x07,                         /* [4252] OBJ_setext_track2 */
-0x67,0x2A,0x01,0x08,                         /* [4256] OBJ_setext_cv */
-0x67,0x2A,0x05,0x00,                         /* [4260] OBJ_set_policy_root */
-0x67,0x2A,0x07,0x00,                         /* [4264] OBJ_setCext_hashedRoot */
-0x67,0x2A,0x07,0x01,                         /* [4268] OBJ_setCext_certType */
-0x67,0x2A,0x07,0x02,                         /* [4272] OBJ_setCext_merchData */
-0x67,0x2A,0x07,0x03,                         /* [4276] OBJ_setCext_cCertRequired */
-0x67,0x2A,0x07,0x04,                         /* [4280] OBJ_setCext_tunneling */
-0x67,0x2A,0x07,0x05,                         /* [4284] OBJ_setCext_setExt */
-0x67,0x2A,0x07,0x06,                         /* [4288] OBJ_setCext_setQualf */
-0x67,0x2A,0x07,0x07,                         /* [4292] OBJ_setCext_PGWYcapabilities */
-0x67,0x2A,0x07,0x08,                         /* [4296] OBJ_setCext_TokenIdentifier */
-0x67,0x2A,0x07,0x09,                         /* [4300] OBJ_setCext_Track2Data */
-0x67,0x2A,0x07,0x0A,                         /* [4304] OBJ_setCext_TokenType */
-0x67,0x2A,0x07,0x0B,                         /* [4308] OBJ_setCext_IssuerCapabilities */
-0x67,0x2A,0x03,0x00,                         /* [4312] OBJ_setAttr_Cert */
-0x67,0x2A,0x03,0x01,                         /* [4316] OBJ_setAttr_PGWYcap */
-0x67,0x2A,0x03,0x02,                         /* [4320] OBJ_setAttr_TokenType */
-0x67,0x2A,0x03,0x03,                         /* [4324] OBJ_setAttr_IssCap */
-0x67,0x2A,0x03,0x00,0x00,                    /* [4328] OBJ_set_rootKeyThumb */
-0x67,0x2A,0x03,0x00,0x01,                    /* [4333] OBJ_set_addPolicy */
-0x67,0x2A,0x03,0x02,0x01,                    /* [4338] OBJ_setAttr_Token_EMV */
-0x67,0x2A,0x03,0x02,0x02,                    /* [4343] OBJ_setAttr_Token_B0Prime */
-0x67,0x2A,0x03,0x03,0x03,                    /* [4348] OBJ_setAttr_IssCap_CVM */
-0x67,0x2A,0x03,0x03,0x04,                    /* [4353] OBJ_setAttr_IssCap_T2 */
-0x67,0x2A,0x03,0x03,0x05,                    /* [4358] OBJ_setAttr_IssCap_Sig */
-0x67,0x2A,0x03,0x03,0x03,0x01,               /* [4363] OBJ_setAttr_GenCryptgrm */
-0x67,0x2A,0x03,0x03,0x04,0x01,               /* [4369] OBJ_setAttr_T2Enc */
-0x67,0x2A,0x03,0x03,0x04,0x02,               /* [4375] OBJ_setAttr_T2cleartxt */
-0x67,0x2A,0x03,0x03,0x05,0x01,               /* [4381] OBJ_setAttr_TokICCsig */
-0x67,0x2A,0x03,0x03,0x05,0x02,               /* [4387] OBJ_setAttr_SecDevSig */
-0x67,0x2A,0x08,0x01,                         /* [4393] OBJ_set_brand_IATA_ATA */
-0x67,0x2A,0x08,0x1E,                         /* [4397] OBJ_set_brand_Diners */
-0x67,0x2A,0x08,0x22,                         /* [4401] OBJ_set_brand_AmericanExpress */
-0x67,0x2A,0x08,0x23,                         /* [4405] OBJ_set_brand_JCB */
-0x67,0x2A,0x08,0x04,                         /* [4409] OBJ_set_brand_Visa */
-0x67,0x2A,0x08,0x05,                         /* [4413] OBJ_set_brand_MasterCard */
-0x67,0x2A,0x08,0xAE,0x7B,                    /* [4417] OBJ_set_brand_Novus */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x0A,     /* [4422] OBJ_des_cdmf */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x06,/* [4430] OBJ_rsaOAEPEncryptionSET */
-0x00,                                        /* [4439] OBJ_itu_t */
-0x50,                                        /* [4440] OBJ_joint_iso_itu_t */
-0x67,                                        /* [4441] OBJ_international_organizations */
-0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x02,/* [4442] OBJ_ms_smartcard_login */
-0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x03,/* [4452] OBJ_ms_upn */
-0x55,0x04,0x09,                              /* [4462] OBJ_streetAddress */
-0x55,0x04,0x11,                              /* [4465] OBJ_postalCode */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x15,          /* [4468] OBJ_id_ppl */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0E,     /* [4475] OBJ_proxyCertInfo */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x00,     /* [4483] OBJ_id_ppl_anyLanguage */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x01,     /* [4491] OBJ_id_ppl_inheritAll */
-0x55,0x1D,0x1E,                              /* [4499] OBJ_name_constraints */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x02,     /* [4502] OBJ_Independent */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0B,/* [4510] OBJ_sha256WithRSAEncryption */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0C,/* [4519] OBJ_sha384WithRSAEncryption */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0D,/* [4528] OBJ_sha512WithRSAEncryption */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0E,/* [4537] OBJ_sha224WithRSAEncryption */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,/* [4546] OBJ_sha256 */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x02,/* [4555] OBJ_sha384 */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x03,/* [4564] OBJ_sha512 */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x04,/* [4573] OBJ_sha224 */
-0x2B,                                        /* [4582] OBJ_identified_organization */
-0x2B,0x81,0x04,                              /* [4583] OBJ_certicom_arc */
-0x67,0x2B,                                   /* [4586] OBJ_wap */
-0x67,0x2B,0x01,                              /* [4588] OBJ_wap_wsg */
-0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,     /* [4591] OBJ_X9_62_id_characteristic_two_basis */
-0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x01,/* [4599] OBJ_X9_62_onBasis */
-0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x02,/* [4608] OBJ_X9_62_tpBasis */
-0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x03,/* [4617] OBJ_X9_62_ppBasis */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x01,     /* [4626] OBJ_X9_62_c2pnb163v1 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x02,     /* [4634] OBJ_X9_62_c2pnb163v2 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x03,     /* [4642] OBJ_X9_62_c2pnb163v3 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x04,     /* [4650] OBJ_X9_62_c2pnb176v1 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x05,     /* [4658] OBJ_X9_62_c2tnb191v1 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x06,     /* [4666] OBJ_X9_62_c2tnb191v2 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x07,     /* [4674] OBJ_X9_62_c2tnb191v3 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x08,     /* [4682] OBJ_X9_62_c2onb191v4 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x09,     /* [4690] OBJ_X9_62_c2onb191v5 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0A,     /* [4698] OBJ_X9_62_c2pnb208w1 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0B,     /* [4706] OBJ_X9_62_c2tnb239v1 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0C,     /* [4714] OBJ_X9_62_c2tnb239v2 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0D,     /* [4722] OBJ_X9_62_c2tnb239v3 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0E,     /* [4730] OBJ_X9_62_c2onb239v4 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0F,     /* [4738] OBJ_X9_62_c2onb239v5 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x10,     /* [4746] OBJ_X9_62_c2pnb272w1 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x11,     /* [4754] OBJ_X9_62_c2pnb304w1 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x12,     /* [4762] OBJ_X9_62_c2tnb359v1 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x13,     /* [4770] OBJ_X9_62_c2pnb368w1 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x14,     /* [4778] OBJ_X9_62_c2tnb431r1 */
-0x2B,0x81,0x04,0x00,0x06,                    /* [4786] OBJ_secp112r1 */
-0x2B,0x81,0x04,0x00,0x07,                    /* [4791] OBJ_secp112r2 */
-0x2B,0x81,0x04,0x00,0x1C,                    /* [4796] OBJ_secp128r1 */
-0x2B,0x81,0x04,0x00,0x1D,                    /* [4801] OBJ_secp128r2 */
-0x2B,0x81,0x04,0x00,0x09,                    /* [4806] OBJ_secp160k1 */
-0x2B,0x81,0x04,0x00,0x08,                    /* [4811] OBJ_secp160r1 */
-0x2B,0x81,0x04,0x00,0x1E,                    /* [4816] OBJ_secp160r2 */
-0x2B,0x81,0x04,0x00,0x1F,                    /* [4821] OBJ_secp192k1 */
-0x2B,0x81,0x04,0x00,0x20,                    /* [4826] OBJ_secp224k1 */
-0x2B,0x81,0x04,0x00,0x21,                    /* [4831] OBJ_secp224r1 */
-0x2B,0x81,0x04,0x00,0x0A,                    /* [4836] OBJ_secp256k1 */
-0x2B,0x81,0x04,0x00,0x22,                    /* [4841] OBJ_secp384r1 */
-0x2B,0x81,0x04,0x00,0x23,                    /* [4846] OBJ_secp521r1 */
-0x2B,0x81,0x04,0x00,0x04,                    /* [4851] OBJ_sect113r1 */
-0x2B,0x81,0x04,0x00,0x05,                    /* [4856] OBJ_sect113r2 */
-0x2B,0x81,0x04,0x00,0x16,                    /* [4861] OBJ_sect131r1 */
-0x2B,0x81,0x04,0x00,0x17,                    /* [4866] OBJ_sect131r2 */
-0x2B,0x81,0x04,0x00,0x01,                    /* [4871] OBJ_sect163k1 */
-0x2B,0x81,0x04,0x00,0x02,                    /* [4876] OBJ_sect163r1 */
-0x2B,0x81,0x04,0x00,0x0F,                    /* [4881] OBJ_sect163r2 */
-0x2B,0x81,0x04,0x00,0x18,                    /* [4886] OBJ_sect193r1 */
-0x2B,0x81,0x04,0x00,0x19,                    /* [4891] OBJ_sect193r2 */
-0x2B,0x81,0x04,0x00,0x1A,                    /* [4896] OBJ_sect233k1 */
-0x2B,0x81,0x04,0x00,0x1B,                    /* [4901] OBJ_sect233r1 */
-0x2B,0x81,0x04,0x00,0x03,                    /* [4906] OBJ_sect239k1 */
-0x2B,0x81,0x04,0x00,0x10,                    /* [4911] OBJ_sect283k1 */
-0x2B,0x81,0x04,0x00,0x11,                    /* [4916] OBJ_sect283r1 */
-0x2B,0x81,0x04,0x00,0x24,                    /* [4921] OBJ_sect409k1 */
-0x2B,0x81,0x04,0x00,0x25,                    /* [4926] OBJ_sect409r1 */
-0x2B,0x81,0x04,0x00,0x26,                    /* [4931] OBJ_sect571k1 */
-0x2B,0x81,0x04,0x00,0x27,                    /* [4936] OBJ_sect571r1 */
-0x67,0x2B,0x01,0x04,0x01,                    /* [4941] OBJ_wap_wsg_idm_ecid_wtls1 */
-0x67,0x2B,0x01,0x04,0x03,                    /* [4946] OBJ_wap_wsg_idm_ecid_wtls3 */
-0x67,0x2B,0x01,0x04,0x04,                    /* [4951] OBJ_wap_wsg_idm_ecid_wtls4 */
-0x67,0x2B,0x01,0x04,0x05,                    /* [4956] OBJ_wap_wsg_idm_ecid_wtls5 */
-0x67,0x2B,0x01,0x04,0x06,                    /* [4961] OBJ_wap_wsg_idm_ecid_wtls6 */
-0x67,0x2B,0x01,0x04,0x07,                    /* [4966] OBJ_wap_wsg_idm_ecid_wtls7 */
-0x67,0x2B,0x01,0x04,0x08,                    /* [4971] OBJ_wap_wsg_idm_ecid_wtls8 */
-0x67,0x2B,0x01,0x04,0x09,                    /* [4976] OBJ_wap_wsg_idm_ecid_wtls9 */
-0x67,0x2B,0x01,0x04,0x0A,                    /* [4981] OBJ_wap_wsg_idm_ecid_wtls10 */
-0x67,0x2B,0x01,0x04,0x0B,                    /* [4986] OBJ_wap_wsg_idm_ecid_wtls11 */
-0x67,0x2B,0x01,0x04,0x0C,                    /* [4991] OBJ_wap_wsg_idm_ecid_wtls12 */
-0x55,0x1D,0x20,0x00,                         /* [4996] OBJ_any_policy */
-0x55,0x1D,0x21,                              /* [5000] OBJ_policy_mappings */
-0x55,0x1D,0x36,                              /* [5003] OBJ_inhibit_any_policy */
-0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x01,0x02,/* [5006] OBJ_camellia_128_cbc */
-0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x01,0x03,/* [5017] OBJ_camellia_192_cbc */
-0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x01,0x04,/* [5028] OBJ_camellia_256_cbc */
-0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x01,     /* [5039] OBJ_camellia_128_ecb */
-0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x15,     /* [5047] OBJ_camellia_192_ecb */
-0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x29,     /* [5055] OBJ_camellia_256_ecb */
-0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x04,     /* [5063] OBJ_camellia_128_cfb128 */
-0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x18,     /* [5071] OBJ_camellia_192_cfb128 */
-0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x2C,     /* [5079] OBJ_camellia_256_cfb128 */
-0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x03,     /* [5087] OBJ_camellia_128_ofb128 */
-0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x17,     /* [5095] OBJ_camellia_192_ofb128 */
-0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x2B,     /* [5103] OBJ_camellia_256_ofb128 */
-0x55,0x1D,0x09,                              /* [5111] OBJ_subject_directory_attributes */
-0x55,0x1D,0x1C,                              /* [5114] OBJ_issuing_distribution_point */
-0x55,0x1D,0x1D,                              /* [5117] OBJ_certificate_issuer */
-0x2A,0x83,0x1A,0x8C,0x9A,0x44,               /* [5120] OBJ_kisa */
-0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x03,     /* [5126] OBJ_seed_ecb */
-0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x04,     /* [5134] OBJ_seed_cbc */
-0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x06,     /* [5142] OBJ_seed_ofb128 */
-0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x05,     /* [5150] OBJ_seed_cfb128 */
-0x2B,0x06,0x01,0x05,0x05,0x08,0x01,0x01,     /* [5158] OBJ_hmac_md5 */
-0x2B,0x06,0x01,0x05,0x05,0x08,0x01,0x02,     /* [5166] OBJ_hmac_sha1 */
-0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x0D,/* [5174] OBJ_id_PasswordBasedMAC */
-0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x1E,/* [5183] OBJ_id_DHBasedMac */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x10,     /* [5192] OBJ_id_it_suppLangTags */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x05,     /* [5200] OBJ_caRepository */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x09,/* [5208] OBJ_id_smime_ct_compressedData */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x1B,/* [5219] OBJ_id_ct_asciiTextWithCRLF */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x05,/* [5230] OBJ_id_aes128_wrap */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x19,/* [5239] OBJ_id_aes192_wrap */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2D,/* [5248] OBJ_id_aes256_wrap */
-0x2A,0x86,0x48,0xCE,0x3D,0x04,0x02,          /* [5257] OBJ_ecdsa_with_Recommended */
-0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,          /* [5264] OBJ_ecdsa_with_Specified */
-0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x01,     /* [5271] OBJ_ecdsa_with_SHA224 */
-0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x02,     /* [5279] OBJ_ecdsa_with_SHA256 */
-0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x03,     /* [5287] OBJ_ecdsa_with_SHA384 */
-0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x04,     /* [5295] OBJ_ecdsa_with_SHA512 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x06,     /* [5303] OBJ_hmacWithMD5 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x08,     /* [5311] OBJ_hmacWithSHA224 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x09,     /* [5319] OBJ_hmacWithSHA256 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x0A,     /* [5327] OBJ_hmacWithSHA384 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x0B,     /* [5335] OBJ_hmacWithSHA512 */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x01,/* [5343] OBJ_dsa_with_SHA224 */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x02,/* [5352] OBJ_dsa_with_SHA256 */
-0x28,0xCF,0x06,0x03,0x00,0x37,               /* [5361] OBJ_whirlpool */
-0x2A,0x85,0x03,0x02,0x02,                    /* [5367] OBJ_cryptopro */
-0x2A,0x85,0x03,0x02,0x09,                    /* [5372] OBJ_cryptocom */
-0x2A,0x85,0x03,0x02,0x02,0x03,               /* [5377] OBJ_id_GostR3411_94_with_GostR3410_2001 */
-0x2A,0x85,0x03,0x02,0x02,0x04,               /* [5383] OBJ_id_GostR3411_94_with_GostR3410_94 */
-0x2A,0x85,0x03,0x02,0x02,0x09,               /* [5389] OBJ_id_GostR3411_94 */
-0x2A,0x85,0x03,0x02,0x02,0x0A,               /* [5395] OBJ_id_HMACGostR3411_94 */
-0x2A,0x85,0x03,0x02,0x02,0x13,               /* [5401] OBJ_id_GostR3410_2001 */
-0x2A,0x85,0x03,0x02,0x02,0x14,               /* [5407] OBJ_id_GostR3410_94 */
-0x2A,0x85,0x03,0x02,0x02,0x15,               /* [5413] OBJ_id_Gost28147_89 */
-0x2A,0x85,0x03,0x02,0x02,0x16,               /* [5419] OBJ_id_Gost28147_89_MAC */
-0x2A,0x85,0x03,0x02,0x02,0x17,               /* [5425] OBJ_id_GostR3411_94_prf */
-0x2A,0x85,0x03,0x02,0x02,0x62,               /* [5431] OBJ_id_GostR3410_2001DH */
-0x2A,0x85,0x03,0x02,0x02,0x63,               /* [5437] OBJ_id_GostR3410_94DH */
-0x2A,0x85,0x03,0x02,0x02,0x0E,0x01,          /* [5443] OBJ_id_Gost28147_89_CryptoPro_KeyMeshing */
-0x2A,0x85,0x03,0x02,0x02,0x0E,0x00,          /* [5450] OBJ_id_Gost28147_89_None_KeyMeshing */
-0x2A,0x85,0x03,0x02,0x02,0x1E,0x00,          /* [5457] OBJ_id_GostR3411_94_TestParamSet */
-0x2A,0x85,0x03,0x02,0x02,0x1E,0x01,          /* [5464] OBJ_id_GostR3411_94_CryptoProParamSet */
-0x2A,0x85,0x03,0x02,0x02,0x1F,0x00,          /* [5471] OBJ_id_Gost28147_89_TestParamSet */
-0x2A,0x85,0x03,0x02,0x02,0x1F,0x01,          /* [5478] OBJ_id_Gost28147_89_CryptoPro_A_ParamSet */
-0x2A,0x85,0x03,0x02,0x02,0x1F,0x02,          /* [5485] OBJ_id_Gost28147_89_CryptoPro_B_ParamSet */
-0x2A,0x85,0x03,0x02,0x02,0x1F,0x03,          /* [5492] OBJ_id_Gost28147_89_CryptoPro_C_ParamSet */
-0x2A,0x85,0x03,0x02,0x02,0x1F,0x04,          /* [5499] OBJ_id_Gost28147_89_CryptoPro_D_ParamSet */
-0x2A,0x85,0x03,0x02,0x02,0x1F,0x05,          /* [5506] OBJ_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet */
-0x2A,0x85,0x03,0x02,0x02,0x1F,0x06,          /* [5513] OBJ_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet */
-0x2A,0x85,0x03,0x02,0x02,0x1F,0x07,          /* [5520] OBJ_id_Gost28147_89_CryptoPro_RIC_1_ParamSet */
-0x2A,0x85,0x03,0x02,0x02,0x20,0x00,          /* [5527] OBJ_id_GostR3410_94_TestParamSet */
-0x2A,0x85,0x03,0x02,0x02,0x20,0x02,          /* [5534] OBJ_id_GostR3410_94_CryptoPro_A_ParamSet */
-0x2A,0x85,0x03,0x02,0x02,0x20,0x03,          /* [5541] OBJ_id_GostR3410_94_CryptoPro_B_ParamSet */
-0x2A,0x85,0x03,0x02,0x02,0x20,0x04,          /* [5548] OBJ_id_GostR3410_94_CryptoPro_C_ParamSet */
-0x2A,0x85,0x03,0x02,0x02,0x20,0x05,          /* [5555] OBJ_id_GostR3410_94_CryptoPro_D_ParamSet */
-0x2A,0x85,0x03,0x02,0x02,0x21,0x01,          /* [5562] OBJ_id_GostR3410_94_CryptoPro_XchA_ParamSet */
-0x2A,0x85,0x03,0x02,0x02,0x21,0x02,          /* [5569] OBJ_id_GostR3410_94_CryptoPro_XchB_ParamSet */
-0x2A,0x85,0x03,0x02,0x02,0x21,0x03,          /* [5576] OBJ_id_GostR3410_94_CryptoPro_XchC_ParamSet */
-0x2A,0x85,0x03,0x02,0x02,0x23,0x00,          /* [5583] OBJ_id_GostR3410_2001_TestParamSet */
-0x2A,0x85,0x03,0x02,0x02,0x23,0x01,          /* [5590] OBJ_id_GostR3410_2001_CryptoPro_A_ParamSet */
-0x2A,0x85,0x03,0x02,0x02,0x23,0x02,          /* [5597] OBJ_id_GostR3410_2001_CryptoPro_B_ParamSet */
-0x2A,0x85,0x03,0x02,0x02,0x23,0x03,          /* [5604] OBJ_id_GostR3410_2001_CryptoPro_C_ParamSet */
-0x2A,0x85,0x03,0x02,0x02,0x24,0x00,          /* [5611] OBJ_id_GostR3410_2001_CryptoPro_XchA_ParamSet */
-0x2A,0x85,0x03,0x02,0x02,0x24,0x01,          /* [5618] OBJ_id_GostR3410_2001_CryptoPro_XchB_ParamSet */
-0x2A,0x85,0x03,0x02,0x02,0x14,0x01,          /* [5625] OBJ_id_GostR3410_94_a */
-0x2A,0x85,0x03,0x02,0x02,0x14,0x02,          /* [5632] OBJ_id_GostR3410_94_aBis */
-0x2A,0x85,0x03,0x02,0x02,0x14,0x03,          /* [5639] OBJ_id_GostR3410_94_b */
-0x2A,0x85,0x03,0x02,0x02,0x14,0x04,          /* [5646] OBJ_id_GostR3410_94_bBis */
-0x2A,0x85,0x03,0x02,0x09,0x01,0x06,0x01,     /* [5653] OBJ_id_Gost28147_89_cc */
-0x2A,0x85,0x03,0x02,0x09,0x01,0x05,0x03,     /* [5661] OBJ_id_GostR3410_94_cc */
-0x2A,0x85,0x03,0x02,0x09,0x01,0x05,0x04,     /* [5669] OBJ_id_GostR3410_2001_cc */
-0x2A,0x85,0x03,0x02,0x09,0x01,0x03,0x03,     /* [5677] OBJ_id_GostR3411_94_with_GostR3410_94_cc */
-0x2A,0x85,0x03,0x02,0x09,0x01,0x03,0x04,     /* [5685] OBJ_id_GostR3411_94_with_GostR3410_2001_cc */
-0x2A,0x85,0x03,0x02,0x09,0x01,0x08,0x01,     /* [5693] OBJ_id_GostR3410_2001_ParamSet_cc */
-0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x11,0x02,/* [5701] OBJ_LocalKeySet */
-0x55,0x1D,0x2E,                              /* [5710] OBJ_freshest_crl */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x08,0x03,     /* [5713] OBJ_id_on_permanentIdentifier */
-0x55,0x04,0x0E,                              /* [5721] OBJ_searchGuide */
-0x55,0x04,0x0F,                              /* [5724] OBJ_businessCategory */
-0x55,0x04,0x10,                              /* [5727] OBJ_postalAddress */
-0x55,0x04,0x12,                              /* [5730] OBJ_postOfficeBox */
-0x55,0x04,0x13,                              /* [5733] OBJ_physicalDeliveryOfficeName */
-0x55,0x04,0x14,                              /* [5736] OBJ_telephoneNumber */
-0x55,0x04,0x15,                              /* [5739] OBJ_telexNumber */
-0x55,0x04,0x16,                              /* [5742] OBJ_teletexTerminalIdentifier */
-0x55,0x04,0x17,                              /* [5745] OBJ_facsimileTelephoneNumber */
-0x55,0x04,0x18,                              /* [5748] OBJ_x121Address */
-0x55,0x04,0x19,                              /* [5751] OBJ_internationaliSDNNumber */
-0x55,0x04,0x1A,                              /* [5754] OBJ_registeredAddress */
-0x55,0x04,0x1B,                              /* [5757] OBJ_destinationIndicator */
-0x55,0x04,0x1C,                              /* [5760] OBJ_preferredDeliveryMethod */
-0x55,0x04,0x1D,                              /* [5763] OBJ_presentationAddress */
-0x55,0x04,0x1E,                              /* [5766] OBJ_supportedApplicationContext */
-0x55,0x04,0x1F,                              /* [5769] OBJ_member */
-0x55,0x04,0x20,                              /* [5772] OBJ_owner */
-0x55,0x04,0x21,                              /* [5775] OBJ_roleOccupant */
-0x55,0x04,0x22,                              /* [5778] OBJ_seeAlso */
-0x55,0x04,0x23,                              /* [5781] OBJ_userPassword */
-0x55,0x04,0x24,                              /* [5784] OBJ_userCertificate */
-0x55,0x04,0x25,                              /* [5787] OBJ_cACertificate */
-0x55,0x04,0x26,                              /* [5790] OBJ_authorityRevocationList */
-0x55,0x04,0x27,                              /* [5793] OBJ_certificateRevocationList */
-0x55,0x04,0x28,                              /* [5796] OBJ_crossCertificatePair */
-0x55,0x04,0x2F,                              /* [5799] OBJ_enhancedSearchGuide */
-0x55,0x04,0x30,                              /* [5802] OBJ_protocolInformation */
-0x55,0x04,0x31,                              /* [5805] OBJ_distinguishedName */
-0x55,0x04,0x32,                              /* [5808] OBJ_uniqueMember */
-0x55,0x04,0x33,                              /* [5811] OBJ_houseIdentifier */
-0x55,0x04,0x34,                              /* [5814] OBJ_supportedAlgorithms */
-0x55,0x04,0x35,                              /* [5817] OBJ_deltaRevocationList */
-0x55,0x04,0x36,                              /* [5820] OBJ_dmdName */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x09,/* [5823] OBJ_id_alg_PWRI_KEK */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x06,/* [5834] OBJ_aes_128_gcm */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x07,/* [5843] OBJ_aes_128_ccm */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x08,/* [5852] OBJ_id_aes128_wrap_pad */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x1A,/* [5861] OBJ_aes_192_gcm */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x1B,/* [5870] OBJ_aes_192_ccm */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x1C,/* [5879] OBJ_id_aes192_wrap_pad */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2E,/* [5888] OBJ_aes_256_gcm */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2F,/* [5897] OBJ_aes_256_ccm */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x30,/* [5906] OBJ_id_aes256_wrap_pad */
-0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x03,0x02,/* [5915] OBJ_id_camellia128_wrap */
-0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x03,0x03,/* [5926] OBJ_id_camellia192_wrap */
-0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x03,0x04,/* [5937] OBJ_id_camellia256_wrap */
-0x55,0x1D,0x25,0x00,                         /* [5948] OBJ_anyExtendedKeyUsage */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x08,/* [5952] OBJ_mgf1 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0A,/* [5961] OBJ_rsassaPss */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x07,/* [5970] OBJ_rsaesOaep */
+static const unsigned char lvalues[5974]={
+0x2A,0x86,0x48,0x86,0xF7,0x0D,               /* [  0] OBJ_rsadsi */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,          /* [  6] OBJ_pkcs */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x02,     /* [ 13] OBJ_md2 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x05,     /* [ 21] OBJ_md5 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x04,     /* [ 29] OBJ_rc4 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x01,/* [ 37] OBJ_rsaEncryption */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x02,/* [ 46] OBJ_md2WithRSAEncryption */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x04,/* [ 55] OBJ_md5WithRSAEncryption */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x01,/* [ 64] OBJ_pbeWithMD2AndDES_CBC */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x03,/* [ 73] OBJ_pbeWithMD5AndDES_CBC */
+0x55,                                        /* [ 82] OBJ_X500 */
+0x55,0x04,                                   /* [ 83] OBJ_X509 */
+0x55,0x04,0x03,                              /* [ 85] OBJ_commonName */
+0x55,0x04,0x06,                              /* [ 88] OBJ_countryName */
+0x55,0x04,0x07,                              /* [ 91] OBJ_localityName */
+0x55,0x04,0x08,                              /* [ 94] OBJ_stateOrProvinceName */
+0x55,0x04,0x0A,                              /* [ 97] OBJ_organizationName */
+0x55,0x04,0x0B,                              /* [100] OBJ_organizationalUnitName */
+0x55,0x08,0x01,0x01,                         /* [103] OBJ_rsa */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,     /* [107] OBJ_pkcs7 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x01,/* [115] OBJ_pkcs7_data */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x02,/* [124] OBJ_pkcs7_signed */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x03,/* [133] OBJ_pkcs7_enveloped */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x04,/* [142] OBJ_pkcs7_signedAndEnveloped */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x05,/* [151] OBJ_pkcs7_digest */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x06,/* [160] OBJ_pkcs7_encrypted */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x03,     /* [169] OBJ_pkcs3 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x03,0x01,/* [177] OBJ_dhKeyAgreement */
+0x2B,0x0E,0x03,0x02,0x06,                    /* [186] OBJ_des_ecb */
+0x2B,0x0E,0x03,0x02,0x09,                    /* [191] OBJ_des_cfb64 */
+0x2B,0x0E,0x03,0x02,0x07,                    /* [196] OBJ_des_cbc */
+0x2B,0x0E,0x03,0x02,0x11,                    /* [201] OBJ_des_ede_ecb */
+0x2B,0x06,0x01,0x04,0x01,0x81,0x3C,0x07,0x01,0x01,0x02,/* [206] OBJ_idea_cbc */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x02,     /* [217] OBJ_rc2_cbc */
+0x2B,0x0E,0x03,0x02,0x12,                    /* [225] OBJ_sha */
+0x2B,0x0E,0x03,0x02,0x0F,                    /* [230] OBJ_shaWithRSAEncryption */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x07,     /* [235] OBJ_des_ede3_cbc */
+0x2B,0x0E,0x03,0x02,0x08,                    /* [243] OBJ_des_ofb64 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,     /* [248] OBJ_pkcs9 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x01,/* [256] OBJ_pkcs9_emailAddress */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x02,/* [265] OBJ_pkcs9_unstructuredName */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x03,/* [274] OBJ_pkcs9_contentType */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x04,/* [283] OBJ_pkcs9_messageDigest */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x05,/* [292] OBJ_pkcs9_signingTime */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x06,/* [301] OBJ_pkcs9_countersignature */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x07,/* [310] OBJ_pkcs9_challengePassword */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x08,/* [319] OBJ_pkcs9_unstructuredAddress */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x09,/* [328] OBJ_pkcs9_extCertAttributes */
+0x60,0x86,0x48,0x01,0x86,0xF8,0x42,          /* [337] OBJ_netscape */
+0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,     /* [344] OBJ_netscape_cert_extension */
+0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x02,     /* [352] OBJ_netscape_data_type */
+0x2B,0x0E,0x03,0x02,0x1A,                    /* [360] OBJ_sha1 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,/* [365] OBJ_sha1WithRSAEncryption */
+0x2B,0x0E,0x03,0x02,0x0D,                    /* [374] OBJ_dsaWithSHA */
+0x2B,0x0E,0x03,0x02,0x0C,                    /* [379] OBJ_dsa_2 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0B,/* [384] OBJ_pbeWithSHA1AndRC2_CBC */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0C,/* [393] OBJ_id_pbkdf2 */
+0x2B,0x0E,0x03,0x02,0x1B,                    /* [402] OBJ_dsaWithSHA1_2 */
+0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x01,/* [407] OBJ_netscape_cert_type */
+0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x02,/* [416] OBJ_netscape_base_url */
+0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x03,/* [425] OBJ_netscape_revocation_url */
+0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x04,/* [434] OBJ_netscape_ca_revocation_url */
+0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x07,/* [443] OBJ_netscape_renewal_url */
+0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x08,/* [452] OBJ_netscape_ca_policy_url */
+0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x0C,/* [461] OBJ_netscape_ssl_server_name */
+0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x0D,/* [470] OBJ_netscape_comment */
+0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x02,0x05,/* [479] OBJ_netscape_cert_sequence */
+0x55,0x1D,                                   /* [488] OBJ_id_ce */
+0x55,0x1D,0x0E,                              /* [490] OBJ_subject_key_identifier */
+0x55,0x1D,0x0F,                              /* [493] OBJ_key_usage */
+0x55,0x1D,0x10,                              /* [496] OBJ_private_key_usage_period */
+0x55,0x1D,0x11,                              /* [499] OBJ_subject_alt_name */
+0x55,0x1D,0x12,                              /* [502] OBJ_issuer_alt_name */
+0x55,0x1D,0x13,                              /* [505] OBJ_basic_constraints */
+0x55,0x1D,0x14,                              /* [508] OBJ_crl_number */
+0x55,0x1D,0x20,                              /* [511] OBJ_certificate_policies */
+0x55,0x1D,0x23,                              /* [514] OBJ_authority_key_identifier */
+0x2B,0x06,0x01,0x04,0x01,0x97,0x55,0x01,0x02,/* [517] OBJ_bf_cbc */
+0x55,0x08,0x03,0x65,                         /* [526] OBJ_mdc2 */
+0x55,0x08,0x03,0x64,                         /* [530] OBJ_mdc2WithRSA */
+0x55,0x04,0x2A,                              /* [534] OBJ_givenName */
+0x55,0x04,0x04,                              /* [537] OBJ_surname */
+0x55,0x04,0x2B,                              /* [540] OBJ_initials */
+0x55,0x1D,0x1F,                              /* [543] OBJ_crl_distribution_points */
+0x2B,0x0E,0x03,0x02,0x03,                    /* [546] OBJ_md5WithRSA */
+0x55,0x04,0x05,                              /* [551] OBJ_serialNumber */
+0x55,0x04,0x0C,                              /* [554] OBJ_title */
+0x55,0x04,0x0D,                              /* [557] OBJ_description */
+0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x0A,/* [560] OBJ_cast5_cbc */
+0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x0C,/* [569] OBJ_pbeWithMD5AndCast5_CBC */
+0x2A,0x86,0x48,0xCE,0x38,0x04,0x03,          /* [578] OBJ_dsaWithSHA1 */
+0x2B,0x0E,0x03,0x02,0x1D,                    /* [585] OBJ_sha1WithRSA */
+0x2A,0x86,0x48,0xCE,0x38,0x04,0x01,          /* [590] OBJ_dsa */
+0x2B,0x24,0x03,0x02,0x01,                    /* [597] OBJ_ripemd160 */
+0x2B,0x24,0x03,0x03,0x01,0x02,               /* [602] OBJ_ripemd160WithRSA */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x08,     /* [608] OBJ_rc5_cbc */
+0x29,0x01,0x01,0x85,0x1A,0x01,               /* [616] OBJ_rle_compression */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x08,/* [622] OBJ_zlib_compression */
+0x55,0x1D,0x25,                              /* [633] OBJ_ext_key_usage */
+0x2B,0x06,0x01,0x05,0x05,0x07,               /* [636] OBJ_id_pkix */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x03,          /* [642] OBJ_id_kp */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x01,     /* [649] OBJ_server_auth */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x02,     /* [657] OBJ_client_auth */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x03,     /* [665] OBJ_code_sign */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x04,     /* [673] OBJ_email_protect */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x08,     /* [681] OBJ_time_stamp */
+0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x15,/* [689] OBJ_ms_code_ind */
+0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x16,/* [699] OBJ_ms_code_com */
+0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x01,/* [709] OBJ_ms_ctl_sign */
+0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x03,/* [719] OBJ_ms_sgc */
+0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x04,/* [729] OBJ_ms_efs */
+0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x04,0x01,/* [739] OBJ_ns_sgc */
+0x55,0x1D,0x1B,                              /* [748] OBJ_delta_crl */
+0x55,0x1D,0x15,                              /* [751] OBJ_crl_reason */
+0x55,0x1D,0x18,                              /* [754] OBJ_invalidity_date */
+0x2B,0x65,0x01,0x04,0x01,                    /* [757] OBJ_sxnet */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x01,/* [762] OBJ_pbe_WithSHA1And128BitRC4 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x02,/* [772] OBJ_pbe_WithSHA1And40BitRC4 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x03,/* [782] OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x04,/* [792] OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x05,/* [802] OBJ_pbe_WithSHA1And128BitRC2_CBC */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x06,/* [812] OBJ_pbe_WithSHA1And40BitRC2_CBC */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x01,/* [822] OBJ_keyBag */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x02,/* [833] OBJ_pkcs8ShroudedKeyBag */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x03,/* [844] OBJ_certBag */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x04,/* [855] OBJ_crlBag */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x05,/* [866] OBJ_secretBag */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x06,/* [877] OBJ_safeContentsBag */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x14,/* [888] OBJ_friendlyName */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x15,/* [897] OBJ_localKeyID */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x16,0x01,/* [906] OBJ_x509Certificate */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x16,0x02,/* [916] OBJ_sdsiCertificate */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x17,0x01,/* [926] OBJ_x509Crl */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0D,/* [936] OBJ_pbes2 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0E,/* [945] OBJ_pbmac1 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x07,     /* [954] OBJ_hmacWithSHA1 */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x01,     /* [962] OBJ_id_qt_cps */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x02,     /* [970] OBJ_id_qt_unotice */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x0F,/* [978] OBJ_SMIMECapabilities */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x04,/* [987] OBJ_pbeWithMD2AndRC2_CBC */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x06,/* [996] OBJ_pbeWithMD5AndRC2_CBC */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0A,/* [1005] OBJ_pbeWithSHA1AndDES_CBC */
+0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x0E,/* [1014] OBJ_ms_ext_req */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x0E,/* [1024] OBJ_ext_req */
+0x55,0x04,0x29,                              /* [1033] OBJ_name */
+0x55,0x04,0x2E,                              /* [1036] OBJ_dnQualifier */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x01,          /* [1039] OBJ_id_pe */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,          /* [1046] OBJ_id_ad */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x01,     /* [1053] OBJ_info_access */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,     /* [1061] OBJ_ad_OCSP */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x02,     /* [1069] OBJ_ad_ca_issuers */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x09,     /* [1077] OBJ_OCSP_sign */
+0x2A,                                        /* [1085] OBJ_member_body */
+0x2A,0x86,0x48,                              /* [1086] OBJ_ISO_US */
+0x2A,0x86,0x48,0xCE,0x38,                    /* [1089] OBJ_X9_57 */
+0x2A,0x86,0x48,0xCE,0x38,0x04,               /* [1094] OBJ_X9cm */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,     /* [1100] OBJ_pkcs1 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,     /* [1108] OBJ_pkcs5 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,/* [1116] OBJ_SMIME */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,/* [1125] OBJ_id_smime_mod */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,/* [1135] OBJ_id_smime_ct */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,/* [1145] OBJ_id_smime_aa */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,/* [1155] OBJ_id_smime_alg */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x04,/* [1165] OBJ_id_smime_cd */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,/* [1175] OBJ_id_smime_spq */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,/* [1185] OBJ_id_smime_cti */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x01,/* [1195] OBJ_id_smime_mod_cms */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x02,/* [1206] OBJ_id_smime_mod_ess */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x03,/* [1217] OBJ_id_smime_mod_oid */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x04,/* [1228] OBJ_id_smime_mod_msg_v3 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x05,/* [1239] OBJ_id_smime_mod_ets_eSignature_88 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x06,/* [1250] OBJ_id_smime_mod_ets_eSignature_97 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x07,/* [1261] OBJ_id_smime_mod_ets_eSigPolicy_88 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x08,/* [1272] OBJ_id_smime_mod_ets_eSigPolicy_97 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x01,/* [1283] OBJ_id_smime_ct_receipt */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x02,/* [1294] OBJ_id_smime_ct_authData */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x03,/* [1305] OBJ_id_smime_ct_publishCert */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x04,/* [1316] OBJ_id_smime_ct_TSTInfo */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x05,/* [1327] OBJ_id_smime_ct_TDTInfo */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x06,/* [1338] OBJ_id_smime_ct_contentInfo */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x07,/* [1349] OBJ_id_smime_ct_DVCSRequestData */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x08,/* [1360] OBJ_id_smime_ct_DVCSResponseData */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x01,/* [1371] OBJ_id_smime_aa_receiptRequest */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x02,/* [1382] OBJ_id_smime_aa_securityLabel */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x03,/* [1393] OBJ_id_smime_aa_mlExpandHistory */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x04,/* [1404] OBJ_id_smime_aa_contentHint */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x05,/* [1415] OBJ_id_smime_aa_msgSigDigest */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x06,/* [1426] OBJ_id_smime_aa_encapContentType */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x07,/* [1437] OBJ_id_smime_aa_contentIdentifier */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x08,/* [1448] OBJ_id_smime_aa_macValue */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x09,/* [1459] OBJ_id_smime_aa_equivalentLabels */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0A,/* [1470] OBJ_id_smime_aa_contentReference */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0B,/* [1481] OBJ_id_smime_aa_encrypKeyPref */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0C,/* [1492] OBJ_id_smime_aa_signingCertificate */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0D,/* [1503] OBJ_id_smime_aa_smimeEncryptCerts */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0E,/* [1514] OBJ_id_smime_aa_timeStampToken */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0F,/* [1525] OBJ_id_smime_aa_ets_sigPolicyId */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x10,/* [1536] OBJ_id_smime_aa_ets_commitmentType */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x11,/* [1547] OBJ_id_smime_aa_ets_signerLocation */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x12,/* [1558] OBJ_id_smime_aa_ets_signerAttr */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x13,/* [1569] OBJ_id_smime_aa_ets_otherSigCert */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x14,/* [1580] OBJ_id_smime_aa_ets_contentTimestamp */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x15,/* [1591] OBJ_id_smime_aa_ets_CertificateRefs */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x16,/* [1602] OBJ_id_smime_aa_ets_RevocationRefs */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x17,/* [1613] OBJ_id_smime_aa_ets_certValues */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x18,/* [1624] OBJ_id_smime_aa_ets_revocationValues */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x19,/* [1635] OBJ_id_smime_aa_ets_escTimeStamp */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1A,/* [1646] OBJ_id_smime_aa_ets_certCRLTimestamp */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1B,/* [1657] OBJ_id_smime_aa_ets_archiveTimeStamp */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1C,/* [1668] OBJ_id_smime_aa_signatureType */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1D,/* [1679] OBJ_id_smime_aa_dvcs_dvc */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x01,/* [1690] OBJ_id_smime_alg_ESDHwith3DES */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x02,/* [1701] OBJ_id_smime_alg_ESDHwithRC2 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x03,/* [1712] OBJ_id_smime_alg_3DESwrap */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x04,/* [1723] OBJ_id_smime_alg_RC2wrap */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x05,/* [1734] OBJ_id_smime_alg_ESDH */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x06,/* [1745] OBJ_id_smime_alg_CMS3DESwrap */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x07,/* [1756] OBJ_id_smime_alg_CMSRC2wrap */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x04,0x01,/* [1767] OBJ_id_smime_cd_ldap */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,0x01,/* [1778] OBJ_id_smime_spq_ets_sqt_uri */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,0x02,/* [1789] OBJ_id_smime_spq_ets_sqt_unotice */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x01,/* [1800] OBJ_id_smime_cti_ets_proofOfOrigin */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x02,/* [1811] OBJ_id_smime_cti_ets_proofOfReceipt */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x03,/* [1822] OBJ_id_smime_cti_ets_proofOfDelivery */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x04,/* [1833] OBJ_id_smime_cti_ets_proofOfSender */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x05,/* [1844] OBJ_id_smime_cti_ets_proofOfApproval */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x06,/* [1855] OBJ_id_smime_cti_ets_proofOfCreation */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x04,     /* [1866] OBJ_md4 */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,          /* [1874] OBJ_id_pkix_mod */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x02,          /* [1881] OBJ_id_qt */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,          /* [1888] OBJ_id_it */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x05,          /* [1895] OBJ_id_pkip */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x06,          /* [1902] OBJ_id_alg */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,          /* [1909] OBJ_id_cmc */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x08,          /* [1916] OBJ_id_on */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x09,          /* [1923] OBJ_id_pda */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,          /* [1930] OBJ_id_aca */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x0B,          /* [1937] OBJ_id_qcs */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,          /* [1944] OBJ_id_cct */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x01,     /* [1951] OBJ_id_pkix1_explicit_88 */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x02,     /* [1959] OBJ_id_pkix1_implicit_88 */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x03,     /* [1967] OBJ_id_pkix1_explicit_93 */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x04,     /* [1975] OBJ_id_pkix1_implicit_93 */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x05,     /* [1983] OBJ_id_mod_crmf */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x06,     /* [1991] OBJ_id_mod_cmc */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x07,     /* [1999] OBJ_id_mod_kea_profile_88 */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x08,     /* [2007] OBJ_id_mod_kea_profile_93 */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x09,     /* [2015] OBJ_id_mod_cmp */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0A,     /* [2023] OBJ_id_mod_qualified_cert_88 */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0B,     /* [2031] OBJ_id_mod_qualified_cert_93 */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0C,     /* [2039] OBJ_id_mod_attribute_cert */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0D,     /* [2047] OBJ_id_mod_timestamp_protocol */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0E,     /* [2055] OBJ_id_mod_ocsp */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0F,     /* [2063] OBJ_id_mod_dvcs */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x10,     /* [2071] OBJ_id_mod_cmp2000 */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x02,     /* [2079] OBJ_biometricInfo */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x03,     /* [2087] OBJ_qcStatements */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x04,     /* [2095] OBJ_ac_auditEntity */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x05,     /* [2103] OBJ_ac_targeting */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x06,     /* [2111] OBJ_aaControls */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x07,     /* [2119] OBJ_sbgp_ipAddrBlock */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x08,     /* [2127] OBJ_sbgp_autonomousSysNum */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x09,     /* [2135] OBJ_sbgp_routerIdentifier */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x03,     /* [2143] OBJ_textNotice */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x05,     /* [2151] OBJ_ipsecEndSystem */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x06,     /* [2159] OBJ_ipsecTunnel */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x07,     /* [2167] OBJ_ipsecUser */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x0A,     /* [2175] OBJ_dvcs */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x01,     /* [2183] OBJ_id_it_caProtEncCert */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x02,     /* [2191] OBJ_id_it_signKeyPairTypes */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x03,     /* [2199] OBJ_id_it_encKeyPairTypes */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x04,     /* [2207] OBJ_id_it_preferredSymmAlg */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x05,     /* [2215] OBJ_id_it_caKeyUpdateInfo */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x06,     /* [2223] OBJ_id_it_currentCRL */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x07,     /* [2231] OBJ_id_it_unsupportedOIDs */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x08,     /* [2239] OBJ_id_it_subscriptionRequest */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x09,     /* [2247] OBJ_id_it_subscriptionResponse */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0A,     /* [2255] OBJ_id_it_keyPairParamReq */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0B,     /* [2263] OBJ_id_it_keyPairParamRep */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0C,     /* [2271] OBJ_id_it_revPassphrase */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0D,     /* [2279] OBJ_id_it_implicitConfirm */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0E,     /* [2287] OBJ_id_it_confirmWaitTime */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0F,     /* [2295] OBJ_id_it_origPKIMessage */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,     /* [2303] OBJ_id_regCtrl */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02,     /* [2311] OBJ_id_regInfo */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x01,/* [2319] OBJ_id_regCtrl_regToken */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x02,/* [2328] OBJ_id_regCtrl_authenticator */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x03,/* [2337] OBJ_id_regCtrl_pkiPublicationInfo */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x04,/* [2346] OBJ_id_regCtrl_pkiArchiveOptions */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x05,/* [2355] OBJ_id_regCtrl_oldCertID */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x06,/* [2364] OBJ_id_regCtrl_protocolEncrKey */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02,0x01,/* [2373] OBJ_id_regInfo_utf8Pairs */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02,0x02,/* [2382] OBJ_id_regInfo_certReq */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x01,     /* [2391] OBJ_id_alg_des40 */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x02,     /* [2399] OBJ_id_alg_noSignature */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x03,     /* [2407] OBJ_id_alg_dh_sig_hmac_sha1 */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x04,     /* [2415] OBJ_id_alg_dh_pop */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x01,     /* [2423] OBJ_id_cmc_statusInfo */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x02,     /* [2431] OBJ_id_cmc_identification */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x03,     /* [2439] OBJ_id_cmc_identityProof */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x04,     /* [2447] OBJ_id_cmc_dataReturn */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x05,     /* [2455] OBJ_id_cmc_transactionId */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x06,     /* [2463] OBJ_id_cmc_senderNonce */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x07,     /* [2471] OBJ_id_cmc_recipientNonce */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x08,     /* [2479] OBJ_id_cmc_addExtensions */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x09,     /* [2487] OBJ_id_cmc_encryptedPOP */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0A,     /* [2495] OBJ_id_cmc_decryptedPOP */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0B,     /* [2503] OBJ_id_cmc_lraPOPWitness */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0F,     /* [2511] OBJ_id_cmc_getCert */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x10,     /* [2519] OBJ_id_cmc_getCRL */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x11,     /* [2527] OBJ_id_cmc_revokeRequest */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x12,     /* [2535] OBJ_id_cmc_regInfo */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x13,     /* [2543] OBJ_id_cmc_responseInfo */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x15,     /* [2551] OBJ_id_cmc_queryPending */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x16,     /* [2559] OBJ_id_cmc_popLinkRandom */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x17,     /* [2567] OBJ_id_cmc_popLinkWitness */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x18,     /* [2575] OBJ_id_cmc_confirmCertAcceptance */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x08,0x01,     /* [2583] OBJ_id_on_personalData */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x01,     /* [2591] OBJ_id_pda_dateOfBirth */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x02,     /* [2599] OBJ_id_pda_placeOfBirth */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x03,     /* [2607] OBJ_id_pda_gender */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x04,     /* [2615] OBJ_id_pda_countryOfCitizenship */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x05,     /* [2623] OBJ_id_pda_countryOfResidence */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x01,     /* [2631] OBJ_id_aca_authenticationInfo */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x02,     /* [2639] OBJ_id_aca_accessIdentity */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x03,     /* [2647] OBJ_id_aca_chargingIdentity */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x04,     /* [2655] OBJ_id_aca_group */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x05,     /* [2663] OBJ_id_aca_role */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x0B,0x01,     /* [2671] OBJ_id_qcs_pkixQCSyntax_v1 */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x01,     /* [2679] OBJ_id_cct_crs */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x02,     /* [2687] OBJ_id_cct_PKIData */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x03,     /* [2695] OBJ_id_cct_PKIResponse */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x03,     /* [2703] OBJ_ad_timeStamping */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x04,     /* [2711] OBJ_ad_dvcs */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x01,/* [2719] OBJ_id_pkix_OCSP_basic */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x02,/* [2728] OBJ_id_pkix_OCSP_Nonce */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x03,/* [2737] OBJ_id_pkix_OCSP_CrlID */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x04,/* [2746] OBJ_id_pkix_OCSP_acceptableResponses */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x05,/* [2755] OBJ_id_pkix_OCSP_noCheck */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x06,/* [2764] OBJ_id_pkix_OCSP_archiveCutoff */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x07,/* [2773] OBJ_id_pkix_OCSP_serviceLocator */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x08,/* [2782] OBJ_id_pkix_OCSP_extendedStatus */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x09,/* [2791] OBJ_id_pkix_OCSP_valid */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x0A,/* [2800] OBJ_id_pkix_OCSP_path */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x0B,/* [2809] OBJ_id_pkix_OCSP_trustRoot */
+0x2B,0x0E,0x03,0x02,                         /* [2818] OBJ_algorithm */
+0x2B,0x0E,0x03,0x02,0x0B,                    /* [2822] OBJ_rsaSignature */
+0x55,0x08,                                   /* [2827] OBJ_X500algorithms */
+0x2B,                                        /* [2829] OBJ_org */
+0x2B,0x06,                                   /* [2830] OBJ_dod */
+0x2B,0x06,0x01,                              /* [2832] OBJ_iana */
+0x2B,0x06,0x01,0x01,                         /* [2835] OBJ_Directory */
+0x2B,0x06,0x01,0x02,                         /* [2839] OBJ_Management */
+0x2B,0x06,0x01,0x03,                         /* [2843] OBJ_Experimental */
+0x2B,0x06,0x01,0x04,                         /* [2847] OBJ_Private */
+0x2B,0x06,0x01,0x05,                         /* [2851] OBJ_Security */
+0x2B,0x06,0x01,0x06,                         /* [2855] OBJ_SNMPv2 */
+0x2B,0x06,0x01,0x07,                         /* [2859] OBJ_Mail */
+0x2B,0x06,0x01,0x04,0x01,                    /* [2863] OBJ_Enterprises */
+0x2B,0x06,0x01,0x04,0x01,0x8B,0x3A,0x82,0x58,/* [2868] OBJ_dcObject */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x19,/* [2877] OBJ_domainComponent */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0D,/* [2887] OBJ_Domain */
+0x55,0x01,0x05,                              /* [2897] OBJ_selected_attribute_types */
+0x55,0x01,0x05,0x37,                         /* [2900] OBJ_clearance */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x03,/* [2904] OBJ_md4WithRSAEncryption */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0A,     /* [2913] OBJ_ac_proxying */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0B,     /* [2921] OBJ_sinfo_access */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x06,     /* [2929] OBJ_id_aca_encAttrs */
+0x55,0x04,0x48,                              /* [2937] OBJ_role */
+0x55,0x1D,0x24,                              /* [2940] OBJ_policy_constraints */
+0x55,0x1D,0x37,                              /* [2943] OBJ_target_information */
+0x55,0x1D,0x38,                              /* [2946] OBJ_no_rev_avail */
+0x2A,0x86,0x48,0xCE,0x3D,                    /* [2949] OBJ_ansi_X9_62 */
+0x2A,0x86,0x48,0xCE,0x3D,0x01,0x01,          /* [2954] OBJ_X9_62_prime_field */
+0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,          /* [2961] OBJ_X9_62_characteristic_two_field */
+0x2A,0x86,0x48,0xCE,0x3D,0x02,0x01,          /* [2968] OBJ_X9_62_id_ecPublicKey */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x01,     /* [2975] OBJ_X9_62_prime192v1 */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x02,     /* [2983] OBJ_X9_62_prime192v2 */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x03,     /* [2991] OBJ_X9_62_prime192v3 */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x04,     /* [2999] OBJ_X9_62_prime239v1 */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x05,     /* [3007] OBJ_X9_62_prime239v2 */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x06,     /* [3015] OBJ_X9_62_prime239v3 */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x07,     /* [3023] OBJ_X9_62_prime256v1 */
+0x2A,0x86,0x48,0xCE,0x3D,0x04,0x01,          /* [3031] OBJ_ecdsa_with_SHA1 */
+0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x11,0x01,/* [3038] OBJ_ms_csp_name */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x01,/* [3047] OBJ_aes_128_ecb */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x02,/* [3056] OBJ_aes_128_cbc */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x03,/* [3065] OBJ_aes_128_ofb128 */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x04,/* [3074] OBJ_aes_128_cfb128 */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x15,/* [3083] OBJ_aes_192_ecb */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x16,/* [3092] OBJ_aes_192_cbc */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x17,/* [3101] OBJ_aes_192_ofb128 */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x18,/* [3110] OBJ_aes_192_cfb128 */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x29,/* [3119] OBJ_aes_256_ecb */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2A,/* [3128] OBJ_aes_256_cbc */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2B,/* [3137] OBJ_aes_256_ofb128 */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2C,/* [3146] OBJ_aes_256_cfb128 */
+0x55,0x1D,0x17,                              /* [3155] OBJ_hold_instruction_code */
+0x2A,0x86,0x48,0xCE,0x38,0x02,0x01,          /* [3158] OBJ_hold_instruction_none */
+0x2A,0x86,0x48,0xCE,0x38,0x02,0x02,          /* [3165] OBJ_hold_instruction_call_issuer */
+0x2A,0x86,0x48,0xCE,0x38,0x02,0x03,          /* [3172] OBJ_hold_instruction_reject */
+0x09,                                        /* [3179] OBJ_data */
+0x09,0x92,0x26,                              /* [3180] OBJ_pss */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,          /* [3183] OBJ_ucl */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,     /* [3190] OBJ_pilot */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,/* [3198] OBJ_pilotAttributeType */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,/* [3207] OBJ_pilotAttributeSyntax */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,/* [3216] OBJ_pilotObjectClass */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x0A,/* [3225] OBJ_pilotGroups */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,0x04,/* [3234] OBJ_iA5StringSyntax */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,0x05,/* [3244] OBJ_caseIgnoreIA5StringSyntax */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x03,/* [3254] OBJ_pilotObject */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x04,/* [3264] OBJ_pilotPerson */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x05,/* [3274] OBJ_account */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x06,/* [3284] OBJ_document */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x07,/* [3294] OBJ_room */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x09,/* [3304] OBJ_documentSeries */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0E,/* [3314] OBJ_rFC822localPart */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0F,/* [3324] OBJ_dNSDomain */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x11,/* [3334] OBJ_domainRelatedObject */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x12,/* [3344] OBJ_friendlyCountry */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x13,/* [3354] OBJ_simpleSecurityObject */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x14,/* [3364] OBJ_pilotOrganization */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x15,/* [3374] OBJ_pilotDSA */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x16,/* [3384] OBJ_qualityLabelledData */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x01,/* [3394] OBJ_userId */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x02,/* [3404] OBJ_textEncodedORAddress */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x03,/* [3414] OBJ_rfc822Mailbox */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x04,/* [3424] OBJ_info */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x05,/* [3434] OBJ_favouriteDrink */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x06,/* [3444] OBJ_roomNumber */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x07,/* [3454] OBJ_photo */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x08,/* [3464] OBJ_userClass */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x09,/* [3474] OBJ_host */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0A,/* [3484] OBJ_manager */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0B,/* [3494] OBJ_documentIdentifier */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0C,/* [3504] OBJ_documentTitle */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0D,/* [3514] OBJ_documentVersion */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0E,/* [3524] OBJ_documentAuthor */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0F,/* [3534] OBJ_documentLocation */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x14,/* [3544] OBJ_homeTelephoneNumber */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x15,/* [3554] OBJ_secretary */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x16,/* [3564] OBJ_otherMailbox */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x17,/* [3574] OBJ_lastModifiedTime */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x18,/* [3584] OBJ_lastModifiedBy */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1A,/* [3594] OBJ_aRecord */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1B,/* [3604] OBJ_pilotAttributeType27 */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1C,/* [3614] OBJ_mXRecord */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1D,/* [3624] OBJ_nSRecord */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1E,/* [3634] OBJ_sOARecord */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1F,/* [3644] OBJ_cNAMERecord */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x25,/* [3654] OBJ_associatedDomain */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x26,/* [3664] OBJ_associatedName */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x27,/* [3674] OBJ_homePostalAddress */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x28,/* [3684] OBJ_personalTitle */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x29,/* [3694] OBJ_mobileTelephoneNumber */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2A,/* [3704] OBJ_pagerTelephoneNumber */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2B,/* [3714] OBJ_friendlyCountryName */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2D,/* [3724] OBJ_organizationalStatus */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2E,/* [3734] OBJ_janetMailbox */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2F,/* [3744] OBJ_mailPreferenceOption */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x30,/* [3754] OBJ_buildingName */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x31,/* [3764] OBJ_dSAQuality */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x32,/* [3774] OBJ_singleLevelQuality */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x33,/* [3784] OBJ_subtreeMinimumQuality */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x34,/* [3794] OBJ_subtreeMaximumQuality */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x35,/* [3804] OBJ_personalSignature */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x36,/* [3814] OBJ_dITRedirect */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x37,/* [3824] OBJ_audio */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x38,/* [3834] OBJ_documentPublisher */
+0x55,0x04,0x2D,                              /* [3844] OBJ_x500UniqueIdentifier */
+0x2B,0x06,0x01,0x07,0x01,                    /* [3847] OBJ_mime_mhs */
+0x2B,0x06,0x01,0x07,0x01,0x01,               /* [3852] OBJ_mime_mhs_headings */
+0x2B,0x06,0x01,0x07,0x01,0x02,               /* [3858] OBJ_mime_mhs_bodies */
+0x2B,0x06,0x01,0x07,0x01,0x01,0x01,          /* [3864] OBJ_id_hex_partial_message */
+0x2B,0x06,0x01,0x07,0x01,0x01,0x02,          /* [3871] OBJ_id_hex_multipart_message */
+0x55,0x04,0x2C,                              /* [3878] OBJ_generationQualifier */
+0x55,0x04,0x41,                              /* [3881] OBJ_pseudonym */
+0x67,0x2A,                                   /* [3884] OBJ_id_set */
+0x67,0x2A,0x00,                              /* [3886] OBJ_set_ctype */
+0x67,0x2A,0x01,                              /* [3889] OBJ_set_msgExt */
+0x67,0x2A,0x03,                              /* [3892] OBJ_set_attr */
+0x67,0x2A,0x05,                              /* [3895] OBJ_set_policy */
+0x67,0x2A,0x07,                              /* [3898] OBJ_set_certExt */
+0x67,0x2A,0x08,                              /* [3901] OBJ_set_brand */
+0x67,0x2A,0x00,0x00,                         /* [3904] OBJ_setct_PANData */
+0x67,0x2A,0x00,0x01,                         /* [3908] OBJ_setct_PANToken */
+0x67,0x2A,0x00,0x02,                         /* [3912] OBJ_setct_PANOnly */
+0x67,0x2A,0x00,0x03,                         /* [3916] OBJ_setct_OIData */
+0x67,0x2A,0x00,0x04,                         /* [3920] OBJ_setct_PI */
+0x67,0x2A,0x00,0x05,                         /* [3924] OBJ_setct_PIData */
+0x67,0x2A,0x00,0x06,                         /* [3928] OBJ_setct_PIDataUnsigned */
+0x67,0x2A,0x00,0x07,                         /* [3932] OBJ_setct_HODInput */
+0x67,0x2A,0x00,0x08,                         /* [3936] OBJ_setct_AuthResBaggage */
+0x67,0x2A,0x00,0x09,                         /* [3940] OBJ_setct_AuthRevReqBaggage */
+0x67,0x2A,0x00,0x0A,                         /* [3944] OBJ_setct_AuthRevResBaggage */
+0x67,0x2A,0x00,0x0B,                         /* [3948] OBJ_setct_CapTokenSeq */
+0x67,0x2A,0x00,0x0C,                         /* [3952] OBJ_setct_PInitResData */
+0x67,0x2A,0x00,0x0D,                         /* [3956] OBJ_setct_PI_TBS */
+0x67,0x2A,0x00,0x0E,                         /* [3960] OBJ_setct_PResData */
+0x67,0x2A,0x00,0x10,                         /* [3964] OBJ_setct_AuthReqTBS */
+0x67,0x2A,0x00,0x11,                         /* [3968] OBJ_setct_AuthResTBS */
+0x67,0x2A,0x00,0x12,                         /* [3972] OBJ_setct_AuthResTBSX */
+0x67,0x2A,0x00,0x13,                         /* [3976] OBJ_setct_AuthTokenTBS */
+0x67,0x2A,0x00,0x14,                         /* [3980] OBJ_setct_CapTokenData */
+0x67,0x2A,0x00,0x15,                         /* [3984] OBJ_setct_CapTokenTBS */
+0x67,0x2A,0x00,0x16,                         /* [3988] OBJ_setct_AcqCardCodeMsg */
+0x67,0x2A,0x00,0x17,                         /* [3992] OBJ_setct_AuthRevReqTBS */
+0x67,0x2A,0x00,0x18,                         /* [3996] OBJ_setct_AuthRevResData */
+0x67,0x2A,0x00,0x19,                         /* [4000] OBJ_setct_AuthRevResTBS */
+0x67,0x2A,0x00,0x1A,                         /* [4004] OBJ_setct_CapReqTBS */
+0x67,0x2A,0x00,0x1B,                         /* [4008] OBJ_setct_CapReqTBSX */
+0x67,0x2A,0x00,0x1C,                         /* [4012] OBJ_setct_CapResData */
+0x67,0x2A,0x00,0x1D,                         /* [4016] OBJ_setct_CapRevReqTBS */
+0x67,0x2A,0x00,0x1E,                         /* [4020] OBJ_setct_CapRevReqTBSX */
+0x67,0x2A,0x00,0x1F,                         /* [4024] OBJ_setct_CapRevResData */
+0x67,0x2A,0x00,0x20,                         /* [4028] OBJ_setct_CredReqTBS */
+0x67,0x2A,0x00,0x21,                         /* [4032] OBJ_setct_CredReqTBSX */
+0x67,0x2A,0x00,0x22,                         /* [4036] OBJ_setct_CredResData */
+0x67,0x2A,0x00,0x23,                         /* [4040] OBJ_setct_CredRevReqTBS */
+0x67,0x2A,0x00,0x24,                         /* [4044] OBJ_setct_CredRevReqTBSX */
+0x67,0x2A,0x00,0x25,                         /* [4048] OBJ_setct_CredRevResData */
+0x67,0x2A,0x00,0x26,                         /* [4052] OBJ_setct_PCertReqData */
+0x67,0x2A,0x00,0x27,                         /* [4056] OBJ_setct_PCertResTBS */
+0x67,0x2A,0x00,0x28,                         /* [4060] OBJ_setct_BatchAdminReqData */
+0x67,0x2A,0x00,0x29,                         /* [4064] OBJ_setct_BatchAdminResData */
+0x67,0x2A,0x00,0x2A,                         /* [4068] OBJ_setct_CardCInitResTBS */
+0x67,0x2A,0x00,0x2B,                         /* [4072] OBJ_setct_MeAqCInitResTBS */
+0x67,0x2A,0x00,0x2C,                         /* [4076] OBJ_setct_RegFormResTBS */
+0x67,0x2A,0x00,0x2D,                         /* [4080] OBJ_setct_CertReqData */
+0x67,0x2A,0x00,0x2E,                         /* [4084] OBJ_setct_CertReqTBS */
+0x67,0x2A,0x00,0x2F,                         /* [4088] OBJ_setct_CertResData */
+0x67,0x2A,0x00,0x30,                         /* [4092] OBJ_setct_CertInqReqTBS */
+0x67,0x2A,0x00,0x31,                         /* [4096] OBJ_setct_ErrorTBS */
+0x67,0x2A,0x00,0x32,                         /* [4100] OBJ_setct_PIDualSignedTBE */
+0x67,0x2A,0x00,0x33,                         /* [4104] OBJ_setct_PIUnsignedTBE */
+0x67,0x2A,0x00,0x34,                         /* [4108] OBJ_setct_AuthReqTBE */
+0x67,0x2A,0x00,0x35,                         /* [4112] OBJ_setct_AuthResTBE */
+0x67,0x2A,0x00,0x36,                         /* [4116] OBJ_setct_AuthResTBEX */
+0x67,0x2A,0x00,0x37,                         /* [4120] OBJ_setct_AuthTokenTBE */
+0x67,0x2A,0x00,0x38,                         /* [4124] OBJ_setct_CapTokenTBE */
+0x67,0x2A,0x00,0x39,                         /* [4128] OBJ_setct_CapTokenTBEX */
+0x67,0x2A,0x00,0x3A,                         /* [4132] OBJ_setct_AcqCardCodeMsgTBE */
+0x67,0x2A,0x00,0x3B,                         /* [4136] OBJ_setct_AuthRevReqTBE */
+0x67,0x2A,0x00,0x3C,                         /* [4140] OBJ_setct_AuthRevResTBE */
+0x67,0x2A,0x00,0x3D,                         /* [4144] OBJ_setct_AuthRevResTBEB */
+0x67,0x2A,0x00,0x3E,                         /* [4148] OBJ_setct_CapReqTBE */
+0x67,0x2A,0x00,0x3F,                         /* [4152] OBJ_setct_CapReqTBEX */
+0x67,0x2A,0x00,0x40,                         /* [4156] OBJ_setct_CapResTBE */
+0x67,0x2A,0x00,0x41,                         /* [4160] OBJ_setct_CapRevReqTBE */
+0x67,0x2A,0x00,0x42,                         /* [4164] OBJ_setct_CapRevReqTBEX */
+0x67,0x2A,0x00,0x43,                         /* [4168] OBJ_setct_CapRevResTBE */
+0x67,0x2A,0x00,0x44,                         /* [4172] OBJ_setct_CredReqTBE */
+0x67,0x2A,0x00,0x45,                         /* [4176] OBJ_setct_CredReqTBEX */
+0x67,0x2A,0x00,0x46,                         /* [4180] OBJ_setct_CredResTBE */
+0x67,0x2A,0x00,0x47,                         /* [4184] OBJ_setct_CredRevReqTBE */
+0x67,0x2A,0x00,0x48,                         /* [4188] OBJ_setct_CredRevReqTBEX */
+0x67,0x2A,0x00,0x49,                         /* [4192] OBJ_setct_CredRevResTBE */
+0x67,0x2A,0x00,0x4A,                         /* [4196] OBJ_setct_BatchAdminReqTBE */
+0x67,0x2A,0x00,0x4B,                         /* [4200] OBJ_setct_BatchAdminResTBE */
+0x67,0x2A,0x00,0x4C,                         /* [4204] OBJ_setct_RegFormReqTBE */
+0x67,0x2A,0x00,0x4D,                         /* [4208] OBJ_setct_CertReqTBE */
+0x67,0x2A,0x00,0x4E,                         /* [4212] OBJ_setct_CertReqTBEX */
+0x67,0x2A,0x00,0x4F,                         /* [4216] OBJ_setct_CertResTBE */
+0x67,0x2A,0x00,0x50,                         /* [4220] OBJ_setct_CRLNotificationTBS */
+0x67,0x2A,0x00,0x51,                         /* [4224] OBJ_setct_CRLNotificationResTBS */
+0x67,0x2A,0x00,0x52,                         /* [4228] OBJ_setct_BCIDistributionTBS */
+0x67,0x2A,0x01,0x01,                         /* [4232] OBJ_setext_genCrypt */
+0x67,0x2A,0x01,0x03,                         /* [4236] OBJ_setext_miAuth */
+0x67,0x2A,0x01,0x04,                         /* [4240] OBJ_setext_pinSecure */
+0x67,0x2A,0x01,0x05,                         /* [4244] OBJ_setext_pinAny */
+0x67,0x2A,0x01,0x07,                         /* [4248] OBJ_setext_track2 */
+0x67,0x2A,0x01,0x08,                         /* [4252] OBJ_setext_cv */
+0x67,0x2A,0x05,0x00,                         /* [4256] OBJ_set_policy_root */
+0x67,0x2A,0x07,0x00,                         /* [4260] OBJ_setCext_hashedRoot */
+0x67,0x2A,0x07,0x01,                         /* [4264] OBJ_setCext_certType */
+0x67,0x2A,0x07,0x02,                         /* [4268] OBJ_setCext_merchData */
+0x67,0x2A,0x07,0x03,                         /* [4272] OBJ_setCext_cCertRequired */
+0x67,0x2A,0x07,0x04,                         /* [4276] OBJ_setCext_tunneling */
+0x67,0x2A,0x07,0x05,                         /* [4280] OBJ_setCext_setExt */
+0x67,0x2A,0x07,0x06,                         /* [4284] OBJ_setCext_setQualf */
+0x67,0x2A,0x07,0x07,                         /* [4288] OBJ_setCext_PGWYcapabilities */
+0x67,0x2A,0x07,0x08,                         /* [4292] OBJ_setCext_TokenIdentifier */
+0x67,0x2A,0x07,0x09,                         /* [4296] OBJ_setCext_Track2Data */
+0x67,0x2A,0x07,0x0A,                         /* [4300] OBJ_setCext_TokenType */
+0x67,0x2A,0x07,0x0B,                         /* [4304] OBJ_setCext_IssuerCapabilities */
+0x67,0x2A,0x03,0x00,                         /* [4308] OBJ_setAttr_Cert */
+0x67,0x2A,0x03,0x01,                         /* [4312] OBJ_setAttr_PGWYcap */
+0x67,0x2A,0x03,0x02,                         /* [4316] OBJ_setAttr_TokenType */
+0x67,0x2A,0x03,0x03,                         /* [4320] OBJ_setAttr_IssCap */
+0x67,0x2A,0x03,0x00,0x00,                    /* [4324] OBJ_set_rootKeyThumb */
+0x67,0x2A,0x03,0x00,0x01,                    /* [4329] OBJ_set_addPolicy */
+0x67,0x2A,0x03,0x02,0x01,                    /* [4334] OBJ_setAttr_Token_EMV */
+0x67,0x2A,0x03,0x02,0x02,                    /* [4339] OBJ_setAttr_Token_B0Prime */
+0x67,0x2A,0x03,0x03,0x03,                    /* [4344] OBJ_setAttr_IssCap_CVM */
+0x67,0x2A,0x03,0x03,0x04,                    /* [4349] OBJ_setAttr_IssCap_T2 */
+0x67,0x2A,0x03,0x03,0x05,                    /* [4354] OBJ_setAttr_IssCap_Sig */
+0x67,0x2A,0x03,0x03,0x03,0x01,               /* [4359] OBJ_setAttr_GenCryptgrm */
+0x67,0x2A,0x03,0x03,0x04,0x01,               /* [4365] OBJ_setAttr_T2Enc */
+0x67,0x2A,0x03,0x03,0x04,0x02,               /* [4371] OBJ_setAttr_T2cleartxt */
+0x67,0x2A,0x03,0x03,0x05,0x01,               /* [4377] OBJ_setAttr_TokICCsig */
+0x67,0x2A,0x03,0x03,0x05,0x02,               /* [4383] OBJ_setAttr_SecDevSig */
+0x67,0x2A,0x08,0x01,                         /* [4389] OBJ_set_brand_IATA_ATA */
+0x67,0x2A,0x08,0x1E,                         /* [4393] OBJ_set_brand_Diners */
+0x67,0x2A,0x08,0x22,                         /* [4397] OBJ_set_brand_AmericanExpress */
+0x67,0x2A,0x08,0x23,                         /* [4401] OBJ_set_brand_JCB */
+0x67,0x2A,0x08,0x04,                         /* [4405] OBJ_set_brand_Visa */
+0x67,0x2A,0x08,0x05,                         /* [4409] OBJ_set_brand_MasterCard */
+0x67,0x2A,0x08,0xAE,0x7B,                    /* [4413] OBJ_set_brand_Novus */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x0A,     /* [4418] OBJ_des_cdmf */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x06,/* [4426] OBJ_rsaOAEPEncryptionSET */
+0x67,                                        /* [4435] OBJ_international_organizations */
+0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x02,/* [4436] OBJ_ms_smartcard_login */
+0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x03,/* [4446] OBJ_ms_upn */
+0x55,0x04,0x09,                              /* [4456] OBJ_streetAddress */
+0x55,0x04,0x11,                              /* [4459] OBJ_postalCode */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x15,          /* [4462] OBJ_id_ppl */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0E,     /* [4469] OBJ_proxyCertInfo */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x00,     /* [4477] OBJ_id_ppl_anyLanguage */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x01,     /* [4485] OBJ_id_ppl_inheritAll */
+0x55,0x1D,0x1E,                              /* [4493] OBJ_name_constraints */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x02,     /* [4496] OBJ_Independent */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0B,/* [4504] OBJ_sha256WithRSAEncryption */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0C,/* [4513] OBJ_sha384WithRSAEncryption */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0D,/* [4522] OBJ_sha512WithRSAEncryption */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0E,/* [4531] OBJ_sha224WithRSAEncryption */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,/* [4540] OBJ_sha256 */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x02,/* [4549] OBJ_sha384 */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x03,/* [4558] OBJ_sha512 */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x04,/* [4567] OBJ_sha224 */
+0x2B,                                        /* [4576] OBJ_identified_organization */
+0x2B,0x81,0x04,                              /* [4577] OBJ_certicom_arc */
+0x67,0x2B,                                   /* [4580] OBJ_wap */
+0x67,0x2B,0x01,                              /* [4582] OBJ_wap_wsg */
+0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,     /* [4585] OBJ_X9_62_id_characteristic_two_basis */
+0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x01,/* [4593] OBJ_X9_62_onBasis */
+0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x02,/* [4602] OBJ_X9_62_tpBasis */
+0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x03,/* [4611] OBJ_X9_62_ppBasis */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x01,     /* [4620] OBJ_X9_62_c2pnb163v1 */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x02,     /* [4628] OBJ_X9_62_c2pnb163v2 */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x03,     /* [4636] OBJ_X9_62_c2pnb163v3 */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x04,     /* [4644] OBJ_X9_62_c2pnb176v1 */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x05,     /* [4652] OBJ_X9_62_c2tnb191v1 */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x06,     /* [4660] OBJ_X9_62_c2tnb191v2 */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x07,     /* [4668] OBJ_X9_62_c2tnb191v3 */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x08,     /* [4676] OBJ_X9_62_c2onb191v4 */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x09,     /* [4684] OBJ_X9_62_c2onb191v5 */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0A,     /* [4692] OBJ_X9_62_c2pnb208w1 */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0B,     /* [4700] OBJ_X9_62_c2tnb239v1 */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0C,     /* [4708] OBJ_X9_62_c2tnb239v2 */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0D,     /* [4716] OBJ_X9_62_c2tnb239v3 */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0E,     /* [4724] OBJ_X9_62_c2onb239v4 */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0F,     /* [4732] OBJ_X9_62_c2onb239v5 */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x10,     /* [4740] OBJ_X9_62_c2pnb272w1 */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x11,     /* [4748] OBJ_X9_62_c2pnb304w1 */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x12,     /* [4756] OBJ_X9_62_c2tnb359v1 */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x13,     /* [4764] OBJ_X9_62_c2pnb368w1 */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x14,     /* [4772] OBJ_X9_62_c2tnb431r1 */
+0x2B,0x81,0x04,0x00,0x06,                    /* [4780] OBJ_secp112r1 */
+0x2B,0x81,0x04,0x00,0x07,                    /* [4785] OBJ_secp112r2 */
+0x2B,0x81,0x04,0x00,0x1C,                    /* [4790] OBJ_secp128r1 */
+0x2B,0x81,0x04,0x00,0x1D,                    /* [4795] OBJ_secp128r2 */
+0x2B,0x81,0x04,0x00,0x09,                    /* [4800] OBJ_secp160k1 */
+0x2B,0x81,0x04,0x00,0x08,                    /* [4805] OBJ_secp160r1 */
+0x2B,0x81,0x04,0x00,0x1E,                    /* [4810] OBJ_secp160r2 */
+0x2B,0x81,0x04,0x00,0x1F,                    /* [4815] OBJ_secp192k1 */
+0x2B,0x81,0x04,0x00,0x20,                    /* [4820] OBJ_secp224k1 */
+0x2B,0x81,0x04,0x00,0x21,                    /* [4825] OBJ_secp224r1 */
+0x2B,0x81,0x04,0x00,0x0A,                    /* [4830] OBJ_secp256k1 */
+0x2B,0x81,0x04,0x00,0x22,                    /* [4835] OBJ_secp384r1 */
+0x2B,0x81,0x04,0x00,0x23,                    /* [4840] OBJ_secp521r1 */
+0x2B,0x81,0x04,0x00,0x04,                    /* [4845] OBJ_sect113r1 */
+0x2B,0x81,0x04,0x00,0x05,                    /* [4850] OBJ_sect113r2 */
+0x2B,0x81,0x04,0x00,0x16,                    /* [4855] OBJ_sect131r1 */
+0x2B,0x81,0x04,0x00,0x17,                    /* [4860] OBJ_sect131r2 */
+0x2B,0x81,0x04,0x00,0x01,                    /* [4865] OBJ_sect163k1 */
+0x2B,0x81,0x04,0x00,0x02,                    /* [4870] OBJ_sect163r1 */
+0x2B,0x81,0x04,0x00,0x0F,                    /* [4875] OBJ_sect163r2 */
+0x2B,0x81,0x04,0x00,0x18,                    /* [4880] OBJ_sect193r1 */
+0x2B,0x81,0x04,0x00,0x19,                    /* [4885] OBJ_sect193r2 */
+0x2B,0x81,0x04,0x00,0x1A,                    /* [4890] OBJ_sect233k1 */
+0x2B,0x81,0x04,0x00,0x1B,                    /* [4895] OBJ_sect233r1 */
+0x2B,0x81,0x04,0x00,0x03,                    /* [4900] OBJ_sect239k1 */
+0x2B,0x81,0x04,0x00,0x10,                    /* [4905] OBJ_sect283k1 */
+0x2B,0x81,0x04,0x00,0x11,                    /* [4910] OBJ_sect283r1 */
+0x2B,0x81,0x04,0x00,0x24,                    /* [4915] OBJ_sect409k1 */
+0x2B,0x81,0x04,0x00,0x25,                    /* [4920] OBJ_sect409r1 */
+0x2B,0x81,0x04,0x00,0x26,                    /* [4925] OBJ_sect571k1 */
+0x2B,0x81,0x04,0x00,0x27,                    /* [4930] OBJ_sect571r1 */
+0x67,0x2B,0x01,0x04,0x01,                    /* [4935] OBJ_wap_wsg_idm_ecid_wtls1 */
+0x67,0x2B,0x01,0x04,0x03,                    /* [4940] OBJ_wap_wsg_idm_ecid_wtls3 */
+0x67,0x2B,0x01,0x04,0x04,                    /* [4945] OBJ_wap_wsg_idm_ecid_wtls4 */
+0x67,0x2B,0x01,0x04,0x05,                    /* [4950] OBJ_wap_wsg_idm_ecid_wtls5 */
+0x67,0x2B,0x01,0x04,0x06,                    /* [4955] OBJ_wap_wsg_idm_ecid_wtls6 */
+0x67,0x2B,0x01,0x04,0x07,                    /* [4960] OBJ_wap_wsg_idm_ecid_wtls7 */
+0x67,0x2B,0x01,0x04,0x08,                    /* [4965] OBJ_wap_wsg_idm_ecid_wtls8 */
+0x67,0x2B,0x01,0x04,0x09,                    /* [4970] OBJ_wap_wsg_idm_ecid_wtls9 */
+0x67,0x2B,0x01,0x04,0x0A,                    /* [4975] OBJ_wap_wsg_idm_ecid_wtls10 */
+0x67,0x2B,0x01,0x04,0x0B,                    /* [4980] OBJ_wap_wsg_idm_ecid_wtls11 */
+0x67,0x2B,0x01,0x04,0x0C,                    /* [4985] OBJ_wap_wsg_idm_ecid_wtls12 */
+0x55,0x1D,0x20,0x00,                         /* [4990] OBJ_any_policy */
+0x55,0x1D,0x21,                              /* [4994] OBJ_policy_mappings */
+0x55,0x1D,0x36,                              /* [4997] OBJ_inhibit_any_policy */
+0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x01,0x02,/* [5000] OBJ_camellia_128_cbc */
+0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x01,0x03,/* [5011] OBJ_camellia_192_cbc */
+0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x01,0x04,/* [5022] OBJ_camellia_256_cbc */
+0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x01,     /* [5033] OBJ_camellia_128_ecb */
+0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x15,     /* [5041] OBJ_camellia_192_ecb */
+0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x29,     /* [5049] OBJ_camellia_256_ecb */
+0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x04,     /* [5057] OBJ_camellia_128_cfb128 */
+0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x18,     /* [5065] OBJ_camellia_192_cfb128 */
+0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x2C,     /* [5073] OBJ_camellia_256_cfb128 */
+0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x03,     /* [5081] OBJ_camellia_128_ofb128 */
+0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x17,     /* [5089] OBJ_camellia_192_ofb128 */
+0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x2B,     /* [5097] OBJ_camellia_256_ofb128 */
+0x55,0x1D,0x09,                              /* [5105] OBJ_subject_directory_attributes */
+0x55,0x1D,0x1C,                              /* [5108] OBJ_issuing_distribution_point */
+0x55,0x1D,0x1D,                              /* [5111] OBJ_certificate_issuer */
+0x2A,0x83,0x1A,0x8C,0x9A,0x44,               /* [5114] OBJ_kisa */
+0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x03,     /* [5120] OBJ_seed_ecb */
+0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x04,     /* [5128] OBJ_seed_cbc */
+0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x06,     /* [5136] OBJ_seed_ofb128 */
+0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x05,     /* [5144] OBJ_seed_cfb128 */
+0x2B,0x06,0x01,0x05,0x05,0x08,0x01,0x01,     /* [5152] OBJ_hmac_md5 */
+0x2B,0x06,0x01,0x05,0x05,0x08,0x01,0x02,     /* [5160] OBJ_hmac_sha1 */
+0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x0D,/* [5168] OBJ_id_PasswordBasedMAC */
+0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x1E,/* [5177] OBJ_id_DHBasedMac */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x10,     /* [5186] OBJ_id_it_suppLangTags */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x05,     /* [5194] OBJ_caRepository */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x09,/* [5202] OBJ_id_smime_ct_compressedData */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x1B,/* [5213] OBJ_id_ct_asciiTextWithCRLF */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x05,/* [5224] OBJ_id_aes128_wrap */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x19,/* [5233] OBJ_id_aes192_wrap */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2D,/* [5242] OBJ_id_aes256_wrap */
+0x2A,0x86,0x48,0xCE,0x3D,0x04,0x02,          /* [5251] OBJ_ecdsa_with_Recommended */
+0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,          /* [5258] OBJ_ecdsa_with_Specified */
+0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x01,     /* [5265] OBJ_ecdsa_with_SHA224 */
+0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x02,     /* [5273] OBJ_ecdsa_with_SHA256 */
+0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x03,     /* [5281] OBJ_ecdsa_with_SHA384 */
+0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x04,     /* [5289] OBJ_ecdsa_with_SHA512 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x06,     /* [5297] OBJ_hmacWithMD5 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x08,     /* [5305] OBJ_hmacWithSHA224 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x09,     /* [5313] OBJ_hmacWithSHA256 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x0A,     /* [5321] OBJ_hmacWithSHA384 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x0B,     /* [5329] OBJ_hmacWithSHA512 */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x01,/* [5337] OBJ_dsa_with_SHA224 */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x02,/* [5346] OBJ_dsa_with_SHA256 */
+0x28,0xCF,0x06,0x03,0x00,0x37,               /* [5355] OBJ_whirlpool */
+0x2A,0x85,0x03,0x02,0x02,                    /* [5361] OBJ_cryptopro */
+0x2A,0x85,0x03,0x02,0x09,                    /* [5366] OBJ_cryptocom */
+0x2A,0x85,0x03,0x02,0x02,0x03,               /* [5371] OBJ_id_GostR3411_94_with_GostR3410_2001 */
+0x2A,0x85,0x03,0x02,0x02,0x04,               /* [5377] OBJ_id_GostR3411_94_with_GostR3410_94 */
+0x2A,0x85,0x03,0x02,0x02,0x09,               /* [5383] OBJ_id_GostR3411_94 */
+0x2A,0x85,0x03,0x02,0x02,0x0A,               /* [5389] OBJ_id_HMACGostR3411_94 */
+0x2A,0x85,0x03,0x02,0x02,0x13,               /* [5395] OBJ_id_GostR3410_2001 */
+0x2A,0x85,0x03,0x02,0x02,0x14,               /* [5401] OBJ_id_GostR3410_94 */
+0x2A,0x85,0x03,0x02,0x02,0x15,               /* [5407] OBJ_id_Gost28147_89 */
+0x2A,0x85,0x03,0x02,0x02,0x16,               /* [5413] OBJ_id_Gost28147_89_MAC */
+0x2A,0x85,0x03,0x02,0x02,0x17,               /* [5419] OBJ_id_GostR3411_94_prf */
+0x2A,0x85,0x03,0x02,0x02,0x62,               /* [5425] OBJ_id_GostR3410_2001DH */
+0x2A,0x85,0x03,0x02,0x02,0x63,               /* [5431] OBJ_id_GostR3410_94DH */
+0x2A,0x85,0x03,0x02,0x02,0x0E,0x01,          /* [5437] OBJ_id_Gost28147_89_CryptoPro_KeyMeshing */
+0x2A,0x85,0x03,0x02,0x02,0x0E,0x00,          /* [5444] OBJ_id_Gost28147_89_None_KeyMeshing */
+0x2A,0x85,0x03,0x02,0x02,0x1E,0x00,          /* [5451] OBJ_id_GostR3411_94_TestParamSet */
+0x2A,0x85,0x03,0x02,0x02,0x1E,0x01,          /* [5458] OBJ_id_GostR3411_94_CryptoProParamSet */
+0x2A,0x85,0x03,0x02,0x02,0x1F,0x00,          /* [5465] OBJ_id_Gost28147_89_TestParamSet */
+0x2A,0x85,0x03,0x02,0x02,0x1F,0x01,          /* [5472] OBJ_id_Gost28147_89_CryptoPro_A_ParamSet */
+0x2A,0x85,0x03,0x02,0x02,0x1F,0x02,          /* [5479] OBJ_id_Gost28147_89_CryptoPro_B_ParamSet */
+0x2A,0x85,0x03,0x02,0x02,0x1F,0x03,          /* [5486] OBJ_id_Gost28147_89_CryptoPro_C_ParamSet */
+0x2A,0x85,0x03,0x02,0x02,0x1F,0x04,          /* [5493] OBJ_id_Gost28147_89_CryptoPro_D_ParamSet */
+0x2A,0x85,0x03,0x02,0x02,0x1F,0x05,          /* [5500] OBJ_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet */
+0x2A,0x85,0x03,0x02,0x02,0x1F,0x06,          /* [5507] OBJ_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet */
+0x2A,0x85,0x03,0x02,0x02,0x1F,0x07,          /* [5514] OBJ_id_Gost28147_89_CryptoPro_RIC_1_ParamSet */
+0x2A,0x85,0x03,0x02,0x02,0x20,0x00,          /* [5521] OBJ_id_GostR3410_94_TestParamSet */
+0x2A,0x85,0x03,0x02,0x02,0x20,0x02,          /* [5528] OBJ_id_GostR3410_94_CryptoPro_A_ParamSet */
+0x2A,0x85,0x03,0x02,0x02,0x20,0x03,          /* [5535] OBJ_id_GostR3410_94_CryptoPro_B_ParamSet */
+0x2A,0x85,0x03,0x02,0x02,0x20,0x04,          /* [5542] OBJ_id_GostR3410_94_CryptoPro_C_ParamSet */
+0x2A,0x85,0x03,0x02,0x02,0x20,0x05,          /* [5549] OBJ_id_GostR3410_94_CryptoPro_D_ParamSet */
+0x2A,0x85,0x03,0x02,0x02,0x21,0x01,          /* [5556] OBJ_id_GostR3410_94_CryptoPro_XchA_ParamSet */
+0x2A,0x85,0x03,0x02,0x02,0x21,0x02,          /* [5563] OBJ_id_GostR3410_94_CryptoPro_XchB_ParamSet */
+0x2A,0x85,0x03,0x02,0x02,0x21,0x03,          /* [5570] OBJ_id_GostR3410_94_CryptoPro_XchC_ParamSet */
+0x2A,0x85,0x03,0x02,0x02,0x23,0x00,          /* [5577] OBJ_id_GostR3410_2001_TestParamSet */
+0x2A,0x85,0x03,0x02,0x02,0x23,0x01,          /* [5584] OBJ_id_GostR3410_2001_CryptoPro_A_ParamSet */
+0x2A,0x85,0x03,0x02,0x02,0x23,0x02,          /* [5591] OBJ_id_GostR3410_2001_CryptoPro_B_ParamSet */
+0x2A,0x85,0x03,0x02,0x02,0x23,0x03,          /* [5598] OBJ_id_GostR3410_2001_CryptoPro_C_ParamSet */
+0x2A,0x85,0x03,0x02,0x02,0x24,0x00,          /* [5605] OBJ_id_GostR3410_2001_CryptoPro_XchA_ParamSet */
+0x2A,0x85,0x03,0x02,0x02,0x24,0x01,          /* [5612] OBJ_id_GostR3410_2001_CryptoPro_XchB_ParamSet */
+0x2A,0x85,0x03,0x02,0x02,0x14,0x01,          /* [5619] OBJ_id_GostR3410_94_a */
+0x2A,0x85,0x03,0x02,0x02,0x14,0x02,          /* [5626] OBJ_id_GostR3410_94_aBis */
+0x2A,0x85,0x03,0x02,0x02,0x14,0x03,          /* [5633] OBJ_id_GostR3410_94_b */
+0x2A,0x85,0x03,0x02,0x02,0x14,0x04,          /* [5640] OBJ_id_GostR3410_94_bBis */
+0x2A,0x85,0x03,0x02,0x09,0x01,0x06,0x01,     /* [5647] OBJ_id_Gost28147_89_cc */
+0x2A,0x85,0x03,0x02,0x09,0x01,0x05,0x03,     /* [5655] OBJ_id_GostR3410_94_cc */
+0x2A,0x85,0x03,0x02,0x09,0x01,0x05,0x04,     /* [5663] OBJ_id_GostR3410_2001_cc */
+0x2A,0x85,0x03,0x02,0x09,0x01,0x03,0x03,     /* [5671] OBJ_id_GostR3411_94_with_GostR3410_94_cc */
+0x2A,0x85,0x03,0x02,0x09,0x01,0x03,0x04,     /* [5679] OBJ_id_GostR3411_94_with_GostR3410_2001_cc */
+0x2A,0x85,0x03,0x02,0x09,0x01,0x08,0x01,     /* [5687] OBJ_id_GostR3410_2001_ParamSet_cc */
+0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x11,0x02,/* [5695] OBJ_LocalKeySet */
+0x55,0x1D,0x2E,                              /* [5704] OBJ_freshest_crl */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x08,0x03,     /* [5707] OBJ_id_on_permanentIdentifier */
+0x55,0x04,0x0E,                              /* [5715] OBJ_searchGuide */
+0x55,0x04,0x0F,                              /* [5718] OBJ_businessCategory */
+0x55,0x04,0x10,                              /* [5721] OBJ_postalAddress */
+0x55,0x04,0x12,                              /* [5724] OBJ_postOfficeBox */
+0x55,0x04,0x13,                              /* [5727] OBJ_physicalDeliveryOfficeName */
+0x55,0x04,0x14,                              /* [5730] OBJ_telephoneNumber */
+0x55,0x04,0x15,                              /* [5733] OBJ_telexNumber */
+0x55,0x04,0x16,                              /* [5736] OBJ_teletexTerminalIdentifier */
+0x55,0x04,0x17,                              /* [5739] OBJ_facsimileTelephoneNumber */
+0x55,0x04,0x18,                              /* [5742] OBJ_x121Address */
+0x55,0x04,0x19,                              /* [5745] OBJ_internationaliSDNNumber */
+0x55,0x04,0x1A,                              /* [5748] OBJ_registeredAddress */
+0x55,0x04,0x1B,                              /* [5751] OBJ_destinationIndicator */
+0x55,0x04,0x1C,                              /* [5754] OBJ_preferredDeliveryMethod */
+0x55,0x04,0x1D,                              /* [5757] OBJ_presentationAddress */
+0x55,0x04,0x1E,                              /* [5760] OBJ_supportedApplicationContext */
+0x55,0x04,0x1F,                              /* [5763] OBJ_member */
+0x55,0x04,0x20,                              /* [5766] OBJ_owner */
+0x55,0x04,0x21,                              /* [5769] OBJ_roleOccupant */
+0x55,0x04,0x22,                              /* [5772] OBJ_seeAlso */
+0x55,0x04,0x23,                              /* [5775] OBJ_userPassword */
+0x55,0x04,0x24,                              /* [5778] OBJ_userCertificate */
+0x55,0x04,0x25,                              /* [5781] OBJ_cACertificate */
+0x55,0x04,0x26,                              /* [5784] OBJ_authorityRevocationList */
+0x55,0x04,0x27,                              /* [5787] OBJ_certificateRevocationList */
+0x55,0x04,0x28,                              /* [5790] OBJ_crossCertificatePair */
+0x55,0x04,0x2F,                              /* [5793] OBJ_enhancedSearchGuide */
+0x55,0x04,0x30,                              /* [5796] OBJ_protocolInformation */
+0x55,0x04,0x31,                              /* [5799] OBJ_distinguishedName */
+0x55,0x04,0x32,                              /* [5802] OBJ_uniqueMember */
+0x55,0x04,0x33,                              /* [5805] OBJ_houseIdentifier */
+0x55,0x04,0x34,                              /* [5808] OBJ_supportedAlgorithms */
+0x55,0x04,0x35,                              /* [5811] OBJ_deltaRevocationList */
+0x55,0x04,0x36,                              /* [5814] OBJ_dmdName */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x09,/* [5817] OBJ_id_alg_PWRI_KEK */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x06,/* [5828] OBJ_aes_128_gcm */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x07,/* [5837] OBJ_aes_128_ccm */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x08,/* [5846] OBJ_id_aes128_wrap_pad */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x1A,/* [5855] OBJ_aes_192_gcm */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x1B,/* [5864] OBJ_aes_192_ccm */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x1C,/* [5873] OBJ_id_aes192_wrap_pad */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2E,/* [5882] OBJ_aes_256_gcm */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2F,/* [5891] OBJ_aes_256_ccm */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x30,/* [5900] OBJ_id_aes256_wrap_pad */
+0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x03,0x02,/* [5909] OBJ_id_camellia128_wrap */
+0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x03,0x03,/* [5920] OBJ_id_camellia192_wrap */
+0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x03,0x04,/* [5931] OBJ_id_camellia256_wrap */
+0x55,0x1D,0x25,0x00,                         /* [5942] OBJ_anyExtendedKeyUsage */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x08,/* [5946] OBJ_mgf1 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0A,/* [5955] OBJ_rsassaPss */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x07,/* [5964] OBJ_rsaesOaep */
 };
 
 static const ASN1_OBJECT nid_objs[NUM_NID]={
-{"UNDEF","undefined",NID_undef,1,&(lvalues[0]),0},
-{"rsadsi","RSA Data Security, Inc.",NID_rsadsi,6,&(lvalues[1]),0},
-{"pkcs","RSA Data Security, Inc. PKCS",NID_pkcs,7,&(lvalues[7]),0},
-{"MD2","md2",NID_md2,8,&(lvalues[14]),0},
-{"MD5","md5",NID_md5,8,&(lvalues[22]),0},
-{"RC4","rc4",NID_rc4,8,&(lvalues[30]),0},
-{"rsaEncryption","rsaEncryption",NID_rsaEncryption,9,&(lvalues[38]),0},
+{"UNDEF","undefined",NID_undef,0,NULL,0},
+{"rsadsi","RSA Data Security, Inc.",NID_rsadsi,6,&(lvalues[0]),0},
+{"pkcs","RSA Data Security, Inc. PKCS",NID_pkcs,7,&(lvalues[6]),0},
+{"MD2","md2",NID_md2,8,&(lvalues[13]),0},
+{"MD5","md5",NID_md5,8,&(lvalues[21]),0},
+{"RC4","rc4",NID_rc4,8,&(lvalues[29]),0},
+{"rsaEncryption","rsaEncryption",NID_rsaEncryption,9,&(lvalues[37]),0},
 {"RSA-MD2","md2WithRSAEncryption",NID_md2WithRSAEncryption,9,
-	&(lvalues[47]),0},
+	&(lvalues[46]),0},
 {"RSA-MD5","md5WithRSAEncryption",NID_md5WithRSAEncryption,9,
-	&(lvalues[56]),0},
+	&(lvalues[55]),0},
 {"PBE-MD2-DES","pbeWithMD2AndDES-CBC",NID_pbeWithMD2AndDES_CBC,9,
-	&(lvalues[65]),0},
+	&(lvalues[64]),0},
 {"PBE-MD5-DES","pbeWithMD5AndDES-CBC",NID_pbeWithMD5AndDES_CBC,9,
-	&(lvalues[74]),0},
-{"X500","directory services (X.500)",NID_X500,1,&(lvalues[83]),0},
-{"X509","X509",NID_X509,2,&(lvalues[84]),0},
-{"CN","commonName",NID_commonName,3,&(lvalues[86]),0},
-{"C","countryName",NID_countryName,3,&(lvalues[89]),0},
-{"L","localityName",NID_localityName,3,&(lvalues[92]),0},
-{"ST","stateOrProvinceName",NID_stateOrProvinceName,3,&(lvalues[95]),0},
-{"O","organizationName",NID_organizationName,3,&(lvalues[98]),0},
+	&(lvalues[73]),0},
+{"X500","directory services (X.500)",NID_X500,1,&(lvalues[82]),0},
+{"X509","X509",NID_X509,2,&(lvalues[83]),0},
+{"CN","commonName",NID_commonName,3,&(lvalues[85]),0},
+{"C","countryName",NID_countryName,3,&(lvalues[88]),0},
+{"L","localityName",NID_localityName,3,&(lvalues[91]),0},
+{"ST","stateOrProvinceName",NID_stateOrProvinceName,3,&(lvalues[94]),0},
+{"O","organizationName",NID_organizationName,3,&(lvalues[97]),0},
 {"OU","organizationalUnitName",NID_organizationalUnitName,3,
-	&(lvalues[101]),0},
-{"RSA","rsa",NID_rsa,4,&(lvalues[104]),0},
-{"pkcs7","pkcs7",NID_pkcs7,8,&(lvalues[108]),0},
-{"pkcs7-data","pkcs7-data",NID_pkcs7_data,9,&(lvalues[116]),0},
+	&(lvalues[100]),0},
+{"RSA","rsa",NID_rsa,4,&(lvalues[103]),0},
+{"pkcs7","pkcs7",NID_pkcs7,8,&(lvalues[107]),0},
+{"pkcs7-data","pkcs7-data",NID_pkcs7_data,9,&(lvalues[115]),0},
 {"pkcs7-signedData","pkcs7-signedData",NID_pkcs7_signed,9,
-	&(lvalues[125]),0},
+	&(lvalues[124]),0},
 {"pkcs7-envelopedData","pkcs7-envelopedData",NID_pkcs7_enveloped,9,
-	&(lvalues[134]),0},
+	&(lvalues[133]),0},
 {"pkcs7-signedAndEnvelopedData","pkcs7-signedAndEnvelopedData",
-	NID_pkcs7_signedAndEnveloped,9,&(lvalues[143]),0},
+	NID_pkcs7_signedAndEnveloped,9,&(lvalues[142]),0},
 {"pkcs7-digestData","pkcs7-digestData",NID_pkcs7_digest,9,
-	&(lvalues[152]),0},
+	&(lvalues[151]),0},
 {"pkcs7-encryptedData","pkcs7-encryptedData",NID_pkcs7_encrypted,9,
-	&(lvalues[161]),0},
-{"pkcs3","pkcs3",NID_pkcs3,8,&(lvalues[170]),0},
+	&(lvalues[160]),0},
+{"pkcs3","pkcs3",NID_pkcs3,8,&(lvalues[169]),0},
 {"dhKeyAgreement","dhKeyAgreement",NID_dhKeyAgreement,9,
-	&(lvalues[178]),0},
-{"DES-ECB","des-ecb",NID_des_ecb,5,&(lvalues[187]),0},
-{"DES-CFB","des-cfb",NID_des_cfb64,5,&(lvalues[192]),0},
-{"DES-CBC","des-cbc",NID_des_cbc,5,&(lvalues[197]),0},
-{"DES-EDE","des-ede",NID_des_ede_ecb,5,&(lvalues[202]),0},
+	&(lvalues[177]),0},
+{"DES-ECB","des-ecb",NID_des_ecb,5,&(lvalues[186]),0},
+{"DES-CFB","des-cfb",NID_des_cfb64,5,&(lvalues[191]),0},
+{"DES-CBC","des-cbc",NID_des_cbc,5,&(lvalues[196]),0},
+{"DES-EDE","des-ede",NID_des_ede_ecb,5,&(lvalues[201]),0},
 {"DES-EDE3","des-ede3",NID_des_ede3_ecb,0,NULL,0},
-{"IDEA-CBC","idea-cbc",NID_idea_cbc,11,&(lvalues[207]),0},
+{"IDEA-CBC","idea-cbc",NID_idea_cbc,11,&(lvalues[206]),0},
 {"IDEA-CFB","idea-cfb",NID_idea_cfb64,0,NULL,0},
 {"IDEA-ECB","idea-ecb",NID_idea_ecb,0,NULL,0},
-{"RC2-CBC","rc2-cbc",NID_rc2_cbc,8,&(lvalues[218]),0},
+{"RC2-CBC","rc2-cbc",NID_rc2_cbc,8,&(lvalues[217]),0},
 {"RC2-ECB","rc2-ecb",NID_rc2_ecb,0,NULL,0},
 {"RC2-CFB","rc2-cfb",NID_rc2_cfb64,0,NULL,0},
 {"RC2-OFB","rc2-ofb",NID_rc2_ofb64,0,NULL,0},
-{"SHA","sha",NID_sha,5,&(lvalues[226]),0},
+{"SHA","sha",NID_sha,5,&(lvalues[225]),0},
 {"RSA-SHA","shaWithRSAEncryption",NID_shaWithRSAEncryption,5,
-	&(lvalues[231]),0},
+	&(lvalues[230]),0},
 {"DES-EDE-CBC","des-ede-cbc",NID_des_ede_cbc,0,NULL,0},
-{"DES-EDE3-CBC","des-ede3-cbc",NID_des_ede3_cbc,8,&(lvalues[236]),0},
-{"DES-OFB","des-ofb",NID_des_ofb64,5,&(lvalues[244]),0},
+{"DES-EDE3-CBC","des-ede3-cbc",NID_des_ede3_cbc,8,&(lvalues[235]),0},
+{"DES-OFB","des-ofb",NID_des_ofb64,5,&(lvalues[243]),0},
 {"IDEA-OFB","idea-ofb",NID_idea_ofb64,0,NULL,0},
-{"pkcs9","pkcs9",NID_pkcs9,8,&(lvalues[249]),0},
+{"pkcs9","pkcs9",NID_pkcs9,8,&(lvalues[248]),0},
 {"emailAddress","emailAddress",NID_pkcs9_emailAddress,9,
-	&(lvalues[257]),0},
+	&(lvalues[256]),0},
 {"unstructuredName","unstructuredName",NID_pkcs9_unstructuredName,9,
-	&(lvalues[266]),0},
-{"contentType","contentType",NID_pkcs9_contentType,9,&(lvalues[275]),0},
+	&(lvalues[265]),0},
+{"contentType","contentType",NID_pkcs9_contentType,9,&(lvalues[274]),0},
 {"messageDigest","messageDigest",NID_pkcs9_messageDigest,9,
-	&(lvalues[284]),0},
-{"signingTime","signingTime",NID_pkcs9_signingTime,9,&(lvalues[293]),0},
+	&(lvalues[283]),0},
+{"signingTime","signingTime",NID_pkcs9_signingTime,9,&(lvalues[292]),0},
 {"countersignature","countersignature",NID_pkcs9_countersignature,9,
-	&(lvalues[302]),0},
+	&(lvalues[301]),0},
 {"challengePassword","challengePassword",NID_pkcs9_challengePassword,
-	9,&(lvalues[311]),0},
+	9,&(lvalues[310]),0},
 {"unstructuredAddress","unstructuredAddress",
-	NID_pkcs9_unstructuredAddress,9,&(lvalues[320]),0},
+	NID_pkcs9_unstructuredAddress,9,&(lvalues[319]),0},
 {"extendedCertificateAttributes","extendedCertificateAttributes",
-	NID_pkcs9_extCertAttributes,9,&(lvalues[329]),0},
+	NID_pkcs9_extCertAttributes,9,&(lvalues[328]),0},
 {"Netscape","Netscape Communications Corp.",NID_netscape,7,
-	&(lvalues[338]),0},
+	&(lvalues[337]),0},
 {"nsCertExt","Netscape Certificate Extension",
-	NID_netscape_cert_extension,8,&(lvalues[345]),0},
+	NID_netscape_cert_extension,8,&(lvalues[344]),0},
 {"nsDataType","Netscape Data Type",NID_netscape_data_type,8,
-	&(lvalues[353]),0},
+	&(lvalues[352]),0},
 {"DES-EDE-CFB","des-ede-cfb",NID_des_ede_cfb64,0,NULL,0},
 {"DES-EDE3-CFB","des-ede3-cfb",NID_des_ede3_cfb64,0,NULL,0},
 {"DES-EDE-OFB","des-ede-ofb",NID_des_ede_ofb64,0,NULL,0},
 {"DES-EDE3-OFB","des-ede3-ofb",NID_des_ede3_ofb64,0,NULL,0},
-{"SHA1","sha1",NID_sha1,5,&(lvalues[361]),0},
+{"SHA1","sha1",NID_sha1,5,&(lvalues[360]),0},
 {"RSA-SHA1","sha1WithRSAEncryption",NID_sha1WithRSAEncryption,9,
-	&(lvalues[366]),0},
-{"DSA-SHA","dsaWithSHA",NID_dsaWithSHA,5,&(lvalues[375]),0},
-{"DSA-old","dsaEncryption-old",NID_dsa_2,5,&(lvalues[380]),0},
+	&(lvalues[365]),0},
+{"DSA-SHA","dsaWithSHA",NID_dsaWithSHA,5,&(lvalues[374]),0},
+{"DSA-old","dsaEncryption-old",NID_dsa_2,5,&(lvalues[379]),0},
 {"PBE-SHA1-RC2-64","pbeWithSHA1AndRC2-CBC",NID_pbeWithSHA1AndRC2_CBC,
-	9,&(lvalues[385]),0},
-{"PBKDF2","PBKDF2",NID_id_pbkdf2,9,&(lvalues[394]),0},
-{"DSA-SHA1-old","dsaWithSHA1-old",NID_dsaWithSHA1_2,5,&(lvalues[403]),0},
+	9,&(lvalues[384]),0},
+{"PBKDF2","PBKDF2",NID_id_pbkdf2,9,&(lvalues[393]),0},
+{"DSA-SHA1-old","dsaWithSHA1-old",NID_dsaWithSHA1_2,5,&(lvalues[402]),0},
 {"nsCertType","Netscape Cert Type",NID_netscape_cert_type,9,
-	&(lvalues[408]),0},
+	&(lvalues[407]),0},
 {"nsBaseUrl","Netscape Base Url",NID_netscape_base_url,9,
-	&(lvalues[417]),0},
+	&(lvalues[416]),0},
 {"nsRevocationUrl","Netscape Revocation Url",
-	NID_netscape_revocation_url,9,&(lvalues[426]),0},
+	NID_netscape_revocation_url,9,&(lvalues[425]),0},
 {"nsCaRevocationUrl","Netscape CA Revocation Url",
-	NID_netscape_ca_revocation_url,9,&(lvalues[435]),0},
+	NID_netscape_ca_revocation_url,9,&(lvalues[434]),0},
 {"nsRenewalUrl","Netscape Renewal Url",NID_netscape_renewal_url,9,
-	&(lvalues[444]),0},
+	&(lvalues[443]),0},
 {"nsCaPolicyUrl","Netscape CA Policy Url",NID_netscape_ca_policy_url,
-	9,&(lvalues[453]),0},
+	9,&(lvalues[452]),0},
 {"nsSslServerName","Netscape SSL Server Name",
-	NID_netscape_ssl_server_name,9,&(lvalues[462]),0},
-{"nsComment","Netscape Comment",NID_netscape_comment,9,&(lvalues[471]),0},
+	NID_netscape_ssl_server_name,9,&(lvalues[461]),0},
+{"nsComment","Netscape Comment",NID_netscape_comment,9,&(lvalues[470]),0},
 {"nsCertSequence","Netscape Certificate Sequence",
-	NID_netscape_cert_sequence,9,&(lvalues[480]),0},
+	NID_netscape_cert_sequence,9,&(lvalues[479]),0},
 {"DESX-CBC","desx-cbc",NID_desx_cbc,0,NULL,0},
-{"id-ce","id-ce",NID_id_ce,2,&(lvalues[489]),0},
+{"id-ce","id-ce",NID_id_ce,2,&(lvalues[488]),0},
 {"subjectKeyIdentifier","X509v3 Subject Key Identifier",
-	NID_subject_key_identifier,3,&(lvalues[491]),0},
-{"keyUsage","X509v3 Key Usage",NID_key_usage,3,&(lvalues[494]),0},
+	NID_subject_key_identifier,3,&(lvalues[490]),0},
+{"keyUsage","X509v3 Key Usage",NID_key_usage,3,&(lvalues[493]),0},
 {"privateKeyUsagePeriod","X509v3 Private Key Usage Period",
-	NID_private_key_usage_period,3,&(lvalues[497]),0},
+	NID_private_key_usage_period,3,&(lvalues[496]),0},
 {"subjectAltName","X509v3 Subject Alternative Name",
-	NID_subject_alt_name,3,&(lvalues[500]),0},
+	NID_subject_alt_name,3,&(lvalues[499]),0},
 {"issuerAltName","X509v3 Issuer Alternative Name",NID_issuer_alt_name,
-	3,&(lvalues[503]),0},
+	3,&(lvalues[502]),0},
 {"basicConstraints","X509v3 Basic Constraints",NID_basic_constraints,
-	3,&(lvalues[506]),0},
-{"crlNumber","X509v3 CRL Number",NID_crl_number,3,&(lvalues[509]),0},
+	3,&(lvalues[505]),0},
+{"crlNumber","X509v3 CRL Number",NID_crl_number,3,&(lvalues[508]),0},
 {"certificatePolicies","X509v3 Certificate Policies",
-	NID_certificate_policies,3,&(lvalues[512]),0},
+	NID_certificate_policies,3,&(lvalues[511]),0},
 {"authorityKeyIdentifier","X509v3 Authority Key Identifier",
-	NID_authority_key_identifier,3,&(lvalues[515]),0},
-{"BF-CBC","bf-cbc",NID_bf_cbc,9,&(lvalues[518]),0},
+	NID_authority_key_identifier,3,&(lvalues[514]),0},
+{"BF-CBC","bf-cbc",NID_bf_cbc,9,&(lvalues[517]),0},
 {"BF-ECB","bf-ecb",NID_bf_ecb,0,NULL,0},
 {"BF-CFB","bf-cfb",NID_bf_cfb64,0,NULL,0},
 {"BF-OFB","bf-ofb",NID_bf_ofb64,0,NULL,0},
-{"MDC2","mdc2",NID_mdc2,4,&(lvalues[527]),0},
-{"RSA-MDC2","mdc2WithRSA",NID_mdc2WithRSA,4,&(lvalues[531]),0},
+{"MDC2","mdc2",NID_mdc2,4,&(lvalues[526]),0},
+{"RSA-MDC2","mdc2WithRSA",NID_mdc2WithRSA,4,&(lvalues[530]),0},
 {"RC4-40","rc4-40",NID_rc4_40,0,NULL,0},
 {"RC2-40-CBC","rc2-40-cbc",NID_rc2_40_cbc,0,NULL,0},
-{"GN","givenName",NID_givenName,3,&(lvalues[535]),0},
-{"SN","surname",NID_surname,3,&(lvalues[538]),0},
-{"initials","initials",NID_initials,3,&(lvalues[541]),0},
+{"GN","givenName",NID_givenName,3,&(lvalues[534]),0},
+{"SN","surname",NID_surname,3,&(lvalues[537]),0},
+{"initials","initials",NID_initials,3,&(lvalues[540]),0},
 {NULL,NULL,NID_undef,0,NULL,0},
 {"crlDistributionPoints","X509v3 CRL Distribution Points",
-	NID_crl_distribution_points,3,&(lvalues[544]),0},
-{"RSA-NP-MD5","md5WithRSA",NID_md5WithRSA,5,&(lvalues[547]),0},
-{"serialNumber","serialNumber",NID_serialNumber,3,&(lvalues[552]),0},
-{"title","title",NID_title,3,&(lvalues[555]),0},
-{"description","description",NID_description,3,&(lvalues[558]),0},
-{"CAST5-CBC","cast5-cbc",NID_cast5_cbc,9,&(lvalues[561]),0},
+	NID_crl_distribution_points,3,&(lvalues[543]),0},
+{"RSA-NP-MD5","md5WithRSA",NID_md5WithRSA,5,&(lvalues[546]),0},
+{"serialNumber","serialNumber",NID_serialNumber,3,&(lvalues[551]),0},
+{"title","title",NID_title,3,&(lvalues[554]),0},
+{"description","description",NID_description,3,&(lvalues[557]),0},
+{"CAST5-CBC","cast5-cbc",NID_cast5_cbc,9,&(lvalues[560]),0},
 {"CAST5-ECB","cast5-ecb",NID_cast5_ecb,0,NULL,0},
 {"CAST5-CFB","cast5-cfb",NID_cast5_cfb64,0,NULL,0},
 {"CAST5-OFB","cast5-ofb",NID_cast5_ofb64,0,NULL,0},
 {"pbeWithMD5AndCast5CBC","pbeWithMD5AndCast5CBC",
-	NID_pbeWithMD5AndCast5_CBC,9,&(lvalues[570]),0},
-{"DSA-SHA1","dsaWithSHA1",NID_dsaWithSHA1,7,&(lvalues[579]),0},
+	NID_pbeWithMD5AndCast5_CBC,9,&(lvalues[569]),0},
+{"DSA-SHA1","dsaWithSHA1",NID_dsaWithSHA1,7,&(lvalues[578]),0},
 {"MD5-SHA1","md5-sha1",NID_md5_sha1,0,NULL,0},
-{"RSA-SHA1-2","sha1WithRSA",NID_sha1WithRSA,5,&(lvalues[586]),0},
-{"DSA","dsaEncryption",NID_dsa,7,&(lvalues[591]),0},
-{"RIPEMD160","ripemd160",NID_ripemd160,5,&(lvalues[598]),0},
+{"RSA-SHA1-2","sha1WithRSA",NID_sha1WithRSA,5,&(lvalues[585]),0},
+{"DSA","dsaEncryption",NID_dsa,7,&(lvalues[590]),0},
+{"RIPEMD160","ripemd160",NID_ripemd160,5,&(lvalues[597]),0},
 {NULL,NULL,NID_undef,0,NULL,0},
 {"RSA-RIPEMD160","ripemd160WithRSA",NID_ripemd160WithRSA,6,
-	&(lvalues[603]),0},
-{"RC5-CBC","rc5-cbc",NID_rc5_cbc,8,&(lvalues[609]),0},
+	&(lvalues[602]),0},
+{"RC5-CBC","rc5-cbc",NID_rc5_cbc,8,&(lvalues[608]),0},
 {"RC5-ECB","rc5-ecb",NID_rc5_ecb,0,NULL,0},
 {"RC5-CFB","rc5-cfb",NID_rc5_cfb64,0,NULL,0},
 {"RC5-OFB","rc5-ofb",NID_rc5_ofb64,0,NULL,0},
-{"RLE","run length compression",NID_rle_compression,6,&(lvalues[617]),0},
-{"ZLIB","zlib compression",NID_zlib_compression,11,&(lvalues[623]),0},
+{"RLE","run length compression",NID_rle_compression,6,&(lvalues[616]),0},
+{"ZLIB","zlib compression",NID_zlib_compression,11,&(lvalues[622]),0},
 {"extendedKeyUsage","X509v3 Extended Key Usage",NID_ext_key_usage,3,
-	&(lvalues[634]),0},
-{"PKIX","PKIX",NID_id_pkix,6,&(lvalues[637]),0},
-{"id-kp","id-kp",NID_id_kp,7,&(lvalues[643]),0},
+	&(lvalues[633]),0},
+{"PKIX","PKIX",NID_id_pkix,6,&(lvalues[636]),0},
+{"id-kp","id-kp",NID_id_kp,7,&(lvalues[642]),0},
 {"serverAuth","TLS Web Server Authentication",NID_server_auth,8,
-	&(lvalues[650]),0},
+	&(lvalues[649]),0},
 {"clientAuth","TLS Web Client Authentication",NID_client_auth,8,
-	&(lvalues[658]),0},
-{"codeSigning","Code Signing",NID_code_sign,8,&(lvalues[666]),0},
+	&(lvalues[657]),0},
+{"codeSigning","Code Signing",NID_code_sign,8,&(lvalues[665]),0},
 {"emailProtection","E-mail Protection",NID_email_protect,8,
-	&(lvalues[674]),0},
-{"timeStamping","Time Stamping",NID_time_stamp,8,&(lvalues[682]),0},
+	&(lvalues[673]),0},
+{"timeStamping","Time Stamping",NID_time_stamp,8,&(lvalues[681]),0},
 {"msCodeInd","Microsoft Individual Code Signing",NID_ms_code_ind,10,
-	&(lvalues[690]),0},
+	&(lvalues[689]),0},
 {"msCodeCom","Microsoft Commercial Code Signing",NID_ms_code_com,10,
-	&(lvalues[700]),0},
+	&(lvalues[699]),0},
 {"msCTLSign","Microsoft Trust List Signing",NID_ms_ctl_sign,10,
-	&(lvalues[710]),0},
-{"msSGC","Microsoft Server Gated Crypto",NID_ms_sgc,10,&(lvalues[720]),0},
+	&(lvalues[709]),0},
+{"msSGC","Microsoft Server Gated Crypto",NID_ms_sgc,10,&(lvalues[719]),0},
 {"msEFS","Microsoft Encrypted File System",NID_ms_efs,10,
-	&(lvalues[730]),0},
-{"nsSGC","Netscape Server Gated Crypto",NID_ns_sgc,9,&(lvalues[740]),0},
+	&(lvalues[729]),0},
+{"nsSGC","Netscape Server Gated Crypto",NID_ns_sgc,9,&(lvalues[739]),0},
 {"deltaCRL","X509v3 Delta CRL Indicator",NID_delta_crl,3,
-	&(lvalues[749]),0},
-{"CRLReason","X509v3 CRL Reason Code",NID_crl_reason,3,&(lvalues[752]),0},
+	&(lvalues[748]),0},
+{"CRLReason","X509v3 CRL Reason Code",NID_crl_reason,3,&(lvalues[751]),0},
 {"invalidityDate","Invalidity Date",NID_invalidity_date,3,
-	&(lvalues[755]),0},
-{"SXNetID","Strong Extranet ID",NID_sxnet,5,&(lvalues[758]),0},
+	&(lvalues[754]),0},
+{"SXNetID","Strong Extranet ID",NID_sxnet,5,&(lvalues[757]),0},
 {"PBE-SHA1-RC4-128","pbeWithSHA1And128BitRC4",
-	NID_pbe_WithSHA1And128BitRC4,10,&(lvalues[763]),0},
+	NID_pbe_WithSHA1And128BitRC4,10,&(lvalues[762]),0},
 {"PBE-SHA1-RC4-40","pbeWithSHA1And40BitRC4",
-	NID_pbe_WithSHA1And40BitRC4,10,&(lvalues[773]),0},
+	NID_pbe_WithSHA1And40BitRC4,10,&(lvalues[772]),0},
 {"PBE-SHA1-3DES","pbeWithSHA1And3-KeyTripleDES-CBC",
-	NID_pbe_WithSHA1And3_Key_TripleDES_CBC,10,&(lvalues[783]),0},
+	NID_pbe_WithSHA1And3_Key_TripleDES_CBC,10,&(lvalues[782]),0},
 {"PBE-SHA1-2DES","pbeWithSHA1And2-KeyTripleDES-CBC",
-	NID_pbe_WithSHA1And2_Key_TripleDES_CBC,10,&(lvalues[793]),0},
+	NID_pbe_WithSHA1And2_Key_TripleDES_CBC,10,&(lvalues[792]),0},
 {"PBE-SHA1-RC2-128","pbeWithSHA1And128BitRC2-CBC",
-	NID_pbe_WithSHA1And128BitRC2_CBC,10,&(lvalues[803]),0},
+	NID_pbe_WithSHA1And128BitRC2_CBC,10,&(lvalues[802]),0},
 {"PBE-SHA1-RC2-40","pbeWithSHA1And40BitRC2-CBC",
-	NID_pbe_WithSHA1And40BitRC2_CBC,10,&(lvalues[813]),0},
-{"keyBag","keyBag",NID_keyBag,11,&(lvalues[823]),0},
+	NID_pbe_WithSHA1And40BitRC2_CBC,10,&(lvalues[812]),0},
+{"keyBag","keyBag",NID_keyBag,11,&(lvalues[822]),0},
 {"pkcs8ShroudedKeyBag","pkcs8ShroudedKeyBag",NID_pkcs8ShroudedKeyBag,
-	11,&(lvalues[834]),0},
-{"certBag","certBag",NID_certBag,11,&(lvalues[845]),0},
-{"crlBag","crlBag",NID_crlBag,11,&(lvalues[856]),0},
-{"secretBag","secretBag",NID_secretBag,11,&(lvalues[867]),0},
+	11,&(lvalues[833]),0},
+{"certBag","certBag",NID_certBag,11,&(lvalues[844]),0},
+{"crlBag","crlBag",NID_crlBag,11,&(lvalues[855]),0},
+{"secretBag","secretBag",NID_secretBag,11,&(lvalues[866]),0},
 {"safeContentsBag","safeContentsBag",NID_safeContentsBag,11,
-	&(lvalues[878]),0},
-{"friendlyName","friendlyName",NID_friendlyName,9,&(lvalues[889]),0},
-{"localKeyID","localKeyID",NID_localKeyID,9,&(lvalues[898]),0},
+	&(lvalues[877]),0},
+{"friendlyName","friendlyName",NID_friendlyName,9,&(lvalues[888]),0},
+{"localKeyID","localKeyID",NID_localKeyID,9,&(lvalues[897]),0},
 {"x509Certificate","x509Certificate",NID_x509Certificate,10,
-	&(lvalues[907]),0},
+	&(lvalues[906]),0},
 {"sdsiCertificate","sdsiCertificate",NID_sdsiCertificate,10,
-	&(lvalues[917]),0},
-{"x509Crl","x509Crl",NID_x509Crl,10,&(lvalues[927]),0},
-{"PBES2","PBES2",NID_pbes2,9,&(lvalues[937]),0},
-{"PBMAC1","PBMAC1",NID_pbmac1,9,&(lvalues[946]),0},
-{"hmacWithSHA1","hmacWithSHA1",NID_hmacWithSHA1,8,&(lvalues[955]),0},
-{"id-qt-cps","Policy Qualifier CPS",NID_id_qt_cps,8,&(lvalues[963]),0},
+	&(lvalues[916]),0},
+{"x509Crl","x509Crl",NID_x509Crl,10,&(lvalues[926]),0},
+{"PBES2","PBES2",NID_pbes2,9,&(lvalues[936]),0},
+{"PBMAC1","PBMAC1",NID_pbmac1,9,&(lvalues[945]),0},
+{"hmacWithSHA1","hmacWithSHA1",NID_hmacWithSHA1,8,&(lvalues[954]),0},
+{"id-qt-cps","Policy Qualifier CPS",NID_id_qt_cps,8,&(lvalues[962]),0},
 {"id-qt-unotice","Policy Qualifier User Notice",NID_id_qt_unotice,8,
-	&(lvalues[971]),0},
+	&(lvalues[970]),0},
 {"RC2-64-CBC","rc2-64-cbc",NID_rc2_64_cbc,0,NULL,0},
 {"SMIME-CAPS","S/MIME Capabilities",NID_SMIMECapabilities,9,
-	&(lvalues[979]),0},
+	&(lvalues[978]),0},
 {"PBE-MD2-RC2-64","pbeWithMD2AndRC2-CBC",NID_pbeWithMD2AndRC2_CBC,9,
-	&(lvalues[988]),0},
+	&(lvalues[987]),0},
 {"PBE-MD5-RC2-64","pbeWithMD5AndRC2-CBC",NID_pbeWithMD5AndRC2_CBC,9,
-	&(lvalues[997]),0},
+	&(lvalues[996]),0},
 {"PBE-SHA1-DES","pbeWithSHA1AndDES-CBC",NID_pbeWithSHA1AndDES_CBC,9,
-	&(lvalues[1006]),0},
+	&(lvalues[1005]),0},
 {"msExtReq","Microsoft Extension Request",NID_ms_ext_req,10,
-	&(lvalues[1015]),0},
-{"extReq","Extension Request",NID_ext_req,9,&(lvalues[1025]),0},
-{"name","name",NID_name,3,&(lvalues[1034]),0},
-{"dnQualifier","dnQualifier",NID_dnQualifier,3,&(lvalues[1037]),0},
-{"id-pe","id-pe",NID_id_pe,7,&(lvalues[1040]),0},
-{"id-ad","id-ad",NID_id_ad,7,&(lvalues[1047]),0},
+	&(lvalues[1014]),0},
+{"extReq","Extension Request",NID_ext_req,9,&(lvalues[1024]),0},
+{"name","name",NID_name,3,&(lvalues[1033]),0},
+{"dnQualifier","dnQualifier",NID_dnQualifier,3,&(lvalues[1036]),0},
+{"id-pe","id-pe",NID_id_pe,7,&(lvalues[1039]),0},
+{"id-ad","id-ad",NID_id_ad,7,&(lvalues[1046]),0},
 {"authorityInfoAccess","Authority Information Access",NID_info_access,
-	8,&(lvalues[1054]),0},
-{"OCSP","OCSP",NID_ad_OCSP,8,&(lvalues[1062]),0},
-{"caIssuers","CA Issuers",NID_ad_ca_issuers,8,&(lvalues[1070]),0},
-{"OCSPSigning","OCSP Signing",NID_OCSP_sign,8,&(lvalues[1078]),0},
-{"ISO","iso",NID_iso,1,&(lvalues[1086]),0},
-{"member-body","ISO Member Body",NID_member_body,1,&(lvalues[1087]),0},
-{"ISO-US","ISO US Member Body",NID_ISO_US,3,&(lvalues[1088]),0},
-{"X9-57","X9.57",NID_X9_57,5,&(lvalues[1091]),0},
-{"X9cm","X9.57 CM ?",NID_X9cm,6,&(lvalues[1096]),0},
-{"pkcs1","pkcs1",NID_pkcs1,8,&(lvalues[1102]),0},
-{"pkcs5","pkcs5",NID_pkcs5,8,&(lvalues[1110]),0},
-{"SMIME","S/MIME",NID_SMIME,9,&(lvalues[1118]),0},
-{"id-smime-mod","id-smime-mod",NID_id_smime_mod,10,&(lvalues[1127]),0},
-{"id-smime-ct","id-smime-ct",NID_id_smime_ct,10,&(lvalues[1137]),0},
-{"id-smime-aa","id-smime-aa",NID_id_smime_aa,10,&(lvalues[1147]),0},
-{"id-smime-alg","id-smime-alg",NID_id_smime_alg,10,&(lvalues[1157]),0},
-{"id-smime-cd","id-smime-cd",NID_id_smime_cd,10,&(lvalues[1167]),0},
-{"id-smime-spq","id-smime-spq",NID_id_smime_spq,10,&(lvalues[1177]),0},
-{"id-smime-cti","id-smime-cti",NID_id_smime_cti,10,&(lvalues[1187]),0},
+	8,&(lvalues[1053]),0},
+{"OCSP","OCSP",NID_ad_OCSP,8,&(lvalues[1061]),0},
+{"caIssuers","CA Issuers",NID_ad_ca_issuers,8,&(lvalues[1069]),0},
+{"OCSPSigning","OCSP Signing",NID_OCSP_sign,8,&(lvalues[1077]),0},
+{"ISO","iso",NID_iso,0,NULL,0},
+{"member-body","ISO Member Body",NID_member_body,1,&(lvalues[1085]),0},
+{"ISO-US","ISO US Member Body",NID_ISO_US,3,&(lvalues[1086]),0},
+{"X9-57","X9.57",NID_X9_57,5,&(lvalues[1089]),0},
+{"X9cm","X9.57 CM ?",NID_X9cm,6,&(lvalues[1094]),0},
+{"pkcs1","pkcs1",NID_pkcs1,8,&(lvalues[1100]),0},
+{"pkcs5","pkcs5",NID_pkcs5,8,&(lvalues[1108]),0},
+{"SMIME","S/MIME",NID_SMIME,9,&(lvalues[1116]),0},
+{"id-smime-mod","id-smime-mod",NID_id_smime_mod,10,&(lvalues[1125]),0},
+{"id-smime-ct","id-smime-ct",NID_id_smime_ct,10,&(lvalues[1135]),0},
+{"id-smime-aa","id-smime-aa",NID_id_smime_aa,10,&(lvalues[1145]),0},
+{"id-smime-alg","id-smime-alg",NID_id_smime_alg,10,&(lvalues[1155]),0},
+{"id-smime-cd","id-smime-cd",NID_id_smime_cd,10,&(lvalues[1165]),0},
+{"id-smime-spq","id-smime-spq",NID_id_smime_spq,10,&(lvalues[1175]),0},
+{"id-smime-cti","id-smime-cti",NID_id_smime_cti,10,&(lvalues[1185]),0},
 {"id-smime-mod-cms","id-smime-mod-cms",NID_id_smime_mod_cms,11,
-	&(lvalues[1197]),0},
+	&(lvalues[1195]),0},
 {"id-smime-mod-ess","id-smime-mod-ess",NID_id_smime_mod_ess,11,
-	&(lvalues[1208]),0},
+	&(lvalues[1206]),0},
 {"id-smime-mod-oid","id-smime-mod-oid",NID_id_smime_mod_oid,11,
-	&(lvalues[1219]),0},
+	&(lvalues[1217]),0},
 {"id-smime-mod-msg-v3","id-smime-mod-msg-v3",NID_id_smime_mod_msg_v3,
-	11,&(lvalues[1230]),0},
+	11,&(lvalues[1228]),0},
 {"id-smime-mod-ets-eSignature-88","id-smime-mod-ets-eSignature-88",
-	NID_id_smime_mod_ets_eSignature_88,11,&(lvalues[1241]),0},
+	NID_id_smime_mod_ets_eSignature_88,11,&(lvalues[1239]),0},
 {"id-smime-mod-ets-eSignature-97","id-smime-mod-ets-eSignature-97",
-	NID_id_smime_mod_ets_eSignature_97,11,&(lvalues[1252]),0},
+	NID_id_smime_mod_ets_eSignature_97,11,&(lvalues[1250]),0},
 {"id-smime-mod-ets-eSigPolicy-88","id-smime-mod-ets-eSigPolicy-88",
-	NID_id_smime_mod_ets_eSigPolicy_88,11,&(lvalues[1263]),0},
+	NID_id_smime_mod_ets_eSigPolicy_88,11,&(lvalues[1261]),0},
 {"id-smime-mod-ets-eSigPolicy-97","id-smime-mod-ets-eSigPolicy-97",
-	NID_id_smime_mod_ets_eSigPolicy_97,11,&(lvalues[1274]),0},
+	NID_id_smime_mod_ets_eSigPolicy_97,11,&(lvalues[1272]),0},
 {"id-smime-ct-receipt","id-smime-ct-receipt",NID_id_smime_ct_receipt,
-	11,&(lvalues[1285]),0},
+	11,&(lvalues[1283]),0},
 {"id-smime-ct-authData","id-smime-ct-authData",
-	NID_id_smime_ct_authData,11,&(lvalues[1296]),0},
+	NID_id_smime_ct_authData,11,&(lvalues[1294]),0},
 {"id-smime-ct-publishCert","id-smime-ct-publishCert",
-	NID_id_smime_ct_publishCert,11,&(lvalues[1307]),0},
+	NID_id_smime_ct_publishCert,11,&(lvalues[1305]),0},
 {"id-smime-ct-TSTInfo","id-smime-ct-TSTInfo",NID_id_smime_ct_TSTInfo,
-	11,&(lvalues[1318]),0},
+	11,&(lvalues[1316]),0},
 {"id-smime-ct-TDTInfo","id-smime-ct-TDTInfo",NID_id_smime_ct_TDTInfo,
-	11,&(lvalues[1329]),0},
+	11,&(lvalues[1327]),0},
 {"id-smime-ct-contentInfo","id-smime-ct-contentInfo",
-	NID_id_smime_ct_contentInfo,11,&(lvalues[1340]),0},
+	NID_id_smime_ct_contentInfo,11,&(lvalues[1338]),0},
 {"id-smime-ct-DVCSRequestData","id-smime-ct-DVCSRequestData",
-	NID_id_smime_ct_DVCSRequestData,11,&(lvalues[1351]),0},
+	NID_id_smime_ct_DVCSRequestData,11,&(lvalues[1349]),0},
 {"id-smime-ct-DVCSResponseData","id-smime-ct-DVCSResponseData",
-	NID_id_smime_ct_DVCSResponseData,11,&(lvalues[1362]),0},
+	NID_id_smime_ct_DVCSResponseData,11,&(lvalues[1360]),0},
 {"id-smime-aa-receiptRequest","id-smime-aa-receiptRequest",
-	NID_id_smime_aa_receiptRequest,11,&(lvalues[1373]),0},
+	NID_id_smime_aa_receiptRequest,11,&(lvalues[1371]),0},
 {"id-smime-aa-securityLabel","id-smime-aa-securityLabel",
-	NID_id_smime_aa_securityLabel,11,&(lvalues[1384]),0},
+	NID_id_smime_aa_securityLabel,11,&(lvalues[1382]),0},
 {"id-smime-aa-mlExpandHistory","id-smime-aa-mlExpandHistory",
-	NID_id_smime_aa_mlExpandHistory,11,&(lvalues[1395]),0},
+	NID_id_smime_aa_mlExpandHistory,11,&(lvalues[1393]),0},
 {"id-smime-aa-contentHint","id-smime-aa-contentHint",
-	NID_id_smime_aa_contentHint,11,&(lvalues[1406]),0},
+	NID_id_smime_aa_contentHint,11,&(lvalues[1404]),0},
 {"id-smime-aa-msgSigDigest","id-smime-aa-msgSigDigest",
-	NID_id_smime_aa_msgSigDigest,11,&(lvalues[1417]),0},
+	NID_id_smime_aa_msgSigDigest,11,&(lvalues[1415]),0},
 {"id-smime-aa-encapContentType","id-smime-aa-encapContentType",
-	NID_id_smime_aa_encapContentType,11,&(lvalues[1428]),0},
+	NID_id_smime_aa_encapContentType,11,&(lvalues[1426]),0},
 {"id-smime-aa-contentIdentifier","id-smime-aa-contentIdentifier",
-	NID_id_smime_aa_contentIdentifier,11,&(lvalues[1439]),0},
+	NID_id_smime_aa_contentIdentifier,11,&(lvalues[1437]),0},
 {"id-smime-aa-macValue","id-smime-aa-macValue",
-	NID_id_smime_aa_macValue,11,&(lvalues[1450]),0},
+	NID_id_smime_aa_macValue,11,&(lvalues[1448]),0},
 {"id-smime-aa-equivalentLabels","id-smime-aa-equivalentLabels",
-	NID_id_smime_aa_equivalentLabels,11,&(lvalues[1461]),0},
+	NID_id_smime_aa_equivalentLabels,11,&(lvalues[1459]),0},
 {"id-smime-aa-contentReference","id-smime-aa-contentReference",
-	NID_id_smime_aa_contentReference,11,&(lvalues[1472]),0},
+	NID_id_smime_aa_contentReference,11,&(lvalues[1470]),0},
 {"id-smime-aa-encrypKeyPref","id-smime-aa-encrypKeyPref",
-	NID_id_smime_aa_encrypKeyPref,11,&(lvalues[1483]),0},
+	NID_id_smime_aa_encrypKeyPref,11,&(lvalues[1481]),0},
 {"id-smime-aa-signingCertificate","id-smime-aa-signingCertificate",
-	NID_id_smime_aa_signingCertificate,11,&(lvalues[1494]),0},
+	NID_id_smime_aa_signingCertificate,11,&(lvalues[1492]),0},
 {"id-smime-aa-smimeEncryptCerts","id-smime-aa-smimeEncryptCerts",
-	NID_id_smime_aa_smimeEncryptCerts,11,&(lvalues[1505]),0},
+	NID_id_smime_aa_smimeEncryptCerts,11,&(lvalues[1503]),0},
 {"id-smime-aa-timeStampToken","id-smime-aa-timeStampToken",
-	NID_id_smime_aa_timeStampToken,11,&(lvalues[1516]),0},
+	NID_id_smime_aa_timeStampToken,11,&(lvalues[1514]),0},
 {"id-smime-aa-ets-sigPolicyId","id-smime-aa-ets-sigPolicyId",
-	NID_id_smime_aa_ets_sigPolicyId,11,&(lvalues[1527]),0},
+	NID_id_smime_aa_ets_sigPolicyId,11,&(lvalues[1525]),0},
 {"id-smime-aa-ets-commitmentType","id-smime-aa-ets-commitmentType",
-	NID_id_smime_aa_ets_commitmentType,11,&(lvalues[1538]),0},
+	NID_id_smime_aa_ets_commitmentType,11,&(lvalues[1536]),0},
 {"id-smime-aa-ets-signerLocation","id-smime-aa-ets-signerLocation",
-	NID_id_smime_aa_ets_signerLocation,11,&(lvalues[1549]),0},
+	NID_id_smime_aa_ets_signerLocation,11,&(lvalues[1547]),0},
 {"id-smime-aa-ets-signerAttr","id-smime-aa-ets-signerAttr",
-	NID_id_smime_aa_ets_signerAttr,11,&(lvalues[1560]),0},
+	NID_id_smime_aa_ets_signerAttr,11,&(lvalues[1558]),0},
 {"id-smime-aa-ets-otherSigCert","id-smime-aa-ets-otherSigCert",
-	NID_id_smime_aa_ets_otherSigCert,11,&(lvalues[1571]),0},
+	NID_id_smime_aa_ets_otherSigCert,11,&(lvalues[1569]),0},
 {"id-smime-aa-ets-contentTimestamp",
 	"id-smime-aa-ets-contentTimestamp",
-	NID_id_smime_aa_ets_contentTimestamp,11,&(lvalues[1582]),0},
+	NID_id_smime_aa_ets_contentTimestamp,11,&(lvalues[1580]),0},
 {"id-smime-aa-ets-CertificateRefs","id-smime-aa-ets-CertificateRefs",
-	NID_id_smime_aa_ets_CertificateRefs,11,&(lvalues[1593]),0},
+	NID_id_smime_aa_ets_CertificateRefs,11,&(lvalues[1591]),0},
 {"id-smime-aa-ets-RevocationRefs","id-smime-aa-ets-RevocationRefs",
-	NID_id_smime_aa_ets_RevocationRefs,11,&(lvalues[1604]),0},
+	NID_id_smime_aa_ets_RevocationRefs,11,&(lvalues[1602]),0},
 {"id-smime-aa-ets-certValues","id-smime-aa-ets-certValues",
-	NID_id_smime_aa_ets_certValues,11,&(lvalues[1615]),0},
+	NID_id_smime_aa_ets_certValues,11,&(lvalues[1613]),0},
 {"id-smime-aa-ets-revocationValues",
 	"id-smime-aa-ets-revocationValues",
-	NID_id_smime_aa_ets_revocationValues,11,&(lvalues[1626]),0},
+	NID_id_smime_aa_ets_revocationValues,11,&(lvalues[1624]),0},
 {"id-smime-aa-ets-escTimeStamp","id-smime-aa-ets-escTimeStamp",
-	NID_id_smime_aa_ets_escTimeStamp,11,&(lvalues[1637]),0},
+	NID_id_smime_aa_ets_escTimeStamp,11,&(lvalues[1635]),0},
 {"id-smime-aa-ets-certCRLTimestamp",
 	"id-smime-aa-ets-certCRLTimestamp",
-	NID_id_smime_aa_ets_certCRLTimestamp,11,&(lvalues[1648]),0},
+	NID_id_smime_aa_ets_certCRLTimestamp,11,&(lvalues[1646]),0},
 {"id-smime-aa-ets-archiveTimeStamp",
 	"id-smime-aa-ets-archiveTimeStamp",
-	NID_id_smime_aa_ets_archiveTimeStamp,11,&(lvalues[1659]),0},
+	NID_id_smime_aa_ets_archiveTimeStamp,11,&(lvalues[1657]),0},
 {"id-smime-aa-signatureType","id-smime-aa-signatureType",
-	NID_id_smime_aa_signatureType,11,&(lvalues[1670]),0},
+	NID_id_smime_aa_signatureType,11,&(lvalues[1668]),0},
 {"id-smime-aa-dvcs-dvc","id-smime-aa-dvcs-dvc",
-	NID_id_smime_aa_dvcs_dvc,11,&(lvalues[1681]),0},
+	NID_id_smime_aa_dvcs_dvc,11,&(lvalues[1679]),0},
 {"id-smime-alg-ESDHwith3DES","id-smime-alg-ESDHwith3DES",
-	NID_id_smime_alg_ESDHwith3DES,11,&(lvalues[1692]),0},
+	NID_id_smime_alg_ESDHwith3DES,11,&(lvalues[1690]),0},
 {"id-smime-alg-ESDHwithRC2","id-smime-alg-ESDHwithRC2",
-	NID_id_smime_alg_ESDHwithRC2,11,&(lvalues[1703]),0},
+	NID_id_smime_alg_ESDHwithRC2,11,&(lvalues[1701]),0},
 {"id-smime-alg-3DESwrap","id-smime-alg-3DESwrap",
-	NID_id_smime_alg_3DESwrap,11,&(lvalues[1714]),0},
+	NID_id_smime_alg_3DESwrap,11,&(lvalues[1712]),0},
 {"id-smime-alg-RC2wrap","id-smime-alg-RC2wrap",
-	NID_id_smime_alg_RC2wrap,11,&(lvalues[1725]),0},
+	NID_id_smime_alg_RC2wrap,11,&(lvalues[1723]),0},
 {"id-smime-alg-ESDH","id-smime-alg-ESDH",NID_id_smime_alg_ESDH,11,
-	&(lvalues[1736]),0},
+	&(lvalues[1734]),0},
 {"id-smime-alg-CMS3DESwrap","id-smime-alg-CMS3DESwrap",
-	NID_id_smime_alg_CMS3DESwrap,11,&(lvalues[1747]),0},
+	NID_id_smime_alg_CMS3DESwrap,11,&(lvalues[1745]),0},
 {"id-smime-alg-CMSRC2wrap","id-smime-alg-CMSRC2wrap",
-	NID_id_smime_alg_CMSRC2wrap,11,&(lvalues[1758]),0},
+	NID_id_smime_alg_CMSRC2wrap,11,&(lvalues[1756]),0},
 {"id-smime-cd-ldap","id-smime-cd-ldap",NID_id_smime_cd_ldap,11,
-	&(lvalues[1769]),0},
+	&(lvalues[1767]),0},
 {"id-smime-spq-ets-sqt-uri","id-smime-spq-ets-sqt-uri",
-	NID_id_smime_spq_ets_sqt_uri,11,&(lvalues[1780]),0},
+	NID_id_smime_spq_ets_sqt_uri,11,&(lvalues[1778]),0},
 {"id-smime-spq-ets-sqt-unotice","id-smime-spq-ets-sqt-unotice",
-	NID_id_smime_spq_ets_sqt_unotice,11,&(lvalues[1791]),0},
+	NID_id_smime_spq_ets_sqt_unotice,11,&(lvalues[1789]),0},
 {"id-smime-cti-ets-proofOfOrigin","id-smime-cti-ets-proofOfOrigin",
-	NID_id_smime_cti_ets_proofOfOrigin,11,&(lvalues[1802]),0},
+	NID_id_smime_cti_ets_proofOfOrigin,11,&(lvalues[1800]),0},
 {"id-smime-cti-ets-proofOfReceipt","id-smime-cti-ets-proofOfReceipt",
-	NID_id_smime_cti_ets_proofOfReceipt,11,&(lvalues[1813]),0},
+	NID_id_smime_cti_ets_proofOfReceipt,11,&(lvalues[1811]),0},
 {"id-smime-cti-ets-proofOfDelivery",
 	"id-smime-cti-ets-proofOfDelivery",
-	NID_id_smime_cti_ets_proofOfDelivery,11,&(lvalues[1824]),0},
+	NID_id_smime_cti_ets_proofOfDelivery,11,&(lvalues[1822]),0},
 {"id-smime-cti-ets-proofOfSender","id-smime-cti-ets-proofOfSender",
-	NID_id_smime_cti_ets_proofOfSender,11,&(lvalues[1835]),0},
+	NID_id_smime_cti_ets_proofOfSender,11,&(lvalues[1833]),0},
 {"id-smime-cti-ets-proofOfApproval",
 	"id-smime-cti-ets-proofOfApproval",
-	NID_id_smime_cti_ets_proofOfApproval,11,&(lvalues[1846]),0},
+	NID_id_smime_cti_ets_proofOfApproval,11,&(lvalues[1844]),0},
 {"id-smime-cti-ets-proofOfCreation",
 	"id-smime-cti-ets-proofOfCreation",
-	NID_id_smime_cti_ets_proofOfCreation,11,&(lvalues[1857]),0},
-{"MD4","md4",NID_md4,8,&(lvalues[1868]),0},
-{"id-pkix-mod","id-pkix-mod",NID_id_pkix_mod,7,&(lvalues[1876]),0},
-{"id-qt","id-qt",NID_id_qt,7,&(lvalues[1883]),0},
-{"id-it","id-it",NID_id_it,7,&(lvalues[1890]),0},
-{"id-pkip","id-pkip",NID_id_pkip,7,&(lvalues[1897]),0},
-{"id-alg","id-alg",NID_id_alg,7,&(lvalues[1904]),0},
-{"id-cmc","id-cmc",NID_id_cmc,7,&(lvalues[1911]),0},
-{"id-on","id-on",NID_id_on,7,&(lvalues[1918]),0},
-{"id-pda","id-pda",NID_id_pda,7,&(lvalues[1925]),0},
-{"id-aca","id-aca",NID_id_aca,7,&(lvalues[1932]),0},
-{"id-qcs","id-qcs",NID_id_qcs,7,&(lvalues[1939]),0},
-{"id-cct","id-cct",NID_id_cct,7,&(lvalues[1946]),0},
+	NID_id_smime_cti_ets_proofOfCreation,11,&(lvalues[1855]),0},
+{"MD4","md4",NID_md4,8,&(lvalues[1866]),0},
+{"id-pkix-mod","id-pkix-mod",NID_id_pkix_mod,7,&(lvalues[1874]),0},
+{"id-qt","id-qt",NID_id_qt,7,&(lvalues[1881]),0},
+{"id-it","id-it",NID_id_it,7,&(lvalues[1888]),0},
+{"id-pkip","id-pkip",NID_id_pkip,7,&(lvalues[1895]),0},
+{"id-alg","id-alg",NID_id_alg,7,&(lvalues[1902]),0},
+{"id-cmc","id-cmc",NID_id_cmc,7,&(lvalues[1909]),0},
+{"id-on","id-on",NID_id_on,7,&(lvalues[1916]),0},
+{"id-pda","id-pda",NID_id_pda,7,&(lvalues[1923]),0},
+{"id-aca","id-aca",NID_id_aca,7,&(lvalues[1930]),0},
+{"id-qcs","id-qcs",NID_id_qcs,7,&(lvalues[1937]),0},
+{"id-cct","id-cct",NID_id_cct,7,&(lvalues[1944]),0},
 {"id-pkix1-explicit-88","id-pkix1-explicit-88",
-	NID_id_pkix1_explicit_88,8,&(lvalues[1953]),0},
+	NID_id_pkix1_explicit_88,8,&(lvalues[1951]),0},
 {"id-pkix1-implicit-88","id-pkix1-implicit-88",
-	NID_id_pkix1_implicit_88,8,&(lvalues[1961]),0},
+	NID_id_pkix1_implicit_88,8,&(lvalues[1959]),0},
 {"id-pkix1-explicit-93","id-pkix1-explicit-93",
-	NID_id_pkix1_explicit_93,8,&(lvalues[1969]),0},
+	NID_id_pkix1_explicit_93,8,&(lvalues[1967]),0},
 {"id-pkix1-implicit-93","id-pkix1-implicit-93",
-	NID_id_pkix1_implicit_93,8,&(lvalues[1977]),0},
-{"id-mod-crmf","id-mod-crmf",NID_id_mod_crmf,8,&(lvalues[1985]),0},
-{"id-mod-cmc","id-mod-cmc",NID_id_mod_cmc,8,&(lvalues[1993]),0},
+	NID_id_pkix1_implicit_93,8,&(lvalues[1975]),0},
+{"id-mod-crmf","id-mod-crmf",NID_id_mod_crmf,8,&(lvalues[1983]),0},
+{"id-mod-cmc","id-mod-cmc",NID_id_mod_cmc,8,&(lvalues[1991]),0},
 {"id-mod-kea-profile-88","id-mod-kea-profile-88",
-	NID_id_mod_kea_profile_88,8,&(lvalues[2001]),0},
+	NID_id_mod_kea_profile_88,8,&(lvalues[1999]),0},
 {"id-mod-kea-profile-93","id-mod-kea-profile-93",
-	NID_id_mod_kea_profile_93,8,&(lvalues[2009]),0},
-{"id-mod-cmp","id-mod-cmp",NID_id_mod_cmp,8,&(lvalues[2017]),0},
+	NID_id_mod_kea_profile_93,8,&(lvalues[2007]),0},
+{"id-mod-cmp","id-mod-cmp",NID_id_mod_cmp,8,&(lvalues[2015]),0},
 {"id-mod-qualified-cert-88","id-mod-qualified-cert-88",
-	NID_id_mod_qualified_cert_88,8,&(lvalues[2025]),0},
+	NID_id_mod_qualified_cert_88,8,&(lvalues[2023]),0},
 {"id-mod-qualified-cert-93","id-mod-qualified-cert-93",
-	NID_id_mod_qualified_cert_93,8,&(lvalues[2033]),0},
+	NID_id_mod_qualified_cert_93,8,&(lvalues[2031]),0},
 {"id-mod-attribute-cert","id-mod-attribute-cert",
-	NID_id_mod_attribute_cert,8,&(lvalues[2041]),0},
+	NID_id_mod_attribute_cert,8,&(lvalues[2039]),0},
 {"id-mod-timestamp-protocol","id-mod-timestamp-protocol",
-	NID_id_mod_timestamp_protocol,8,&(lvalues[2049]),0},
-{"id-mod-ocsp","id-mod-ocsp",NID_id_mod_ocsp,8,&(lvalues[2057]),0},
-{"id-mod-dvcs","id-mod-dvcs",NID_id_mod_dvcs,8,&(lvalues[2065]),0},
+	NID_id_mod_timestamp_protocol,8,&(lvalues[2047]),0},
+{"id-mod-ocsp","id-mod-ocsp",NID_id_mod_ocsp,8,&(lvalues[2055]),0},
+{"id-mod-dvcs","id-mod-dvcs",NID_id_mod_dvcs,8,&(lvalues[2063]),0},
 {"id-mod-cmp2000","id-mod-cmp2000",NID_id_mod_cmp2000,8,
-	&(lvalues[2073]),0},
-{"biometricInfo","Biometric Info",NID_biometricInfo,8,&(lvalues[2081]),0},
-{"qcStatements","qcStatements",NID_qcStatements,8,&(lvalues[2089]),0},
+	&(lvalues[2071]),0},
+{"biometricInfo","Biometric Info",NID_biometricInfo,8,&(lvalues[2079]),0},
+{"qcStatements","qcStatements",NID_qcStatements,8,&(lvalues[2087]),0},
 {"ac-auditEntity","ac-auditEntity",NID_ac_auditEntity,8,
-	&(lvalues[2097]),0},
-{"ac-targeting","ac-targeting",NID_ac_targeting,8,&(lvalues[2105]),0},
-{"aaControls","aaControls",NID_aaControls,8,&(lvalues[2113]),0},
+	&(lvalues[2095]),0},
+{"ac-targeting","ac-targeting",NID_ac_targeting,8,&(lvalues[2103]),0},
+{"aaControls","aaControls",NID_aaControls,8,&(lvalues[2111]),0},
 {"sbgp-ipAddrBlock","sbgp-ipAddrBlock",NID_sbgp_ipAddrBlock,8,
-	&(lvalues[2121]),0},
+	&(lvalues[2119]),0},
 {"sbgp-autonomousSysNum","sbgp-autonomousSysNum",
-	NID_sbgp_autonomousSysNum,8,&(lvalues[2129]),0},
+	NID_sbgp_autonomousSysNum,8,&(lvalues[2127]),0},
 {"sbgp-routerIdentifier","sbgp-routerIdentifier",
-	NID_sbgp_routerIdentifier,8,&(lvalues[2137]),0},
-{"textNotice","textNotice",NID_textNotice,8,&(lvalues[2145]),0},
+	NID_sbgp_routerIdentifier,8,&(lvalues[2135]),0},
+{"textNotice","textNotice",NID_textNotice,8,&(lvalues[2143]),0},
 {"ipsecEndSystem","IPSec End System",NID_ipsecEndSystem,8,
-	&(lvalues[2153]),0},
-{"ipsecTunnel","IPSec Tunnel",NID_ipsecTunnel,8,&(lvalues[2161]),0},
-{"ipsecUser","IPSec User",NID_ipsecUser,8,&(lvalues[2169]),0},
-{"DVCS","dvcs",NID_dvcs,8,&(lvalues[2177]),0},
+	&(lvalues[2151]),0},
+{"ipsecTunnel","IPSec Tunnel",NID_ipsecTunnel,8,&(lvalues[2159]),0},
+{"ipsecUser","IPSec User",NID_ipsecUser,8,&(lvalues[2167]),0},
+{"DVCS","dvcs",NID_dvcs,8,&(lvalues[2175]),0},
 {"id-it-caProtEncCert","id-it-caProtEncCert",NID_id_it_caProtEncCert,
-	8,&(lvalues[2185]),0},
+	8,&(lvalues[2183]),0},
 {"id-it-signKeyPairTypes","id-it-signKeyPairTypes",
-	NID_id_it_signKeyPairTypes,8,&(lvalues[2193]),0},
+	NID_id_it_signKeyPairTypes,8,&(lvalues[2191]),0},
 {"id-it-encKeyPairTypes","id-it-encKeyPairTypes",
-	NID_id_it_encKeyPairTypes,8,&(lvalues[2201]),0},
+	NID_id_it_encKeyPairTypes,8,&(lvalues[2199]),0},
 {"id-it-preferredSymmAlg","id-it-preferredSymmAlg",
-	NID_id_it_preferredSymmAlg,8,&(lvalues[2209]),0},
+	NID_id_it_preferredSymmAlg,8,&(lvalues[2207]),0},
 {"id-it-caKeyUpdateInfo","id-it-caKeyUpdateInfo",
-	NID_id_it_caKeyUpdateInfo,8,&(lvalues[2217]),0},
+	NID_id_it_caKeyUpdateInfo,8,&(lvalues[2215]),0},
 {"id-it-currentCRL","id-it-currentCRL",NID_id_it_currentCRL,8,
-	&(lvalues[2225]),0},
+	&(lvalues[2223]),0},
 {"id-it-unsupportedOIDs","id-it-unsupportedOIDs",
-	NID_id_it_unsupportedOIDs,8,&(lvalues[2233]),0},
+	NID_id_it_unsupportedOIDs,8,&(lvalues[2231]),0},
 {"id-it-subscriptionRequest","id-it-subscriptionRequest",
-	NID_id_it_subscriptionRequest,8,&(lvalues[2241]),0},
+	NID_id_it_subscriptionRequest,8,&(lvalues[2239]),0},
 {"id-it-subscriptionResponse","id-it-subscriptionResponse",
-	NID_id_it_subscriptionResponse,8,&(lvalues[2249]),0},
+	NID_id_it_subscriptionResponse,8,&(lvalues[2247]),0},
 {"id-it-keyPairParamReq","id-it-keyPairParamReq",
-	NID_id_it_keyPairParamReq,8,&(lvalues[2257]),0},
+	NID_id_it_keyPairParamReq,8,&(lvalues[2255]),0},
 {"id-it-keyPairParamRep","id-it-keyPairParamRep",
-	NID_id_it_keyPairParamRep,8,&(lvalues[2265]),0},
+	NID_id_it_keyPairParamRep,8,&(lvalues[2263]),0},
 {"id-it-revPassphrase","id-it-revPassphrase",NID_id_it_revPassphrase,
-	8,&(lvalues[2273]),0},
+	8,&(lvalues[2271]),0},
 {"id-it-implicitConfirm","id-it-implicitConfirm",
-	NID_id_it_implicitConfirm,8,&(lvalues[2281]),0},
+	NID_id_it_implicitConfirm,8,&(lvalues[2279]),0},
 {"id-it-confirmWaitTime","id-it-confirmWaitTime",
-	NID_id_it_confirmWaitTime,8,&(lvalues[2289]),0},
+	NID_id_it_confirmWaitTime,8,&(lvalues[2287]),0},
 {"id-it-origPKIMessage","id-it-origPKIMessage",
-	NID_id_it_origPKIMessage,8,&(lvalues[2297]),0},
-{"id-regCtrl","id-regCtrl",NID_id_regCtrl,8,&(lvalues[2305]),0},
-{"id-regInfo","id-regInfo",NID_id_regInfo,8,&(lvalues[2313]),0},
+	NID_id_it_origPKIMessage,8,&(lvalues[2295]),0},
+{"id-regCtrl","id-regCtrl",NID_id_regCtrl,8,&(lvalues[2303]),0},
+{"id-regInfo","id-regInfo",NID_id_regInfo,8,&(lvalues[2311]),0},
 {"id-regCtrl-regToken","id-regCtrl-regToken",NID_id_regCtrl_regToken,
-	9,&(lvalues[2321]),0},
+	9,&(lvalues[2319]),0},
 {"id-regCtrl-authenticator","id-regCtrl-authenticator",
-	NID_id_regCtrl_authenticator,9,&(lvalues[2330]),0},
+	NID_id_regCtrl_authenticator,9,&(lvalues[2328]),0},
 {"id-regCtrl-pkiPublicationInfo","id-regCtrl-pkiPublicationInfo",
-	NID_id_regCtrl_pkiPublicationInfo,9,&(lvalues[2339]),0},
+	NID_id_regCtrl_pkiPublicationInfo,9,&(lvalues[2337]),0},
 {"id-regCtrl-pkiArchiveOptions","id-regCtrl-pkiArchiveOptions",
-	NID_id_regCtrl_pkiArchiveOptions,9,&(lvalues[2348]),0},
+	NID_id_regCtrl_pkiArchiveOptions,9,&(lvalues[2346]),0},
 {"id-regCtrl-oldCertID","id-regCtrl-oldCertID",
-	NID_id_regCtrl_oldCertID,9,&(lvalues[2357]),0},
+	NID_id_regCtrl_oldCertID,9,&(lvalues[2355]),0},
 {"id-regCtrl-protocolEncrKey","id-regCtrl-protocolEncrKey",
-	NID_id_regCtrl_protocolEncrKey,9,&(lvalues[2366]),0},
+	NID_id_regCtrl_protocolEncrKey,9,&(lvalues[2364]),0},
 {"id-regInfo-utf8Pairs","id-regInfo-utf8Pairs",
-	NID_id_regInfo_utf8Pairs,9,&(lvalues[2375]),0},
+	NID_id_regInfo_utf8Pairs,9,&(lvalues[2373]),0},
 {"id-regInfo-certReq","id-regInfo-certReq",NID_id_regInfo_certReq,9,
-	&(lvalues[2384]),0},
-{"id-alg-des40","id-alg-des40",NID_id_alg_des40,8,&(lvalues[2393]),0},
+	&(lvalues[2382]),0},
+{"id-alg-des40","id-alg-des40",NID_id_alg_des40,8,&(lvalues[2391]),0},
 {"id-alg-noSignature","id-alg-noSignature",NID_id_alg_noSignature,8,
-	&(lvalues[2401]),0},
+	&(lvalues[2399]),0},
 {"id-alg-dh-sig-hmac-sha1","id-alg-dh-sig-hmac-sha1",
-	NID_id_alg_dh_sig_hmac_sha1,8,&(lvalues[2409]),0},
-{"id-alg-dh-pop","id-alg-dh-pop",NID_id_alg_dh_pop,8,&(lvalues[2417]),0},
+	NID_id_alg_dh_sig_hmac_sha1,8,&(lvalues[2407]),0},
+{"id-alg-dh-pop","id-alg-dh-pop",NID_id_alg_dh_pop,8,&(lvalues[2415]),0},
 {"id-cmc-statusInfo","id-cmc-statusInfo",NID_id_cmc_statusInfo,8,
-	&(lvalues[2425]),0},
+	&(lvalues[2423]),0},
 {"id-cmc-identification","id-cmc-identification",
-	NID_id_cmc_identification,8,&(lvalues[2433]),0},
+	NID_id_cmc_identification,8,&(lvalues[2431]),0},
 {"id-cmc-identityProof","id-cmc-identityProof",
-	NID_id_cmc_identityProof,8,&(lvalues[2441]),0},
+	NID_id_cmc_identityProof,8,&(lvalues[2439]),0},
 {"id-cmc-dataReturn","id-cmc-dataReturn",NID_id_cmc_dataReturn,8,
-	&(lvalues[2449]),0},
+	&(lvalues[2447]),0},
 {"id-cmc-transactionId","id-cmc-transactionId",
-	NID_id_cmc_transactionId,8,&(lvalues[2457]),0},
+	NID_id_cmc_transactionId,8,&(lvalues[2455]),0},
 {"id-cmc-senderNonce","id-cmc-senderNonce",NID_id_cmc_senderNonce,8,
-	&(lvalues[2465]),0},
+	&(lvalues[2463]),0},
 {"id-cmc-recipientNonce","id-cmc-recipientNonce",
-	NID_id_cmc_recipientNonce,8,&(lvalues[2473]),0},
+	NID_id_cmc_recipientNonce,8,&(lvalues[2471]),0},
 {"id-cmc-addExtensions","id-cmc-addExtensions",
-	NID_id_cmc_addExtensions,8,&(lvalues[2481]),0},
+	NID_id_cmc_addExtensions,8,&(lvalues[2479]),0},
 {"id-cmc-encryptedPOP","id-cmc-encryptedPOP",NID_id_cmc_encryptedPOP,
-	8,&(lvalues[2489]),0},
+	8,&(lvalues[2487]),0},
 {"id-cmc-decryptedPOP","id-cmc-decryptedPOP",NID_id_cmc_decryptedPOP,
-	8,&(lvalues[2497]),0},
+	8,&(lvalues[2495]),0},
 {"id-cmc-lraPOPWitness","id-cmc-lraPOPWitness",
-	NID_id_cmc_lraPOPWitness,8,&(lvalues[2505]),0},
+	NID_id_cmc_lraPOPWitness,8,&(lvalues[2503]),0},
 {"id-cmc-getCert","id-cmc-getCert",NID_id_cmc_getCert,8,
-	&(lvalues[2513]),0},
-{"id-cmc-getCRL","id-cmc-getCRL",NID_id_cmc_getCRL,8,&(lvalues[2521]),0},
+	&(lvalues[2511]),0},
+{"id-cmc-getCRL","id-cmc-getCRL",NID_id_cmc_getCRL,8,&(lvalues[2519]),0},
 {"id-cmc-revokeRequest","id-cmc-revokeRequest",
-	NID_id_cmc_revokeRequest,8,&(lvalues[2529]),0},
+	NID_id_cmc_revokeRequest,8,&(lvalues[2527]),0},
 {"id-cmc-regInfo","id-cmc-regInfo",NID_id_cmc_regInfo,8,
-	&(lvalues[2537]),0},
+	&(lvalues[2535]),0},
 {"id-cmc-responseInfo","id-cmc-responseInfo",NID_id_cmc_responseInfo,
-	8,&(lvalues[2545]),0},
+	8,&(lvalues[2543]),0},
 {"id-cmc-queryPending","id-cmc-queryPending",NID_id_cmc_queryPending,
-	8,&(lvalues[2553]),0},
+	8,&(lvalues[2551]),0},
 {"id-cmc-popLinkRandom","id-cmc-popLinkRandom",
-	NID_id_cmc_popLinkRandom,8,&(lvalues[2561]),0},
+	NID_id_cmc_popLinkRandom,8,&(lvalues[2559]),0},
 {"id-cmc-popLinkWitness","id-cmc-popLinkWitness",
-	NID_id_cmc_popLinkWitness,8,&(lvalues[2569]),0},
+	NID_id_cmc_popLinkWitness,8,&(lvalues[2567]),0},
 {"id-cmc-confirmCertAcceptance","id-cmc-confirmCertAcceptance",
-	NID_id_cmc_confirmCertAcceptance,8,&(lvalues[2577]),0},
+	NID_id_cmc_confirmCertAcceptance,8,&(lvalues[2575]),0},
 {"id-on-personalData","id-on-personalData",NID_id_on_personalData,8,
-	&(lvalues[2585]),0},
+	&(lvalues[2583]),0},
 {"id-pda-dateOfBirth","id-pda-dateOfBirth",NID_id_pda_dateOfBirth,8,
-	&(lvalues[2593]),0},
+	&(lvalues[2591]),0},
 {"id-pda-placeOfBirth","id-pda-placeOfBirth",NID_id_pda_placeOfBirth,
-	8,&(lvalues[2601]),0},
+	8,&(lvalues[2599]),0},
 {NULL,NULL,NID_undef,0,NULL,0},
-{"id-pda-gender","id-pda-gender",NID_id_pda_gender,8,&(lvalues[2609]),0},
+{"id-pda-gender","id-pda-gender",NID_id_pda_gender,8,&(lvalues[2607]),0},
 {"id-pda-countryOfCitizenship","id-pda-countryOfCitizenship",
-	NID_id_pda_countryOfCitizenship,8,&(lvalues[2617]),0},
+	NID_id_pda_countryOfCitizenship,8,&(lvalues[2615]),0},
 {"id-pda-countryOfResidence","id-pda-countryOfResidence",
-	NID_id_pda_countryOfResidence,8,&(lvalues[2625]),0},
+	NID_id_pda_countryOfResidence,8,&(lvalues[2623]),0},
 {"id-aca-authenticationInfo","id-aca-authenticationInfo",
-	NID_id_aca_authenticationInfo,8,&(lvalues[2633]),0},
+	NID_id_aca_authenticationInfo,8,&(lvalues[2631]),0},
 {"id-aca-accessIdentity","id-aca-accessIdentity",
-	NID_id_aca_accessIdentity,8,&(lvalues[2641]),0},
+	NID_id_aca_accessIdentity,8,&(lvalues[2639]),0},
 {"id-aca-chargingIdentity","id-aca-chargingIdentity",
-	NID_id_aca_chargingIdentity,8,&(lvalues[2649]),0},
-{"id-aca-group","id-aca-group",NID_id_aca_group,8,&(lvalues[2657]),0},
-{"id-aca-role","id-aca-role",NID_id_aca_role,8,&(lvalues[2665]),0},
+	NID_id_aca_chargingIdentity,8,&(lvalues[2647]),0},
+{"id-aca-group","id-aca-group",NID_id_aca_group,8,&(lvalues[2655]),0},
+{"id-aca-role","id-aca-role",NID_id_aca_role,8,&(lvalues[2663]),0},
 {"id-qcs-pkixQCSyntax-v1","id-qcs-pkixQCSyntax-v1",
-	NID_id_qcs_pkixQCSyntax_v1,8,&(lvalues[2673]),0},
-{"id-cct-crs","id-cct-crs",NID_id_cct_crs,8,&(lvalues[2681]),0},
+	NID_id_qcs_pkixQCSyntax_v1,8,&(lvalues[2671]),0},
+{"id-cct-crs","id-cct-crs",NID_id_cct_crs,8,&(lvalues[2679]),0},
 {"id-cct-PKIData","id-cct-PKIData",NID_id_cct_PKIData,8,
-	&(lvalues[2689]),0},
+	&(lvalues[2687]),0},
 {"id-cct-PKIResponse","id-cct-PKIResponse",NID_id_cct_PKIResponse,8,
-	&(lvalues[2697]),0},
+	&(lvalues[2695]),0},
 {"ad_timestamping","AD Time Stamping",NID_ad_timeStamping,8,
-	&(lvalues[2705]),0},
-{"AD_DVCS","ad dvcs",NID_ad_dvcs,8,&(lvalues[2713]),0},
+	&(lvalues[2703]),0},
+{"AD_DVCS","ad dvcs",NID_ad_dvcs,8,&(lvalues[2711]),0},
 {"basicOCSPResponse","Basic OCSP Response",NID_id_pkix_OCSP_basic,9,
-	&(lvalues[2721]),0},
-{"Nonce","OCSP Nonce",NID_id_pkix_OCSP_Nonce,9,&(lvalues[2730]),0},
-{"CrlID","OCSP CRL ID",NID_id_pkix_OCSP_CrlID,9,&(lvalues[2739]),0},
+	&(lvalues[2719]),0},
+{"Nonce","OCSP Nonce",NID_id_pkix_OCSP_Nonce,9,&(lvalues[2728]),0},
+{"CrlID","OCSP CRL ID",NID_id_pkix_OCSP_CrlID,9,&(lvalues[2737]),0},
 {"acceptableResponses","Acceptable OCSP Responses",
-	NID_id_pkix_OCSP_acceptableResponses,9,&(lvalues[2748]),0},
-{"noCheck","OCSP No Check",NID_id_pkix_OCSP_noCheck,9,&(lvalues[2757]),0},
+	NID_id_pkix_OCSP_acceptableResponses,9,&(lvalues[2746]),0},
+{"noCheck","OCSP No Check",NID_id_pkix_OCSP_noCheck,9,&(lvalues[2755]),0},
 {"archiveCutoff","OCSP Archive Cutoff",NID_id_pkix_OCSP_archiveCutoff,
-	9,&(lvalues[2766]),0},
+	9,&(lvalues[2764]),0},
 {"serviceLocator","OCSP Service Locator",
-	NID_id_pkix_OCSP_serviceLocator,9,&(lvalues[2775]),0},
+	NID_id_pkix_OCSP_serviceLocator,9,&(lvalues[2773]),0},
 {"extendedStatus","Extended OCSP Status",
-	NID_id_pkix_OCSP_extendedStatus,9,&(lvalues[2784]),0},
-{"valid","valid",NID_id_pkix_OCSP_valid,9,&(lvalues[2793]),0},
-{"path","path",NID_id_pkix_OCSP_path,9,&(lvalues[2802]),0},
+	NID_id_pkix_OCSP_extendedStatus,9,&(lvalues[2782]),0},
+{"valid","valid",NID_id_pkix_OCSP_valid,9,&(lvalues[2791]),0},
+{"path","path",NID_id_pkix_OCSP_path,9,&(lvalues[2800]),0},
 {"trustRoot","Trust Root",NID_id_pkix_OCSP_trustRoot,9,
-	&(lvalues[2811]),0},
-{"algorithm","algorithm",NID_algorithm,4,&(lvalues[2820]),0},
-{"rsaSignature","rsaSignature",NID_rsaSignature,5,&(lvalues[2824]),0},
+	&(lvalues[2809]),0},
+{"algorithm","algorithm",NID_algorithm,4,&(lvalues[2818]),0},
+{"rsaSignature","rsaSignature",NID_rsaSignature,5,&(lvalues[2822]),0},
 {"X500algorithms","directory services - algorithms",
-	NID_X500algorithms,2,&(lvalues[2829]),0},
-{"ORG","org",NID_org,1,&(lvalues[2831]),0},
-{"DOD","dod",NID_dod,2,&(lvalues[2832]),0},
-{"IANA","iana",NID_iana,3,&(lvalues[2834]),0},
-{"directory","Directory",NID_Directory,4,&(lvalues[2837]),0},
-{"mgmt","Management",NID_Management,4,&(lvalues[2841]),0},
-{"experimental","Experimental",NID_Experimental,4,&(lvalues[2845]),0},
-{"private","Private",NID_Private,4,&(lvalues[2849]),0},
-{"security","Security",NID_Security,4,&(lvalues[2853]),0},
-{"snmpv2","SNMPv2",NID_SNMPv2,4,&(lvalues[2857]),0},
-{"Mail","Mail",NID_Mail,4,&(lvalues[2861]),0},
-{"enterprises","Enterprises",NID_Enterprises,5,&(lvalues[2865]),0},
-{"dcobject","dcObject",NID_dcObject,9,&(lvalues[2870]),0},
-{"DC","domainComponent",NID_domainComponent,10,&(lvalues[2879]),0},
-{"domain","Domain",NID_Domain,10,&(lvalues[2889]),0},
-{"NULL","NULL",NID_joint_iso_ccitt,1,&(lvalues[2899]),0},
+	NID_X500algorithms,2,&(lvalues[2827]),0},
+{"ORG","org",NID_org,1,&(lvalues[2829]),0},
+{"DOD","dod",NID_dod,2,&(lvalues[2830]),0},
+{"IANA","iana",NID_iana,3,&(lvalues[2832]),0},
+{"directory","Directory",NID_Directory,4,&(lvalues[2835]),0},
+{"mgmt","Management",NID_Management,4,&(lvalues[2839]),0},
+{"experimental","Experimental",NID_Experimental,4,&(lvalues[2843]),0},
+{"private","Private",NID_Private,4,&(lvalues[2847]),0},
+{"security","Security",NID_Security,4,&(lvalues[2851]),0},
+{"snmpv2","SNMPv2",NID_SNMPv2,4,&(lvalues[2855]),0},
+{"Mail","Mail",NID_Mail,4,&(lvalues[2859]),0},
+{"enterprises","Enterprises",NID_Enterprises,5,&(lvalues[2863]),0},
+{"dcobject","dcObject",NID_dcObject,9,&(lvalues[2868]),0},
+{"DC","domainComponent",NID_domainComponent,10,&(lvalues[2877]),0},
+{"domain","Domain",NID_Domain,10,&(lvalues[2887]),0},
+{"NULL","NULL",NID_joint_iso_ccitt,0,NULL,0},
 {"selected-attribute-types","Selected Attribute Types",
-	NID_selected_attribute_types,3,&(lvalues[2900]),0},
-{"clearance","clearance",NID_clearance,4,&(lvalues[2903]),0},
+	NID_selected_attribute_types,3,&(lvalues[2897]),0},
+{"clearance","clearance",NID_clearance,4,&(lvalues[2900]),0},
 {"RSA-MD4","md4WithRSAEncryption",NID_md4WithRSAEncryption,9,
-	&(lvalues[2907]),0},
-{"ac-proxying","ac-proxying",NID_ac_proxying,8,&(lvalues[2916]),0},
+	&(lvalues[2904]),0},
+{"ac-proxying","ac-proxying",NID_ac_proxying,8,&(lvalues[2913]),0},
 {"subjectInfoAccess","Subject Information Access",NID_sinfo_access,8,
-	&(lvalues[2924]),0},
+	&(lvalues[2921]),0},
 {"id-aca-encAttrs","id-aca-encAttrs",NID_id_aca_encAttrs,8,
-	&(lvalues[2932]),0},
-{"role","role",NID_role,3,&(lvalues[2940]),0},
+	&(lvalues[2929]),0},
+{"role","role",NID_role,3,&(lvalues[2937]),0},
 {"policyConstraints","X509v3 Policy Constraints",
-	NID_policy_constraints,3,&(lvalues[2943]),0},
+	NID_policy_constraints,3,&(lvalues[2940]),0},
 {"targetInformation","X509v3 AC Targeting",NID_target_information,3,
-	&(lvalues[2946]),0},
+	&(lvalues[2943]),0},
 {"noRevAvail","X509v3 No Revocation Available",NID_no_rev_avail,3,
-	&(lvalues[2949]),0},
-{"NULL","NULL",NID_ccitt,1,&(lvalues[2952]),0},
-{"ansi-X9-62","ANSI X9.62",NID_ansi_X9_62,5,&(lvalues[2953]),0},
-{"prime-field","prime-field",NID_X9_62_prime_field,7,&(lvalues[2958]),0},
+	&(lvalues[2946]),0},
+{"NULL","NULL",NID_ccitt,0,NULL,0},
+{"ansi-X9-62","ANSI X9.62",NID_ansi_X9_62,5,&(lvalues[2949]),0},
+{"prime-field","prime-field",NID_X9_62_prime_field,7,&(lvalues[2954]),0},
 {"characteristic-two-field","characteristic-two-field",
-	NID_X9_62_characteristic_two_field,7,&(lvalues[2965]),0},
+	NID_X9_62_characteristic_two_field,7,&(lvalues[2961]),0},
 {"id-ecPublicKey","id-ecPublicKey",NID_X9_62_id_ecPublicKey,7,
-	&(lvalues[2972]),0},
-{"prime192v1","prime192v1",NID_X9_62_prime192v1,8,&(lvalues[2979]),0},
-{"prime192v2","prime192v2",NID_X9_62_prime192v2,8,&(lvalues[2987]),0},
-{"prime192v3","prime192v3",NID_X9_62_prime192v3,8,&(lvalues[2995]),0},
-{"prime239v1","prime239v1",NID_X9_62_prime239v1,8,&(lvalues[3003]),0},
-{"prime239v2","prime239v2",NID_X9_62_prime239v2,8,&(lvalues[3011]),0},
-{"prime239v3","prime239v3",NID_X9_62_prime239v3,8,&(lvalues[3019]),0},
-{"prime256v1","prime256v1",NID_X9_62_prime256v1,8,&(lvalues[3027]),0},
+	&(lvalues[2968]),0},
+{"prime192v1","prime192v1",NID_X9_62_prime192v1,8,&(lvalues[2975]),0},
+{"prime192v2","prime192v2",NID_X9_62_prime192v2,8,&(lvalues[2983]),0},
+{"prime192v3","prime192v3",NID_X9_62_prime192v3,8,&(lvalues[2991]),0},
+{"prime239v1","prime239v1",NID_X9_62_prime239v1,8,&(lvalues[2999]),0},
+{"prime239v2","prime239v2",NID_X9_62_prime239v2,8,&(lvalues[3007]),0},
+{"prime239v3","prime239v3",NID_X9_62_prime239v3,8,&(lvalues[3015]),0},
+{"prime256v1","prime256v1",NID_X9_62_prime256v1,8,&(lvalues[3023]),0},
 {"ecdsa-with-SHA1","ecdsa-with-SHA1",NID_ecdsa_with_SHA1,7,
-	&(lvalues[3035]),0},
-{"CSPName","Microsoft CSP Name",NID_ms_csp_name,9,&(lvalues[3042]),0},
-{"AES-128-ECB","aes-128-ecb",NID_aes_128_ecb,9,&(lvalues[3051]),0},
-{"AES-128-CBC","aes-128-cbc",NID_aes_128_cbc,9,&(lvalues[3060]),0},
-{"AES-128-OFB","aes-128-ofb",NID_aes_128_ofb128,9,&(lvalues[3069]),0},
-{"AES-128-CFB","aes-128-cfb",NID_aes_128_cfb128,9,&(lvalues[3078]),0},
-{"AES-192-ECB","aes-192-ecb",NID_aes_192_ecb,9,&(lvalues[3087]),0},
-{"AES-192-CBC","aes-192-cbc",NID_aes_192_cbc,9,&(lvalues[3096]),0},
-{"AES-192-OFB","aes-192-ofb",NID_aes_192_ofb128,9,&(lvalues[3105]),0},
-{"AES-192-CFB","aes-192-cfb",NID_aes_192_cfb128,9,&(lvalues[3114]),0},
-{"AES-256-ECB","aes-256-ecb",NID_aes_256_ecb,9,&(lvalues[3123]),0},
-{"AES-256-CBC","aes-256-cbc",NID_aes_256_cbc,9,&(lvalues[3132]),0},
-{"AES-256-OFB","aes-256-ofb",NID_aes_256_ofb128,9,&(lvalues[3141]),0},
-{"AES-256-CFB","aes-256-cfb",NID_aes_256_cfb128,9,&(lvalues[3150]),0},
+	&(lvalues[3031]),0},
+{"CSPName","Microsoft CSP Name",NID_ms_csp_name,9,&(lvalues[3038]),0},
+{"AES-128-ECB","aes-128-ecb",NID_aes_128_ecb,9,&(lvalues[3047]),0},
+{"AES-128-CBC","aes-128-cbc",NID_aes_128_cbc,9,&(lvalues[3056]),0},
+{"AES-128-OFB","aes-128-ofb",NID_aes_128_ofb128,9,&(lvalues[3065]),0},
+{"AES-128-CFB","aes-128-cfb",NID_aes_128_cfb128,9,&(lvalues[3074]),0},
+{"AES-192-ECB","aes-192-ecb",NID_aes_192_ecb,9,&(lvalues[3083]),0},
+{"AES-192-CBC","aes-192-cbc",NID_aes_192_cbc,9,&(lvalues[3092]),0},
+{"AES-192-OFB","aes-192-ofb",NID_aes_192_ofb128,9,&(lvalues[3101]),0},
+{"AES-192-CFB","aes-192-cfb",NID_aes_192_cfb128,9,&(lvalues[3110]),0},
+{"AES-256-ECB","aes-256-ecb",NID_aes_256_ecb,9,&(lvalues[3119]),0},
+{"AES-256-CBC","aes-256-cbc",NID_aes_256_cbc,9,&(lvalues[3128]),0},
+{"AES-256-OFB","aes-256-ofb",NID_aes_256_ofb128,9,&(lvalues[3137]),0},
+{"AES-256-CFB","aes-256-cfb",NID_aes_256_cfb128,9,&(lvalues[3146]),0},
 {"holdInstructionCode","Hold Instruction Code",
-	NID_hold_instruction_code,3,&(lvalues[3159]),0},
+	NID_hold_instruction_code,3,&(lvalues[3155]),0},
 {"holdInstructionNone","Hold Instruction None",
-	NID_hold_instruction_none,7,&(lvalues[3162]),0},
+	NID_hold_instruction_none,7,&(lvalues[3158]),0},
 {"holdInstructionCallIssuer","Hold Instruction Call Issuer",
-	NID_hold_instruction_call_issuer,7,&(lvalues[3169]),0},
+	NID_hold_instruction_call_issuer,7,&(lvalues[3165]),0},
 {"holdInstructionReject","Hold Instruction Reject",
-	NID_hold_instruction_reject,7,&(lvalues[3176]),0},
-{"data","data",NID_data,1,&(lvalues[3183]),0},
-{"pss","pss",NID_pss,3,&(lvalues[3184]),0},
-{"ucl","ucl",NID_ucl,7,&(lvalues[3187]),0},
-{"pilot","pilot",NID_pilot,8,&(lvalues[3194]),0},
+	NID_hold_instruction_reject,7,&(lvalues[3172]),0},
+{"data","data",NID_data,1,&(lvalues[3179]),0},
+{"pss","pss",NID_pss,3,&(lvalues[3180]),0},
+{"ucl","ucl",NID_ucl,7,&(lvalues[3183]),0},
+{"pilot","pilot",NID_pilot,8,&(lvalues[3190]),0},
 {"pilotAttributeType","pilotAttributeType",NID_pilotAttributeType,9,
-	&(lvalues[3202]),0},
+	&(lvalues[3198]),0},
 {"pilotAttributeSyntax","pilotAttributeSyntax",
-	NID_pilotAttributeSyntax,9,&(lvalues[3211]),0},
+	NID_pilotAttributeSyntax,9,&(lvalues[3207]),0},
 {"pilotObjectClass","pilotObjectClass",NID_pilotObjectClass,9,
-	&(lvalues[3220]),0},
-{"pilotGroups","pilotGroups",NID_pilotGroups,9,&(lvalues[3229]),0},
+	&(lvalues[3216]),0},
+{"pilotGroups","pilotGroups",NID_pilotGroups,9,&(lvalues[3225]),0},
 {"iA5StringSyntax","iA5StringSyntax",NID_iA5StringSyntax,10,
-	&(lvalues[3238]),0},
+	&(lvalues[3234]),0},
 {"caseIgnoreIA5StringSyntax","caseIgnoreIA5StringSyntax",
-	NID_caseIgnoreIA5StringSyntax,10,&(lvalues[3248]),0},
-{"pilotObject","pilotObject",NID_pilotObject,10,&(lvalues[3258]),0},
-{"pilotPerson","pilotPerson",NID_pilotPerson,10,&(lvalues[3268]),0},
-{"account","account",NID_account,10,&(lvalues[3278]),0},
-{"document","document",NID_document,10,&(lvalues[3288]),0},
-{"room","room",NID_room,10,&(lvalues[3298]),0},
+	NID_caseIgnoreIA5StringSyntax,10,&(lvalues[3244]),0},
+{"pilotObject","pilotObject",NID_pilotObject,10,&(lvalues[3254]),0},
+{"pilotPerson","pilotPerson",NID_pilotPerson,10,&(lvalues[3264]),0},
+{"account","account",NID_account,10,&(lvalues[3274]),0},
+{"document","document",NID_document,10,&(lvalues[3284]),0},
+{"room","room",NID_room,10,&(lvalues[3294]),0},
 {"documentSeries","documentSeries",NID_documentSeries,10,
-	&(lvalues[3308]),0},
+	&(lvalues[3304]),0},
 {"rFC822localPart","rFC822localPart",NID_rFC822localPart,10,
-	&(lvalues[3318]),0},
-{"dNSDomain","dNSDomain",NID_dNSDomain,10,&(lvalues[3328]),0},
+	&(lvalues[3314]),0},
+{"dNSDomain","dNSDomain",NID_dNSDomain,10,&(lvalues[3324]),0},
 {"domainRelatedObject","domainRelatedObject",NID_domainRelatedObject,
-	10,&(lvalues[3338]),0},
+	10,&(lvalues[3334]),0},
 {"friendlyCountry","friendlyCountry",NID_friendlyCountry,10,
-	&(lvalues[3348]),0},
+	&(lvalues[3344]),0},
 {"simpleSecurityObject","simpleSecurityObject",
-	NID_simpleSecurityObject,10,&(lvalues[3358]),0},
+	NID_simpleSecurityObject,10,&(lvalues[3354]),0},
 {"pilotOrganization","pilotOrganization",NID_pilotOrganization,10,
-	&(lvalues[3368]),0},
-{"pilotDSA","pilotDSA",NID_pilotDSA,10,&(lvalues[3378]),0},
+	&(lvalues[3364]),0},
+{"pilotDSA","pilotDSA",NID_pilotDSA,10,&(lvalues[3374]),0},
 {"qualityLabelledData","qualityLabelledData",NID_qualityLabelledData,
-	10,&(lvalues[3388]),0},
-{"UID","userId",NID_userId,10,&(lvalues[3398]),0},
+	10,&(lvalues[3384]),0},
+{"UID","userId",NID_userId,10,&(lvalues[3394]),0},
 {"textEncodedORAddress","textEncodedORAddress",
-	NID_textEncodedORAddress,10,&(lvalues[3408]),0},
-{"mail","rfc822Mailbox",NID_rfc822Mailbox,10,&(lvalues[3418]),0},
-{"info","info",NID_info,10,&(lvalues[3428]),0},
+	NID_textEncodedORAddress,10,&(lvalues[3404]),0},
+{"mail","rfc822Mailbox",NID_rfc822Mailbox,10,&(lvalues[3414]),0},
+{"info","info",NID_info,10,&(lvalues[3424]),0},
 {"favouriteDrink","favouriteDrink",NID_favouriteDrink,10,
-	&(lvalues[3438]),0},
-{"roomNumber","roomNumber",NID_roomNumber,10,&(lvalues[3448]),0},
-{"photo","photo",NID_photo,10,&(lvalues[3458]),0},
-{"userClass","userClass",NID_userClass,10,&(lvalues[3468]),0},
-{"host","host",NID_host,10,&(lvalues[3478]),0},
-{"manager","manager",NID_manager,10,&(lvalues[3488]),0},
+	&(lvalues[3434]),0},
+{"roomNumber","roomNumber",NID_roomNumber,10,&(lvalues[3444]),0},
+{"photo","photo",NID_photo,10,&(lvalues[3454]),0},
+{"userClass","userClass",NID_userClass,10,&(lvalues[3464]),0},
+{"host","host",NID_host,10,&(lvalues[3474]),0},
+{"manager","manager",NID_manager,10,&(lvalues[3484]),0},
 {"documentIdentifier","documentIdentifier",NID_documentIdentifier,10,
-	&(lvalues[3498]),0},
-{"documentTitle","documentTitle",NID_documentTitle,10,&(lvalues[3508]),0},
+	&(lvalues[3494]),0},
+{"documentTitle","documentTitle",NID_documentTitle,10,&(lvalues[3504]),0},
 {"documentVersion","documentVersion",NID_documentVersion,10,
-	&(lvalues[3518]),0},
+	&(lvalues[3514]),0},
 {"documentAuthor","documentAuthor",NID_documentAuthor,10,
-	&(lvalues[3528]),0},
+	&(lvalues[3524]),0},
 {"documentLocation","documentLocation",NID_documentLocation,10,
-	&(lvalues[3538]),0},
+	&(lvalues[3534]),0},
 {"homeTelephoneNumber","homeTelephoneNumber",NID_homeTelephoneNumber,
-	10,&(lvalues[3548]),0},
-{"secretary","secretary",NID_secretary,10,&(lvalues[3558]),0},
-{"otherMailbox","otherMailbox",NID_otherMailbox,10,&(lvalues[3568]),0},
+	10,&(lvalues[3544]),0},
+{"secretary","secretary",NID_secretary,10,&(lvalues[3554]),0},
+{"otherMailbox","otherMailbox",NID_otherMailbox,10,&(lvalues[3564]),0},
 {"lastModifiedTime","lastModifiedTime",NID_lastModifiedTime,10,
-	&(lvalues[3578]),0},
+	&(lvalues[3574]),0},
 {"lastModifiedBy","lastModifiedBy",NID_lastModifiedBy,10,
-	&(lvalues[3588]),0},
-{"aRecord","aRecord",NID_aRecord,10,&(lvalues[3598]),0},
+	&(lvalues[3584]),0},
+{"aRecord","aRecord",NID_aRecord,10,&(lvalues[3594]),0},
 {"pilotAttributeType27","pilotAttributeType27",
-	NID_pilotAttributeType27,10,&(lvalues[3608]),0},
-{"mXRecord","mXRecord",NID_mXRecord,10,&(lvalues[3618]),0},
-{"nSRecord","nSRecord",NID_nSRecord,10,&(lvalues[3628]),0},
-{"sOARecord","sOARecord",NID_sOARecord,10,&(lvalues[3638]),0},
-{"cNAMERecord","cNAMERecord",NID_cNAMERecord,10,&(lvalues[3648]),0},
+	NID_pilotAttributeType27,10,&(lvalues[3604]),0},
+{"mXRecord","mXRecord",NID_mXRecord,10,&(lvalues[3614]),0},
+{"nSRecord","nSRecord",NID_nSRecord,10,&(lvalues[3624]),0},
+{"sOARecord","sOARecord",NID_sOARecord,10,&(lvalues[3634]),0},
+{"cNAMERecord","cNAMERecord",NID_cNAMERecord,10,&(lvalues[3644]),0},
 {"associatedDomain","associatedDomain",NID_associatedDomain,10,
-	&(lvalues[3658]),0},
+	&(lvalues[3654]),0},
 {"associatedName","associatedName",NID_associatedName,10,
-	&(lvalues[3668]),0},
+	&(lvalues[3664]),0},
 {"homePostalAddress","homePostalAddress",NID_homePostalAddress,10,
-	&(lvalues[3678]),0},
-{"personalTitle","personalTitle",NID_personalTitle,10,&(lvalues[3688]),0},
+	&(lvalues[3674]),0},
+{"personalTitle","personalTitle",NID_personalTitle,10,&(lvalues[3684]),0},
 {"mobileTelephoneNumber","mobileTelephoneNumber",
-	NID_mobileTelephoneNumber,10,&(lvalues[3698]),0},
+	NID_mobileTelephoneNumber,10,&(lvalues[3694]),0},
 {"pagerTelephoneNumber","pagerTelephoneNumber",
-	NID_pagerTelephoneNumber,10,&(lvalues[3708]),0},
+	NID_pagerTelephoneNumber,10,&(lvalues[3704]),0},
 {"friendlyCountryName","friendlyCountryName",NID_friendlyCountryName,
-	10,&(lvalues[3718]),0},
+	10,&(lvalues[3714]),0},
 {"organizationalStatus","organizationalStatus",
-	NID_organizationalStatus,10,&(lvalues[3728]),0},
-{"janetMailbox","janetMailbox",NID_janetMailbox,10,&(lvalues[3738]),0},
+	NID_organizationalStatus,10,&(lvalues[3724]),0},
+{"janetMailbox","janetMailbox",NID_janetMailbox,10,&(lvalues[3734]),0},
 {"mailPreferenceOption","mailPreferenceOption",
-	NID_mailPreferenceOption,10,&(lvalues[3748]),0},
-{"buildingName","buildingName",NID_buildingName,10,&(lvalues[3758]),0},
-{"dSAQuality","dSAQuality",NID_dSAQuality,10,&(lvalues[3768]),0},
+	NID_mailPreferenceOption,10,&(lvalues[3744]),0},
+{"buildingName","buildingName",NID_buildingName,10,&(lvalues[3754]),0},
+{"dSAQuality","dSAQuality",NID_dSAQuality,10,&(lvalues[3764]),0},
 {"singleLevelQuality","singleLevelQuality",NID_singleLevelQuality,10,
-	&(lvalues[3778]),0},
+	&(lvalues[3774]),0},
 {"subtreeMinimumQuality","subtreeMinimumQuality",
-	NID_subtreeMinimumQuality,10,&(lvalues[3788]),0},
+	NID_subtreeMinimumQuality,10,&(lvalues[3784]),0},
 {"subtreeMaximumQuality","subtreeMaximumQuality",
-	NID_subtreeMaximumQuality,10,&(lvalues[3798]),0},
+	NID_subtreeMaximumQuality,10,&(lvalues[3794]),0},
 {"personalSignature","personalSignature",NID_personalSignature,10,
-	&(lvalues[3808]),0},
-{"dITRedirect","dITRedirect",NID_dITRedirect,10,&(lvalues[3818]),0},
-{"audio","audio",NID_audio,10,&(lvalues[3828]),0},
+	&(lvalues[3804]),0},
+{"dITRedirect","dITRedirect",NID_dITRedirect,10,&(lvalues[3814]),0},
+{"audio","audio",NID_audio,10,&(lvalues[3824]),0},
 {"documentPublisher","documentPublisher",NID_documentPublisher,10,
-	&(lvalues[3838]),0},
+	&(lvalues[3834]),0},
 {"x500UniqueIdentifier","x500UniqueIdentifier",
-	NID_x500UniqueIdentifier,3,&(lvalues[3848]),0},
-{"mime-mhs","MIME MHS",NID_mime_mhs,5,&(lvalues[3851]),0},
+	NID_x500UniqueIdentifier,3,&(lvalues[3844]),0},
+{"mime-mhs","MIME MHS",NID_mime_mhs,5,&(lvalues[3847]),0},
 {"mime-mhs-headings","mime-mhs-headings",NID_mime_mhs_headings,6,
-	&(lvalues[3856]),0},
+	&(lvalues[3852]),0},
 {"mime-mhs-bodies","mime-mhs-bodies",NID_mime_mhs_bodies,6,
-	&(lvalues[3862]),0},
+	&(lvalues[3858]),0},
 {"id-hex-partial-message","id-hex-partial-message",
-	NID_id_hex_partial_message,7,&(lvalues[3868]),0},
+	NID_id_hex_partial_message,7,&(lvalues[3864]),0},
 {"id-hex-multipart-message","id-hex-multipart-message",
-	NID_id_hex_multipart_message,7,&(lvalues[3875]),0},
+	NID_id_hex_multipart_message,7,&(lvalues[3871]),0},
 {"generationQualifier","generationQualifier",NID_generationQualifier,
-	3,&(lvalues[3882]),0},
-{"pseudonym","pseudonym",NID_pseudonym,3,&(lvalues[3885]),0},
+	3,&(lvalues[3878]),0},
+{"pseudonym","pseudonym",NID_pseudonym,3,&(lvalues[3881]),0},
 {NULL,NULL,NID_undef,0,NULL,0},
 {"id-set","Secure Electronic Transactions",NID_id_set,2,
-	&(lvalues[3888]),0},
-{"set-ctype","content types",NID_set_ctype,3,&(lvalues[3890]),0},
-{"set-msgExt","message extensions",NID_set_msgExt,3,&(lvalues[3893]),0},
-{"set-attr","set-attr",NID_set_attr,3,&(lvalues[3896]),0},
-{"set-policy","set-policy",NID_set_policy,3,&(lvalues[3899]),0},
+	&(lvalues[3884]),0},
+{"set-ctype","content types",NID_set_ctype,3,&(lvalues[3886]),0},
+{"set-msgExt","message extensions",NID_set_msgExt,3,&(lvalues[3889]),0},
+{"set-attr","set-attr",NID_set_attr,3,&(lvalues[3892]),0},
+{"set-policy","set-policy",NID_set_policy,3,&(lvalues[3895]),0},
 {"set-certExt","certificate extensions",NID_set_certExt,3,
-	&(lvalues[3902]),0},
-{"set-brand","set-brand",NID_set_brand,3,&(lvalues[3905]),0},
-{"setct-PANData","setct-PANData",NID_setct_PANData,4,&(lvalues[3908]),0},
+	&(lvalues[3898]),0},
+{"set-brand","set-brand",NID_set_brand,3,&(lvalues[3901]),0},
+{"setct-PANData","setct-PANData",NID_setct_PANData,4,&(lvalues[3904]),0},
 {"setct-PANToken","setct-PANToken",NID_setct_PANToken,4,
-	&(lvalues[3912]),0},
-{"setct-PANOnly","setct-PANOnly",NID_setct_PANOnly,4,&(lvalues[3916]),0},
-{"setct-OIData","setct-OIData",NID_setct_OIData,4,&(lvalues[3920]),0},
-{"setct-PI","setct-PI",NID_setct_PI,4,&(lvalues[3924]),0},
-{"setct-PIData","setct-PIData",NID_setct_PIData,4,&(lvalues[3928]),0},
+	&(lvalues[3908]),0},
+{"setct-PANOnly","setct-PANOnly",NID_setct_PANOnly,4,&(lvalues[3912]),0},
+{"setct-OIData","setct-OIData",NID_setct_OIData,4,&(lvalues[3916]),0},
+{"setct-PI","setct-PI",NID_setct_PI,4,&(lvalues[3920]),0},
+{"setct-PIData","setct-PIData",NID_setct_PIData,4,&(lvalues[3924]),0},
 {"setct-PIDataUnsigned","setct-PIDataUnsigned",
-	NID_setct_PIDataUnsigned,4,&(lvalues[3932]),0},
+	NID_setct_PIDataUnsigned,4,&(lvalues[3928]),0},
 {"setct-HODInput","setct-HODInput",NID_setct_HODInput,4,
-	&(lvalues[3936]),0},
+	&(lvalues[3932]),0},
 {"setct-AuthResBaggage","setct-AuthResBaggage",
-	NID_setct_AuthResBaggage,4,&(lvalues[3940]),0},
+	NID_setct_AuthResBaggage,4,&(lvalues[3936]),0},
 {"setct-AuthRevReqBaggage","setct-AuthRevReqBaggage",
-	NID_setct_AuthRevReqBaggage,4,&(lvalues[3944]),0},
+	NID_setct_AuthRevReqBaggage,4,&(lvalues[3940]),0},
 {"setct-AuthRevResBaggage","setct-AuthRevResBaggage",
-	NID_setct_AuthRevResBaggage,4,&(lvalues[3948]),0},
+	NID_setct_AuthRevResBaggage,4,&(lvalues[3944]),0},
 {"setct-CapTokenSeq","setct-CapTokenSeq",NID_setct_CapTokenSeq,4,
-	&(lvalues[3952]),0},
+	&(lvalues[3948]),0},
 {"setct-PInitResData","setct-PInitResData",NID_setct_PInitResData,4,
-	&(lvalues[3956]),0},
-{"setct-PI-TBS","setct-PI-TBS",NID_setct_PI_TBS,4,&(lvalues[3960]),0},
+	&(lvalues[3952]),0},
+{"setct-PI-TBS","setct-PI-TBS",NID_setct_PI_TBS,4,&(lvalues[3956]),0},
 {"setct-PResData","setct-PResData",NID_setct_PResData,4,
-	&(lvalues[3964]),0},
+	&(lvalues[3960]),0},
 {"setct-AuthReqTBS","setct-AuthReqTBS",NID_setct_AuthReqTBS,4,
-	&(lvalues[3968]),0},
+	&(lvalues[3964]),0},
 {"setct-AuthResTBS","setct-AuthResTBS",NID_setct_AuthResTBS,4,
-	&(lvalues[3972]),0},
+	&(lvalues[3968]),0},
 {"setct-AuthResTBSX","setct-AuthResTBSX",NID_setct_AuthResTBSX,4,
-	&(lvalues[3976]),0},
+	&(lvalues[3972]),0},
 {"setct-AuthTokenTBS","setct-AuthTokenTBS",NID_setct_AuthTokenTBS,4,
-	&(lvalues[3980]),0},
+	&(lvalues[3976]),0},
 {"setct-CapTokenData","setct-CapTokenData",NID_setct_CapTokenData,4,
-	&(lvalues[3984]),0},
+	&(lvalues[3980]),0},
 {"setct-CapTokenTBS","setct-CapTokenTBS",NID_setct_CapTokenTBS,4,
-	&(lvalues[3988]),0},
+	&(lvalues[3984]),0},
 {"setct-AcqCardCodeMsg","setct-AcqCardCodeMsg",
-	NID_setct_AcqCardCodeMsg,4,&(lvalues[3992]),0},
+	NID_setct_AcqCardCodeMsg,4,&(lvalues[3988]),0},
 {"setct-AuthRevReqTBS","setct-AuthRevReqTBS",NID_setct_AuthRevReqTBS,
-	4,&(lvalues[3996]),0},
+	4,&(lvalues[3992]),0},
 {"setct-AuthRevResData","setct-AuthRevResData",
-	NID_setct_AuthRevResData,4,&(lvalues[4000]),0},
+	NID_setct_AuthRevResData,4,&(lvalues[3996]),0},
 {"setct-AuthRevResTBS","setct-AuthRevResTBS",NID_setct_AuthRevResTBS,
-	4,&(lvalues[4004]),0},
+	4,&(lvalues[4000]),0},
 {"setct-CapReqTBS","setct-CapReqTBS",NID_setct_CapReqTBS,4,
-	&(lvalues[4008]),0},
+	&(lvalues[4004]),0},
 {"setct-CapReqTBSX","setct-CapReqTBSX",NID_setct_CapReqTBSX,4,
-	&(lvalues[4012]),0},
+	&(lvalues[4008]),0},
 {"setct-CapResData","setct-CapResData",NID_setct_CapResData,4,
-	&(lvalues[4016]),0},
+	&(lvalues[4012]),0},
 {"setct-CapRevReqTBS","setct-CapRevReqTBS",NID_setct_CapRevReqTBS,4,
-	&(lvalues[4020]),0},
+	&(lvalues[4016]),0},
 {"setct-CapRevReqTBSX","setct-CapRevReqTBSX",NID_setct_CapRevReqTBSX,
-	4,&(lvalues[4024]),0},
+	4,&(lvalues[4020]),0},
 {"setct-CapRevResData","setct-CapRevResData",NID_setct_CapRevResData,
-	4,&(lvalues[4028]),0},
+	4,&(lvalues[4024]),0},
 {"setct-CredReqTBS","setct-CredReqTBS",NID_setct_CredReqTBS,4,
-	&(lvalues[4032]),0},
+	&(lvalues[4028]),0},
 {"setct-CredReqTBSX","setct-CredReqTBSX",NID_setct_CredReqTBSX,4,
-	&(lvalues[4036]),0},
+	&(lvalues[4032]),0},
 {"setct-CredResData","setct-CredResData",NID_setct_CredResData,4,
-	&(lvalues[4040]),0},
+	&(lvalues[4036]),0},
 {"setct-CredRevReqTBS","setct-CredRevReqTBS",NID_setct_CredRevReqTBS,
-	4,&(lvalues[4044]),0},
+	4,&(lvalues[4040]),0},
 {"setct-CredRevReqTBSX","setct-CredRevReqTBSX",
-	NID_setct_CredRevReqTBSX,4,&(lvalues[4048]),0},
+	NID_setct_CredRevReqTBSX,4,&(lvalues[4044]),0},
 {"setct-CredRevResData","setct-CredRevResData",
-	NID_setct_CredRevResData,4,&(lvalues[4052]),0},
+	NID_setct_CredRevResData,4,&(lvalues[4048]),0},
 {"setct-PCertReqData","setct-PCertReqData",NID_setct_PCertReqData,4,
-	&(lvalues[4056]),0},
+	&(lvalues[4052]),0},
 {"setct-PCertResTBS","setct-PCertResTBS",NID_setct_PCertResTBS,4,
-	&(lvalues[4060]),0},
+	&(lvalues[4056]),0},
 {"setct-BatchAdminReqData","setct-BatchAdminReqData",
-	NID_setct_BatchAdminReqData,4,&(lvalues[4064]),0},
+	NID_setct_BatchAdminReqData,4,&(lvalues[4060]),0},
 {"setct-BatchAdminResData","setct-BatchAdminResData",
-	NID_setct_BatchAdminResData,4,&(lvalues[4068]),0},
+	NID_setct_BatchAdminResData,4,&(lvalues[4064]),0},
 {"setct-CardCInitResTBS","setct-CardCInitResTBS",
-	NID_setct_CardCInitResTBS,4,&(lvalues[4072]),0},
+	NID_setct_CardCInitResTBS,4,&(lvalues[4068]),0},
 {"setct-MeAqCInitResTBS","setct-MeAqCInitResTBS",
-	NID_setct_MeAqCInitResTBS,4,&(lvalues[4076]),0},
+	NID_setct_MeAqCInitResTBS,4,&(lvalues[4072]),0},
 {"setct-RegFormResTBS","setct-RegFormResTBS",NID_setct_RegFormResTBS,
-	4,&(lvalues[4080]),0},
+	4,&(lvalues[4076]),0},
 {"setct-CertReqData","setct-CertReqData",NID_setct_CertReqData,4,
-	&(lvalues[4084]),0},
+	&(lvalues[4080]),0},
 {"setct-CertReqTBS","setct-CertReqTBS",NID_setct_CertReqTBS,4,
-	&(lvalues[4088]),0},
+	&(lvalues[4084]),0},
 {"setct-CertResData","setct-CertResData",NID_setct_CertResData,4,
-	&(lvalues[4092]),0},
+	&(lvalues[4088]),0},
 {"setct-CertInqReqTBS","setct-CertInqReqTBS",NID_setct_CertInqReqTBS,
-	4,&(lvalues[4096]),0},
+	4,&(lvalues[4092]),0},
 {"setct-ErrorTBS","setct-ErrorTBS",NID_setct_ErrorTBS,4,
-	&(lvalues[4100]),0},
+	&(lvalues[4096]),0},
 {"setct-PIDualSignedTBE","setct-PIDualSignedTBE",
-	NID_setct_PIDualSignedTBE,4,&(lvalues[4104]),0},
+	NID_setct_PIDualSignedTBE,4,&(lvalues[4100]),0},
 {"setct-PIUnsignedTBE","setct-PIUnsignedTBE",NID_setct_PIUnsignedTBE,
-	4,&(lvalues[4108]),0},
+	4,&(lvalues[4104]),0},
 {"setct-AuthReqTBE","setct-AuthReqTBE",NID_setct_AuthReqTBE,4,
-	&(lvalues[4112]),0},
+	&(lvalues[4108]),0},
 {"setct-AuthResTBE","setct-AuthResTBE",NID_setct_AuthResTBE,4,
-	&(lvalues[4116]),0},
+	&(lvalues[4112]),0},
 {"setct-AuthResTBEX","setct-AuthResTBEX",NID_setct_AuthResTBEX,4,
-	&(lvalues[4120]),0},
+	&(lvalues[4116]),0},
 {"setct-AuthTokenTBE","setct-AuthTokenTBE",NID_setct_AuthTokenTBE,4,
-	&(lvalues[4124]),0},
+	&(lvalues[4120]),0},
 {"setct-CapTokenTBE","setct-CapTokenTBE",NID_setct_CapTokenTBE,4,
-	&(lvalues[4128]),0},
+	&(lvalues[4124]),0},
 {"setct-CapTokenTBEX","setct-CapTokenTBEX",NID_setct_CapTokenTBEX,4,
-	&(lvalues[4132]),0},
+	&(lvalues[4128]),0},
 {"setct-AcqCardCodeMsgTBE","setct-AcqCardCodeMsgTBE",
-	NID_setct_AcqCardCodeMsgTBE,4,&(lvalues[4136]),0},
+	NID_setct_AcqCardCodeMsgTBE,4,&(lvalues[4132]),0},
 {"setct-AuthRevReqTBE","setct-AuthRevReqTBE",NID_setct_AuthRevReqTBE,
-	4,&(lvalues[4140]),0},
+	4,&(lvalues[4136]),0},
 {"setct-AuthRevResTBE","setct-AuthRevResTBE",NID_setct_AuthRevResTBE,
-	4,&(lvalues[4144]),0},
+	4,&(lvalues[4140]),0},
 {"setct-AuthRevResTBEB","setct-AuthRevResTBEB",
-	NID_setct_AuthRevResTBEB,4,&(lvalues[4148]),0},
+	NID_setct_AuthRevResTBEB,4,&(lvalues[4144]),0},
 {"setct-CapReqTBE","setct-CapReqTBE",NID_setct_CapReqTBE,4,
-	&(lvalues[4152]),0},
+	&(lvalues[4148]),0},
 {"setct-CapReqTBEX","setct-CapReqTBEX",NID_setct_CapReqTBEX,4,
-	&(lvalues[4156]),0},
+	&(lvalues[4152]),0},
 {"setct-CapResTBE","setct-CapResTBE",NID_setct_CapResTBE,4,
-	&(lvalues[4160]),0},
+	&(lvalues[4156]),0},
 {"setct-CapRevReqTBE","setct-CapRevReqTBE",NID_setct_CapRevReqTBE,4,
-	&(lvalues[4164]),0},
+	&(lvalues[4160]),0},
 {"setct-CapRevReqTBEX","setct-CapRevReqTBEX",NID_setct_CapRevReqTBEX,
-	4,&(lvalues[4168]),0},
+	4,&(lvalues[4164]),0},
 {"setct-CapRevResTBE","setct-CapRevResTBE",NID_setct_CapRevResTBE,4,
-	&(lvalues[4172]),0},
+	&(lvalues[4168]),0},
 {"setct-CredReqTBE","setct-CredReqTBE",NID_setct_CredReqTBE,4,
-	&(lvalues[4176]),0},
+	&(lvalues[4172]),0},
 {"setct-CredReqTBEX","setct-CredReqTBEX",NID_setct_CredReqTBEX,4,
-	&(lvalues[4180]),0},
+	&(lvalues[4176]),0},
 {"setct-CredResTBE","setct-CredResTBE",NID_setct_CredResTBE,4,
-	&(lvalues[4184]),0},
+	&(lvalues[4180]),0},
 {"setct-CredRevReqTBE","setct-CredRevReqTBE",NID_setct_CredRevReqTBE,
-	4,&(lvalues[4188]),0},
+	4,&(lvalues[4184]),0},
 {"setct-CredRevReqTBEX","setct-CredRevReqTBEX",
-	NID_setct_CredRevReqTBEX,4,&(lvalues[4192]),0},
+	NID_setct_CredRevReqTBEX,4,&(lvalues[4188]),0},
 {"setct-CredRevResTBE","setct-CredRevResTBE",NID_setct_CredRevResTBE,
-	4,&(lvalues[4196]),0},
+	4,&(lvalues[4192]),0},
 {"setct-BatchAdminReqTBE","setct-BatchAdminReqTBE",
-	NID_setct_BatchAdminReqTBE,4,&(lvalues[4200]),0},
+	NID_setct_BatchAdminReqTBE,4,&(lvalues[4196]),0},
 {"setct-BatchAdminResTBE","setct-BatchAdminResTBE",
-	NID_setct_BatchAdminResTBE,4,&(lvalues[4204]),0},
+	NID_setct_BatchAdminResTBE,4,&(lvalues[4200]),0},
 {"setct-RegFormReqTBE","setct-RegFormReqTBE",NID_setct_RegFormReqTBE,
-	4,&(lvalues[4208]),0},
+	4,&(lvalues[4204]),0},
 {"setct-CertReqTBE","setct-CertReqTBE",NID_setct_CertReqTBE,4,
-	&(lvalues[4212]),0},
+	&(lvalues[4208]),0},
 {"setct-CertReqTBEX","setct-CertReqTBEX",NID_setct_CertReqTBEX,4,
-	&(lvalues[4216]),0},
+	&(lvalues[4212]),0},
 {"setct-CertResTBE","setct-CertResTBE",NID_setct_CertResTBE,4,
-	&(lvalues[4220]),0},
+	&(lvalues[4216]),0},
 {"setct-CRLNotificationTBS","setct-CRLNotificationTBS",
-	NID_setct_CRLNotificationTBS,4,&(lvalues[4224]),0},
+	NID_setct_CRLNotificationTBS,4,&(lvalues[4220]),0},
 {"setct-CRLNotificationResTBS","setct-CRLNotificationResTBS",
-	NID_setct_CRLNotificationResTBS,4,&(lvalues[4228]),0},
+	NID_setct_CRLNotificationResTBS,4,&(lvalues[4224]),0},
 {"setct-BCIDistributionTBS","setct-BCIDistributionTBS",
-	NID_setct_BCIDistributionTBS,4,&(lvalues[4232]),0},
+	NID_setct_BCIDistributionTBS,4,&(lvalues[4228]),0},
 {"setext-genCrypt","generic cryptogram",NID_setext_genCrypt,4,
-	&(lvalues[4236]),0},
+	&(lvalues[4232]),0},
 {"setext-miAuth","merchant initiated auth",NID_setext_miAuth,4,
-	&(lvalues[4240]),0},
+	&(lvalues[4236]),0},
 {"setext-pinSecure","setext-pinSecure",NID_setext_pinSecure,4,
-	&(lvalues[4244]),0},
-{"setext-pinAny","setext-pinAny",NID_setext_pinAny,4,&(lvalues[4248]),0},
-{"setext-track2","setext-track2",NID_setext_track2,4,&(lvalues[4252]),0},
+	&(lvalues[4240]),0},
+{"setext-pinAny","setext-pinAny",NID_setext_pinAny,4,&(lvalues[4244]),0},
+{"setext-track2","setext-track2",NID_setext_track2,4,&(lvalues[4248]),0},
 {"setext-cv","additional verification",NID_setext_cv,4,
-	&(lvalues[4256]),0},
+	&(lvalues[4252]),0},
 {"set-policy-root","set-policy-root",NID_set_policy_root,4,
-	&(lvalues[4260]),0},
+	&(lvalues[4256]),0},
 {"setCext-hashedRoot","setCext-hashedRoot",NID_setCext_hashedRoot,4,
-	&(lvalues[4264]),0},
+	&(lvalues[4260]),0},
 {"setCext-certType","setCext-certType",NID_setCext_certType,4,
-	&(lvalues[4268]),0},
+	&(lvalues[4264]),0},
 {"setCext-merchData","setCext-merchData",NID_setCext_merchData,4,
-	&(lvalues[4272]),0},
+	&(lvalues[4268]),0},
 {"setCext-cCertRequired","setCext-cCertRequired",
-	NID_setCext_cCertRequired,4,&(lvalues[4276]),0},
+	NID_setCext_cCertRequired,4,&(lvalues[4272]),0},
 {"setCext-tunneling","setCext-tunneling",NID_setCext_tunneling,4,
-	&(lvalues[4280]),0},
+	&(lvalues[4276]),0},
 {"setCext-setExt","setCext-setExt",NID_setCext_setExt,4,
-	&(lvalues[4284]),0},
+	&(lvalues[4280]),0},
 {"setCext-setQualf","setCext-setQualf",NID_setCext_setQualf,4,
-	&(lvalues[4288]),0},
+	&(lvalues[4284]),0},
 {"setCext-PGWYcapabilities","setCext-PGWYcapabilities",
-	NID_setCext_PGWYcapabilities,4,&(lvalues[4292]),0},
+	NID_setCext_PGWYcapabilities,4,&(lvalues[4288]),0},
 {"setCext-TokenIdentifier","setCext-TokenIdentifier",
-	NID_setCext_TokenIdentifier,4,&(lvalues[4296]),0},
+	NID_setCext_TokenIdentifier,4,&(lvalues[4292]),0},
 {"setCext-Track2Data","setCext-Track2Data",NID_setCext_Track2Data,4,
-	&(lvalues[4300]),0},
+	&(lvalues[4296]),0},
 {"setCext-TokenType","setCext-TokenType",NID_setCext_TokenType,4,
-	&(lvalues[4304]),0},
+	&(lvalues[4300]),0},
 {"setCext-IssuerCapabilities","setCext-IssuerCapabilities",
-	NID_setCext_IssuerCapabilities,4,&(lvalues[4308]),0},
-{"setAttr-Cert","setAttr-Cert",NID_setAttr_Cert,4,&(lvalues[4312]),0},
+	NID_setCext_IssuerCapabilities,4,&(lvalues[4304]),0},
+{"setAttr-Cert","setAttr-Cert",NID_setAttr_Cert,4,&(lvalues[4308]),0},
 {"setAttr-PGWYcap","payment gateway capabilities",NID_setAttr_PGWYcap,
-	4,&(lvalues[4316]),0},
+	4,&(lvalues[4312]),0},
 {"setAttr-TokenType","setAttr-TokenType",NID_setAttr_TokenType,4,
-	&(lvalues[4320]),0},
+	&(lvalues[4316]),0},
 {"setAttr-IssCap","issuer capabilities",NID_setAttr_IssCap,4,
-	&(lvalues[4324]),0},
+	&(lvalues[4320]),0},
 {"set-rootKeyThumb","set-rootKeyThumb",NID_set_rootKeyThumb,5,
-	&(lvalues[4328]),0},
-{"set-addPolicy","set-addPolicy",NID_set_addPolicy,5,&(lvalues[4333]),0},
+	&(lvalues[4324]),0},
+{"set-addPolicy","set-addPolicy",NID_set_addPolicy,5,&(lvalues[4329]),0},
 {"setAttr-Token-EMV","setAttr-Token-EMV",NID_setAttr_Token_EMV,5,
-	&(lvalues[4338]),0},
+	&(lvalues[4334]),0},
 {"setAttr-Token-B0Prime","setAttr-Token-B0Prime",
-	NID_setAttr_Token_B0Prime,5,&(lvalues[4343]),0},
+	NID_setAttr_Token_B0Prime,5,&(lvalues[4339]),0},
 {"setAttr-IssCap-CVM","setAttr-IssCap-CVM",NID_setAttr_IssCap_CVM,5,
-	&(lvalues[4348]),0},
+	&(lvalues[4344]),0},
 {"setAttr-IssCap-T2","setAttr-IssCap-T2",NID_setAttr_IssCap_T2,5,
-	&(lvalues[4353]),0},
+	&(lvalues[4349]),0},
 {"setAttr-IssCap-Sig","setAttr-IssCap-Sig",NID_setAttr_IssCap_Sig,5,
-	&(lvalues[4358]),0},
+	&(lvalues[4354]),0},
 {"setAttr-GenCryptgrm","generate cryptogram",NID_setAttr_GenCryptgrm,
-	6,&(lvalues[4363]),0},
+	6,&(lvalues[4359]),0},
 {"setAttr-T2Enc","encrypted track 2",NID_setAttr_T2Enc,6,
-	&(lvalues[4369]),0},
+	&(lvalues[4365]),0},
 {"setAttr-T2cleartxt","cleartext track 2",NID_setAttr_T2cleartxt,6,
-	&(lvalues[4375]),0},
+	&(lvalues[4371]),0},
 {"setAttr-TokICCsig","ICC or token signature",NID_setAttr_TokICCsig,6,
-	&(lvalues[4381]),0},
+	&(lvalues[4377]),0},
 {"setAttr-SecDevSig","secure device signature",NID_setAttr_SecDevSig,
-	6,&(lvalues[4387]),0},
+	6,&(lvalues[4383]),0},
 {"set-brand-IATA-ATA","set-brand-IATA-ATA",NID_set_brand_IATA_ATA,4,
-	&(lvalues[4393]),0},
+	&(lvalues[4389]),0},
 {"set-brand-Diners","set-brand-Diners",NID_set_brand_Diners,4,
-	&(lvalues[4397]),0},
+	&(lvalues[4393]),0},
 {"set-brand-AmericanExpress","set-brand-AmericanExpress",
-	NID_set_brand_AmericanExpress,4,&(lvalues[4401]),0},
-{"set-brand-JCB","set-brand-JCB",NID_set_brand_JCB,4,&(lvalues[4405]),0},
+	NID_set_brand_AmericanExpress,4,&(lvalues[4397]),0},
+{"set-brand-JCB","set-brand-JCB",NID_set_brand_JCB,4,&(lvalues[4401]),0},
 {"set-brand-Visa","set-brand-Visa",NID_set_brand_Visa,4,
-	&(lvalues[4409]),0},
+	&(lvalues[4405]),0},
 {"set-brand-MasterCard","set-brand-MasterCard",
-	NID_set_brand_MasterCard,4,&(lvalues[4413]),0},
+	NID_set_brand_MasterCard,4,&(lvalues[4409]),0},
 {"set-brand-Novus","set-brand-Novus",NID_set_brand_Novus,5,
-	&(lvalues[4417]),0},
-{"DES-CDMF","des-cdmf",NID_des_cdmf,8,&(lvalues[4422]),0},
+	&(lvalues[4413]),0},
+{"DES-CDMF","des-cdmf",NID_des_cdmf,8,&(lvalues[4418]),0},
 {"rsaOAEPEncryptionSET","rsaOAEPEncryptionSET",
-	NID_rsaOAEPEncryptionSET,9,&(lvalues[4430]),0},
-{"ITU-T","itu-t",NID_itu_t,1,&(lvalues[4439]),0},
-{"JOINT-ISO-ITU-T","joint-iso-itu-t",NID_joint_iso_itu_t,1,
-	&(lvalues[4440]),0},
+	NID_rsaOAEPEncryptionSET,9,&(lvalues[4426]),0},
+{"ITU-T","itu-t",NID_itu_t,0,NULL,0},
+{"JOINT-ISO-ITU-T","joint-iso-itu-t",NID_joint_iso_itu_t,0,NULL,0},
 {"international-organizations","International Organizations",
-	NID_international_organizations,1,&(lvalues[4441]),0},
+	NID_international_organizations,1,&(lvalues[4435]),0},
 {"msSmartcardLogin","Microsoft Smartcardlogin",NID_ms_smartcard_login,
-	10,&(lvalues[4442]),0},
+	10,&(lvalues[4436]),0},
 {"msUPN","Microsoft Universal Principal Name",NID_ms_upn,10,
-	&(lvalues[4452]),0},
+	&(lvalues[4446]),0},
 {"AES-128-CFB1","aes-128-cfb1",NID_aes_128_cfb1,0,NULL,0},
 {"AES-192-CFB1","aes-192-cfb1",NID_aes_192_cfb1,0,NULL,0},
 {"AES-256-CFB1","aes-256-cfb1",NID_aes_256_cfb1,0,NULL,0},
@@ -1979,138 +1972,138 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={
 {"DES-CFB8","des-cfb8",NID_des_cfb8,0,NULL,0},
 {"DES-EDE3-CFB1","des-ede3-cfb1",NID_des_ede3_cfb1,0,NULL,0},
 {"DES-EDE3-CFB8","des-ede3-cfb8",NID_des_ede3_cfb8,0,NULL,0},
-{"street","streetAddress",NID_streetAddress,3,&(lvalues[4462]),0},
-{"postalCode","postalCode",NID_postalCode,3,&(lvalues[4465]),0},
-{"id-ppl","id-ppl",NID_id_ppl,7,&(lvalues[4468]),0},
+{"street","streetAddress",NID_streetAddress,3,&(lvalues[4456]),0},
+{"postalCode","postalCode",NID_postalCode,3,&(lvalues[4459]),0},
+{"id-ppl","id-ppl",NID_id_ppl,7,&(lvalues[4462]),0},
 {"proxyCertInfo","Proxy Certificate Information",NID_proxyCertInfo,8,
-	&(lvalues[4475]),0},
+	&(lvalues[4469]),0},
 {"id-ppl-anyLanguage","Any language",NID_id_ppl_anyLanguage,8,
-	&(lvalues[4483]),0},
+	&(lvalues[4477]),0},
 {"id-ppl-inheritAll","Inherit all",NID_id_ppl_inheritAll,8,
-	&(lvalues[4491]),0},
+	&(lvalues[4485]),0},
 {"nameConstraints","X509v3 Name Constraints",NID_name_constraints,3,
-	&(lvalues[4499]),0},
-{"id-ppl-independent","Independent",NID_Independent,8,&(lvalues[4502]),0},
+	&(lvalues[4493]),0},
+{"id-ppl-independent","Independent",NID_Independent,8,&(lvalues[4496]),0},
 {"RSA-SHA256","sha256WithRSAEncryption",NID_sha256WithRSAEncryption,9,
-	&(lvalues[4510]),0},
+	&(lvalues[4504]),0},
 {"RSA-SHA384","sha384WithRSAEncryption",NID_sha384WithRSAEncryption,9,
-	&(lvalues[4519]),0},
+	&(lvalues[4513]),0},
 {"RSA-SHA512","sha512WithRSAEncryption",NID_sha512WithRSAEncryption,9,
-	&(lvalues[4528]),0},
+	&(lvalues[4522]),0},
 {"RSA-SHA224","sha224WithRSAEncryption",NID_sha224WithRSAEncryption,9,
-	&(lvalues[4537]),0},
-{"SHA256","sha256",NID_sha256,9,&(lvalues[4546]),0},
-{"SHA384","sha384",NID_sha384,9,&(lvalues[4555]),0},
-{"SHA512","sha512",NID_sha512,9,&(lvalues[4564]),0},
-{"SHA224","sha224",NID_sha224,9,&(lvalues[4573]),0},
+	&(lvalues[4531]),0},
+{"SHA256","sha256",NID_sha256,9,&(lvalues[4540]),0},
+{"SHA384","sha384",NID_sha384,9,&(lvalues[4549]),0},
+{"SHA512","sha512",NID_sha512,9,&(lvalues[4558]),0},
+{"SHA224","sha224",NID_sha224,9,&(lvalues[4567]),0},
 {"identified-organization","identified-organization",
-	NID_identified_organization,1,&(lvalues[4582]),0},
-{"certicom-arc","certicom-arc",NID_certicom_arc,3,&(lvalues[4583]),0},
-{"wap","wap",NID_wap,2,&(lvalues[4586]),0},
-{"wap-wsg","wap-wsg",NID_wap_wsg,3,&(lvalues[4588]),0},
+	NID_identified_organization,1,&(lvalues[4576]),0},
+{"certicom-arc","certicom-arc",NID_certicom_arc,3,&(lvalues[4577]),0},
+{"wap","wap",NID_wap,2,&(lvalues[4580]),0},
+{"wap-wsg","wap-wsg",NID_wap_wsg,3,&(lvalues[4582]),0},
 {"id-characteristic-two-basis","id-characteristic-two-basis",
-	NID_X9_62_id_characteristic_two_basis,8,&(lvalues[4591]),0},
-{"onBasis","onBasis",NID_X9_62_onBasis,9,&(lvalues[4599]),0},
-{"tpBasis","tpBasis",NID_X9_62_tpBasis,9,&(lvalues[4608]),0},
-{"ppBasis","ppBasis",NID_X9_62_ppBasis,9,&(lvalues[4617]),0},
-{"c2pnb163v1","c2pnb163v1",NID_X9_62_c2pnb163v1,8,&(lvalues[4626]),0},
-{"c2pnb163v2","c2pnb163v2",NID_X9_62_c2pnb163v2,8,&(lvalues[4634]),0},
-{"c2pnb163v3","c2pnb163v3",NID_X9_62_c2pnb163v3,8,&(lvalues[4642]),0},
-{"c2pnb176v1","c2pnb176v1",NID_X9_62_c2pnb176v1,8,&(lvalues[4650]),0},
-{"c2tnb191v1","c2tnb191v1",NID_X9_62_c2tnb191v1,8,&(lvalues[4658]),0},
-{"c2tnb191v2","c2tnb191v2",NID_X9_62_c2tnb191v2,8,&(lvalues[4666]),0},
-{"c2tnb191v3","c2tnb191v3",NID_X9_62_c2tnb191v3,8,&(lvalues[4674]),0},
-{"c2onb191v4","c2onb191v4",NID_X9_62_c2onb191v4,8,&(lvalues[4682]),0},
-{"c2onb191v5","c2onb191v5",NID_X9_62_c2onb191v5,8,&(lvalues[4690]),0},
-{"c2pnb208w1","c2pnb208w1",NID_X9_62_c2pnb208w1,8,&(lvalues[4698]),0},
-{"c2tnb239v1","c2tnb239v1",NID_X9_62_c2tnb239v1,8,&(lvalues[4706]),0},
-{"c2tnb239v2","c2tnb239v2",NID_X9_62_c2tnb239v2,8,&(lvalues[4714]),0},
-{"c2tnb239v3","c2tnb239v3",NID_X9_62_c2tnb239v3,8,&(lvalues[4722]),0},
-{"c2onb239v4","c2onb239v4",NID_X9_62_c2onb239v4,8,&(lvalues[4730]),0},
-{"c2onb239v5","c2onb239v5",NID_X9_62_c2onb239v5,8,&(lvalues[4738]),0},
-{"c2pnb272w1","c2pnb272w1",NID_X9_62_c2pnb272w1,8,&(lvalues[4746]),0},
-{"c2pnb304w1","c2pnb304w1",NID_X9_62_c2pnb304w1,8,&(lvalues[4754]),0},
-{"c2tnb359v1","c2tnb359v1",NID_X9_62_c2tnb359v1,8,&(lvalues[4762]),0},
-{"c2pnb368w1","c2pnb368w1",NID_X9_62_c2pnb368w1,8,&(lvalues[4770]),0},
-{"c2tnb431r1","c2tnb431r1",NID_X9_62_c2tnb431r1,8,&(lvalues[4778]),0},
-{"secp112r1","secp112r1",NID_secp112r1,5,&(lvalues[4786]),0},
-{"secp112r2","secp112r2",NID_secp112r2,5,&(lvalues[4791]),0},
-{"secp128r1","secp128r1",NID_secp128r1,5,&(lvalues[4796]),0},
-{"secp128r2","secp128r2",NID_secp128r2,5,&(lvalues[4801]),0},
-{"secp160k1","secp160k1",NID_secp160k1,5,&(lvalues[4806]),0},
-{"secp160r1","secp160r1",NID_secp160r1,5,&(lvalues[4811]),0},
-{"secp160r2","secp160r2",NID_secp160r2,5,&(lvalues[4816]),0},
-{"secp192k1","secp192k1",NID_secp192k1,5,&(lvalues[4821]),0},
-{"secp224k1","secp224k1",NID_secp224k1,5,&(lvalues[4826]),0},
-{"secp224r1","secp224r1",NID_secp224r1,5,&(lvalues[4831]),0},
-{"secp256k1","secp256k1",NID_secp256k1,5,&(lvalues[4836]),0},
-{"secp384r1","secp384r1",NID_secp384r1,5,&(lvalues[4841]),0},
-{"secp521r1","secp521r1",NID_secp521r1,5,&(lvalues[4846]),0},
-{"sect113r1","sect113r1",NID_sect113r1,5,&(lvalues[4851]),0},
-{"sect113r2","sect113r2",NID_sect113r2,5,&(lvalues[4856]),0},
-{"sect131r1","sect131r1",NID_sect131r1,5,&(lvalues[4861]),0},
-{"sect131r2","sect131r2",NID_sect131r2,5,&(lvalues[4866]),0},
-{"sect163k1","sect163k1",NID_sect163k1,5,&(lvalues[4871]),0},
-{"sect163r1","sect163r1",NID_sect163r1,5,&(lvalues[4876]),0},
-{"sect163r2","sect163r2",NID_sect163r2,5,&(lvalues[4881]),0},
-{"sect193r1","sect193r1",NID_sect193r1,5,&(lvalues[4886]),0},
-{"sect193r2","sect193r2",NID_sect193r2,5,&(lvalues[4891]),0},
-{"sect233k1","sect233k1",NID_sect233k1,5,&(lvalues[4896]),0},
-{"sect233r1","sect233r1",NID_sect233r1,5,&(lvalues[4901]),0},
-{"sect239k1","sect239k1",NID_sect239k1,5,&(lvalues[4906]),0},
-{"sect283k1","sect283k1",NID_sect283k1,5,&(lvalues[4911]),0},
-{"sect283r1","sect283r1",NID_sect283r1,5,&(lvalues[4916]),0},
-{"sect409k1","sect409k1",NID_sect409k1,5,&(lvalues[4921]),0},
-{"sect409r1","sect409r1",NID_sect409r1,5,&(lvalues[4926]),0},
-{"sect571k1","sect571k1",NID_sect571k1,5,&(lvalues[4931]),0},
-{"sect571r1","sect571r1",NID_sect571r1,5,&(lvalues[4936]),0},
+	NID_X9_62_id_characteristic_two_basis,8,&(lvalues[4585]),0},
+{"onBasis","onBasis",NID_X9_62_onBasis,9,&(lvalues[4593]),0},
+{"tpBasis","tpBasis",NID_X9_62_tpBasis,9,&(lvalues[4602]),0},
+{"ppBasis","ppBasis",NID_X9_62_ppBasis,9,&(lvalues[4611]),0},
+{"c2pnb163v1","c2pnb163v1",NID_X9_62_c2pnb163v1,8,&(lvalues[4620]),0},
+{"c2pnb163v2","c2pnb163v2",NID_X9_62_c2pnb163v2,8,&(lvalues[4628]),0},
+{"c2pnb163v3","c2pnb163v3",NID_X9_62_c2pnb163v3,8,&(lvalues[4636]),0},
+{"c2pnb176v1","c2pnb176v1",NID_X9_62_c2pnb176v1,8,&(lvalues[4644]),0},
+{"c2tnb191v1","c2tnb191v1",NID_X9_62_c2tnb191v1,8,&(lvalues[4652]),0},
+{"c2tnb191v2","c2tnb191v2",NID_X9_62_c2tnb191v2,8,&(lvalues[4660]),0},
+{"c2tnb191v3","c2tnb191v3",NID_X9_62_c2tnb191v3,8,&(lvalues[4668]),0},
+{"c2onb191v4","c2onb191v4",NID_X9_62_c2onb191v4,8,&(lvalues[4676]),0},
+{"c2onb191v5","c2onb191v5",NID_X9_62_c2onb191v5,8,&(lvalues[4684]),0},
+{"c2pnb208w1","c2pnb208w1",NID_X9_62_c2pnb208w1,8,&(lvalues[4692]),0},
+{"c2tnb239v1","c2tnb239v1",NID_X9_62_c2tnb239v1,8,&(lvalues[4700]),0},
+{"c2tnb239v2","c2tnb239v2",NID_X9_62_c2tnb239v2,8,&(lvalues[4708]),0},
+{"c2tnb239v3","c2tnb239v3",NID_X9_62_c2tnb239v3,8,&(lvalues[4716]),0},
+{"c2onb239v4","c2onb239v4",NID_X9_62_c2onb239v4,8,&(lvalues[4724]),0},
+{"c2onb239v5","c2onb239v5",NID_X9_62_c2onb239v5,8,&(lvalues[4732]),0},
+{"c2pnb272w1","c2pnb272w1",NID_X9_62_c2pnb272w1,8,&(lvalues[4740]),0},
+{"c2pnb304w1","c2pnb304w1",NID_X9_62_c2pnb304w1,8,&(lvalues[4748]),0},
+{"c2tnb359v1","c2tnb359v1",NID_X9_62_c2tnb359v1,8,&(lvalues[4756]),0},
+{"c2pnb368w1","c2pnb368w1",NID_X9_62_c2pnb368w1,8,&(lvalues[4764]),0},
+{"c2tnb431r1","c2tnb431r1",NID_X9_62_c2tnb431r1,8,&(lvalues[4772]),0},
+{"secp112r1","secp112r1",NID_secp112r1,5,&(lvalues[4780]),0},
+{"secp112r2","secp112r2",NID_secp112r2,5,&(lvalues[4785]),0},
+{"secp128r1","secp128r1",NID_secp128r1,5,&(lvalues[4790]),0},
+{"secp128r2","secp128r2",NID_secp128r2,5,&(lvalues[4795]),0},
+{"secp160k1","secp160k1",NID_secp160k1,5,&(lvalues[4800]),0},
+{"secp160r1","secp160r1",NID_secp160r1,5,&(lvalues[4805]),0},
+{"secp160r2","secp160r2",NID_secp160r2,5,&(lvalues[4810]),0},
+{"secp192k1","secp192k1",NID_secp192k1,5,&(lvalues[4815]),0},
+{"secp224k1","secp224k1",NID_secp224k1,5,&(lvalues[4820]),0},
+{"secp224r1","secp224r1",NID_secp224r1,5,&(lvalues[4825]),0},
+{"secp256k1","secp256k1",NID_secp256k1,5,&(lvalues[4830]),0},
+{"secp384r1","secp384r1",NID_secp384r1,5,&(lvalues[4835]),0},
+{"secp521r1","secp521r1",NID_secp521r1,5,&(lvalues[4840]),0},
+{"sect113r1","sect113r1",NID_sect113r1,5,&(lvalues[4845]),0},
+{"sect113r2","sect113r2",NID_sect113r2,5,&(lvalues[4850]),0},
+{"sect131r1","sect131r1",NID_sect131r1,5,&(lvalues[4855]),0},
+{"sect131r2","sect131r2",NID_sect131r2,5,&(lvalues[4860]),0},
+{"sect163k1","sect163k1",NID_sect163k1,5,&(lvalues[4865]),0},
+{"sect163r1","sect163r1",NID_sect163r1,5,&(lvalues[4870]),0},
+{"sect163r2","sect163r2",NID_sect163r2,5,&(lvalues[4875]),0},
+{"sect193r1","sect193r1",NID_sect193r1,5,&(lvalues[4880]),0},
+{"sect193r2","sect193r2",NID_sect193r2,5,&(lvalues[4885]),0},
+{"sect233k1","sect233k1",NID_sect233k1,5,&(lvalues[4890]),0},
+{"sect233r1","sect233r1",NID_sect233r1,5,&(lvalues[4895]),0},
+{"sect239k1","sect239k1",NID_sect239k1,5,&(lvalues[4900]),0},
+{"sect283k1","sect283k1",NID_sect283k1,5,&(lvalues[4905]),0},
+{"sect283r1","sect283r1",NID_sect283r1,5,&(lvalues[4910]),0},
+{"sect409k1","sect409k1",NID_sect409k1,5,&(lvalues[4915]),0},
+{"sect409r1","sect409r1",NID_sect409r1,5,&(lvalues[4920]),0},
+{"sect571k1","sect571k1",NID_sect571k1,5,&(lvalues[4925]),0},
+{"sect571r1","sect571r1",NID_sect571r1,5,&(lvalues[4930]),0},
 {"wap-wsg-idm-ecid-wtls1","wap-wsg-idm-ecid-wtls1",
-	NID_wap_wsg_idm_ecid_wtls1,5,&(lvalues[4941]),0},
+	NID_wap_wsg_idm_ecid_wtls1,5,&(lvalues[4935]),0},
 {"wap-wsg-idm-ecid-wtls3","wap-wsg-idm-ecid-wtls3",
-	NID_wap_wsg_idm_ecid_wtls3,5,&(lvalues[4946]),0},
+	NID_wap_wsg_idm_ecid_wtls3,5,&(lvalues[4940]),0},
 {"wap-wsg-idm-ecid-wtls4","wap-wsg-idm-ecid-wtls4",
-	NID_wap_wsg_idm_ecid_wtls4,5,&(lvalues[4951]),0},
+	NID_wap_wsg_idm_ecid_wtls4,5,&(lvalues[4945]),0},
 {"wap-wsg-idm-ecid-wtls5","wap-wsg-idm-ecid-wtls5",
-	NID_wap_wsg_idm_ecid_wtls5,5,&(lvalues[4956]),0},
+	NID_wap_wsg_idm_ecid_wtls5,5,&(lvalues[4950]),0},
 {"wap-wsg-idm-ecid-wtls6","wap-wsg-idm-ecid-wtls6",
-	NID_wap_wsg_idm_ecid_wtls6,5,&(lvalues[4961]),0},
+	NID_wap_wsg_idm_ecid_wtls6,5,&(lvalues[4955]),0},
 {"wap-wsg-idm-ecid-wtls7","wap-wsg-idm-ecid-wtls7",
-	NID_wap_wsg_idm_ecid_wtls7,5,&(lvalues[4966]),0},
+	NID_wap_wsg_idm_ecid_wtls7,5,&(lvalues[4960]),0},
 {"wap-wsg-idm-ecid-wtls8","wap-wsg-idm-ecid-wtls8",
-	NID_wap_wsg_idm_ecid_wtls8,5,&(lvalues[4971]),0},
+	NID_wap_wsg_idm_ecid_wtls8,5,&(lvalues[4965]),0},
 {"wap-wsg-idm-ecid-wtls9","wap-wsg-idm-ecid-wtls9",
-	NID_wap_wsg_idm_ecid_wtls9,5,&(lvalues[4976]),0},
+	NID_wap_wsg_idm_ecid_wtls9,5,&(lvalues[4970]),0},
 {"wap-wsg-idm-ecid-wtls10","wap-wsg-idm-ecid-wtls10",
-	NID_wap_wsg_idm_ecid_wtls10,5,&(lvalues[4981]),0},
+	NID_wap_wsg_idm_ecid_wtls10,5,&(lvalues[4975]),0},
 {"wap-wsg-idm-ecid-wtls11","wap-wsg-idm-ecid-wtls11",
-	NID_wap_wsg_idm_ecid_wtls11,5,&(lvalues[4986]),0},
+	NID_wap_wsg_idm_ecid_wtls11,5,&(lvalues[4980]),0},
 {"wap-wsg-idm-ecid-wtls12","wap-wsg-idm-ecid-wtls12",
-	NID_wap_wsg_idm_ecid_wtls12,5,&(lvalues[4991]),0},
-{"anyPolicy","X509v3 Any Policy",NID_any_policy,4,&(lvalues[4996]),0},
+	NID_wap_wsg_idm_ecid_wtls12,5,&(lvalues[4985]),0},
+{"anyPolicy","X509v3 Any Policy",NID_any_policy,4,&(lvalues[4990]),0},
 {"policyMappings","X509v3 Policy Mappings",NID_policy_mappings,3,
-	&(lvalues[5000]),0},
+	&(lvalues[4994]),0},
 {"inhibitAnyPolicy","X509v3 Inhibit Any Policy",
-	NID_inhibit_any_policy,3,&(lvalues[5003]),0},
+	NID_inhibit_any_policy,3,&(lvalues[4997]),0},
 {"Oakley-EC2N-3","ipsec3",NID_ipsec3,0,NULL,0},
 {"Oakley-EC2N-4","ipsec4",NID_ipsec4,0,NULL,0},
 {"CAMELLIA-128-CBC","camellia-128-cbc",NID_camellia_128_cbc,11,
-	&(lvalues[5006]),0},
+	&(lvalues[5000]),0},
 {"CAMELLIA-192-CBC","camellia-192-cbc",NID_camellia_192_cbc,11,
-	&(lvalues[5017]),0},
+	&(lvalues[5011]),0},
 {"CAMELLIA-256-CBC","camellia-256-cbc",NID_camellia_256_cbc,11,
-	&(lvalues[5028]),0},
+	&(lvalues[5022]),0},
 {"CAMELLIA-128-ECB","camellia-128-ecb",NID_camellia_128_ecb,8,
-	&(lvalues[5039]),0},
+	&(lvalues[5033]),0},
 {"CAMELLIA-192-ECB","camellia-192-ecb",NID_camellia_192_ecb,8,
-	&(lvalues[5047]),0},
+	&(lvalues[5041]),0},
 {"CAMELLIA-256-ECB","camellia-256-ecb",NID_camellia_256_ecb,8,
-	&(lvalues[5055]),0},
+	&(lvalues[5049]),0},
 {"CAMELLIA-128-CFB","camellia-128-cfb",NID_camellia_128_cfb128,8,
-	&(lvalues[5063]),0},
+	&(lvalues[5057]),0},
 {"CAMELLIA-192-CFB","camellia-192-cfb",NID_camellia_192_cfb128,8,
-	&(lvalues[5071]),0},
+	&(lvalues[5065]),0},
 {"CAMELLIA-256-CFB","camellia-256-cfb",NID_camellia_256_cfb128,8,
-	&(lvalues[5079]),0},
+	&(lvalues[5073]),0},
 {"CAMELLIA-128-CFB1","camellia-128-cfb1",NID_camellia_128_cfb1,0,NULL,0},
 {"CAMELLIA-192-CFB1","camellia-192-cfb1",NID_camellia_192_cfb1,0,NULL,0},
 {"CAMELLIA-256-CFB1","camellia-256-cfb1",NID_camellia_256_cfb1,0,NULL,0},
@@ -2118,284 +2111,284 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={
 {"CAMELLIA-192-CFB8","camellia-192-cfb8",NID_camellia_192_cfb8,0,NULL,0},
 {"CAMELLIA-256-CFB8","camellia-256-cfb8",NID_camellia_256_cfb8,0,NULL,0},
 {"CAMELLIA-128-OFB","camellia-128-ofb",NID_camellia_128_ofb128,8,
-	&(lvalues[5087]),0},
+	&(lvalues[5081]),0},
 {"CAMELLIA-192-OFB","camellia-192-ofb",NID_camellia_192_ofb128,8,
-	&(lvalues[5095]),0},
+	&(lvalues[5089]),0},
 {"CAMELLIA-256-OFB","camellia-256-ofb",NID_camellia_256_ofb128,8,
-	&(lvalues[5103]),0},
+	&(lvalues[5097]),0},
 {"subjectDirectoryAttributes","X509v3 Subject Directory Attributes",
-	NID_subject_directory_attributes,3,&(lvalues[5111]),0},
+	NID_subject_directory_attributes,3,&(lvalues[5105]),0},
 {"issuingDistributionPoint","X509v3 Issuing Distrubution Point",
-	NID_issuing_distribution_point,3,&(lvalues[5114]),0},
+	NID_issuing_distribution_point,3,&(lvalues[5108]),0},
 {"certificateIssuer","X509v3 Certificate Issuer",
-	NID_certificate_issuer,3,&(lvalues[5117]),0},
+	NID_certificate_issuer,3,&(lvalues[5111]),0},
 {NULL,NULL,NID_undef,0,NULL,0},
-{"KISA","kisa",NID_kisa,6,&(lvalues[5120]),0},
+{"KISA","kisa",NID_kisa,6,&(lvalues[5114]),0},
 {NULL,NULL,NID_undef,0,NULL,0},
 {NULL,NULL,NID_undef,0,NULL,0},
-{"SEED-ECB","seed-ecb",NID_seed_ecb,8,&(lvalues[5126]),0},
-{"SEED-CBC","seed-cbc",NID_seed_cbc,8,&(lvalues[5134]),0},
-{"SEED-OFB","seed-ofb",NID_seed_ofb128,8,&(lvalues[5142]),0},
-{"SEED-CFB","seed-cfb",NID_seed_cfb128,8,&(lvalues[5150]),0},
-{"HMAC-MD5","hmac-md5",NID_hmac_md5,8,&(lvalues[5158]),0},
-{"HMAC-SHA1","hmac-sha1",NID_hmac_sha1,8,&(lvalues[5166]),0},
+{"SEED-ECB","seed-ecb",NID_seed_ecb,8,&(lvalues[5120]),0},
+{"SEED-CBC","seed-cbc",NID_seed_cbc,8,&(lvalues[5128]),0},
+{"SEED-OFB","seed-ofb",NID_seed_ofb128,8,&(lvalues[5136]),0},
+{"SEED-CFB","seed-cfb",NID_seed_cfb128,8,&(lvalues[5144]),0},
+{"HMAC-MD5","hmac-md5",NID_hmac_md5,8,&(lvalues[5152]),0},
+{"HMAC-SHA1","hmac-sha1",NID_hmac_sha1,8,&(lvalues[5160]),0},
 {"id-PasswordBasedMAC","password based MAC",NID_id_PasswordBasedMAC,9,
-	&(lvalues[5174]),0},
+	&(lvalues[5168]),0},
 {"id-DHBasedMac","Diffie-Hellman based MAC",NID_id_DHBasedMac,9,
-	&(lvalues[5183]),0},
+	&(lvalues[5177]),0},
 {"id-it-suppLangTags","id-it-suppLangTags",NID_id_it_suppLangTags,8,
-	&(lvalues[5192]),0},
-{"caRepository","CA Repository",NID_caRepository,8,&(lvalues[5200]),0},
+	&(lvalues[5186]),0},
+{"caRepository","CA Repository",NID_caRepository,8,&(lvalues[5194]),0},
 {"id-smime-ct-compressedData","id-smime-ct-compressedData",
-	NID_id_smime_ct_compressedData,11,&(lvalues[5208]),0},
+	NID_id_smime_ct_compressedData,11,&(lvalues[5202]),0},
 {"id-ct-asciiTextWithCRLF","id-ct-asciiTextWithCRLF",
-	NID_id_ct_asciiTextWithCRLF,11,&(lvalues[5219]),0},
+	NID_id_ct_asciiTextWithCRLF,11,&(lvalues[5213]),0},
 {"id-aes128-wrap","id-aes128-wrap",NID_id_aes128_wrap,9,
-	&(lvalues[5230]),0},
+	&(lvalues[5224]),0},
 {"id-aes192-wrap","id-aes192-wrap",NID_id_aes192_wrap,9,
-	&(lvalues[5239]),0},
+	&(lvalues[5233]),0},
 {"id-aes256-wrap","id-aes256-wrap",NID_id_aes256_wrap,9,
-	&(lvalues[5248]),0},
+	&(lvalues[5242]),0},
 {"ecdsa-with-Recommended","ecdsa-with-Recommended",
-	NID_ecdsa_with_Recommended,7,&(lvalues[5257]),0},
+	NID_ecdsa_with_Recommended,7,&(lvalues[5251]),0},
 {"ecdsa-with-Specified","ecdsa-with-Specified",
-	NID_ecdsa_with_Specified,7,&(lvalues[5264]),0},
+	NID_ecdsa_with_Specified,7,&(lvalues[5258]),0},
 {"ecdsa-with-SHA224","ecdsa-with-SHA224",NID_ecdsa_with_SHA224,8,
-	&(lvalues[5271]),0},
+	&(lvalues[5265]),0},
 {"ecdsa-with-SHA256","ecdsa-with-SHA256",NID_ecdsa_with_SHA256,8,
-	&(lvalues[5279]),0},
+	&(lvalues[5273]),0},
 {"ecdsa-with-SHA384","ecdsa-with-SHA384",NID_ecdsa_with_SHA384,8,
-	&(lvalues[5287]),0},
+	&(lvalues[5281]),0},
 {"ecdsa-with-SHA512","ecdsa-with-SHA512",NID_ecdsa_with_SHA512,8,
-	&(lvalues[5295]),0},
-{"hmacWithMD5","hmacWithMD5",NID_hmacWithMD5,8,&(lvalues[5303]),0},
+	&(lvalues[5289]),0},
+{"hmacWithMD5","hmacWithMD5",NID_hmacWithMD5,8,&(lvalues[5297]),0},
 {"hmacWithSHA224","hmacWithSHA224",NID_hmacWithSHA224,8,
-	&(lvalues[5311]),0},
+	&(lvalues[5305]),0},
 {"hmacWithSHA256","hmacWithSHA256",NID_hmacWithSHA256,8,
-	&(lvalues[5319]),0},
+	&(lvalues[5313]),0},
 {"hmacWithSHA384","hmacWithSHA384",NID_hmacWithSHA384,8,
-	&(lvalues[5327]),0},
+	&(lvalues[5321]),0},
 {"hmacWithSHA512","hmacWithSHA512",NID_hmacWithSHA512,8,
-	&(lvalues[5335]),0},
+	&(lvalues[5329]),0},
 {"dsa_with_SHA224","dsa_with_SHA224",NID_dsa_with_SHA224,9,
-	&(lvalues[5343]),0},
+	&(lvalues[5337]),0},
 {"dsa_with_SHA256","dsa_with_SHA256",NID_dsa_with_SHA256,9,
-	&(lvalues[5352]),0},
-{"whirlpool","whirlpool",NID_whirlpool,6,&(lvalues[5361]),0},
-{"cryptopro","cryptopro",NID_cryptopro,5,&(lvalues[5367]),0},
-{"cryptocom","cryptocom",NID_cryptocom,5,&(lvalues[5372]),0},
+	&(lvalues[5346]),0},
+{"whirlpool","whirlpool",NID_whirlpool,6,&(lvalues[5355]),0},
+{"cryptopro","cryptopro",NID_cryptopro,5,&(lvalues[5361]),0},
+{"cryptocom","cryptocom",NID_cryptocom,5,&(lvalues[5366]),0},
 {"id-GostR3411-94-with-GostR3410-2001",
 	"GOST R 34.11-94 with GOST R 34.10-2001",
-	NID_id_GostR3411_94_with_GostR3410_2001,6,&(lvalues[5377]),0},
+	NID_id_GostR3411_94_with_GostR3410_2001,6,&(lvalues[5371]),0},
 {"id-GostR3411-94-with-GostR3410-94",
 	"GOST R 34.11-94 with GOST R 34.10-94",
-	NID_id_GostR3411_94_with_GostR3410_94,6,&(lvalues[5383]),0},
-{"md_gost94","GOST R 34.11-94",NID_id_GostR3411_94,6,&(lvalues[5389]),0},
+	NID_id_GostR3411_94_with_GostR3410_94,6,&(lvalues[5377]),0},
+{"md_gost94","GOST R 34.11-94",NID_id_GostR3411_94,6,&(lvalues[5383]),0},
 {"id-HMACGostR3411-94","HMAC GOST 34.11-94",NID_id_HMACGostR3411_94,6,
-	&(lvalues[5395]),0},
+	&(lvalues[5389]),0},
 {"gost2001","GOST R 34.10-2001",NID_id_GostR3410_2001,6,
-	&(lvalues[5401]),0},
-{"gost94","GOST R 34.10-94",NID_id_GostR3410_94,6,&(lvalues[5407]),0},
-{"gost89","GOST 28147-89",NID_id_Gost28147_89,6,&(lvalues[5413]),0},
+	&(lvalues[5395]),0},
+{"gost94","GOST R 34.10-94",NID_id_GostR3410_94,6,&(lvalues[5401]),0},
+{"gost89","GOST 28147-89",NID_id_Gost28147_89,6,&(lvalues[5407]),0},
 {"gost89-cnt","gost89-cnt",NID_gost89_cnt,0,NULL,0},
 {"gost-mac","GOST 28147-89 MAC",NID_id_Gost28147_89_MAC,6,
-	&(lvalues[5419]),0},
+	&(lvalues[5413]),0},
 {"prf-gostr3411-94","GOST R 34.11-94 PRF",NID_id_GostR3411_94_prf,6,
-	&(lvalues[5425]),0},
+	&(lvalues[5419]),0},
 {"id-GostR3410-2001DH","GOST R 34.10-2001 DH",NID_id_GostR3410_2001DH,
-	6,&(lvalues[5431]),0},
+	6,&(lvalues[5425]),0},
 {"id-GostR3410-94DH","GOST R 34.10-94 DH",NID_id_GostR3410_94DH,6,
-	&(lvalues[5437]),0},
+	&(lvalues[5431]),0},
 {"id-Gost28147-89-CryptoPro-KeyMeshing",
 	"id-Gost28147-89-CryptoPro-KeyMeshing",
-	NID_id_Gost28147_89_CryptoPro_KeyMeshing,7,&(lvalues[5443]),0},
+	NID_id_Gost28147_89_CryptoPro_KeyMeshing,7,&(lvalues[5437]),0},
 {"id-Gost28147-89-None-KeyMeshing","id-Gost28147-89-None-KeyMeshing",
-	NID_id_Gost28147_89_None_KeyMeshing,7,&(lvalues[5450]),0},
+	NID_id_Gost28147_89_None_KeyMeshing,7,&(lvalues[5444]),0},
 {"id-GostR3411-94-TestParamSet","id-GostR3411-94-TestParamSet",
-	NID_id_GostR3411_94_TestParamSet,7,&(lvalues[5457]),0},
+	NID_id_GostR3411_94_TestParamSet,7,&(lvalues[5451]),0},
 {"id-GostR3411-94-CryptoProParamSet",
 	"id-GostR3411-94-CryptoProParamSet",
-	NID_id_GostR3411_94_CryptoProParamSet,7,&(lvalues[5464]),0},
+	NID_id_GostR3411_94_CryptoProParamSet,7,&(lvalues[5458]),0},
 {"id-Gost28147-89-TestParamSet","id-Gost28147-89-TestParamSet",
-	NID_id_Gost28147_89_TestParamSet,7,&(lvalues[5471]),0},
+	NID_id_Gost28147_89_TestParamSet,7,&(lvalues[5465]),0},
 {"id-Gost28147-89-CryptoPro-A-ParamSet",
 	"id-Gost28147-89-CryptoPro-A-ParamSet",
-	NID_id_Gost28147_89_CryptoPro_A_ParamSet,7,&(lvalues[5478]),0},
+	NID_id_Gost28147_89_CryptoPro_A_ParamSet,7,&(lvalues[5472]),0},
 {"id-Gost28147-89-CryptoPro-B-ParamSet",
 	"id-Gost28147-89-CryptoPro-B-ParamSet",
-	NID_id_Gost28147_89_CryptoPro_B_ParamSet,7,&(lvalues[5485]),0},
+	NID_id_Gost28147_89_CryptoPro_B_ParamSet,7,&(lvalues[5479]),0},
 {"id-Gost28147-89-CryptoPro-C-ParamSet",
 	"id-Gost28147-89-CryptoPro-C-ParamSet",
-	NID_id_Gost28147_89_CryptoPro_C_ParamSet,7,&(lvalues[5492]),0},
+	NID_id_Gost28147_89_CryptoPro_C_ParamSet,7,&(lvalues[5486]),0},
 {"id-Gost28147-89-CryptoPro-D-ParamSet",
 	"id-Gost28147-89-CryptoPro-D-ParamSet",
-	NID_id_Gost28147_89_CryptoPro_D_ParamSet,7,&(lvalues[5499]),0},
+	NID_id_Gost28147_89_CryptoPro_D_ParamSet,7,&(lvalues[5493]),0},
 {"id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet",
 	"id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet",
-	NID_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet,7,&(lvalues[5506]),
+	NID_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet,7,&(lvalues[5500]),
 	0},
 {"id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet",
 	"id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet",
-	NID_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet,7,&(lvalues[5513]),
+	NID_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet,7,&(lvalues[5507]),
 	0},
 {"id-Gost28147-89-CryptoPro-RIC-1-ParamSet",
 	"id-Gost28147-89-CryptoPro-RIC-1-ParamSet",
-	NID_id_Gost28147_89_CryptoPro_RIC_1_ParamSet,7,&(lvalues[5520]),0},
+	NID_id_Gost28147_89_CryptoPro_RIC_1_ParamSet,7,&(lvalues[5514]),0},
 {"id-GostR3410-94-TestParamSet","id-GostR3410-94-TestParamSet",
-	NID_id_GostR3410_94_TestParamSet,7,&(lvalues[5527]),0},
+	NID_id_GostR3410_94_TestParamSet,7,&(lvalues[5521]),0},
 {"id-GostR3410-94-CryptoPro-A-ParamSet",
 	"id-GostR3410-94-CryptoPro-A-ParamSet",
-	NID_id_GostR3410_94_CryptoPro_A_ParamSet,7,&(lvalues[5534]),0},
+	NID_id_GostR3410_94_CryptoPro_A_ParamSet,7,&(lvalues[5528]),0},
 {"id-GostR3410-94-CryptoPro-B-ParamSet",
 	"id-GostR3410-94-CryptoPro-B-ParamSet",
-	NID_id_GostR3410_94_CryptoPro_B_ParamSet,7,&(lvalues[5541]),0},
+	NID_id_GostR3410_94_CryptoPro_B_ParamSet,7,&(lvalues[5535]),0},
 {"id-GostR3410-94-CryptoPro-C-ParamSet",
 	"id-GostR3410-94-CryptoPro-C-ParamSet",
-	NID_id_GostR3410_94_CryptoPro_C_ParamSet,7,&(lvalues[5548]),0},
+	NID_id_GostR3410_94_CryptoPro_C_ParamSet,7,&(lvalues[5542]),0},
 {"id-GostR3410-94-CryptoPro-D-ParamSet",
 	"id-GostR3410-94-CryptoPro-D-ParamSet",
-	NID_id_GostR3410_94_CryptoPro_D_ParamSet,7,&(lvalues[5555]),0},
+	NID_id_GostR3410_94_CryptoPro_D_ParamSet,7,&(lvalues[5549]),0},
 {"id-GostR3410-94-CryptoPro-XchA-ParamSet",
 	"id-GostR3410-94-CryptoPro-XchA-ParamSet",
-	NID_id_GostR3410_94_CryptoPro_XchA_ParamSet,7,&(lvalues[5562]),0},
+	NID_id_GostR3410_94_CryptoPro_XchA_ParamSet,7,&(lvalues[5556]),0},
 {"id-GostR3410-94-CryptoPro-XchB-ParamSet",
 	"id-GostR3410-94-CryptoPro-XchB-ParamSet",
-	NID_id_GostR3410_94_CryptoPro_XchB_ParamSet,7,&(lvalues[5569]),0},
+	NID_id_GostR3410_94_CryptoPro_XchB_ParamSet,7,&(lvalues[5563]),0},
 {"id-GostR3410-94-CryptoPro-XchC-ParamSet",
 	"id-GostR3410-94-CryptoPro-XchC-ParamSet",
-	NID_id_GostR3410_94_CryptoPro_XchC_ParamSet,7,&(lvalues[5576]),0},
+	NID_id_GostR3410_94_CryptoPro_XchC_ParamSet,7,&(lvalues[5570]),0},
 {"id-GostR3410-2001-TestParamSet","id-GostR3410-2001-TestParamSet",
-	NID_id_GostR3410_2001_TestParamSet,7,&(lvalues[5583]),0},
+	NID_id_GostR3410_2001_TestParamSet,7,&(lvalues[5577]),0},
 {"id-GostR3410-2001-CryptoPro-A-ParamSet",
 	"id-GostR3410-2001-CryptoPro-A-ParamSet",
-	NID_id_GostR3410_2001_CryptoPro_A_ParamSet,7,&(lvalues[5590]),0},
+	NID_id_GostR3410_2001_CryptoPro_A_ParamSet,7,&(lvalues[5584]),0},
 {"id-GostR3410-2001-CryptoPro-B-ParamSet",
 	"id-GostR3410-2001-CryptoPro-B-ParamSet",
-	NID_id_GostR3410_2001_CryptoPro_B_ParamSet,7,&(lvalues[5597]),0},
+	NID_id_GostR3410_2001_CryptoPro_B_ParamSet,7,&(lvalues[5591]),0},
 {"id-GostR3410-2001-CryptoPro-C-ParamSet",
 	"id-GostR3410-2001-CryptoPro-C-ParamSet",
-	NID_id_GostR3410_2001_CryptoPro_C_ParamSet,7,&(lvalues[5604]),0},
+	NID_id_GostR3410_2001_CryptoPro_C_ParamSet,7,&(lvalues[5598]),0},
 {"id-GostR3410-2001-CryptoPro-XchA-ParamSet",
 	"id-GostR3410-2001-CryptoPro-XchA-ParamSet",
-	NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet,7,&(lvalues[5611]),0},
+	NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet,7,&(lvalues[5605]),0},
 	
 {"id-GostR3410-2001-CryptoPro-XchB-ParamSet",
 	"id-GostR3410-2001-CryptoPro-XchB-ParamSet",
-	NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet,7,&(lvalues[5618]),0},
+	NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet,7,&(lvalues[5612]),0},
 	
 {"id-GostR3410-94-a","id-GostR3410-94-a",NID_id_GostR3410_94_a,7,
-	&(lvalues[5625]),0},
+	&(lvalues[5619]),0},
 {"id-GostR3410-94-aBis","id-GostR3410-94-aBis",
-	NID_id_GostR3410_94_aBis,7,&(lvalues[5632]),0},
+	NID_id_GostR3410_94_aBis,7,&(lvalues[5626]),0},
 {"id-GostR3410-94-b","id-GostR3410-94-b",NID_id_GostR3410_94_b,7,
-	&(lvalues[5639]),0},
+	&(lvalues[5633]),0},
 {"id-GostR3410-94-bBis","id-GostR3410-94-bBis",
-	NID_id_GostR3410_94_bBis,7,&(lvalues[5646]),0},
+	NID_id_GostR3410_94_bBis,7,&(lvalues[5640]),0},
 {"id-Gost28147-89-cc","GOST 28147-89 Cryptocom ParamSet",
-	NID_id_Gost28147_89_cc,8,&(lvalues[5653]),0},
+	NID_id_Gost28147_89_cc,8,&(lvalues[5647]),0},
 {"gost94cc","GOST 34.10-94 Cryptocom",NID_id_GostR3410_94_cc,8,
-	&(lvalues[5661]),0},
+	&(lvalues[5655]),0},
 {"gost2001cc","GOST 34.10-2001 Cryptocom",NID_id_GostR3410_2001_cc,8,
-	&(lvalues[5669]),0},
+	&(lvalues[5663]),0},
 {"id-GostR3411-94-with-GostR3410-94-cc",
 	"GOST R 34.11-94 with GOST R 34.10-94 Cryptocom",
-	NID_id_GostR3411_94_with_GostR3410_94_cc,8,&(lvalues[5677]),0},
+	NID_id_GostR3411_94_with_GostR3410_94_cc,8,&(lvalues[5671]),0},
 {"id-GostR3411-94-with-GostR3410-2001-cc",
 	"GOST R 34.11-94 with GOST R 34.10-2001 Cryptocom",
-	NID_id_GostR3411_94_with_GostR3410_2001_cc,8,&(lvalues[5685]),0},
+	NID_id_GostR3411_94_with_GostR3410_2001_cc,8,&(lvalues[5679]),0},
 {"id-GostR3410-2001-ParamSet-cc",
 	"GOST R 3410-2001 Parameter Set Cryptocom",
-	NID_id_GostR3410_2001_ParamSet_cc,8,&(lvalues[5693]),0},
+	NID_id_GostR3410_2001_ParamSet_cc,8,&(lvalues[5687]),0},
 {"HMAC","hmac",NID_hmac,0,NULL,0},
 {"LocalKeySet","Microsoft Local Key set",NID_LocalKeySet,9,
-	&(lvalues[5701]),0},
+	&(lvalues[5695]),0},
 {"freshestCRL","X509v3 Freshest CRL",NID_freshest_crl,3,
-	&(lvalues[5710]),0},
+	&(lvalues[5704]),0},
 {"id-on-permanentIdentifier","Permanent Identifier",
-	NID_id_on_permanentIdentifier,8,&(lvalues[5713]),0},
-{"searchGuide","searchGuide",NID_searchGuide,3,&(lvalues[5721]),0},
+	NID_id_on_permanentIdentifier,8,&(lvalues[5707]),0},
+{"searchGuide","searchGuide",NID_searchGuide,3,&(lvalues[5715]),0},
 {"businessCategory","businessCategory",NID_businessCategory,3,
-	&(lvalues[5724]),0},
-{"postalAddress","postalAddress",NID_postalAddress,3,&(lvalues[5727]),0},
-{"postOfficeBox","postOfficeBox",NID_postOfficeBox,3,&(lvalues[5730]),0},
+	&(lvalues[5718]),0},
+{"postalAddress","postalAddress",NID_postalAddress,3,&(lvalues[5721]),0},
+{"postOfficeBox","postOfficeBox",NID_postOfficeBox,3,&(lvalues[5724]),0},
 {"physicalDeliveryOfficeName","physicalDeliveryOfficeName",
-	NID_physicalDeliveryOfficeName,3,&(lvalues[5733]),0},
+	NID_physicalDeliveryOfficeName,3,&(lvalues[5727]),0},
 {"telephoneNumber","telephoneNumber",NID_telephoneNumber,3,
-	&(lvalues[5736]),0},
-{"telexNumber","telexNumber",NID_telexNumber,3,&(lvalues[5739]),0},
+	&(lvalues[5730]),0},
+{"telexNumber","telexNumber",NID_telexNumber,3,&(lvalues[5733]),0},
 {"teletexTerminalIdentifier","teletexTerminalIdentifier",
-	NID_teletexTerminalIdentifier,3,&(lvalues[5742]),0},
+	NID_teletexTerminalIdentifier,3,&(lvalues[5736]),0},
 {"facsimileTelephoneNumber","facsimileTelephoneNumber",
-	NID_facsimileTelephoneNumber,3,&(lvalues[5745]),0},
-{"x121Address","x121Address",NID_x121Address,3,&(lvalues[5748]),0},
+	NID_facsimileTelephoneNumber,3,&(lvalues[5739]),0},
+{"x121Address","x121Address",NID_x121Address,3,&(lvalues[5742]),0},
 {"internationaliSDNNumber","internationaliSDNNumber",
-	NID_internationaliSDNNumber,3,&(lvalues[5751]),0},
+	NID_internationaliSDNNumber,3,&(lvalues[5745]),0},
 {"registeredAddress","registeredAddress",NID_registeredAddress,3,
-	&(lvalues[5754]),0},
+	&(lvalues[5748]),0},
 {"destinationIndicator","destinationIndicator",
-	NID_destinationIndicator,3,&(lvalues[5757]),0},
+	NID_destinationIndicator,3,&(lvalues[5751]),0},
 {"preferredDeliveryMethod","preferredDeliveryMethod",
-	NID_preferredDeliveryMethod,3,&(lvalues[5760]),0},
+	NID_preferredDeliveryMethod,3,&(lvalues[5754]),0},
 {"presentationAddress","presentationAddress",NID_presentationAddress,
-	3,&(lvalues[5763]),0},
+	3,&(lvalues[5757]),0},
 {"supportedApplicationContext","supportedApplicationContext",
-	NID_supportedApplicationContext,3,&(lvalues[5766]),0},
-{"member","member",NID_member,3,&(lvalues[5769]),0},
-{"owner","owner",NID_owner,3,&(lvalues[5772]),0},
-{"roleOccupant","roleOccupant",NID_roleOccupant,3,&(lvalues[5775]),0},
-{"seeAlso","seeAlso",NID_seeAlso,3,&(lvalues[5778]),0},
-{"userPassword","userPassword",NID_userPassword,3,&(lvalues[5781]),0},
+	NID_supportedApplicationContext,3,&(lvalues[5760]),0},
+{"member","member",NID_member,3,&(lvalues[5763]),0},
+{"owner","owner",NID_owner,3,&(lvalues[5766]),0},
+{"roleOccupant","roleOccupant",NID_roleOccupant,3,&(lvalues[5769]),0},
+{"seeAlso","seeAlso",NID_seeAlso,3,&(lvalues[5772]),0},
+{"userPassword","userPassword",NID_userPassword,3,&(lvalues[5775]),0},
 {"userCertificate","userCertificate",NID_userCertificate,3,
-	&(lvalues[5784]),0},
-{"cACertificate","cACertificate",NID_cACertificate,3,&(lvalues[5787]),0},
+	&(lvalues[5778]),0},
+{"cACertificate","cACertificate",NID_cACertificate,3,&(lvalues[5781]),0},
 {"authorityRevocationList","authorityRevocationList",
-	NID_authorityRevocationList,3,&(lvalues[5790]),0},
+	NID_authorityRevocationList,3,&(lvalues[5784]),0},
 {"certificateRevocationList","certificateRevocationList",
-	NID_certificateRevocationList,3,&(lvalues[5793]),0},
+	NID_certificateRevocationList,3,&(lvalues[5787]),0},
 {"crossCertificatePair","crossCertificatePair",
-	NID_crossCertificatePair,3,&(lvalues[5796]),0},
+	NID_crossCertificatePair,3,&(lvalues[5790]),0},
 {"enhancedSearchGuide","enhancedSearchGuide",NID_enhancedSearchGuide,
-	3,&(lvalues[5799]),0},
+	3,&(lvalues[5793]),0},
 {"protocolInformation","protocolInformation",NID_protocolInformation,
-	3,&(lvalues[5802]),0},
+	3,&(lvalues[5796]),0},
 {"distinguishedName","distinguishedName",NID_distinguishedName,3,
-	&(lvalues[5805]),0},
-{"uniqueMember","uniqueMember",NID_uniqueMember,3,&(lvalues[5808]),0},
+	&(lvalues[5799]),0},
+{"uniqueMember","uniqueMember",NID_uniqueMember,3,&(lvalues[5802]),0},
 {"houseIdentifier","houseIdentifier",NID_houseIdentifier,3,
-	&(lvalues[5811]),0},
+	&(lvalues[5805]),0},
 {"supportedAlgorithms","supportedAlgorithms",NID_supportedAlgorithms,
-	3,&(lvalues[5814]),0},
+	3,&(lvalues[5808]),0},
 {"deltaRevocationList","deltaRevocationList",NID_deltaRevocationList,
-	3,&(lvalues[5817]),0},
-{"dmdName","dmdName",NID_dmdName,3,&(lvalues[5820]),0},
+	3,&(lvalues[5811]),0},
+{"dmdName","dmdName",NID_dmdName,3,&(lvalues[5814]),0},
 {"id-alg-PWRI-KEK","id-alg-PWRI-KEK",NID_id_alg_PWRI_KEK,11,
-	&(lvalues[5823]),0},
+	&(lvalues[5817]),0},
 {"CMAC","cmac",NID_cmac,0,NULL,0},
-{"id-aes128-GCM","aes-128-gcm",NID_aes_128_gcm,9,&(lvalues[5834]),0},
-{"id-aes128-CCM","aes-128-ccm",NID_aes_128_ccm,9,&(lvalues[5843]),0},
+{"id-aes128-GCM","aes-128-gcm",NID_aes_128_gcm,9,&(lvalues[5828]),0},
+{"id-aes128-CCM","aes-128-ccm",NID_aes_128_ccm,9,&(lvalues[5837]),0},
 {"id-aes128-wrap-pad","id-aes128-wrap-pad",NID_id_aes128_wrap_pad,9,
-	&(lvalues[5852]),0},
-{"id-aes192-GCM","aes-192-gcm",NID_aes_192_gcm,9,&(lvalues[5861]),0},
-{"id-aes192-CCM","aes-192-ccm",NID_aes_192_ccm,9,&(lvalues[5870]),0},
+	&(lvalues[5846]),0},
+{"id-aes192-GCM","aes-192-gcm",NID_aes_192_gcm,9,&(lvalues[5855]),0},
+{"id-aes192-CCM","aes-192-ccm",NID_aes_192_ccm,9,&(lvalues[5864]),0},
 {"id-aes192-wrap-pad","id-aes192-wrap-pad",NID_id_aes192_wrap_pad,9,
-	&(lvalues[5879]),0},
-{"id-aes256-GCM","aes-256-gcm",NID_aes_256_gcm,9,&(lvalues[5888]),0},
-{"id-aes256-CCM","aes-256-ccm",NID_aes_256_ccm,9,&(lvalues[5897]),0},
+	&(lvalues[5873]),0},
+{"id-aes256-GCM","aes-256-gcm",NID_aes_256_gcm,9,&(lvalues[5882]),0},
+{"id-aes256-CCM","aes-256-ccm",NID_aes_256_ccm,9,&(lvalues[5891]),0},
 {"id-aes256-wrap-pad","id-aes256-wrap-pad",NID_id_aes256_wrap_pad,9,
-	&(lvalues[5906]),0},
+	&(lvalues[5900]),0},
 {"AES-128-CTR","aes-128-ctr",NID_aes_128_ctr,0,NULL,0},
 {"AES-192-CTR","aes-192-ctr",NID_aes_192_ctr,0,NULL,0},
 {"AES-256-CTR","aes-256-ctr",NID_aes_256_ctr,0,NULL,0},
 {"id-camellia128-wrap","id-camellia128-wrap",NID_id_camellia128_wrap,
-	11,&(lvalues[5915]),0},
+	11,&(lvalues[5909]),0},
 {"id-camellia192-wrap","id-camellia192-wrap",NID_id_camellia192_wrap,
-	11,&(lvalues[5926]),0},
+	11,&(lvalues[5920]),0},
 {"id-camellia256-wrap","id-camellia256-wrap",NID_id_camellia256_wrap,
-	11,&(lvalues[5937]),0},
+	11,&(lvalues[5931]),0},
 {"anyExtendedKeyUsage","Any Extended Key Usage",
-	NID_anyExtendedKeyUsage,4,&(lvalues[5948]),0},
-{"MGF1","mgf1",NID_mgf1,9,&(lvalues[5952]),0},
-{"RSASSA-PSS","rsassaPss",NID_rsassaPss,9,&(lvalues[5961]),0},
+	NID_anyExtendedKeyUsage,4,&(lvalues[5942]),0},
+{"MGF1","mgf1",NID_mgf1,9,&(lvalues[5946]),0},
+{"RSASSA-PSS","rsassaPss",NID_rsassaPss,9,&(lvalues[5955]),0},
 {"AES-128-XTS","aes-128-xts",NID_aes_128_xts,0,NULL,0},
 {"AES-256-XTS","aes-256-xts",NID_aes_256_xts,0,NULL,0},
 {"RC4-HMAC-MD5","rc4-hmac-md5",NID_rc4_hmac_md5,0,NULL,0},
@@ -2405,7 +2398,7 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={
 	NID_aes_192_cbc_hmac_sha1,0,NULL,0},
 {"AES-256-CBC-HMAC-SHA1","aes-256-cbc-hmac-sha1",
 	NID_aes_256_cbc_hmac_sha1,0,NULL,0},
-{"RSAES-OAEP","rsaesOaep",NID_rsaesOaep,9,&(lvalues[5970]),0},
+{"RSAES-OAEP","rsaesOaep",NID_rsaesOaep,9,&(lvalues[5964]),0},
 };
 
 static const unsigned int sn_objs[NUM_SN]={
@@ -4242,15 +4235,15 @@ static const unsigned int ln_objs[NUM_LN]={
 
 static const unsigned int obj_objs[NUM_OBJ]={
  0,	/* OBJ_undef                        0 */
+181,	/* OBJ_iso                          1 */
 393,	/* OBJ_joint_iso_ccitt              OBJ_joint_iso_itu_t */
 404,	/* OBJ_ccitt                        OBJ_itu_t */
 645,	/* OBJ_itu_t                        0 */
+646,	/* OBJ_joint_iso_itu_t              2 */
 434,	/* OBJ_data                         0 9 */
-181,	/* OBJ_iso                          1 */
 182,	/* OBJ_member_body                  1 2 */
 379,	/* OBJ_org                          1 3 */
 676,	/* OBJ_identified_organization      1 3 */
-646,	/* OBJ_joint_iso_itu_t              2 */
 11,	/* OBJ_X500                         2 5 */
 647,	/* OBJ_international_organizations  2 23 */
 380,	/* OBJ_dod                          1 3 6 */
diff --git a/app/openssl/crypto/objects/obj_dat.pl b/app/openssl/crypto/objects/obj_dat.pl
index c67f71c3..86bcefb9 100644
--- a/app/openssl/crypto/objects/obj_dat.pl
+++ b/app/openssl/crypto/objects/obj_dat.pl
@@ -115,7 +115,7 @@ for ($i=0; $i<$n; $i++)
 		$out.="\"$sn\"";
 		$out.=","."\"$ln\"";
 		$out.=",NID_$nid{$i},";
-		if (defined($obj{$nid{$i}}))
+		if (defined($obj{$nid{$i}}) && $objd{$obj{$nid{$i}}} =~ /,/)
 			{
 			$v=$objd{$obj{$nid{$i}}};
 			$v =~ s/L//g;
diff --git a/app/openssl/crypto/ocsp/ocsp_ht.c b/app/openssl/crypto/ocsp/ocsp_ht.c
index af5fc166..09eb855d 100644
--- a/app/openssl/crypto/ocsp/ocsp_ht.c
+++ b/app/openssl/crypto/ocsp/ocsp_ht.c
@@ -158,6 +158,8 @@ OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, char *path, OCSP_REQUEST *req,
 
 	OCSP_REQ_CTX *rctx;
 	rctx = OPENSSL_malloc(sizeof(OCSP_REQ_CTX));
+	if (!rctx)
+		return NULL;
 	rctx->state = OHS_ERROR;
 	rctx->mem = BIO_new(BIO_s_mem());
 	rctx->io = io;
@@ -167,18 +169,21 @@ OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, char *path, OCSP_REQUEST *req,
 	else
 		rctx->iobuflen = OCSP_MAX_LINE_LEN;
 	rctx->iobuf = OPENSSL_malloc(rctx->iobuflen);
-	if (!rctx->iobuf)
-		return 0;
+	if (!rctx->mem || !rctx->iobuf)
+		goto err;
 	if (!path)
 		path = "/";
 
         if (BIO_printf(rctx->mem, post_hdr, path) <= 0)
-		return 0;
+		goto err;
 
 	if (req && !OCSP_REQ_CTX_set1_req(rctx, req))
-		return 0;
+		goto err;
 
 	return rctx;
+	err:
+	OCSP_REQ_CTX_free(rctx);
+	return NULL;
 	}
 
 /* Parse the HTTP response. This will look like this:
@@ -490,6 +495,9 @@ OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, char *path, OCSP_REQUEST *req)
 
 	ctx = OCSP_sendreq_new(b, path, req, -1);
 
+	if (!ctx)
+		return NULL;
+
 	do
 		{
 		rv = OCSP_sendreq_nbio(&resp, ctx);
diff --git a/app/openssl/crypto/ocsp/ocsp_lib.c b/app/openssl/crypto/ocsp/ocsp_lib.c
index a94dc838..5061c057 100644
--- a/app/openssl/crypto/ocsp/ocsp_lib.c
+++ b/app/openssl/crypto/ocsp/ocsp_lib.c
@@ -222,8 +222,19 @@ int OCSP_parse_url(char *url, char **phost, char **pport, char **ppath, int *pss
 
 	if (!*ppath) goto mem_err;
 
+	p = host;
+	if(host[0] == '[')
+		{
+		/* ipv6 literal */
+		host++;
+		p = strchr(host, ']');
+		if(!p) goto parse_err;
+		*p = '\0';
+		p++;
+		}
+
 	/* Look for optional ':' for port number */
-	if ((p = strchr(host, ':')))
+	if ((p = strchr(p, ':')))
 		{
 		*p = 0;
 		port = p + 1;
diff --git a/app/openssl/crypto/ocsp/ocsp_vfy.c b/app/openssl/crypto/ocsp/ocsp_vfy.c
index 27671830..fc0d4cc0 100644
--- a/app/openssl/crypto/ocsp/ocsp_vfy.c
+++ b/app/openssl/crypto/ocsp/ocsp_vfy.c
@@ -436,8 +436,11 @@ static int ocsp_req_find_signer(X509 **psigner, OCSP_REQUEST *req, X509_NAME *nm
 	if(!(flags & OCSP_NOINTERN))
 		{
 		signer = X509_find_by_subject(req->optionalSignature->certs, nm);
-		*psigner = signer;
-		return 1;
+		if (signer)
+			{
+			*psigner = signer;
+			return 1;
+			}
 		}
 
 	signer = X509_find_by_subject(certs, nm);
diff --git a/app/openssl/crypto/opensslconf-32.h b/app/openssl/crypto/opensslconf-32.h
index caf6f1b8..b5b3dd2b 100644
--- a/app/openssl/crypto/opensslconf-32.h
+++ b/app/openssl/crypto/opensslconf-32.h
@@ -1,6 +1,9 @@
 /* opensslconf.h */
 /* WARNING: Generated automatically from opensslconf.h.in by Configure. */
 
+#ifdef  __cplusplus
+extern "C" {
+#endif
 /* OpenSSL was configured with the following options: */
 #ifndef OPENSSL_DOING_MAKEDEPEND
 
@@ -74,6 +77,9 @@
 #ifndef OPENSSL_NO_STORE
 # define OPENSSL_NO_STORE
 #endif
+#ifndef OPENSSL_NO_UNIT_TEST
+# define OPENSSL_NO_UNIT_TEST
+#endif
 #ifndef OPENSSL_NO_WHIRLPOOL
 # define OPENSSL_NO_WHIRLPOOL
 #endif
@@ -161,6 +167,9 @@
 # if defined(OPENSSL_NO_STORE) && !defined(NO_STORE)
 #  define NO_STORE
 # endif
+# if defined(OPENSSL_NO_UNIT_TEST) && !defined(NO_UNIT_TEST)
+#  define NO_UNIT_TEST
+# endif
 # if defined(OPENSSL_NO_WHIRLPOOL) && !defined(NO_WHIRLPOOL)
 #  define NO_WHIRLPOOL
 # endif
@@ -320,3 +329,6 @@ YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
 
 #endif /* DES_DEFAULT_OPTIONS */
 #endif /* HEADER_DES_LOCL_H */
+#ifdef  __cplusplus
+}
+#endif
diff --git a/app/openssl/crypto/opensslconf-64.h b/app/openssl/crypto/opensslconf-64.h
index 88fb0419..30e7ad86 100644
--- a/app/openssl/crypto/opensslconf-64.h
+++ b/app/openssl/crypto/opensslconf-64.h
@@ -1,6 +1,9 @@
 /* opensslconf.h */
 /* WARNING: Generated automatically from opensslconf.h.in by Configure. */
 
+#ifdef  __cplusplus
+extern "C" {
+#endif
 /* OpenSSL was configured with the following options: */
 #ifndef OPENSSL_DOING_MAKEDEPEND
 
@@ -74,6 +77,9 @@
 #ifndef OPENSSL_NO_STORE
 # define OPENSSL_NO_STORE
 #endif
+#ifndef OPENSSL_NO_UNIT_TEST
+# define OPENSSL_NO_UNIT_TEST
+#endif
 #ifndef OPENSSL_NO_WHIRLPOOL
 # define OPENSSL_NO_WHIRLPOOL
 #endif
@@ -161,6 +167,9 @@
 # if defined(OPENSSL_NO_STORE) && !defined(NO_STORE)
 #  define NO_STORE
 # endif
+# if defined(OPENSSL_NO_UNIT_TEST) && !defined(NO_UNIT_TEST)
+#  define NO_UNIT_TEST
+# endif
 # if defined(OPENSSL_NO_WHIRLPOOL) && !defined(NO_WHIRLPOOL)
 #  define NO_WHIRLPOOL
 # endif
@@ -320,3 +329,6 @@ YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
 
 #endif /* DES_DEFAULT_OPTIONS */
 #endif /* HEADER_DES_LOCL_H */
+#ifdef  __cplusplus
+}
+#endif
diff --git a/app/openssl/crypto/opensslconf-static-32.h b/app/openssl/crypto/opensslconf-static-32.h
index caf6f1b8..b5b3dd2b 100644
--- a/app/openssl/crypto/opensslconf-static-32.h
+++ b/app/openssl/crypto/opensslconf-static-32.h
@@ -1,6 +1,9 @@
 /* opensslconf.h */
 /* WARNING: Generated automatically from opensslconf.h.in by Configure. */
 
+#ifdef  __cplusplus
+extern "C" {
+#endif
 /* OpenSSL was configured with the following options: */
 #ifndef OPENSSL_DOING_MAKEDEPEND
 
@@ -74,6 +77,9 @@
 #ifndef OPENSSL_NO_STORE
 # define OPENSSL_NO_STORE
 #endif
+#ifndef OPENSSL_NO_UNIT_TEST
+# define OPENSSL_NO_UNIT_TEST
+#endif
 #ifndef OPENSSL_NO_WHIRLPOOL
 # define OPENSSL_NO_WHIRLPOOL
 #endif
@@ -161,6 +167,9 @@
 # if defined(OPENSSL_NO_STORE) && !defined(NO_STORE)
 #  define NO_STORE
 # endif
+# if defined(OPENSSL_NO_UNIT_TEST) && !defined(NO_UNIT_TEST)
+#  define NO_UNIT_TEST
+# endif
 # if defined(OPENSSL_NO_WHIRLPOOL) && !defined(NO_WHIRLPOOL)
 #  define NO_WHIRLPOOL
 # endif
@@ -320,3 +329,6 @@ YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
 
 #endif /* DES_DEFAULT_OPTIONS */
 #endif /* HEADER_DES_LOCL_H */
+#ifdef  __cplusplus
+}
+#endif
diff --git a/app/openssl/crypto/opensslconf-static-64.h b/app/openssl/crypto/opensslconf-static-64.h
index 88fb0419..30e7ad86 100644
--- a/app/openssl/crypto/opensslconf-static-64.h
+++ b/app/openssl/crypto/opensslconf-static-64.h
@@ -1,6 +1,9 @@
 /* opensslconf.h */
 /* WARNING: Generated automatically from opensslconf.h.in by Configure. */
 
+#ifdef  __cplusplus
+extern "C" {
+#endif
 /* OpenSSL was configured with the following options: */
 #ifndef OPENSSL_DOING_MAKEDEPEND
 
@@ -74,6 +77,9 @@
 #ifndef OPENSSL_NO_STORE
 # define OPENSSL_NO_STORE
 #endif
+#ifndef OPENSSL_NO_UNIT_TEST
+# define OPENSSL_NO_UNIT_TEST
+#endif
 #ifndef OPENSSL_NO_WHIRLPOOL
 # define OPENSSL_NO_WHIRLPOOL
 #endif
@@ -161,6 +167,9 @@
 # if defined(OPENSSL_NO_STORE) && !defined(NO_STORE)
 #  define NO_STORE
 # endif
+# if defined(OPENSSL_NO_UNIT_TEST) && !defined(NO_UNIT_TEST)
+#  define NO_UNIT_TEST
+# endif
 # if defined(OPENSSL_NO_WHIRLPOOL) && !defined(NO_WHIRLPOOL)
 #  define NO_WHIRLPOOL
 # endif
@@ -320,3 +329,6 @@ YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
 
 #endif /* DES_DEFAULT_OPTIONS */
 #endif /* HEADER_DES_LOCL_H */
+#ifdef  __cplusplus
+}
+#endif
diff --git a/app/openssl/crypto/opensslconf-static-trusty.h b/app/openssl/crypto/opensslconf-static-trusty.h
index 06f9f982..bff5910c 100644
--- a/app/openssl/crypto/opensslconf-static-trusty.h
+++ b/app/openssl/crypto/opensslconf-static-trusty.h
@@ -1,6 +1,9 @@
 /* opensslconf.h */
 /* WARNING: Generated automatically from opensslconf.h.in by Configure. */
 
+#ifdef  __cplusplus
+extern "C" {
+#endif
 /* OpenSSL was configured with the following options: */
 #ifndef OPENSSL_DOING_MAKEDEPEND
 
@@ -137,6 +140,9 @@
 #ifndef OPENSSL_NO_UI
 # define OPENSSL_NO_UI
 #endif
+#ifndef OPENSSL_NO_UNIT_TEST
+# define OPENSSL_NO_UNIT_TEST
+#endif
 #ifndef OPENSSL_NO_WHIRLPOOL
 # define OPENSSL_NO_WHIRLPOOL
 #endif
@@ -287,6 +293,9 @@
 # if defined(OPENSSL_NO_UI) && !defined(NO_UI)
 #  define NO_UI
 # endif
+# if defined(OPENSSL_NO_UNIT_TEST) && !defined(NO_UNIT_TEST)
+#  define NO_UNIT_TEST
+# endif
 # if defined(OPENSSL_NO_WHIRLPOOL) && !defined(NO_WHIRLPOOL)
 #  define NO_WHIRLPOOL
 # endif
@@ -446,3 +455,6 @@ YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
 
 #endif /* DES_DEFAULT_OPTIONS */
 #endif /* HEADER_DES_LOCL_H */
+#ifdef  __cplusplus
+}
+#endif
diff --git a/app/openssl/crypto/opensslconf-trusty.h b/app/openssl/crypto/opensslconf-trusty.h
index 06f9f982..bff5910c 100644
--- a/app/openssl/crypto/opensslconf-trusty.h
+++ b/app/openssl/crypto/opensslconf-trusty.h
@@ -1,6 +1,9 @@
 /* opensslconf.h */
 /* WARNING: Generated automatically from opensslconf.h.in by Configure. */
 
+#ifdef  __cplusplus
+extern "C" {
+#endif
 /* OpenSSL was configured with the following options: */
 #ifndef OPENSSL_DOING_MAKEDEPEND
 
@@ -137,6 +140,9 @@
 #ifndef OPENSSL_NO_UI
 # define OPENSSL_NO_UI
 #endif
+#ifndef OPENSSL_NO_UNIT_TEST
+# define OPENSSL_NO_UNIT_TEST
+#endif
 #ifndef OPENSSL_NO_WHIRLPOOL
 # define OPENSSL_NO_WHIRLPOOL
 #endif
@@ -287,6 +293,9 @@
 # if defined(OPENSSL_NO_UI) && !defined(NO_UI)
 #  define NO_UI
 # endif
+# if defined(OPENSSL_NO_UNIT_TEST) && !defined(NO_UNIT_TEST)
+#  define NO_UNIT_TEST
+# endif
 # if defined(OPENSSL_NO_WHIRLPOOL) && !defined(NO_WHIRLPOOL)
 #  define NO_WHIRLPOOL
 # endif
@@ -446,3 +455,6 @@ YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
 
 #endif /* DES_DEFAULT_OPTIONS */
 #endif /* HEADER_DES_LOCL_H */
+#ifdef  __cplusplus
+}
+#endif
diff --git a/app/openssl/crypto/opensslv.h b/app/openssl/crypto/opensslv.h
index c3b6acec..f375967e 100644
--- a/app/openssl/crypto/opensslv.h
+++ b/app/openssl/crypto/opensslv.h
@@ -1,6 +1,10 @@
 #ifndef HEADER_OPENSSLV_H
 #define HEADER_OPENSSLV_H
 
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
 /* Numeric release version identifier:
  * MNNFFPPS: major minor fix patch status
  * The status nibble has one of the values 0 for development, 1 to e for betas
@@ -25,11 +29,11 @@
  * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
  *  major minor fix final patch/beta)
  */
-#define OPENSSL_VERSION_NUMBER	0x1000108fL
+#define OPENSSL_VERSION_NUMBER	0x100010afL
 #ifdef OPENSSL_FIPS
-#define OPENSSL_VERSION_TEXT	"OpenSSL 1.0.1h-fips 5 Jun 2014"
+#define OPENSSL_VERSION_TEXT	"OpenSSL 1.0.1j-fips 15 Oct 2014"
 #else
-#define OPENSSL_VERSION_TEXT	"OpenSSL 1.0.1h 5 Jun 2014"
+#define OPENSSL_VERSION_TEXT	"OpenSSL 1.0.1j 15 Oct 2014"
 #endif
 #define OPENSSL_VERSION_PTEXT	" part of " OPENSSL_VERSION_TEXT
 
@@ -86,4 +90,7 @@
 #define SHLIB_VERSION_NUMBER "1.0.0"
 
 
+#ifdef  __cplusplus
+}
+#endif
 #endif /* HEADER_OPENSSLV_H */
diff --git a/app/openssl/crypto/ossl_typ.h b/app/openssl/crypto/ossl_typ.h
index ea9227f6..12cdd43b 100644
--- a/app/openssl/crypto/ossl_typ.h
+++ b/app/openssl/crypto/ossl_typ.h
@@ -55,6 +55,10 @@
 #ifndef HEADER_OPENSSL_TYPES_H
 #define HEADER_OPENSSL_TYPES_H
 
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
 #include <openssl/e_os2.h>
 
 #ifdef NO_ASN1_TYPEDEFS
@@ -199,4 +203,7 @@ typedef struct ocsp_req_ctx_st OCSP_REQ_CTX;
 typedef struct ocsp_response_st OCSP_RESPONSE;
 typedef struct ocsp_responder_id_st OCSP_RESPID;
 
+#ifdef  __cplusplus
+}
+#endif
 #endif /* def HEADER_OPENSSL_TYPES_H */
diff --git a/app/openssl/crypto/pem/pvkfmt.c b/app/openssl/crypto/pem/pvkfmt.c
index b1bf71a5..ae89f828 100644
--- a/app/openssl/crypto/pem/pvkfmt.c
+++ b/app/openssl/crypto/pem/pvkfmt.c
@@ -759,6 +759,11 @@ static EVP_PKEY *do_PVK_body(const unsigned char **in,
 		/* Copy BLOBHEADER across, decrypt rest */
 		memcpy(enctmp, p, 8);
 		p += 8;
+		if (keylen < 8)
+			{
+			PEMerr(PEM_F_DO_PVK_BODY, PEM_R_PVK_TOO_SHORT);
+			return NULL;
+			}
 		inlen = keylen - 8;
 		q = enctmp + 8;
 		if (!EVP_DecryptInit_ex(&cctx, EVP_rc4(), NULL, keybuf, NULL))
diff --git a/app/openssl/crypto/pkcs7/bio_ber.c b/app/openssl/crypto/pkcs7/bio_ber.c
deleted file mode 100644
index 31973fcd..00000000
--- a/app/openssl/crypto/pkcs7/bio_ber.c
+++ /dev/null
@@ -1,466 +0,0 @@
-/* crypto/evp/bio_ber.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <errno.h>
-#include "cryptlib.h"
-#include <openssl/buffer.h>
-#include <openssl/evp.h>
-
-static int ber_write(BIO *h,char *buf,int num);
-static int ber_read(BIO *h,char *buf,int size);
-/*static int ber_puts(BIO *h,char *str); */
-/*static int ber_gets(BIO *h,char *str,int size); */
-static long ber_ctrl(BIO *h,int cmd,long arg1,char *arg2);
-static int ber_new(BIO *h);
-static int ber_free(BIO *data);
-static long ber_callback_ctrl(BIO *h,int cmd,void *(*fp)());
-#define BER_BUF_SIZE	(32)
-
-/* This is used to hold the state of the BER objects being read. */
-typedef struct ber_struct
-	{
-	int tag;
-	int class;
-	long length;
-	int inf;
-	int num_left;
-	int depth;
-	} BER_CTX;
-
-typedef struct bio_ber_struct
-	{
-	int tag;
-	int class;
-	long length;
-	int inf;
-
-	/* most of the following are used when doing non-blocking IO */
-	/* reading */
-	long num_left;	/* number of bytes still to read/write in block */
-	int depth;	/* used with indefinite encoding. */
-	int finished;	/* No more read data */
-
-	/* writting */ 
-	char *w_addr;
-	int w_offset;
-	int w_left;
-
-	int buf_len;
-	int buf_off;
-	unsigned char buf[BER_BUF_SIZE];
-	} BIO_BER_CTX;
-
-static BIO_METHOD methods_ber=
-	{
-	BIO_TYPE_CIPHER,"cipher",
-	ber_write,
-	ber_read,
-	NULL, /* ber_puts, */
-	NULL, /* ber_gets, */
-	ber_ctrl,
-	ber_new,
-	ber_free,
-	ber_callback_ctrl,
-	};
-
-BIO_METHOD *BIO_f_ber(void)
-	{
-	return(&methods_ber);
-	}
-
-static int ber_new(BIO *bi)
-	{
-	BIO_BER_CTX *ctx;
-
-	ctx=(BIO_BER_CTX *)OPENSSL_malloc(sizeof(BIO_BER_CTX));
-	if (ctx == NULL) return(0);
-
-	memset((char *)ctx,0,sizeof(BIO_BER_CTX));
-
-	bi->init=0;
-	bi->ptr=(char *)ctx;
-	bi->flags=0;
-	return(1);
-	}
-
-static int ber_free(BIO *a)
-	{
-	BIO_BER_CTX *b;
-
-	if (a == NULL) return(0);
-	b=(BIO_BER_CTX *)a->ptr;
-	OPENSSL_cleanse(a->ptr,sizeof(BIO_BER_CTX));
-	OPENSSL_free(a->ptr);
-	a->ptr=NULL;
-	a->init=0;
-	a->flags=0;
-	return(1);
-	}
-
-int bio_ber_get_header(BIO *bio, BIO_BER_CTX *ctx)
-	{
-	char buf[64];
-	int i,j,n;
-	int ret;
-	unsigned char *p;
-	unsigned long length
-	int tag;
-	int class;
-	long max;
-
-	BIO_clear_retry_flags(b);
-
-	/* Pack the buffer down if there is a hole at the front */
-	if (ctx->buf_off != 0)
-		{
-		p=ctx->buf;
-		j=ctx->buf_off;
-		n=ctx->buf_len-j;
-		for (i=0; i<n; i++)
-			{
-			p[0]=p[j];
-			p++;
-			}
-		ctx->buf_len-j;
-		ctx->buf_off=0;
-		}
-
-	/* If there is more room, read some more data */
-	i=BER_BUF_SIZE-ctx->buf_len;
-	if (i)
-		{
-		i=BIO_read(bio->next_bio,&(ctx->buf[ctx->buf_len]),i);
-		if (i <= 0)
-			{
-			BIO_copy_next_retry(b);
-			return(i);
-			}
-		else
-			ctx->buf_len+=i;
-		}
-
-	max=ctx->buf_len;
-	p=ctx->buf;
-	ret=ASN1_get_object(&p,&length,&tag,&class,max);
-
-	if (ret & 0x80)
-		{
-		if ((ctx->buf_len < BER_BUF_SIZE) &&
-			(ERR_GET_REASON(ERR_peek_error()) == ASN1_R_TOO_LONG))
-			{
-			ERR_clear_error(); /* clear the error */
-			BIO_set_retry_read(b);
-			}
-		return(-1);
-		}
-
-	/* We have no error, we have a header, so make use of it */
-
-	if ((ctx->tag  >= 0) && (ctx->tag != tag))
-		{
-		BIOerr(BIO_F_BIO_BER_GET_HEADER,BIO_R_TAG_MISMATCH);
-		sprintf(buf,"tag=%d, got %d",ctx->tag,tag);
-		ERR_add_error_data(1,buf);
-		return(-1);
-		}
-	if (ret & 0x01)
-	if (ret & V_ASN1_CONSTRUCTED)
-	}
-	
-static int ber_read(BIO *b, char *out, int outl)
-	{
-	int ret=0,i,n;
-	BIO_BER_CTX *ctx;
-
-	BIO_clear_retry_flags(b);
-
-	if (out == NULL) return(0);
-	ctx=(BIO_BER_CTX *)b->ptr;
-
-	if ((ctx == NULL) || (b->next_bio == NULL)) return(0);
-
-	if (ctx->finished) return(0);
-
-again:
-	/* First see if we are half way through reading a block */
-	if (ctx->num_left > 0)
-		{
-		if (ctx->num_left < outl)
-			n=ctx->num_left;
-		else
-			n=outl;
-		i=BIO_read(b->next_bio,out,n);
-		if (i <= 0)
-			{
-			BIO_copy_next_retry(b);
-			return(i);
-			}
-		ctx->num_left-=i;
-		outl-=i;
-		ret+=i;
-		if (ctx->num_left <= 0)
-			{
-			ctx->depth--;
-			if (ctx->depth <= 0)
-				ctx->finished=1;
-			}
-		if (outl <= 0)
-			return(ret);
-		else
-			goto again;
-		}
-	else	/* we need to read another BER header */
-		{
-		}
-	}
-
-static int ber_write(BIO *b, char *in, int inl)
-	{
-	int ret=0,n,i;
-	BIO_ENC_CTX *ctx;
-
-	ctx=(BIO_ENC_CTX *)b->ptr;
-	ret=inl;
-
-	BIO_clear_retry_flags(b);
-	n=ctx->buf_len-ctx->buf_off;
-	while (n > 0)
-		{
-		i=BIO_write(b->next_bio,&(ctx->buf[ctx->buf_off]),n);
-		if (i <= 0)
-			{
-			BIO_copy_next_retry(b);
-			return(i);
-			}
-		ctx->buf_off+=i;
-		n-=i;
-		}
-	/* at this point all pending data has been written */
-
-	if ((in == NULL) || (inl <= 0)) return(0);
-
-	ctx->buf_off=0;
-	while (inl > 0)
-		{
-		n=(inl > ENC_BLOCK_SIZE)?ENC_BLOCK_SIZE:inl;
-		EVP_CipherUpdate(&(ctx->cipher),
-			(unsigned char *)ctx->buf,&ctx->buf_len,
-			(unsigned char *)in,n);
-		inl-=n;
-		in+=n;
-
-		ctx->buf_off=0;
-		n=ctx->buf_len;
-		while (n > 0)
-			{
-			i=BIO_write(b->next_bio,&(ctx->buf[ctx->buf_off]),n);
-			if (i <= 0)
-				{
-				BIO_copy_next_retry(b);
-				return(i);
-				}
-			n-=i;
-			ctx->buf_off+=i;
-			}
-		ctx->buf_len=0;
-		ctx->buf_off=0;
-		}
-	BIO_copy_next_retry(b);
-	return(ret);
-	}
-
-static long ber_ctrl(BIO *b, int cmd, long num, char *ptr)
-	{
-	BIO *dbio;
-	BIO_ENC_CTX *ctx,*dctx;
-	long ret=1;
-	int i;
-
-	ctx=(BIO_ENC_CTX *)b->ptr;
-
-	switch (cmd)
-		{
-	case BIO_CTRL_RESET:
-		ctx->ok=1;
-		ctx->finished=0;
-		EVP_CipherInit_ex(&(ctx->cipher),NULL,NULL,NULL,NULL,
-			ctx->cipher.berrypt);
-		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-		break;
-	case BIO_CTRL_EOF:	/* More to read */
-		if (ctx->cont <= 0)
-			ret=1;
-		else
-			ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-		break;
-	case BIO_CTRL_WPENDING:
-		ret=ctx->buf_len-ctx->buf_off;
-		if (ret <= 0)
-			ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-		break;
-	case BIO_CTRL_PENDING: /* More to read in buffer */
-		ret=ctx->buf_len-ctx->buf_off;
-		if (ret <= 0)
-			ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-		break;
-	case BIO_CTRL_FLUSH:
-		/* do a final write */
-again:
-		while (ctx->buf_len != ctx->buf_off)
-			{
-			i=ber_write(b,NULL,0);
-			if (i < 0)
-				{
-				ret=i;
-				break;
-				}
-			}
-
-		if (!ctx->finished)
-			{
-			ctx->finished=1;
-			ctx->buf_off=0;
-			ret=EVP_CipherFinal_ex(&(ctx->cipher),
-				(unsigned char *)ctx->buf,
-				&(ctx->buf_len));
-			ctx->ok=(int)ret;
-			if (ret <= 0) break;
-
-			/* push out the bytes */
-			goto again;
-			}
-		
-		/* Finally flush the underlying BIO */
-		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-		break;
-	case BIO_C_GET_CIPHER_STATUS:
-		ret=(long)ctx->ok;
-		break;
-	case BIO_C_DO_STATE_MACHINE:
-		BIO_clear_retry_flags(b);
-		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-		BIO_copy_next_retry(b);
-		break;
-
-	case BIO_CTRL_DUP:
-		dbio=(BIO *)ptr;
-		dctx=(BIO_ENC_CTX *)dbio->ptr;
-		memcpy(&(dctx->cipher),&(ctx->cipher),sizeof(ctx->cipher));
-		dbio->init=1;
-		break;
-	default:
-		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-		break;
-		}
-	return(ret);
-	}
-
-static long ber_callback_ctrl(BIO *b, int cmd, void *(*fp)())
-	{
-	long ret=1;
-
-	if (b->next_bio == NULL) return(0);
-	switch (cmd)
-		{
-	default:
-		ret=BIO_callback_ctrl(b->next_bio,cmd,fp);
-		break;
-		}
-	return(ret);
-	}
-
-/*
-void BIO_set_cipher_ctx(b,c)
-BIO *b;
-EVP_CIPHER_ctx *c;
-	{
-	if (b == NULL) return;
-
-	if ((b->callback != NULL) &&
-		(b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,0L) <= 0))
-		return;
-
-	b->init=1;
-	ctx=(BIO_ENC_CTX *)b->ptr;
-	memcpy(ctx->cipher,c,sizeof(EVP_CIPHER_CTX));
-	
-	if (b->callback != NULL)
-		b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,1L);
-	}
-*/
-
-void BIO_set_cipher(BIO *b, EVP_CIPHER *c, unsigned char *k, unsigned char *i,
-	     int e)
-	{
-	BIO_ENC_CTX *ctx;
-
-	if (b == NULL) return;
-
-	if ((b->callback != NULL) &&
-		(b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,0L) <= 0))
-		return;
-
-	b->init=1;
-	ctx=(BIO_ENC_CTX *)b->ptr;
-	EVP_CipherInit_ex(&(ctx->cipher),c,NULL,k,i,e);
-	
-	if (b->callback != NULL)
-		b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,1L);
-	}
-
diff --git a/app/openssl/crypto/pkcs7/dec.c b/app/openssl/crypto/pkcs7/dec.c
deleted file mode 100644
index 6752ec56..00000000
--- a/app/openssl/crypto/pkcs7/dec.c
+++ /dev/null
@@ -1,248 +0,0 @@
-/* crypto/pkcs7/verify.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <openssl/bio.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-#include <openssl/err.h>
-#include <openssl/asn1.h>
-
-int verify_callback(int ok, X509_STORE_CTX *ctx);
-
-BIO *bio_err=NULL;
-
-int main(argc,argv)
-int argc;
-char *argv[];
-	{
-	char *keyfile=NULL;
-	BIO *in;
-	EVP_PKEY *pkey;
-	X509 *x509;
-	PKCS7 *p7;
-	PKCS7_SIGNER_INFO *si;
-	X509_STORE_CTX cert_ctx;
-	X509_STORE *cert_store=NULL;
-	BIO *data,*detached=NULL,*p7bio=NULL;
-	char buf[1024*4];
-	unsigned char *pp;
-	int i,printit=0;
-	STACK_OF(PKCS7_SIGNER_INFO) *sk;
-
-	OpenSSL_add_all_algorithms();
-	bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
-
-	data=BIO_new(BIO_s_file());
-	pp=NULL;
-	while (argc > 1)
-		{
-		argc--;
-		argv++;
-		if (strcmp(argv[0],"-p") == 0)
-			{
-			printit=1;
-			}
-		else if ((strcmp(argv[0],"-k") == 0) && (argc >= 2)) {
-			keyfile = argv[1];
-			argc-=1;
-			argv+=1;
-		} else if ((strcmp(argv[0],"-d") == 0) && (argc >= 2))
-			{
-			detached=BIO_new(BIO_s_file());
-			if (!BIO_read_filename(detached,argv[1]))
-				goto err;
-			argc-=1;
-			argv+=1;
-			}
-		else break;
-		}
-
-	 if (!BIO_read_filename(data,argv[0])) goto err; 
-
-	if(!keyfile) {
-		fprintf(stderr, "No private key file specified\n");
-		goto err;
-	}
-
-        if ((in=BIO_new_file(keyfile,"r")) == NULL) goto err;
-        if ((x509=PEM_read_bio_X509(in,NULL,NULL,NULL)) == NULL) goto err;
-        BIO_reset(in);
-        if ((pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,NULL)) == NULL)
-		goto err;
-        BIO_free(in);
-
-	if (pp == NULL)
-		BIO_set_fp(data,stdin,BIO_NOCLOSE);
-
-
-	/* Load the PKCS7 object from a file */
-	if ((p7=PEM_read_bio_PKCS7(data,NULL,NULL,NULL)) == NULL) goto err;
-
-
-
-	/* This stuff is being setup for certificate verification.
-	 * When using SSL, it could be replaced with a 
-	 * cert_stre=SSL_CTX_get_cert_store(ssl_ctx); */
-	cert_store=X509_STORE_new();
-	X509_STORE_set_default_paths(cert_store);
-	X509_STORE_load_locations(cert_store,NULL,"../../certs");
-	X509_STORE_set_verify_cb_func(cert_store,verify_callback);
-
-	ERR_clear_error();
-
-	/* We need to process the data */
-	/* We cannot support detached encryption */
-	p7bio=PKCS7_dataDecode(p7,pkey,detached,x509);
-
-	if (p7bio == NULL)
-		{
-		printf("problems decoding\n");
-		goto err;
-		}
-
-	/* We now have to 'read' from p7bio to calculate digests etc. */
-	for (;;)
-		{
-		i=BIO_read(p7bio,buf,sizeof(buf));
-		/* print it? */
-		if (i <= 0) break;
-		fwrite(buf,1, i, stdout);
-		}
-
-	/* We can now verify signatures */
-	sk=PKCS7_get_signer_info(p7);
-	if (sk == NULL)
-		{
-		fprintf(stderr, "there are no signatures on this data\n");
-		}
-	else
-		{
-		/* Ok, first we need to, for each subject entry,
-		 * see if we can verify */
-		ERR_clear_error();
-		for (i=0; i<sk_PKCS7_SIGNER_INFO_num(sk); i++)
-			{
-			si=sk_PKCS7_SIGNER_INFO_value(sk,i);
-			i=PKCS7_dataVerify(cert_store,&cert_ctx,p7bio,p7,si);
-			if (i <= 0)
-				goto err;
-			else
-				fprintf(stderr,"Signature verified\n");
-			}
-		}
-	X509_STORE_free(cert_store);
-
-	exit(0);
-err:
-	ERR_load_crypto_strings();
-	ERR_print_errors_fp(stderr);
-	exit(1);
-	}
-
-/* should be X509 * but we can just have them as char *. */
-int verify_callback(int ok, X509_STORE_CTX *ctx)
-	{
-	char buf[256];
-	X509 *err_cert;
-	int err,depth;
-
-	err_cert=X509_STORE_CTX_get_current_cert(ctx);
-	err=	X509_STORE_CTX_get_error(ctx);
-	depth=	X509_STORE_CTX_get_error_depth(ctx);
-
-	X509_NAME_oneline(X509_get_subject_name(err_cert),buf,256);
-	BIO_printf(bio_err,"depth=%d %s\n",depth,buf);
-	if (!ok)
-		{
-		BIO_printf(bio_err,"verify error:num=%d:%s\n",err,
-			X509_verify_cert_error_string(err));
-		if (depth < 6)
-			{
-			ok=1;
-			X509_STORE_CTX_set_error(ctx,X509_V_OK);
-			}
-		else
-			{
-			ok=0;
-			X509_STORE_CTX_set_error(ctx,X509_V_ERR_CERT_CHAIN_TOO_LONG);
-			}
-		}
-	switch (ctx->error)
-		{
-	case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
-		X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert),buf,256);
-		BIO_printf(bio_err,"issuer= %s\n",buf);
-		break;
-	case X509_V_ERR_CERT_NOT_YET_VALID:
-	case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
-		BIO_printf(bio_err,"notBefore=");
-		ASN1_UTCTIME_print(bio_err,X509_get_notBefore(ctx->current_cert));
-		BIO_printf(bio_err,"\n");
-		break;
-	case X509_V_ERR_CERT_HAS_EXPIRED:
-	case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
-		BIO_printf(bio_err,"notAfter=");
-		ASN1_UTCTIME_print(bio_err,X509_get_notAfter(ctx->current_cert));
-		BIO_printf(bio_err,"\n");
-		break;
-		}
-	BIO_printf(bio_err,"verify return:%d\n",ok);
-	return(ok);
-	}
diff --git a/app/openssl/crypto/pkcs7/des.pem b/app/openssl/crypto/pkcs7/des.pem
deleted file mode 100644
index 62d1657e..00000000
--- a/app/openssl/crypto/pkcs7/des.pem
+++ /dev/null
@@ -1,15 +0,0 @@
-
-MIAGCSqGSIb3DQEHA6CAMIACAQAxggHmMIHwAgEAMIGZMIGSMQswCQYDVQQGEwJBVTETMBEG
-A1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m
-dCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNUUkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQD
-ExJERU1PIFpFUk8gVkFMVUUgQ0ECAgR+MA0GCSqGSIb3DQEBAQUABEC2vXI1xQDW6lUHM3zQ
-/9uBEBOO5A3TtkrklAXq7v01gsIC21t52qSk36REXY+slhNZ0OQ349tgkTsoETHFLoEwMIHw
-AgEAMIGZMIGSMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMI
-QnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29mdCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNU
-UkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQDExJERU1PIFpFUk8gVkFMVUUgQ0ECAgR9MA0G
-CSqGSIb3DQEBAQUABEB8ujxbabxXUYJhopuDm3oDq4JNqX6Io4p3ro+ShqfIndsXTZ1v5a2N
-WtLLCWlHn/habjBwZ/DgQgcKASbZ7QxNMIAGCSqGSIb3DQEHATAaBggqhkiG9w0DAjAOAgIA
-oAQIbsL5v1wX98KggAQoAaJ4WHm68fXY1WE5OIjfVBIDpO1K+i8dmKhjnAjrjoyZ9Bwc8rDL
-lgQg4CXb805h5xl+GfvSwUaHJayte1m2mcOhs3J2YyqbQ+MEIMIiJQccmhO3oDKm36CFvYR8
-5PjpclVcZyX2ngbwPFMnBAgy0clOAE6UKAAAAAAAAAAAAAA=
-
diff --git a/app/openssl/crypto/pkcs7/doc b/app/openssl/crypto/pkcs7/doc
deleted file mode 100644
index d2e8b7b2..00000000
--- a/app/openssl/crypto/pkcs7/doc
+++ /dev/null
@@ -1,24 +0,0 @@
-int PKCS7_set_content_type(PKCS7 *p7, int type);
-Call to set the type of PKCS7 object we are working on
-
-int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
-	EVP_MD *dgst);
-Use this to setup a signer info
-There will also be functions to add signed and unsigned attributes.
-
-int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *p7i);
-Add a signer info to the content.
-
-int PKCS7_add_certificae(PKCS7 *p7, X509 *x509);
-int PKCS7_add_crl(PKCS7 *p7, X509_CRL *x509);
-
-----
-
-p7=PKCS7_new();
-PKCS7_set_content_type(p7,NID_pkcs7_signed);
-
-signer=PKCS7_SINGNER_INFO_new();
-PKCS7_SIGNER_INFO_set(signer,x509,pkey,EVP_md5());
-PKCS7_add_signer(py,signer);
-
-we are now setup.
diff --git a/app/openssl/crypto/pkcs7/enc.c b/app/openssl/crypto/pkcs7/enc.c
deleted file mode 100644
index 7417f8a4..00000000
--- a/app/openssl/crypto/pkcs7/enc.c
+++ /dev/null
@@ -1,174 +0,0 @@
-/* crypto/pkcs7/enc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-#include <stdio.h>
-#include <string.h>
-#include <openssl/bio.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-#include <openssl/err.h>
-
-int main(argc,argv)
-int argc;
-char *argv[];
-	{
-	X509 *x509;
-	PKCS7 *p7;
-	BIO *in;
-	BIO *data,*p7bio;
-	char buf[1024*4];
-	int i;
-	int nodetach=1;
-	char *keyfile = NULL;
-	const EVP_CIPHER *cipher=NULL;
-	STACK_OF(X509) *recips=NULL;
-
-	OpenSSL_add_all_algorithms();
-
-	data=BIO_new(BIO_s_file());
-	while(argc > 1)
-		{
-		if (strcmp(argv[1],"-nd") == 0)
-			{
-			nodetach=1;
-			argv++; argc--;
-			}
-		else if ((strcmp(argv[1],"-c") == 0) && (argc >= 2)) {
-			if(!(cipher = EVP_get_cipherbyname(argv[2]))) {
-				fprintf(stderr, "Unknown cipher %s\n", argv[2]);
-				goto err;
-			}
-			argc-=2;
-			argv+=2;
-		} else if ((strcmp(argv[1],"-k") == 0) && (argc >= 2)) {
-			keyfile = argv[2];
-			argc-=2;
-			argv+=2;
-			if (!(in=BIO_new_file(keyfile,"r"))) goto err;
-			if (!(x509=PEM_read_bio_X509(in,NULL,NULL,NULL)))
-				goto err;
-			if(!recips) recips = sk_X509_new_null();
-			sk_X509_push(recips, x509);
-			BIO_free(in);
-		} else break;
-	}
-
-	if(!recips) {
-		fprintf(stderr, "No recipients\n");
-		goto err;
-	}
-
-	if (!BIO_read_filename(data,argv[1])) goto err;
-
-	p7=PKCS7_new();
-#if 0
-	BIO_reset(in);
-	if ((pkey=PEM_read_bio_PrivateKey(in,NULL,NULL)) == NULL) goto err;
-	BIO_free(in);
-	PKCS7_set_type(p7,NID_pkcs7_signedAndEnveloped);
-	 
-	if (PKCS7_add_signature(p7,x509,pkey,EVP_sha1()) == NULL) goto err;
-	/* we may want to add more */
-	PKCS7_add_certificate(p7,x509);
-#else
-	PKCS7_set_type(p7,NID_pkcs7_enveloped);
-#endif
-	if(!cipher)	{
-#ifndef OPENSSL_NO_DES
-		cipher = EVP_des_ede3_cbc();
-#else
-		fprintf(stderr, "No cipher selected\n");
-		goto err;
-#endif
-	}
-
-	if (!PKCS7_set_cipher(p7,cipher)) goto err;
-	for(i = 0; i < sk_X509_num(recips); i++) {
-		if (!PKCS7_add_recipient(p7,sk_X509_value(recips, i))) goto err;
-	}
-	sk_X509_pop_free(recips, X509_free);
-
-	/* Set the content of the signed to 'data' */
-	/* PKCS7_content_new(p7,NID_pkcs7_data); not used in envelope */
-
-	/* could be used, but not in this version :-)
-	if (!nodetach) PKCS7_set_detached(p7,1);
-	*/
-
-	if ((p7bio=PKCS7_dataInit(p7,NULL)) == NULL) goto err;
-
-	for (;;)
-		{
-		i=BIO_read(data,buf,sizeof(buf));
-		if (i <= 0) break;
-		BIO_write(p7bio,buf,i);
-		}
-	BIO_flush(p7bio);
-
-	if (!PKCS7_dataFinal(p7,p7bio)) goto err;
-	BIO_free(p7bio);
-
-	PEM_write_PKCS7(stdout,p7);
-	PKCS7_free(p7);
-
-	exit(0);
-err:
-	ERR_load_crypto_strings();
-	ERR_print_errors_fp(stderr);
-	exit(1);
-	}
-
diff --git a/app/openssl/crypto/pkcs7/es1.pem b/app/openssl/crypto/pkcs7/es1.pem
deleted file mode 100644
index 47112a23..00000000
--- a/app/openssl/crypto/pkcs7/es1.pem
+++ /dev/null
@@ -1,66 +0,0 @@
------BEGIN PKCS7-----
-MIAGCSqGSIb3DQEHA6CAMIACAQAxggHmMIHwAgEAMIGZMIGSMQswCQYDVQQGEwJBVTETMBEG
-A1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m
-dCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNUUkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQD
-ExJERU1PIFpFUk8gVkFMVUUgQ0ECAgRuMA0GCSqGSIb3DQEBAQUABEDWak0y/5XZJhQJeCLo
-KECcHXkTEbjzYkYNHIinbiPmRK4QbNfs9z2mA3z/c2ykQ4eAqFR2jyNrUMN/+I5XEiv6MIHw
-AgEAMIGZMIGSMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMI
-QnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29mdCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNU
-UkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQDExJERU1PIFpFUk8gVkFMVUUgQ0ECAgR9MA0G
-CSqGSIb3DQEBAQUABEAWg9+KgtCjc77Jdj1Ve4wGgHjVHbbSYEA1ZqKFDoi15vSr9hfpHmC4
-ycZzcRo16JkTfolefiHZzmyjVz94vSN6MIAGCSqGSIb3DQEHATAaBggqhkiG9w0DAjAOAgIA
-oAQI7X4Tk4mcbV6ggASBsHl1mCaJ3RhXWlNPCgCRU53d7M5x6TDZRkvwdtdvW96m1lupT03F
-XtonkBqk7oMkH7kGfs5/REQOPjx0QE2Ixmgt1W3szum82EZwA7pZNppcraK7W/odw/7bYZO+
-II3HPmRklE2N9qiu1LPaPUsnYogkO6SennyeL5tZ382vBweL/8pnG0qsbT1OBb65v+llnsjT
-pa1T/p+fIx/iJJGE6K9fYFokC6gXLQ6ozXRdOu5oBDB8mPCYYvAqKycidM/MrGGUkpEtS4f0
-lS31PwQi5YTim8Ig3/TOwVpPX32i46FTuEIEIMHkD/OvpfwCCzXUHHJnKnKUAUvIsSY3vGBs
-8ezpUDfBBBj9LHDy32hZ2tQilkDefP5VM2LLdrWgamYEgfiyITQvn08Ul5lQOQxbFKBheFq5
-otCCN4MR+w5eq12xQu6y+f9z0159ag2ru87D0lLtUtXXtCELbO1nUkT2sJ0k/iDs9TOXr6Cx
-go1XKYho83hlkXYiCteVizdAbgVGNsNRD4wtIdajsorET/LuJECgp11YeL9w1dlDB0HLEZfi
-XCsUphH4jGagba3hDeUSibnjSiJlN0ukfuQurBBbI2UkBAujiEAubKPn7C1FZJRSw6CPPX5t
-KEpmcqT1JNk6LO8Js6/1sCmmBh1VGCy1+EuTI9J1p7Dagf4nQ8cHitoCRpHuKZlFHnZyv7tw
-Rn/KOhHaYP2VzAh40gQIvKMAAWh9oFsEEIMwIoOmLwLH5wf+8QdbDhoECH8HwZt9a12dBAjL
-r4j2zlvtfgQIt7nmEM3wz1EECKlc3EIy1irCBBCAKINcermK3A+jI6ISN2RzBFA3dsh/xwMu
-l61aWMBBZzEz/SF92k6n35KZhCC0d6fIVC/1WMv0fnCwQ8oEDynSre216VEFiYKBaQLJe5o/
-mTAxC7Ht3goXnuc+i1FItOkLrgRI/wyvTICEn2WsNZiMADnGaee2bqPnUopo+VMGexJEtCPk
-l0ZNlDJGquPDkpUwaEtecVZzCNyVPYyyF4J/l8rmGDhDdYUIC8IKBEg/ip/E0BuubBLWVbv+
-HRl4QrnGpyCyeXRXXK603QP3sT1Zbbm1v5pI/loOhVHi724LmtXHSyp5qv9MDcxE1PoX10LY
-gBRtlwwESPeCF8bK5jk4xIQMhK5NMHj1Y1KQWTZ9NGITBL4hjRq2qp4Qk5GIpGgOVPopAuCo
-TIyPikpqBRNtLSPRSsDs6QPUPzWBh6JgxwRQblnDKKUkxUcnJiD4i9QtGa/ZabMn4KxtNOBL
-5JSh1nJkaLXCZY070131WWPAByLcd5TiXq8x84pmzV5NNk4tiMpoXhJNsx8e4rskQQlKd6ME
-SCe2eYDHKcKPX3WJbUzhrJSQ92/aWnI2iUY8WQ+kSNyiZ2QUjyuUg9Z66g/0d2STlvPOBHT/
-y5ODP2CwbcWX4QmCbUc9TT66fQRIrRVuwvtOfnUueyGgYhJ3HpAJfVaB/7kap5bj7Fi/azW4
-9JDfd1bC/W9h0Kyk7RO2gxvE0hIHc26mZJHTm9MNP5D328MnM2MdBEjKjQBtgrp+lFIii7MP
-nGHFTKUkG4WAIZJCf/CsT+p6/SW0qG71Me/YcSw5STB24j+a+HgMV8RVIeUlkP4z0IWWrSoB
-Gh4d/Z0EUMCVHs/HZ/bWgiyhtHpvuVAzidm8D81p1LJ5BQX5/5f/m+q5+fS/npL27dTEbNqs
-LSB6ij3MZAi7LwHWpTn9zWnDajCMEj9vlaV7mcKtHK5iBEg85agFi1h3MvicqLtoFe5hVv9T
-tG0j6CRkjkixPzivltlrf44KHv14gLM0XJxCGyq7vd3l8QYr3+9at0zNnX/yqTiBnsnE5dUE
-SIgrYuz87M2gi/ER9PcDoTtONH3+CkcqVy03q/Sj8cVWD/b1KgEhqnNOfc8Ak9PctyR/ItcR
-8Me5XVn1GJKkQJk4O29fxvgNoAQIrIESvUWGshAEQByXiFoFTDUByjTlgjcy77H1lrH+y3P/
-wAInJjJAut9kCNyGJV0PA4kdPB5USWltuO6t8gk4Pd2YBMl09zqUWkAEUCjFrtZ3mapjcGZI
-uQTASKR5LSjXoWxTT5gae/+64MerF/oCEeO3ehRTpjnPrsiRDo0rWIQTaj9+Nro8Z2xtWstw
-RnfoAHIxV1lEamPwjsceBEi2SD9hiifFeO5ECiVoaE1FdXUXhU+jwYAMx6jHWO9hMkYzS9pM
-Y3IyWR5ybtOjiQgkUdvRJPUPGf5DVVMPnymGX25aDh5PYpIESPbsM9akCpOOVuscywcUswmU
-o7dXvlB48WWCfg/al3BQKAZbn5ZXtWNwpUZkrEdHsrxAVv3rxRcdkT3Z1fzUbIuYkLJN200o
-WgRIJvn6RO8KEj7/HOg2sYuuM8nz1kR0TSgwX7/0y/7JfjBa0JIlP7o75sNJscE8oyoIMzuy
-Dvn6/U9g3BCDXn83A/s+ke60qn9gBFC6NAeLOlXal1YVWYhMQNOqCyUfAjiXBTawaysQb1Mk
-YgeNlF8xuEFcUQWIP+vNG7FJ5JPMaMRL4YEoaQ3sVFhYOERJR1cSb+8xt4QCYtBKQgRIUOmJ
-CHW5o1hXJWJiTkZK2qWFcEMzTINSj5EpYFySr8aVBjkRnI7vxegRT/+XZZXoYedQ3UNsnGI3
-DdkWii5VzX0PNF6C60pfBEiVpausYuX7Wjb3Lfm8cBj7GgN69i6Pm2gxtobVcmpo2nS4D714
-ePyhlX9n8kJ6QAcqWMRj22smDPrHVGNTizfzHBh5zNllK9gESJizILOWI327og3ZWp+qUht5
-kNDJCzMK7Z09UAy+h+vq0VTQuEo3FgLzVdqkJujjSL4Nx97lXg51AovrEn3nd4evydwcjKLX
-1wRIo72NaeWuUEQ+rt1SlCsOJ7k1ioJSqhrPOfvwcaFcb4beVet1JWiy4yvowTjLDGbUje2s
-xjrlVt4BJWI/uA6jbQsrxSe89ADZBAi5YAlR4qszeAQIXD3VSBVKbRUECNTtyvw9vvqXBAhb
-IZNn4H4cxgQI+XW7GkfL+ekECCCCg2reMyGDBAh1PYqkg3lw3gQQkNlggEPU+BH8eh7Gm7n7
-7AQIjC5EWbkil5cEEKcpuqwTWww/X89KnQAg8TcECJPomqHvrlZFBBiRSuIiHpmN+PaujXpv
-qZV2VhjkB2j09GEECOIdv8AVOJgKBAjlHgIqAD9jZQQIXHbs44+wogcEIGGqTACRJxrhMcMG
-X8drNjksIPt+snxTXUBIkTVpZWoABAh6unXPTyIr8QQgBF8xKoX27MWk7iTNmkSNZggZXa2a
-DWCGHSYLngbSOHIECD9XmO6VsvTgBAjfqB70CEW4WwQIVIBkbCocznUEEHB/zFXy/sR4OYHe
-UfbNPnIEEDWBB/NTCLMGE+o8BfyujcAECFik7GQnnF9VBBAhLXExQeWAofZNc6NtN7qZBCC1
-gVIS3ruTwKltmcrgx3heT3M8ZJhCfWa+6KzchnmKygQQ+1NL5sSzR4m/fdrqxHFyUAQYCT2x
-PamQr3wK3h0lyZER+4H0zPM86AhFBBC3CkmvL2vjflMfujnzPBVpBBge9rMbI5+0q9DLrTiT
-5F3AIgXLpD8PQWAECHkHVo6RomV3BAgMbi8E271UeAQIqtS8wnI3XngECG3TWmOMb3/iBEha
-y+mvCS6I3n3JfL8e1B5P4qX9/czJRaERLuKpGNjLiL4A+zxN0LZ0UHd0qfmJjwOTxAx3iJAC
-lGXX4nB9ATYPUT5EU+o1Y4sECN01pP6vWNIdBDAsiE0Ts8/9ltJlqX2B3AoOM4qOt9EaCjXf
-lB+aEmrhtjUwuZ6GqS5Ke7P6XnakTk4ECCLIMatNdootAAAAAAAAAAAAAA==
------END PKCS7-----
diff --git a/app/openssl/crypto/pkcs7/example.c b/app/openssl/crypto/pkcs7/example.c
deleted file mode 100644
index 2953d04b..00000000
--- a/app/openssl/crypto/pkcs7/example.c
+++ /dev/null
@@ -1,329 +0,0 @@
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <openssl/pkcs7.h>
-#include <openssl/asn1_mac.h>
-#include <openssl/x509.h>
-
-int add_signed_time(PKCS7_SIGNER_INFO *si)
-	{
-	ASN1_UTCTIME *sign_time;
-
-	/* The last parameter is the amount to add/subtract from the current
-	 * time (in seconds) */
-	sign_time=X509_gmtime_adj(NULL,0);
-	PKCS7_add_signed_attribute(si,NID_pkcs9_signingTime,
-		V_ASN1_UTCTIME,(char *)sign_time);
-	return(1);
-	}
-
-ASN1_UTCTIME *get_signed_time(PKCS7_SIGNER_INFO *si)
-	{
-	ASN1_TYPE *so;
-
-	so=PKCS7_get_signed_attribute(si,NID_pkcs9_signingTime);
-	if (so->type == V_ASN1_UTCTIME)
-	    return so->value.utctime;
-	return NULL;
-	}
-	
-static int signed_string_nid= -1;
-
-void add_signed_string(PKCS7_SIGNER_INFO *si, char *str)
-	{
-	ASN1_OCTET_STRING *os;
-
-	/* To a an object of OID 1.2.3.4.5, which is an octet string */
-	if (signed_string_nid == -1)
-		signed_string_nid=
-			OBJ_create("1.2.3.4.5","OID_example","Our example OID");
-	os=ASN1_OCTET_STRING_new();
-	ASN1_OCTET_STRING_set(os,(unsigned char*)str,strlen(str));
-	/* When we add, we do not free */
-	PKCS7_add_signed_attribute(si,signed_string_nid,
-		V_ASN1_OCTET_STRING,(char *)os);
-	}
-
-int get_signed_string(PKCS7_SIGNER_INFO *si, char *buf, int len)
-	{
-	ASN1_TYPE *so;
-	ASN1_OCTET_STRING *os;
-	int i;
-
-	if (signed_string_nid == -1)
-		signed_string_nid=
-			OBJ_create("1.2.3.4.5","OID_example","Our example OID");
-	/* To retrieve */
-	so=PKCS7_get_signed_attribute(si,signed_string_nid);
-	if (so != NULL)
-		{
-		if (so->type == V_ASN1_OCTET_STRING)
-			{
-			os=so->value.octet_string;
-			i=os->length;
-			if ((i+1) > len)
-				i=len-1;
-			memcpy(buf,os->data,i);
-			return(i);
-			}
-		}
-	return(0);
-	}
-
-static int signed_seq2string_nid= -1;
-/* ########################################### */
-int add_signed_seq2string(PKCS7_SIGNER_INFO *si, char *str1, char *str2)
-	{
-	/* To add an object of OID 1.9.999, which is a sequence containing
-	 * 2 octet strings */
-	unsigned char *p;
-	ASN1_OCTET_STRING *os1,*os2;
-	ASN1_STRING *seq;
-	unsigned char *data;
-	int i,total;
-
-	if (signed_seq2string_nid == -1)
-		signed_seq2string_nid=
-			OBJ_create("1.9.9999","OID_example","Our example OID");
-
-	os1=ASN1_OCTET_STRING_new();
-	os2=ASN1_OCTET_STRING_new();
-	ASN1_OCTET_STRING_set(os1,(unsigned char*)str1,strlen(str1));
-	ASN1_OCTET_STRING_set(os2,(unsigned char*)str1,strlen(str1));
-	i =i2d_ASN1_OCTET_STRING(os1,NULL);
-	i+=i2d_ASN1_OCTET_STRING(os2,NULL);
-	total=ASN1_object_size(1,i,V_ASN1_SEQUENCE);
-
-	data=malloc(total);
-	p=data;
-	ASN1_put_object(&p,1,i,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
-	i2d_ASN1_OCTET_STRING(os1,&p);
-	i2d_ASN1_OCTET_STRING(os2,&p);
-
-	seq=ASN1_STRING_new();
-	ASN1_STRING_set(seq,data,total);
-	free(data);
-	ASN1_OCTET_STRING_free(os1);
-	ASN1_OCTET_STRING_free(os2);
-
-	PKCS7_add_signed_attribute(si,signed_seq2string_nid,
-		V_ASN1_SEQUENCE,(char *)seq);
-	return(1);
-	}
-
-/* For this case, I will malloc the return strings */
-int get_signed_seq2string(PKCS7_SIGNER_INFO *si, char **str1, char **str2)
-	{
-	ASN1_TYPE *so;
-
-	if (signed_seq2string_nid == -1)
-		signed_seq2string_nid=
-			OBJ_create("1.9.9999","OID_example","Our example OID");
-	/* To retrieve */
-	so=PKCS7_get_signed_attribute(si,signed_seq2string_nid);
-	if (so && (so->type == V_ASN1_SEQUENCE))
-		{
-		ASN1_const_CTX c;
-		ASN1_STRING *s;
-		long length;
-		ASN1_OCTET_STRING *os1,*os2;
-
-		s=so->value.sequence;
-		c.p=ASN1_STRING_data(s);
-		c.max=c.p+ASN1_STRING_length(s);
-		if (!asn1_GetSequence(&c,&length)) goto err;
-		/* Length is the length of the seqence */
-
-		c.q=c.p;
-		if ((os1=d2i_ASN1_OCTET_STRING(NULL,&c.p,c.slen)) == NULL) 
-			goto err;
-		c.slen-=(c.p-c.q);
-
-		c.q=c.p;
-		if ((os2=d2i_ASN1_OCTET_STRING(NULL,&c.p,c.slen)) == NULL) 
-			goto err;
-		c.slen-=(c.p-c.q);
-
-		if (!asn1_const_Finish(&c)) goto err;
-		*str1=malloc(os1->length+1);
-		*str2=malloc(os2->length+1);
-		memcpy(*str1,os1->data,os1->length);
-		memcpy(*str2,os2->data,os2->length);
-		(*str1)[os1->length]='\0';
-		(*str2)[os2->length]='\0';
-		ASN1_OCTET_STRING_free(os1);
-		ASN1_OCTET_STRING_free(os2);
-		return(1);
-		}
-err:
-	return(0);
-	}
-
-
-/* #######################################
- * THE OTHER WAY TO DO THINGS
- * #######################################
- */
-X509_ATTRIBUTE *create_time(void)
-	{
-	ASN1_UTCTIME *sign_time;
-	X509_ATTRIBUTE *ret;
-
-	/* The last parameter is the amount to add/subtract from the current
-	 * time (in seconds) */
-	sign_time=X509_gmtime_adj(NULL,0);
-	ret=X509_ATTRIBUTE_create(NID_pkcs9_signingTime,
-		V_ASN1_UTCTIME,(char *)sign_time);
-	return(ret);
-	}
-
-ASN1_UTCTIME *sk_get_time(STACK_OF(X509_ATTRIBUTE) *sk)
-	{
-	ASN1_TYPE *so;
-	PKCS7_SIGNER_INFO si;
-
-	si.auth_attr=sk;
-	so=PKCS7_get_signed_attribute(&si,NID_pkcs9_signingTime);
-	if (so->type == V_ASN1_UTCTIME)
-	    return so->value.utctime;
-	return NULL;
-	}
-	
-X509_ATTRIBUTE *create_string(char *str)
-	{
-	ASN1_OCTET_STRING *os;
-	X509_ATTRIBUTE *ret;
-
-	/* To a an object of OID 1.2.3.4.5, which is an octet string */
-	if (signed_string_nid == -1)
-		signed_string_nid=
-			OBJ_create("1.2.3.4.5","OID_example","Our example OID");
-	os=ASN1_OCTET_STRING_new();
-	ASN1_OCTET_STRING_set(os,(unsigned char*)str,strlen(str));
-	/* When we add, we do not free */
-	ret=X509_ATTRIBUTE_create(signed_string_nid,
-		V_ASN1_OCTET_STRING,(char *)os);
-	return(ret);
-	}
-
-int sk_get_string(STACK_OF(X509_ATTRIBUTE) *sk, char *buf, int len)
-	{
-	ASN1_TYPE *so;
-	ASN1_OCTET_STRING *os;
-	int i;
-	PKCS7_SIGNER_INFO si;
-
-	si.auth_attr=sk;
-
-	if (signed_string_nid == -1)
-		signed_string_nid=
-			OBJ_create("1.2.3.4.5","OID_example","Our example OID");
-	/* To retrieve */
-	so=PKCS7_get_signed_attribute(&si,signed_string_nid);
-	if (so != NULL)
-		{
-		if (so->type == V_ASN1_OCTET_STRING)
-			{
-			os=so->value.octet_string;
-			i=os->length;
-			if ((i+1) > len)
-				i=len-1;
-			memcpy(buf,os->data,i);
-			return(i);
-			}
-		}
-	return(0);
-	}
-
-X509_ATTRIBUTE *add_seq2string(PKCS7_SIGNER_INFO *si, char *str1, char *str2)
-	{
-	/* To add an object of OID 1.9.999, which is a sequence containing
-	 * 2 octet strings */
-	unsigned char *p;
-	ASN1_OCTET_STRING *os1,*os2;
-	ASN1_STRING *seq;
-	X509_ATTRIBUTE *ret;
-	unsigned char *data;
-	int i,total;
-
-	if (signed_seq2string_nid == -1)
-		signed_seq2string_nid=
-			OBJ_create("1.9.9999","OID_example","Our example OID");
-
-	os1=ASN1_OCTET_STRING_new();
-	os2=ASN1_OCTET_STRING_new();
-	ASN1_OCTET_STRING_set(os1,(unsigned char*)str1,strlen(str1));
-	ASN1_OCTET_STRING_set(os2,(unsigned char*)str1,strlen(str1));
-	i =i2d_ASN1_OCTET_STRING(os1,NULL);
-	i+=i2d_ASN1_OCTET_STRING(os2,NULL);
-	total=ASN1_object_size(1,i,V_ASN1_SEQUENCE);
-
-	data=malloc(total);
-	p=data;
-	ASN1_put_object(&p,1,i,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
-	i2d_ASN1_OCTET_STRING(os1,&p);
-	i2d_ASN1_OCTET_STRING(os2,&p);
-
-	seq=ASN1_STRING_new();
-	ASN1_STRING_set(seq,data,total);
-	free(data);
-	ASN1_OCTET_STRING_free(os1);
-	ASN1_OCTET_STRING_free(os2);
-
-	ret=X509_ATTRIBUTE_create(signed_seq2string_nid,
-		V_ASN1_SEQUENCE,(char *)seq);
-	return(ret);
-	}
-
-/* For this case, I will malloc the return strings */
-int sk_get_seq2string(STACK_OF(X509_ATTRIBUTE) *sk, char **str1, char **str2)
-	{
-	ASN1_TYPE *so;
-	PKCS7_SIGNER_INFO si;
-
-	if (signed_seq2string_nid == -1)
-		signed_seq2string_nid=
-			OBJ_create("1.9.9999","OID_example","Our example OID");
-
-	si.auth_attr=sk;
-	/* To retrieve */
-	so=PKCS7_get_signed_attribute(&si,signed_seq2string_nid);
-	if (so->type == V_ASN1_SEQUENCE)
-		{
-		ASN1_const_CTX c;
-		ASN1_STRING *s;
-		long length;
-		ASN1_OCTET_STRING *os1,*os2;
-
-		s=so->value.sequence;
-		c.p=ASN1_STRING_data(s);
-		c.max=c.p+ASN1_STRING_length(s);
-		if (!asn1_GetSequence(&c,&length)) goto err;
-		/* Length is the length of the seqence */
-
-		c.q=c.p;
-		if ((os1=d2i_ASN1_OCTET_STRING(NULL,&c.p,c.slen)) == NULL) 
-			goto err;
-		c.slen-=(c.p-c.q);
-
-		c.q=c.p;
-		if ((os2=d2i_ASN1_OCTET_STRING(NULL,&c.p,c.slen)) == NULL) 
-			goto err;
-		c.slen-=(c.p-c.q);
-
-		if (!asn1_const_Finish(&c)) goto err;
-		*str1=malloc(os1->length+1);
-		*str2=malloc(os2->length+1);
-		memcpy(*str1,os1->data,os1->length);
-		memcpy(*str2,os2->data,os2->length);
-		(*str1)[os1->length]='\0';
-		(*str2)[os2->length]='\0';
-		ASN1_OCTET_STRING_free(os1);
-		ASN1_OCTET_STRING_free(os2);
-		return(1);
-		}
-err:
-	return(0);
-	}
-
-
diff --git a/app/openssl/crypto/pkcs7/example.h b/app/openssl/crypto/pkcs7/example.h
deleted file mode 100644
index 96167de1..00000000
--- a/app/openssl/crypto/pkcs7/example.h
+++ /dev/null
@@ -1,57 +0,0 @@
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-int add_signed_time(PKCS7_SIGNER_INFO *si);
-ASN1_UTCTIME *get_signed_time(PKCS7_SIGNER_INFO *si);
-int get_signed_seq2string(PKCS7_SIGNER_INFO *si, char **str1, char **str2);
diff --git a/app/openssl/crypto/pkcs7/info.pem b/app/openssl/crypto/pkcs7/info.pem
deleted file mode 100644
index 989baf87..00000000
--- a/app/openssl/crypto/pkcs7/info.pem
+++ /dev/null
@@ -1,57 +0,0 @@
-issuer :/C=AU/SP=Queensland/L=Brisbane/O=Cryptsoft Pty Ltd/OU=DEMONSTRATION AND TESTING/CN=DEMO ZERO VALUE CA
-subject:/C=AU/SP=Queensland/L=Brisbane/O=Cryptsoft Pty Ltd/OU=SMIME 003/CN=Information/Email=info@cryptsoft.com
-serial :047D
-
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 1149 (0x47d)
-        Signature Algorithm: md5withRSAEncryption
-        Issuer: C=AU, SP=Queensland, L=Brisbane, O=Cryptsoft Pty Ltd, OU=DEMONSTRATION AND TESTING, CN=DEMO ZERO VALUE CA
-        Validity
-            Not Before: May 13 05:40:58 1998 GMT
-            Not After : May 12 05:40:58 2000 GMT
-        Subject: C=AU, SP=Queensland, L=Brisbane, O=Cryptsoft Pty Ltd, OU=SMIME 003, CN=Information/Email=info@cryptsoft.com
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-                Modulus:
-                    00:ad:e7:23:89:ee:0d:87:b7:9c:32:44:4b:95:81:
-                    73:dd:22:80:4b:2d:c5:60:b8:fe:1e:18:63:ef:dc:
-                    89:89:22:df:95:3c:7a:db:3d:9a:06:a8:08:d6:29:
-                    fd:ef:41:09:91:ed:bc:ad:98:f9:f6:28:90:62:6f:
-                    e7:e7:0c:4d:0b
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            Netscape Comment: 
-                Generated with SSLeay
-    Signature Algorithm: md5withRSAEncryption
-        52:15:ea:88:f4:f0:f9:0b:ef:ce:d5:f8:83:40:61:16:5e:55:
-        f9:ce:2d:d1:8b:31:5c:03:c6:2d:10:7c:61:d5:5c:0a:42:97:
-        d1:fd:65:b6:b6:84:a5:39:ec:46:ec:fc:e0:0d:d9:22:da:1b:
-        50:74:ad:92:cb:4e:90:e5:fa:7d
-
------BEGIN CERTIFICATE-----
-MIICTDCCAfagAwIBAgICBH0wDQYJKoZIhvcNAQEEBQAwgZIxCzAJBgNVBAYTAkFV
-MRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UE
-ChMRQ3J5cHRzb2Z0IFB0eSBMdGQxIjAgBgNVBAsTGURFTU9OU1RSQVRJT04gQU5E
-IFRFU1RJTkcxGzAZBgNVBAMTEkRFTU8gWkVSTyBWQUxVRSBDQTAeFw05ODA1MTMw
-NTQwNThaFw0wMDA1MTIwNTQwNThaMIGeMQswCQYDVQQGEwJBVTETMBEGA1UECBMK
-UXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m
-dCBQdHkgTHRkMRIwEAYDVQQLEwlTTUlNRSAwMDMxFDASBgNVBAMTC0luZm9ybWF0
-aW9uMSEwHwYJKoZIhvcNAQkBFhJpbmZvQGNyeXB0c29mdC5jb20wXDANBgkqhkiG
-9w0BAQEFAANLADBIAkEArecjie4Nh7ecMkRLlYFz3SKASy3FYLj+Hhhj79yJiSLf
-lTx62z2aBqgI1in970EJke28rZj59iiQYm/n5wxNCwIDAQABoygwJjAkBglghkgB
-hvhCAQ0EFxYVR2VuZXJhdGVkIHdpdGggU1NMZWF5MA0GCSqGSIb3DQEBBAUAA0EA
-UhXqiPTw+QvvztX4g0BhFl5V+c4t0YsxXAPGLRB8YdVcCkKX0f1ltraEpTnsRuz8
-4A3ZItobUHStkstOkOX6fQ==
------END CERTIFICATE-----
-
------BEGIN RSA PRIVATE KEY-----
-MIIBOgIBAAJBAK3nI4nuDYe3nDJES5WBc90igEstxWC4/h4YY+/ciYki35U8ets9
-mgaoCNYp/e9BCZHtvK2Y+fYokGJv5+cMTQsCAwEAAQJBAIHpvXvqEcOEoDRRHuIG
-fkcB4jPHcr9KE9TpxabH6xs9beN6OJnkePXAHwaz5MnUgSnbpOKq+cw8miKjXwe/
-zVECIQDVLwncT2lRmXarEYHzb+q/0uaSvKhWKKt3kJasLNTrAwIhANDUc/ghut29
-p3jJYjurzUKuG774/5eLjPLsxPPIZzNZAiA/10hSq41UnGqHLEUIS9m2/EeEZe7b
-bm567dfRU9OnVQIgDo8ROrZXSchEGbaog5J5r/Fle83uO8l93R3GqVxKXZkCIFfk
-IPD5PIYQAyyod3hyKKza7ZP4CGY4oOfZetbkSGGG
------END RSA PRIVATE KEY-----
diff --git a/app/openssl/crypto/pkcs7/infokey.pem b/app/openssl/crypto/pkcs7/infokey.pem
deleted file mode 100644
index 1e2acc95..00000000
--- a/app/openssl/crypto/pkcs7/infokey.pem
+++ /dev/null
@@ -1,9 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIBOgIBAAJBAK3nI4nuDYe3nDJES5WBc90igEstxWC4/h4YY+/ciYki35U8ets9
-mgaoCNYp/e9BCZHtvK2Y+fYokGJv5+cMTQsCAwEAAQJBAIHpvXvqEcOEoDRRHuIG
-fkcB4jPHcr9KE9TpxabH6xs9beN6OJnkePXAHwaz5MnUgSnbpOKq+cw8miKjXwe/
-zVECIQDVLwncT2lRmXarEYHzb+q/0uaSvKhWKKt3kJasLNTrAwIhANDUc/ghut29
-p3jJYjurzUKuG774/5eLjPLsxPPIZzNZAiA/10hSq41UnGqHLEUIS9m2/EeEZe7b
-bm567dfRU9OnVQIgDo8ROrZXSchEGbaog5J5r/Fle83uO8l93R3GqVxKXZkCIFfk
-IPD5PIYQAyyod3hyKKza7ZP4CGY4oOfZetbkSGGG
------END RSA PRIVATE KEY-----
diff --git a/app/openssl/crypto/pkcs7/p7/a1 b/app/openssl/crypto/pkcs7/p7/a1
deleted file mode 100644
index 56ca9437..00000000
--- a/app/openssl/crypto/pkcs7/p7/a1
+++ /dev/null
@@ -1,2 +0,0 @@
-j,H>_æá_­DôzEîLœ	VJ³ß觬¤””E3ûáYäx%_Àk
-3ê)DLScñ8%ôM
\ No newline at end of file
diff --git a/app/openssl/crypto/pkcs7/p7/a2 b/app/openssl/crypto/pkcs7/p7/a2
deleted file mode 100644
index 23d8fb5e..00000000
--- a/app/openssl/crypto/pkcs7/p7/a2
+++ /dev/null
@@ -1 +0,0 @@
-k~@a”,NâM͹¼	
<O( KP—騠¤K²>­×U¿o_½
BqrmÎ?Ù t?t÷�Ï�éId2‰Š
\ No newline at end of file
diff --git a/app/openssl/crypto/pkcs7/p7/cert.p7c b/app/openssl/crypto/pkcs7/p7/cert.p7c
deleted file mode 100644
index 2b75ec05..00000000
--- a/app/openssl/crypto/pkcs7/p7/cert.p7c
+++ /dev/null
diff --git a/app/openssl/crypto/pkcs7/p7/smime.p7m b/app/openssl/crypto/pkcs7/p7/smime.p7m
deleted file mode 100644
index 2b6e6f82..00000000
--- a/app/openssl/crypto/pkcs7/p7/smime.p7m
+++ /dev/null
diff --git a/app/openssl/crypto/pkcs7/p7/smime.p7s b/app/openssl/crypto/pkcs7/p7/smime.p7s
deleted file mode 100644
index 2b5d4fb0..00000000
--- a/app/openssl/crypto/pkcs7/p7/smime.p7s
+++ /dev/null
diff --git a/app/openssl/crypto/pkcs7/pkcs7.h b/app/openssl/crypto/pkcs7/pkcs7.h
index 04f60379..5d54c4ac 100644
--- a/app/openssl/crypto/pkcs7/pkcs7.h
+++ b/app/openssl/crypto/pkcs7/pkcs7.h
@@ -233,10 +233,6 @@ DECLARE_PKCS12_STACK_OF(PKCS7)
 		(OBJ_obj2nid((a)->type) == NID_pkcs7_signedAndEnveloped)
 #define PKCS7_type_is_data(a)   (OBJ_obj2nid((a)->type) == NID_pkcs7_data)
 #define PKCS7_type_is_digest(a)   (OBJ_obj2nid((a)->type) == NID_pkcs7_digest)
-#define PKCS7_type_is_encrypted(a) \
-		(OBJ_obj2nid((a)->type) == NID_pkcs7_encrypted)
-
-#define PKCS7_type_is_digest(a)   (OBJ_obj2nid((a)->type) == NID_pkcs7_digest)
 
 #define PKCS7_set_detached(p,v) \
 		PKCS7_ctrl(p,PKCS7_OP_SET_DETACHED_SIGNATURE,v,NULL)
diff --git a/app/openssl/crypto/pkcs7/server.pem b/app/openssl/crypto/pkcs7/server.pem
deleted file mode 100644
index 750aac20..00000000
--- a/app/openssl/crypto/pkcs7/server.pem
+++ /dev/null
@@ -1,24 +0,0 @@
-issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
-subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Server test cert (512 bit)
------BEGIN CERTIFICATE-----
-MIIB6TCCAVICAQAwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCQVUxEzARBgNV
-BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYD
-VQQDExJUZXN0IENBICgxMDI0IGJpdCkwHhcNOTcwNjA5MTM1NzQ2WhcNOTgwNjA5
-MTM1NzQ2WjBjMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEaMBgG
-A1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxIzAhBgNVBAMTGlNlcnZlciB0ZXN0IGNl
-cnQgKDUxMiBiaXQpMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJ+zw4Qnlf8SMVIP
-Fe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVDTGiXav6ooKXfX3j/7tdkuD8Ey2//
-Kv7+ue0CAwEAATANBgkqhkiG9w0BAQQFAAOBgQB4TMR2CvacKE9wAsu9jyCX8YiW
-mgCM+YoP6kt4Zkj2z5IRfm7WrycKsnpnOR+tGeqAjkCeZ6/36o9l91RvPnN1VJ/i
-xQv2df0KFeMr00IkDdTNAdIWqFkSsZTAY2QAdgenb7MB1joejquYzO2DQIO7+wpH
-irObpESxAZLySCmPPg==
------END CERTIFICATE-----
------BEGIN RSA PRIVATE KEY-----
-MIIBPAIBAAJBAJ+zw4Qnlf8SMVIPFe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVD
-TGiXav6ooKXfX3j/7tdkuD8Ey2//Kv7+ue0CAwEAAQJAN6W31vDEP2DjdqhzCDDu
-OA4NACqoiFqyblo7yc2tM4h4xMbC3Yx5UKMN9ZkCtX0gzrz6DyF47bdKcWBzNWCj
-gQIhANEoojVt7hq+SQ6MCN6FTAysGgQf56Q3TYoJMoWvdiXVAiEAw3e3rc+VJpOz
-rHuDo6bgpjUAAXM+v3fcpsfZSNO6V7kCIQCtbVjanpUwvZkMI9by02oUk9taki3b
-PzPfAfNPYAbCJQIhAJXNQDWyqwn/lGmR11cqY2y9nZ1+5w3yHGatLrcDnQHxAiEA
-vnlEGo8K85u+KwIOimM48ZG8oTk7iFdkqLJR1utT3aU=
------END RSA PRIVATE KEY-----
diff --git a/app/openssl/crypto/pkcs7/sign.c b/app/openssl/crypto/pkcs7/sign.c
deleted file mode 100644
index 8b59885f..00000000
--- a/app/openssl/crypto/pkcs7/sign.c
+++ /dev/null
@@ -1,154 +0,0 @@
-/* crypto/pkcs7/sign.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-#include <stdio.h>
-#include <string.h>
-#include <openssl/bio.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-#include <openssl/err.h>
-
-int main(argc,argv)
-int argc;
-char *argv[];
-	{
-	X509 *x509;
-	EVP_PKEY *pkey;
-	PKCS7 *p7;
-	PKCS7_SIGNER_INFO *si;
-	BIO *in;
-	BIO *data,*p7bio;
-	char buf[1024*4];
-	int i;
-	int nodetach=0;
-
-#ifndef OPENSSL_NO_MD2
-	EVP_add_digest(EVP_md2());
-#endif
-#ifndef OPENSSL_NO_MD5
-	EVP_add_digest(EVP_md5());
-#endif
-#ifndef OPENSSL_NO_SHA1
-	EVP_add_digest(EVP_sha1());
-#endif
-#ifndef OPENSSL_NO_MDC2
-	EVP_add_digest(EVP_mdc2());
-#endif
-
-	data=BIO_new(BIO_s_file());
-again:
-	if (argc > 1)
-		{
-		if (strcmp(argv[1],"-nd") == 0)
-			{
-			nodetach=1;
-			argv++; argc--;
-			goto again;
-			}
-		if (!BIO_read_filename(data,argv[1]))
-			goto err;
-		}
-	else
-		BIO_set_fp(data,stdin,BIO_NOCLOSE);
-
-	if ((in=BIO_new_file("server.pem","r")) == NULL) goto err;
-	if ((x509=PEM_read_bio_X509(in,NULL,NULL,NULL)) == NULL) goto err;
-	BIO_reset(in);
-	if ((pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,NULL)) == NULL) goto err;
-	BIO_free(in);
-
-	p7=PKCS7_new();
-	PKCS7_set_type(p7,NID_pkcs7_signed);
-	 
-	si=PKCS7_add_signature(p7,x509,pkey,EVP_sha1());
-	if (si == NULL) goto err;
-
-	/* If you do this then you get signing time automatically added */
-	PKCS7_add_signed_attribute(si, NID_pkcs9_contentType, V_ASN1_OBJECT,
-						OBJ_nid2obj(NID_pkcs7_data));
-
-	/* we may want to add more */
-	PKCS7_add_certificate(p7,x509);
-
-	/* Set the content of the signed to 'data' */
-	PKCS7_content_new(p7,NID_pkcs7_data);
-
-	if (!nodetach)
-		PKCS7_set_detached(p7,1);
-
-	if ((p7bio=PKCS7_dataInit(p7,NULL)) == NULL) goto err;
-
-	for (;;)
-		{
-		i=BIO_read(data,buf,sizeof(buf));
-		if (i <= 0) break;
-		BIO_write(p7bio,buf,i);
-		}
-
-	if (!PKCS7_dataFinal(p7,p7bio)) goto err;
-	BIO_free(p7bio);
-
-	PEM_write_PKCS7(stdout,p7);
-	PKCS7_free(p7);
-
-	exit(0);
-err:
-	ERR_load_crypto_strings();
-	ERR_print_errors_fp(stderr);
-	exit(1);
-	}
-
diff --git a/app/openssl/crypto/pkcs7/t/3des.pem b/app/openssl/crypto/pkcs7/t/3des.pem
deleted file mode 100644
index b2b5081a..00000000
--- a/app/openssl/crypto/pkcs7/t/3des.pem
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN PKCS7-----
-MIAGCSqGSIb3DQEHA6CAMIACAQAxggHmMIHwAgEAMIGZMIGSMQswCQYDVQQGEwJBVTETMBEG
-A1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m
-dCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNUUkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQD
-ExJERU1PIFpFUk8gVkFMVUUgQ0ECAgR+MA0GCSqGSIb3DQEBAQUABEC2vXI1xQDW6lUHM3zQ
-/9uBEBOO5A3TtkrklAXq7v01gsIC21t52qSk36REXY+slhNZ0OQ349tgkTsoETHFLoEwMIHw
-AgEAMIGZMIGSMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMI
-QnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29mdCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNU
-UkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQDExJERU1PIFpFUk8gVkFMVUUgQ0ECAgR9MA0G
-CSqGSIb3DQEBAQUABEB8ujxbabxXUYJhopuDm3oDq4JNqX6Io4p3ro+ShqfIndsXTZ1v5a2N
-WtLLCWlHn/habjBwZ/DgQgcKASbZ7QxNMIAGCSqGSIb3DQEHATAaBggqhkiG9w0DAjAOAgIA
-oAQIbsL5v1wX98KggAQoAaJ4WHm68fXY1WE5OIjfVBIDpO1K+i8dmKhjnAjrjoyZ9Bwc8rDL
-lgQg4CXb805h5xl+GfvSwUaHJayte1m2mcOhs3J2YyqbQ+MEIMIiJQccmhO3oDKm36CFvYR8
-5PjpclVcZyX2ngbwPFMnBAgy0clOAE6UKAAAAAAAAAAAAAA=
------END PKCS7-----
-
diff --git a/app/openssl/crypto/pkcs7/t/3dess.pem b/app/openssl/crypto/pkcs7/t/3dess.pem
deleted file mode 100644
index 23f01351..00000000
--- a/app/openssl/crypto/pkcs7/t/3dess.pem
+++ /dev/null
@@ -1,32 +0,0 @@
------BEGIN PKCS7-----
-MIIGHgYJKoZIhvcNAQcCoIIGDzCCBgsCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC
-BGswggJTMIIB/aADAgECAgIEfjANBgkqhkiG9w0BAQQFADCBkjELMAkGA1UEBhMCQVUxEzAR
-BgNVBAgTClF1ZWVuc2xhbmQxETAPBgNVBAcTCEJyaXNiYW5lMRowGAYDVQQKExFDcnlwdHNv
-ZnQgUHR5IEx0ZDEiMCAGA1UECxMZREVNT05TVFJBVElPTiBBTkQgVEVTVElORzEbMBkGA1UE
-AxMSREVNTyBaRVJPIFZBTFVFIENBMB4XDTk4MDUxMzA2MjY1NloXDTAwMDUxMjA2MjY1Nlow
-gaUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFu
-ZTEaMBgGA1UEChMRQ3J5cHRzb2Z0IFB0eSBMdGQxEjAQBgNVBAsTCVNNSU1FIDAwMzEZMBcG
-A1UEAxMQQW5nZWxhIHZhbiBMZWVudDEjMCEGCSqGSIb3DQEJARYUYW5nZWxhQGNyeXB0c29m
-dC5jb20wXDANBgkqhkiG9w0BAQEFAANLADBIAkEAuC3+7dAb2LhuO7gt2cTM8vsNjhG5JfDh
-hX1Vl/wVGbKEEj0MA6vWEolvefQlxB+EzwCtR0YZ7eEC/T/4JoCyeQIDAQABoygwJjAkBglg
-hkgBhvhCAQ0EFxYVR2VuZXJhdGVkIHdpdGggU1NMZWF5MA0GCSqGSIb3DQEBBAUAA0EAUnSP
-igs6TMFISTjw8cBtJYb98czgAVkVFjKyJQwYMH8FbDnCyx6NocM555nsyDstaw8fKR11Khds
-syd3ikkrhDCCAhAwggG6AgEDMA0GCSqGSIb3DQEBBAUAMIGSMQswCQYDVQQGEwJBVTETMBEG
-A1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m
-dCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNUUkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQD
-ExJERU1PIFpFUk8gVkFMVUUgQ0EwHhcNOTgwMzAzMDc0MTMyWhcNMDgwMjI5MDc0MTMyWjCB
-kjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxETAPBgNVBAcTCEJyaXNiYW5l
-MRowGAYDVQQKExFDcnlwdHNvZnQgUHR5IEx0ZDEiMCAGA1UECxMZREVNT05TVFJBVElPTiBB
-TkQgVEVTVElORzEbMBkGA1UEAxMSREVNTyBaRVJPIFZBTFVFIENBMFwwDQYJKoZIhvcNAQEB
-BQADSwAwSAJBAL+0E2fLej3FSCwe2A2iRnMuC3z12qHIp6Ky1wo2zZcxft7AI+RfkrWrSGtf
-mfzBEuPrLdfulncC5Y1pNcM8RTUCAwEAATANBgkqhkiG9w0BAQQFAANBAGSbLMphL6F5pp3s
-8o0Xyh86FHFdpVOwYx09ELLkuG17V/P9pgIc0Eo/gDMbN+KT3IdgECf8S//pCRA6RrNjcXIx
-ggF7MIIBdwIBATCBmTCBkjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxETAP
-BgNVBAcTCEJyaXNiYW5lMRowGAYDVQQKExFDcnlwdHNvZnQgUHR5IEx0ZDEiMCAGA1UECxMZ
-REVNT05TVFJBVElPTiBBTkQgVEVTVElORzEbMBkGA1UEAxMSREVNTyBaRVJPIFZBTFVFIENB
-AgIEfjAJBgUrDgMCGgUAoHowGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAbBgkqhkiG9w0B
-CQ8xDjAMMAoGCCqGSIb3DQMHMBwGCSqGSIb3DQEJBTEPFw05ODA1MTQwMzM5MzdaMCMGCSqG
-SIb3DQEJBDEWBBQstNMnSV26ba8PapQEDhO21yNFrjANBgkqhkiG9w0BAQEFAARAW9Xb9YXv
-BfcNkutgFX9Gr8iXhBVsNtGEVrjrpkQwpKa7jHI8SjAlLhk/4RFwDHf+ISB9Np3Z1WDWnLcA
-9CWR6g==
------END PKCS7-----
diff --git a/app/openssl/crypto/pkcs7/t/c.pem b/app/openssl/crypto/pkcs7/t/c.pem
deleted file mode 100644
index a4b55e32..00000000
--- a/app/openssl/crypto/pkcs7/t/c.pem
+++ /dev/null
@@ -1,48 +0,0 @@
-issuer :/C=AU/SP=Queensland/L=Brisbane/O=Cryptsoft Pty Ltd/OU=DEMONSTRATION AND TESTING/CN=DEMO ZERO VALUE CA
-subject:/C=AU/SP=Queensland/L=Brisbane/O=Cryptsoft Pty Ltd/OU=SMIME 003/CN=Information/Email=info@cryptsoft.com
-serial :047D
-
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 1149 (0x47d)
-        Signature Algorithm: md5withRSAEncryption
-        Issuer: C=AU, SP=Queensland, L=Brisbane, O=Cryptsoft Pty Ltd, OU=DEMONSTRATION AND TESTING, CN=DEMO ZERO VALUE CA
-        Validity
-            Not Before: May 13 05:40:58 1998 GMT
-            Not After : May 12 05:40:58 2000 GMT
-        Subject: C=AU, SP=Queensland, L=Brisbane, O=Cryptsoft Pty Ltd, OU=SMIME 003, CN=Information/Email=info@cryptsoft.com
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-                Modulus:
-                    00:ad:e7:23:89:ee:0d:87:b7:9c:32:44:4b:95:81:
-                    73:dd:22:80:4b:2d:c5:60:b8:fe:1e:18:63:ef:dc:
-                    89:89:22:df:95:3c:7a:db:3d:9a:06:a8:08:d6:29:
-                    fd:ef:41:09:91:ed:bc:ad:98:f9:f6:28:90:62:6f:
-                    e7:e7:0c:4d:0b
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            Netscape Comment: 
-                Generated with SSLeay
-    Signature Algorithm: md5withRSAEncryption
-        52:15:ea:88:f4:f0:f9:0b:ef:ce:d5:f8:83:40:61:16:5e:55:
-        f9:ce:2d:d1:8b:31:5c:03:c6:2d:10:7c:61:d5:5c:0a:42:97:
-        d1:fd:65:b6:b6:84:a5:39:ec:46:ec:fc:e0:0d:d9:22:da:1b:
-        50:74:ad:92:cb:4e:90:e5:fa:7d
-
------BEGIN CERTIFICATE-----
-MIICTDCCAfagAwIBAgICBH0wDQYJKoZIhvcNAQEEBQAwgZIxCzAJBgNVBAYTAkFV
-MRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UE
-ChMRQ3J5cHRzb2Z0IFB0eSBMdGQxIjAgBgNVBAsTGURFTU9OU1RSQVRJT04gQU5E
-IFRFU1RJTkcxGzAZBgNVBAMTEkRFTU8gWkVSTyBWQUxVRSBDQTAeFw05ODA1MTMw
-NTQwNThaFw0wMDA1MTIwNTQwNThaMIGeMQswCQYDVQQGEwJBVTETMBEGA1UECBMK
-UXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m
-dCBQdHkgTHRkMRIwEAYDVQQLEwlTTUlNRSAwMDMxFDASBgNVBAMTC0luZm9ybWF0
-aW9uMSEwHwYJKoZIhvcNAQkBFhJpbmZvQGNyeXB0c29mdC5jb20wXDANBgkqhkiG
-9w0BAQEFAANLADBIAkEArecjie4Nh7ecMkRLlYFz3SKASy3FYLj+Hhhj79yJiSLf
-lTx62z2aBqgI1in970EJke28rZj59iiQYm/n5wxNCwIDAQABoygwJjAkBglghkgB
-hvhCAQ0EFxYVR2VuZXJhdGVkIHdpdGggU1NMZWF5MA0GCSqGSIb3DQEBBAUAA0EA
-UhXqiPTw+QvvztX4g0BhFl5V+c4t0YsxXAPGLRB8YdVcCkKX0f1ltraEpTnsRuz8
-4A3ZItobUHStkstOkOX6fQ==
------END CERTIFICATE-----
-
diff --git a/app/openssl/crypto/pkcs7/t/ff b/app/openssl/crypto/pkcs7/t/ff
deleted file mode 100644
index 23f01351..00000000
--- a/app/openssl/crypto/pkcs7/t/ff
+++ /dev/null
@@ -1,32 +0,0 @@
------BEGIN PKCS7-----
-MIIGHgYJKoZIhvcNAQcCoIIGDzCCBgsCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC
-BGswggJTMIIB/aADAgECAgIEfjANBgkqhkiG9w0BAQQFADCBkjELMAkGA1UEBhMCQVUxEzAR
-BgNVBAgTClF1ZWVuc2xhbmQxETAPBgNVBAcTCEJyaXNiYW5lMRowGAYDVQQKExFDcnlwdHNv
-ZnQgUHR5IEx0ZDEiMCAGA1UECxMZREVNT05TVFJBVElPTiBBTkQgVEVTVElORzEbMBkGA1UE
-AxMSREVNTyBaRVJPIFZBTFVFIENBMB4XDTk4MDUxMzA2MjY1NloXDTAwMDUxMjA2MjY1Nlow
-gaUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFu
-ZTEaMBgGA1UEChMRQ3J5cHRzb2Z0IFB0eSBMdGQxEjAQBgNVBAsTCVNNSU1FIDAwMzEZMBcG
-A1UEAxMQQW5nZWxhIHZhbiBMZWVudDEjMCEGCSqGSIb3DQEJARYUYW5nZWxhQGNyeXB0c29m
-dC5jb20wXDANBgkqhkiG9w0BAQEFAANLADBIAkEAuC3+7dAb2LhuO7gt2cTM8vsNjhG5JfDh
-hX1Vl/wVGbKEEj0MA6vWEolvefQlxB+EzwCtR0YZ7eEC/T/4JoCyeQIDAQABoygwJjAkBglg
-hkgBhvhCAQ0EFxYVR2VuZXJhdGVkIHdpdGggU1NMZWF5MA0GCSqGSIb3DQEBBAUAA0EAUnSP
-igs6TMFISTjw8cBtJYb98czgAVkVFjKyJQwYMH8FbDnCyx6NocM555nsyDstaw8fKR11Khds
-syd3ikkrhDCCAhAwggG6AgEDMA0GCSqGSIb3DQEBBAUAMIGSMQswCQYDVQQGEwJBVTETMBEG
-A1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m
-dCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNUUkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQD
-ExJERU1PIFpFUk8gVkFMVUUgQ0EwHhcNOTgwMzAzMDc0MTMyWhcNMDgwMjI5MDc0MTMyWjCB
-kjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxETAPBgNVBAcTCEJyaXNiYW5l
-MRowGAYDVQQKExFDcnlwdHNvZnQgUHR5IEx0ZDEiMCAGA1UECxMZREVNT05TVFJBVElPTiBB
-TkQgVEVTVElORzEbMBkGA1UEAxMSREVNTyBaRVJPIFZBTFVFIENBMFwwDQYJKoZIhvcNAQEB
-BQADSwAwSAJBAL+0E2fLej3FSCwe2A2iRnMuC3z12qHIp6Ky1wo2zZcxft7AI+RfkrWrSGtf
-mfzBEuPrLdfulncC5Y1pNcM8RTUCAwEAATANBgkqhkiG9w0BAQQFAANBAGSbLMphL6F5pp3s
-8o0Xyh86FHFdpVOwYx09ELLkuG17V/P9pgIc0Eo/gDMbN+KT3IdgECf8S//pCRA6RrNjcXIx
-ggF7MIIBdwIBATCBmTCBkjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxETAP
-BgNVBAcTCEJyaXNiYW5lMRowGAYDVQQKExFDcnlwdHNvZnQgUHR5IEx0ZDEiMCAGA1UECxMZ
-REVNT05TVFJBVElPTiBBTkQgVEVTVElORzEbMBkGA1UEAxMSREVNTyBaRVJPIFZBTFVFIENB
-AgIEfjAJBgUrDgMCGgUAoHowGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAbBgkqhkiG9w0B
-CQ8xDjAMMAoGCCqGSIb3DQMHMBwGCSqGSIb3DQEJBTEPFw05ODA1MTQwMzM5MzdaMCMGCSqG
-SIb3DQEJBDEWBBQstNMnSV26ba8PapQEDhO21yNFrjANBgkqhkiG9w0BAQEFAARAW9Xb9YXv
-BfcNkutgFX9Gr8iXhBVsNtGEVrjrpkQwpKa7jHI8SjAlLhk/4RFwDHf+ISB9Np3Z1WDWnLcA
-9CWR6g==
------END PKCS7-----
diff --git a/app/openssl/crypto/pkcs7/t/msie-e b/app/openssl/crypto/pkcs7/t/msie-e
deleted file mode 100644
index aafae69f..00000000
--- a/app/openssl/crypto/pkcs7/t/msie-e
+++ /dev/null
@@ -1,20 +0,0 @@
-
-MIAGCSqGSIb3DQEHA6CAMIACAQAxggHCMIHMAgEAMHYwYjERMA8GA1UEBxMISW50ZXJuZXQxFzAV
-BgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytWZXJpU2lnbiBDbGFzcyAxIENBIC0gSW5k
-aXZpZHVhbCBTdWJzY3JpYmVyAhBgQJiC3qfbCbjdj5INYLnKMA0GCSqGSIb3DQEBAQUABECMzu8y
-wQ/qZbO8cAGMRBF+mPruv3+Dvb9aWNZ2k8njUgqF6mcdhVB2MkGcsG3memRXJBixvMYWVkU3qK4Z
-VuKsMIHwAgEAMIGZMIGSMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDERMA8GA1UE
-BxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29mdCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNU
-UkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQDExJERU1PIFpFUk8gVkFMVUUgQ0ECAgRuMA0GCSqG
-SIb3DQEBAQUABEBcWwYFHJbJGhiztt7lzue3Lc9CH5WAbyR+2BZ3uv+JxZfRs1PuaWPOwRa0Vgs3
-YwSJoRfxQj2Gk0wFqG1qt6d1MIAGCSqGSIb3DQEHATAaBggqhkiG9w0DAjAOAgIAoAQI8vRlP/Nx
-2iSggASCAZhR5srxyspy7DfomRJ9ff8eMCtaNwEoEx7G25PZRonC57hBvGoScLtEPU3Wp9FEbPN7
-oJESeC+AqMTyTLNy8aQsyC5s53E9UkoIvg62ekYZBbXZqXsrxx4PhiiX3NH8GVh42phB0Chjw0nK
-HZeRDmxGY3Cmk+J+l0uVKxbNIfJIKOguLBnhqmnKH/PrnzDt591u0ULy2aTLqRm+4/1Yat/QPb6J
-eoKGwNPBbS9ogBdrCNCp9ZFg3Xar2AtQHzyTQIfYeH3SRQUpKmRm5U5o9p5emgEdT+ZfJm/J4tSH
-OmbgAFsbHQakA4MBZ4J5qfDJhOA2g5lWk1hIeu5Dn/AaLRZd0yz3oY0Ieo/erPWx/bCqtBzYbMe9
-qSFTedKlbc9EGe3opOTdBZVzK8KH3w3zsy5luxKdOUG59YYb5F1IZiWGiDyuo/HuacX+griu5LeD
-bEzOtZnko+TZXvWIko30fD79j3T4MRRhWXbgj2HKza+4vJ0mzcC/1+GPsJjAEAA/JgIEDU4w6/DI
-/HQHhLAO3G+9xKD7MvmrzkoAAAAAAAAAAAAA
-
-
diff --git a/app/openssl/crypto/pkcs7/t/msie-e.pem b/app/openssl/crypto/pkcs7/t/msie-e.pem
deleted file mode 100644
index a2a5e24e..00000000
--- a/app/openssl/crypto/pkcs7/t/msie-e.pem
+++ /dev/null
@@ -1,22 +0,0 @@
------BEGIN PKCS7-----
-MIAGCSqGSIb3DQEHA6CAMIIDkAIBADGCAcIwgcwCAQAwdjBiMREwDwYDVQQHEwhJ
-bnRlcm5ldDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNDAyBgNVBAsTK1ZlcmlT
-aWduIENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFsIFN1YnNjcmliZXICEGBAmILep9sJ
-uN2Pkg1gucowDQYJKoZIhvcNAQEBBQAEQIzO7zLBD+pls7xwAYxEEX6Y+u6/f4O9
-v1pY1naTyeNSCoXqZx2FUHYyQZywbeZ6ZFckGLG8xhZWRTeorhlW4qwwgfACAQAw
-gZkwgZIxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQH
-EwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRzb2Z0IFB0eSBMdGQxIjAgBgNVBAsT
-GURFTU9OU1RSQVRJT04gQU5EIFRFU1RJTkcxGzAZBgNVBAMTEkRFTU8gWkVSTyBW
-QUxVRSBDQQICBG4wDQYJKoZIhvcNAQEBBQAEQFxbBgUclskaGLO23uXO57ctz0If
-lYBvJH7YFne6/4nFl9GzU+5pY87BFrRWCzdjBImhF/FCPYaTTAWobWq3p3UwggHD
-BgkqhkiG9w0BBwEwGgYIKoZIhvcNAwIwDgICAKAECPL0ZT/zcdokgIIBmFHmyvHK
-ynLsN+iZEn19/x4wK1o3ASgTHsbbk9lGicLnuEG8ahJwu0Q9Tdan0URs83ugkRJ4
-L4CoxPJMs3LxpCzILmzncT1SSgi+DrZ6RhkFtdmpeyvHHg+GKJfc0fwZWHjamEHQ
-KGPDScodl5EObEZjcKaT4n6XS5UrFs0h8kgo6C4sGeGqacof8+ufMO3n3W7RQvLZ
-pMupGb7j/Vhq39A9vol6gobA08FtL2iAF2sI0Kn1kWDddqvYC1AfPJNAh9h4fdJF
-BSkqZGblTmj2nl6aAR1P5l8mb8ni1Ic6ZuAAWxsdBqQDgwFngnmp8MmE4DaDmVaT
-WEh67kOf8BotFl3TLPehjQh6j96s9bH9sKq0HNhsx72pIVN50qVtz0QZ7eik5N0F
-lXMrwoffDfOzLmW7Ep05Qbn1hhvkXUhmJYaIPK6j8e5pxf6CuK7kt4NsTM61meSj
-5Nle9YiSjfR8Pv2PdPgxFGFZduCPYcrNr7i8nSbNwL/X4Y+wmMAQAD8mAgQNTjDr
-8Mj8dAeEsA7cb73EoPsy+avOSgAAAAA=
------END PKCS7-----
diff --git a/app/openssl/crypto/pkcs7/t/msie-enc-01 b/app/openssl/crypto/pkcs7/t/msie-enc-01
deleted file mode 100644
index 2c93ab64..00000000
--- a/app/openssl/crypto/pkcs7/t/msie-enc-01
+++ /dev/null
@@ -1,62 +0,0 @@
-
-MIAGCSqGSIb3DQEHA6CAMIACAQAxgfMwgfACAQAwgZkwgZIxCzAJBgNVBAYTAkFVMRMwEQYD
-VQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRzb2Z0
-IFB0eSBMdGQxIjAgBgNVBAsTGURFTU9OU1RSQVRJT04gQU5EIFRFU1RJTkcxGzAZBgNVBAMT
-EkRFTU8gWkVSTyBWQUxVRSBDQQICBG4wDQYJKoZIhvcNAQEBBQAEQKvMaW8xh6oF/X+CJivz
-IZV7yHxlp4O3NHQtWG0A8MOZB+CtKlU7/6g5e/a9Du/TOqxRMqtYRp63pa2Q/mM4IYMwgAYJ
-KoZIhvcNAQcBMBoGCCqGSIb3DQMCMA4CAgCgBAifz6RvzOPYlKCABIGwxtGA/FLBBRs1wbBP
-gDCbSG0yCwjJNsFg89/k6xuXo8c5YTwsw8+XlIVq03navpew6XxxzY090rD2OJ0t6HA6GqrI
-pd8WiSh/Atqn0yfLFmkLqgIAPRfzxUxqUocxLpQsLIFp2YNUGE+yps+UZmIjw/WHfdqrcWTm
-STSvKuy3UkIJZCkGDBpTvqk4BFaHh4oTXEpgpNY+GKxjf9TDN9GQPqQZR7sgQki4t2g4/Saq
-Kl4EMISgluk6swdND0tiHY7v5d6YR29ePCl2/STJ98eJpWkEEC22GNNvOy7ru/Rv2He4MgQg
-optd7sk9MMd9xhJppg7CcH/yDx//HrtgpOcWmn6VxpgECFqon4uXkQtIBIH4PaNclFn7/hLx
-Pw2VmBGaC0SYF3U1jyN96EBxdjqy8Aa6ByMXYDW5BcfqniD5mYXfw+b81lh1kutxaPaV4YJ9
-ZlRUW752N7VHo/fG0/fukoe5W9a8kIhgLpygllb/GP4oSF4wM6n1/OgRzZj2IWFiobKO4d/t
-Mnh+C+PoEVAuFZcxQwi9GqvsK5OoIjVwNx0XcVSOl1TTYS9SwC7ugMBCab73JiruC24pL78Y
-M+NaIpIQ3On4DokJA2ZHtjBjZIxF4tKA144RvFN6pBd6TVE5XM6KD/Vh9bjSmujtEAfdQ3Te
-dvKJsbZuu0stErbvWcRy11I328l557EECAJT7d44OJ3rBBBj6bnnx6dDU2SRqp2CEoQaBAhK
-RBuyhNxkygQIOY9/NhwqAJAECOvX0Zd0DqgoBAjobPpMHhVV3gQQWLU2vEoZ51BwzxdzCmxO
-wwQI4oKfudaNqoAESKzBNAqv5kGumHOlMKsRfrs7jZCcSaOuEj97pYx08FLEgF23cav39MOQ
-NUEM1dNU+EYslL4o3RoSHRjUgPU+2t9c0prS9A/bPARIEOP94PynaTNxwHi3VTK7SzuQmgzA
-4n942E9joSiqsQPlsKAb3sPUaLC3SuUxSjNBgfpvD0bmrA/5h+WZoYXvIogFpwjkSmnFBEie
-0lh5Ov1aRrvCw5/j3Q/W/4ZtN5U+aeVBJMtA8n0Mxd5kPxHbNVh4oGprZ6wEegV8ht3voyZa
-mZ5Cyxc8ffMYnM/JJI6/oEYEUEMyyiS5FnYyvxKzfMtyn2lZ2st9nZGNNgMc9N62r5HgNbdD
-FHuRdKKzV+8kQfuMc3mOPpK1t9TFY+QgrxiB5p6S7VooI97YtP3PbfknszCEBEh4PdXYbbaR
-3AacN3Q5kYYmWsq3WW6xgrg0mmEGosGvwSQxBBuiXZrxScCa4ivEq05UZwyShePvKduOvnUE
-2zDO6IXFLZxhTZAESEm9/FovLgGAiJ7iMGmYvsISLJScwG4n+wrSaQNQXizs9N3ykys54wBN
-d/+BQ4F7pncHhDQ2Dyt5MekB8Y8iNOocUTFCu524vQRIaWCXmXP3vU7D21dp0XnAMzRQJ565
-JV3aHRoY7XDa4LePa7PP9ywyafOE5yCW7ndqx3J+2JhTDvSFsW8/q3H3iyeFhykuJVS6BFDK
-6CmKbnyyjOfE2iLGJmTFa905V2KrVDCmlEu/xyGMs80yTyZC+ySzM83FMVvLEQmSzcTNUZVp
-DfA1kNXbXkPouBXXT6g8r8JCRljaKKABmgRIlMheOJQRUUU4cgvhMreXPayhq5Ao4VMSCkA5
-hYRCBczm4Di/MMohF0SxIsdRY6gY9CPnrBXAsY6h1RbR7Tw0iQZmeXi52DCiBEj0by+SYMAa
-9z0CReIzl8JLL6EVIFz8kFxlkGWjr4dnOzhhPOq/mCpp0WxbavDfdhE87MdXJZBnLwoT62QG
-955HlAoEQBOGJbcESCgd5XSirZ9Y3AbCfuKOqoMBvEUGn+w/pMaqnGvnr5FZhuBDKrhRXqtx
-QsxA//drGUxsrZOuSL/0+fbvo7n2h1Z8Ny86jOvVZAQIAjw2l1Yc5RAESNc9i3I8pKEOVQf/
-UBczJ0NR9aTEF80dRg2lpXwD0ho4N0AvSiVbgxC7cPZHQwIqvq9LHRUs/4n+Vu3SVYU3cAxo
-lUTiCGUSlARIF+TD57SI5+RI+MNtnD9rs4E1ml51YoHGWFj3UPriDmY0FKEwIgqtMXMY3fZ9
-Kq8d83bjDzxwbDX7WwR7KbSeJWT42pCz7kM+BEjjPsOnZHuusXT3x2rrsBnYtYsbt98mSFiS
-KzTtFmXfkOBbCQdit1P76QnYJ1aXMGs6zP6GypQTadK/zYWvlm38QkVwueaJ0woESKW2pqKA
-70h2UMDHOrpepU1lj0YMzmotDHSTU3L909VvUMNg9uqfrQ6mSkb9j5Tl8oF2otOw5EzA1Yda
-KPmgsv62RWLYl80wXQRQwG0e/mgG75jp9lOhJdVXqcYbQpS9viwVaVkwH+69mu/bQI4gjoEs
-UYX6O71Re2z+cYhcm9UrK+DXuSFBXQOIlAFxKMW4B0apd6fU84FsZLMESOorXE5OE0A2B2ji
-J8QI0Exk4hUvWrMNJfUZwFyS7E05xV9ORuX1xmsKqkT4tVR5Nqln4vhvAY860VBoloz0CDkd
-8seSBEjeMgRI9FvpYuflIeHg9urkwp6N+1f0DrJJhJY9ZQ0HTQhziJmIfvbEjNqCl7hEC28+
-F8I5tuViLgfSwcFFCvnS6WFoN4X6QdFdqMCbBEjdlI1c+IQGA/IuTDMJYCuQ/v+8BG5ZeWVH
-icPZmXfRat9eFK1dGKAJef6+Tf9HPuDjSpDyffrifsp7Dc34lmm7GN1+ON3ZMtwEUNm6epb8
-1RKWjoI7jIKUV/M2p/0eeGSqs4b06KF/VR6dBwsJVL5DpnTsp3MV4j/CAOlRdSPZ5++tsKbM
-aplk+ceqQtpEFz1MYTtVV4+rlrWaBEA1okJyNZ5/tNOwM7B+XfOZ0xw+uyVi9v4byTZM2Qds
-J+d3YGYLAugTGHISLqQEerD8/gGK+/SL06b2gNedXPHtBAiBKX+Mdy3wFQQIqE9gVgvrFNUE
-CKKoTFoMGqnPBAjDPgLCklNfrwQI3Ek1vSq68w8ECBodu2FOZJVkBAgzwjfSr2N9WQQQTCoQ
-KkAbrS9tnjXn1I3+ZwQIrPx3eINo/YUECIeYWCFskxlYBAiDUdvZXwD3vgQIkEyZbbZWbUUE
-CH4+odl1Isk3BBj68fkqJ0fKJRWVLWuW/O3VE4BOPKwFlaIECFseVTdDUho8BAj+cOKvV2WA
-hgQgaXr+wwq+ItblG0Qxz8IVUXX6PV2mIdHwz4SCCvnCsaIECJhBYxdfLI/XBCDswamPn9MR
-yXi2HVQBineV+GtWVkIoZ2dCLFB9mQRMoAQI0nUR5a5AOJoECA+AunKlAlx8BAi5RtFeF4g1
-FQQIz/ie+16LlQcECOmNuVg5DXjMBAjH2nkfpXZgWwQIVdLuO/+kuHAECO/5rEHmyI9vBBD4
-16BU4Rd3YerDQnHtrwOQBCCkho1XxK5Maz8KLCNi20wvcGt8wsIXlj2h5q9ITBq7IgQQvKVY
-4OfJ7bKbItP2dylwQgQYPIGxwkkbRXNraONYvN19G8UdF35rFOuIBAjf0sKz/618ZQQIxObr
-xJkRe0sECIC+ssnjEb2NBBBI+XM4OntVWGsRV9Td3sFgBAinGwIroo8O0gQQMGAwgc9PaLaG
-gBCiwSTrYQQIVHjfCQgOtygEUIoraFoANfhZgIShpOd/RRxFU4/7xZR5tMdGoYz/g0thR0lM
-+Hi88FtFD4mAh/Oat4Ri8B7bv04aokjN2UHz6nPbHHjZ8zIqpbYTCy043GNZBAhOqjyB2JbD
-NwQoR23XCYD9x6E20ChHJRXmaHwyMdYXKl5CUxypl7ois+sy2D7jDukS3wQIsTyyPgJi0GsA
-AAAAAAAAAAAA
-
diff --git a/app/openssl/crypto/pkcs7/t/msie-enc-01.pem b/app/openssl/crypto/pkcs7/t/msie-enc-01.pem
deleted file mode 100644
index 9abf00b2..00000000
--- a/app/openssl/crypto/pkcs7/t/msie-enc-01.pem
+++ /dev/null
@@ -1,66 +0,0 @@
------BEGIN PKCS7-----
-MIAGCSqGSIb3DQEHA6CAMIILyAIBADGB8zCB8AIBADCBmTCBkjELMAkGA1UEBhMC
-QVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxETAPBgNVBAcTCEJyaXNiYW5lMRowGAYD
-VQQKExFDcnlwdHNvZnQgUHR5IEx0ZDEiMCAGA1UECxMZREVNT05TVFJBVElPTiBB
-TkQgVEVTVElORzEbMBkGA1UEAxMSREVNTyBaRVJPIFZBTFVFIENBAgIEbjANBgkq
-hkiG9w0BAQEFAARAq8xpbzGHqgX9f4ImK/MhlXvIfGWng7c0dC1YbQDww5kH4K0q
-VTv/qDl79r0O79M6rFEyq1hGnrelrZD+YzghgzCCCssGCSqGSIb3DQEHATAaBggq
-hkiG9w0DAjAOAgIAoAQIn8+kb8zj2JSAggqgxtGA/FLBBRs1wbBPgDCbSG0yCwjJ
-NsFg89/k6xuXo8c5YTwsw8+XlIVq03navpew6XxxzY090rD2OJ0t6HA6GqrIpd8W
-iSh/Atqn0yfLFmkLqgIAPRfzxUxqUocxLpQsLIFp2YNUGE+yps+UZmIjw/WHfdqr
-cWTmSTSvKuy3UkIJZCkGDBpTvqk4BFaHh4oTXEpgpNY+GKxjf9TDN9GQPqQZR7sg
-Qki4t2g4/SaqKl6EoJbpOrMHTQ9LYh2O7+XemEdvXjwpdv0kyffHiaVpBBAtthjT
-bzsu67v0b9h3uDKim13uyT0wx33GEmmmDsJwf/IPH/8eu2Ck5xaafpXGmFqon4uX
-kQtIPaNclFn7/hLxPw2VmBGaC0SYF3U1jyN96EBxdjqy8Aa6ByMXYDW5BcfqniD5
-mYXfw+b81lh1kutxaPaV4YJ9ZlRUW752N7VHo/fG0/fukoe5W9a8kIhgLpygllb/
-GP4oSF4wM6n1/OgRzZj2IWFiobKO4d/tMnh+C+PoEVAuFZcxQwi9GqvsK5OoIjVw
-Nx0XcVSOl1TTYS9SwC7ugMBCab73JiruC24pL78YM+NaIpIQ3On4DokJA2ZHtjBj
-ZIxF4tKA144RvFN6pBd6TVE5XM6KD/Vh9bjSmujtEAfdQ3TedvKJsbZuu0stErbv
-WcRy11I328l557ECU+3eODid62PpuefHp0NTZJGqnYIShBpKRBuyhNxkyjmPfzYc
-KgCQ69fRl3QOqCjobPpMHhVV3li1NrxKGedQcM8XcwpsTsPigp+51o2qgKzBNAqv
-5kGumHOlMKsRfrs7jZCcSaOuEj97pYx08FLEgF23cav39MOQNUEM1dNU+EYslL4o
-3RoSHRjUgPU+2t9c0prS9A/bPBDj/eD8p2kzccB4t1Uyu0s7kJoMwOJ/eNhPY6Eo
-qrED5bCgG97D1Giwt0rlMUozQYH6bw9G5qwP+YflmaGF7yKIBacI5EppxZ7SWHk6
-/VpGu8LDn+PdD9b/hm03lT5p5UEky0DyfQzF3mQ/Eds1WHigamtnrAR6BXyG3e+j
-JlqZnkLLFzx98xicz8kkjr+gRkMyyiS5FnYyvxKzfMtyn2lZ2st9nZGNNgMc9N62
-r5HgNbdDFHuRdKKzV+8kQfuMc3mOPpK1t9TFY+QgrxiB5p6S7VooI97YtP3Pbfkn
-szCEeD3V2G22kdwGnDd0OZGGJlrKt1lusYK4NJphBqLBr8EkMQQbol2a8UnAmuIr
-xKtOVGcMkoXj7ynbjr51BNswzuiFxS2cYU2QSb38Wi8uAYCInuIwaZi+whIslJzA
-bif7CtJpA1BeLOz03fKTKznjAE13/4FDgXumdweENDYPK3kx6QHxjyI06hxRMUK7
-nbi9aWCXmXP3vU7D21dp0XnAMzRQJ565JV3aHRoY7XDa4LePa7PP9ywyafOE5yCW
-7ndqx3J+2JhTDvSFsW8/q3H3iyeFhykuJVS6yugpim58soznxNoixiZkxWvdOVdi
-q1QwppRLv8chjLPNMk8mQvskszPNxTFbyxEJks3EzVGVaQ3wNZDV215D6LgV10+o
-PK/CQkZY2iigAZqUyF44lBFRRThyC+Eyt5c9rKGrkCjhUxIKQDmFhEIFzObgOL8w
-yiEXRLEix1FjqBj0I+esFcCxjqHVFtHtPDSJBmZ5eLnYMKL0by+SYMAa9z0CReIz
-l8JLL6EVIFz8kFxlkGWjr4dnOzhhPOq/mCpp0WxbavDfdhE87MdXJZBnLwoT62QG
-955HlAoEQBOGJbcoHeV0oq2fWNwGwn7ijqqDAbxFBp/sP6TGqpxr56+RWYbgQyq4
-UV6rcULMQP/3axlMbK2Trki/9Pn276O59odWfDcvOozr1WQCPDaXVhzlENc9i3I8
-pKEOVQf/UBczJ0NR9aTEF80dRg2lpXwD0ho4N0AvSiVbgxC7cPZHQwIqvq9LHRUs
-/4n+Vu3SVYU3cAxolUTiCGUSlBfkw+e0iOfkSPjDbZw/a7OBNZpedWKBxlhY91D6
-4g5mNBShMCIKrTFzGN32fSqvHfN24w88cGw1+1sEeym0niVk+NqQs+5DPuM+w6dk
-e66xdPfHauuwGdi1ixu33yZIWJIrNO0WZd+Q4FsJB2K3U/vpCdgnVpcwazrM/obK
-lBNp0r/Nha+WbfxCRXC55onTCqW2pqKA70h2UMDHOrpepU1lj0YMzmotDHSTU3L9
-09VvUMNg9uqfrQ6mSkb9j5Tl8oF2otOw5EzA1YdaKPmgsv62RWLYl80wXcBtHv5o
-Bu+Y6fZToSXVV6nGG0KUvb4sFWlZMB/uvZrv20COII6BLFGF+ju9UXts/nGIXJvV
-Kyvg17khQV0DiJQBcSjFuAdGqXen1POBbGSz6itcTk4TQDYHaOInxAjQTGTiFS9a
-sw0l9RnAXJLsTTnFX05G5fXGawqqRPi1VHk2qWfi+G8BjzrRUGiWjPQIOR3yx5IE
-SN4y9FvpYuflIeHg9urkwp6N+1f0DrJJhJY9ZQ0HTQhziJmIfvbEjNqCl7hEC28+
-F8I5tuViLgfSwcFFCvnS6WFoN4X6QdFdqMCb3ZSNXPiEBgPyLkwzCWArkP7/vARu
-WXllR4nD2Zl30WrfXhStXRigCXn+vk3/Rz7g40qQ8n364n7Kew3N+JZpuxjdfjjd
-2TLc2bp6lvzVEpaOgjuMgpRX8zan/R54ZKqzhvTooX9VHp0HCwlUvkOmdOyncxXi
-P8IA6VF1I9nn762wpsxqmWT5x6pC2kQXPUxhO1VXj6uWtZo1okJyNZ5/tNOwM7B+
-XfOZ0xw+uyVi9v4byTZM2QdsJ+d3YGYLAugTGHISLqQEerD8/gGK+/SL06b2gNed
-XPHtgSl/jHct8BWoT2BWC+sU1aKoTFoMGqnPwz4CwpJTX6/cSTW9KrrzDxodu2FO
-ZJVkM8I30q9jfVlMKhAqQButL22eNefUjf5nrPx3eINo/YWHmFghbJMZWINR29lf
-APe+kEyZbbZWbUV+PqHZdSLJN/rx+SonR8olFZUta5b87dUTgE48rAWVolseVTdD
-Uho8/nDir1dlgIZpev7DCr4i1uUbRDHPwhVRdfo9XaYh0fDPhIIK+cKxophBYxdf
-LI/X7MGpj5/TEcl4th1UAYp3lfhrVlZCKGdnQixQfZkETKDSdRHlrkA4mg+AunKl
-Alx8uUbRXheINRXP+J77XouVB+mNuVg5DXjMx9p5H6V2YFtV0u47/6S4cO/5rEHm
-yI9v+NegVOEXd2Hqw0Jx7a8DkKSGjVfErkxrPwosI2LbTC9wa3zCwheWPaHmr0hM
-GrsivKVY4OfJ7bKbItP2dylwQjyBscJJG0Vza2jjWLzdfRvFHRd+axTriN/SwrP/
-rXxlxObrxJkRe0uAvrLJ4xG9jUj5czg6e1VYaxFX1N3ewWCnGwIroo8O0jBgMIHP
-T2i2hoAQosEk62FUeN8JCA63KIoraFoANfhZgIShpOd/RRxFU4/7xZR5tMdGoYz/
-g0thR0lM+Hi88FtFD4mAh/Oat4Ri8B7bv04aokjN2UHz6nPbHHjZ8zIqpbYTCy04
-3GNZTqo8gdiWwzdHbdcJgP3HoTbQKEclFeZofDIx1hcqXkJTHKmXuiKz6zLYPuMO
-6RLfsTyyPgJi0GsAAAAA
------END PKCS7-----
diff --git a/app/openssl/crypto/pkcs7/t/msie-enc-02 b/app/openssl/crypto/pkcs7/t/msie-enc-02
deleted file mode 100644
index 70170559..00000000
--- a/app/openssl/crypto/pkcs7/t/msie-enc-02
+++ /dev/null
@@ -1,90 +0,0 @@
-
-MIAGCSqGSIb3DQEHA6CAMIACAQAxggHCMIHMAgEAMHYwYjERMA8GA1UEBxMISW50ZXJuZXQxFzAV
-BgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytWZXJpU2lnbiBDbGFzcyAxIENBIC0gSW5k
-aXZpZHVhbCBTdWJzY3JpYmVyAhBgQJiC3qfbCbjdj5INYLnKMA0GCSqGSIb3DQEBAQUABEACr4tn
-kSzvo3aIlHfJLGbfokNCV6FjdDP1vQhL+kdXONqcFCEf9ReETCvaHslIr/Wepc5j2hjZselzgqLn
-rM1ZMIHwAgEAMIGZMIGSMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDERMA8GA1UE
-BxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29mdCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNU
-UkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQDExJERU1PIFpFUk8gVkFMVUUgQ0ECAgRuMA0GCSqG
-SIb3DQEBAQUABEBanBxKOvUoRn3DiFY55lly2TPu2Cv+dI/GLrzW6qvnUMZPWGPGaUlPyWLMZrXJ
-xGXZUiRJKTBwDu91fnodUEK9MIAGCSqGSIb3DQEHATAaBggqhkiG9w0DAjAOAgIAoAQImxKZEDWP
-EuOggASCBACBi1bX/qc3geqFyfRpX7JyIo/g4CDr62GlwvassAGlIO8zJ5Z/UDIIooeV6QS4D4OW
-PymKd0WXhwcJI0yBcJTWEoxND27LM7CWFJpA07AoxVCRHTOPgm794NynLecNUOqVTFyS4CRuLhVG
-PAk0nFZG/RE2yMtx4rAkSiVgOexES7wq/xWuoDSSmuTMNQOTbKfkEKqdFLkM/d62gD2wnaph7vKk
-PPK82wdZP8rF3nUUC5c4ahbNoa8g+5B3tIF/Jz3ZZK3vGLU0IWO+i7W451dna13MglDDjXOeikNl
-XLsQdAVo0nsjfGu+f66besJojPzysNA+IEZl6gNWUetl9lim4SqrxubUExdS2rmXnXXmEuEW/HC7
-dlTAeYq5Clqx5id6slhC2C2oegMww3XH9yxHw6OqzvXY6pVPEScEtBMQLgaKFQT+m2SRtbTVFG7c
-QcnUODyVB1IbpQTF1DHeeOX1W/HfpWZym8dzkti6SCyeumHmqO406xDiIMVKtHOqM86nEHuAMZsr
-cLy+ey6TEJvR6S4N8QRzng8JJDZDTJXQN6q84aEudsnOrw2KyOVwPpI6ey4qBsHUgQ8kAFy5lsQa
-WV45h6exgUwbBcKLgPZGFj+OdD2RKJsTb83/UqbJS5Q/lGXhzBlnaYucyJxEprRxbntmcnOEPFJe
-+tRDUwOTd7qlJljdhIJL+uDcooL9Ahgo6Cwep6tduekv2cSEohJeTE8Dvy34YRhMbLvnFNdmnpNy
-rNZDYVVxxaKoyd2AfB8NPFZh1VdAYfI3R1QAQ2kXEef5NNIfVQfMzD9akJn4RP+Kv32Qaxm4FrnK
-xmwRyGJShavIBc2ax+F1r1+NZXuSBHn5vfoRTxOk0ST4dXsw74dnlYUMRaSu4qqUdM9jsXSyeX4Z
-gQgkR2bkaYO6ezFgenFIa7QWVw8rXZAEZ5aibCxbnY1VE41PYIvhlLdbFJhH9gY22s+fFAuwnzyA
-SRjC40A9aAEItRlaPStWSGiqlLRgNkBBwdpv2l2YPBd2QzHx6ek6XGrvRJuAC+Nh62rtQKwpNH54
-YAOHW55maBFW2SQ3TF+cZ6NbbqhCmHTyyR7mcSYc9sXSVDWEhYKQ1iyU870zhHWVpvglZizZetJC
-ZFjYex3b1ngVdcgargOvpPq9urCKKi2mbkqv/EFpzSWGXkKSpfCG/XfMnEOtkNrB8S06vnk2JcJB
-OBqJot+uuSH5hOg0vTpxX2DuONJSiWSWyfRE/lTfJJFXwhod7SXclUyXPeSyibcSic2hVAzDmwjD
-31js/j2k02PI/agPhr3UQ8cMgcNAiaoCKbNaWfn6BGbCAbTchxzUlo2cSJiLlrX2IDZmfXbXmZCo
-m1smWIG+BIIEALiuAxDb6dWLAYyVBoN9hYI4AiPeZAY9MtvQ6AV8o2/EFm6PvYGXy3Hei5830CH0
-PBeX7Kdd6ff1y33TW/l5qSkIL1ULTGR7okFfJePHDmq1dFt6/JOMptiQ8WSu7CsJQvZ9VTFXeYFc
-ZqCPPZc1NrPegNK70Zf9QxWIbDAevJ5KLBf1c6j8pU2/6LnvDY6VjaTvYSgr7vTR8eVzH4Rm77W0
-iOHxg5VcODv6cGSVyuvbX8UAGo8Cmb58ERDtBDJBQXVpWKLNAuDJ9GX8n2zNkpjZLbPSkcmuhqGa
-BJBE/BaCTkUQWlY9dIbRtEnxIU1mfbPPdx1Ppa8DqGDjSOsQdKcKYNNZtayEw++EIpmpdBNsKphC
-fB8UEK2Wkk4ZVW+qyGoi/r0MFsvO1NmSOOZ0o/jy/YHmoeURHhPy97AO3eVTkEAa5CfJEJybmo56
-7CDw/FwoGAUCgsoz7rlxzMudr/IhHIH+APinncxXlHO2ecvHD9i8DaHGA8tVifgsUhqQoZieULut
-eF94O5UAxOkv41UZssYTwN4nYrN1QkesZl3BX4ORS4EE30/PQ23ARf3WZptZrCJevGm2ZYzGeh8x
-g17mCDfiLO+bff4qP/4mC96Pu4ia6j4to5BwKIJS/+DCuoD8WeSKF4pugXQkMUiHdQnNnVP9Sp2O
-/4ly5mO8JzrQC59V2bnTNBqPhpno8kfJvK5TypPSVC+bTzern3rJ6UceB3srcn9zxKx9GdNydJQj
-yWjv8ec3n3d1nuQwhz5Q053NBhIjwoGg3Go7LO6i78ZOlpF7dcoAO13NfHLyNjnyHCaiWtVRTct9
-rLf5vN00urSn8YJngHk1eTKK8nHGIcOg6YdYDOD2nE5XwRijKmieG8Xa3eKRzfbL06GrBQENle6J
-mC131bp3cRVxpjq+o6RAbGoMm4yICsL4eTarCQrsyHmoPHqr91UHo91avyxU7knWmEhX27ybmsrs
-8aeZwPHixL14TeyhruCqRVvkf1Ks7P+z8MPUboGNqQe2WLN8ktCGEr15O8MJR/em86G03Jfo4oaw
-/DVUH5RwLT6acedOGuzMh/2r8BcmemhVQ8/cWvV4YJ0tOW4hzyVHC5hQf8sZ3LzxXLH6Ohnrbprh
-xvrdbaSdChWZDDP0bCCbxEhkwuBkBeKZrMbwRTP+TPTPYLVTH/CmKLzKh/114tkGkyO3hHS4qExU
-V39F2Sj4mylx+hD0+20D9pntpNi7htccGlOm6yNM69at/3+kLgJJyoIlaxLcCUYHNMifDt+T3p/t
-5U4XmD53uUQ6M8dvj/udqPekNSUfse15yrd9pjOt5PcJuqW28q0sFHf9pHIgz3XZFMe5PD7ppw6r
-S+C6Ir4PrYIEggQA7ZDVtiCm+BbtNNB/UJm79/OQ5mp5bTI0kPmDeycaWTa0Ojpum+c/dpG/iJOB
-DICj7jHOXSHT7JlGyX6aSFJUltucAnZvwzhPDmdDaIDiKSk85GqgdDWVfGosSCX9Ph/T3WpIxnwf
-WSDRtIHkWTjly+pe4yy5K6/XISy/L5Zh/fhiI5fjHjgzmlibs2ru4nVw6hBhUvlSSe2BEs5d9h/y
-NH8Wy3qvb2D3jh7hkepFtZJGNTHp8ZUC7Ns2JIpQYObsaxdI65i3mMOu7fRwI+0/4ejsWhP6KCEi
-LgwvLg0qM82ma6YB7qHAHboaczRVEffDcJUG4a5uycB0DoZFn+uEaEFyili20hCn4hVfsqUQk2PT
-8Mo1tSl5e30xI1YJZrRgiJm9nHRX6fLizngP+ILJLPHZsPvlSVIfY+/v/FR8feKOjaGhyGF51BAx
-aM2NIQ4jMP5/X+U5gQybi0E6u7rroDhaHsKmCMgXqszwXWCpedA/sEbeHpiTC59YlPPSlIOMc9vP
-Ko/mQCfWy/9icUaIfKQldvkllUxxNkqu6AbIpHVscbAEzSPs5xbQXU8EZNNCDisFnnpY3nQ3eLnl
-m89saTJxRb7NWHRMlmPv7qgD7uMIq3vdOGA7i5wT9MeoNIgK1/DsgH30s6RWjJy4YyyLmRTXPzbj
-hbQVpEmiMRbEidIvUx2OjKVxVQIcgtLsa2lvHQ4XL1cpLr5GVtOgy0fMg5OCDUUDsvjgjgLQ3P2U
-p2nVY5FM6/QpPc5DTLuuR9ekI2/c9Biz09RtcYDUQK2ajdo8h1IyKqHFoB7h48OXxXKKY94DY0TG
-x6PonB/epj8orAw4QKmm5M0vXYwBOqRymCTHTqOJGObdLx1euFFyqguzHJOU2gAGZI0z9Lg1yRuF
-yhdPZyuniIcmtLNxRZ1duYHErcAyX56qndmLXt7UVkATai/rIMuoJLfAsUnVuTUS5p7tJM754UZT
-7lTcXvDJgOUNnBRaIcxC3pxvbrYDJ2iFJ72xkxUP2p74gucqg25XnCVmQuLg6zDDxF6CLuw9isxy
-Xg4pkneMN//7fpp8GYl9nyZm2yqYYM+jcw0fcVc64L+X4w/gL3H2UMGgxIHSJp7HIG7VKHtXrNyj
-dPXXPVUsMsAAimqOr0Lr2sZWirfuivLaPTqhbkvG5PF7K3gT80AOIcd/6EIHBy2hZ7ukfjHmdP4L
-yQOhTQklaKzGHI0mypq0uFLWJOUlZnVrMiLP1xrWkpC8Ro9eo6mfjjQ45z8adC43a47klwTEzvod
-3rNEFIGJJUEjAN3mbqie7IxoSJknBBJK0D9lZEQ8lZWlq7vuN8JdqPM6xh155jMVsPwjLK6Tzkj5
-BpRD9Tgm3u6HPQSCBADgkWEN75Mu9TGosXY0xm1k6K6sPv8L949CrLWo4r1I2LA072bTGvQP28Vs
-hUA76jgcT1ocC++9PoktIK10YCq5w+FfMAQ04KeCXuAdmiY2iAT4Slea61PMCMta3mVGyLUZCLEm
-P+I0UKR5mlO0fGEcjU9j8TmbjZqxNFqloLsU7oSi7Os0EtYHkdAVrExUyOc/ZDie6fBjdLTmLdCm
-bE9JNwjlbXypdTZupGgLNhKGDIskUAAMwZYayI6YfSIMkNCeAYTnjOuGZZ1msCXGXsfMBR1sfUIj
-9UeGjwD8gq+UVVHX/oeoH/m0eJ5ppqi3+nUlgc9DvpYsC/Fg0G2KuYb9B+VJ+a4GMzQSPREoFtQp
-B9dtLkBb7Ha/hpGWTIdqzW0eAo5llyN8FNvl2Fu2IcLaNmWFO69gLjRKQopp0dvFOuwAVI6fvGDj
-p1WigoNbFZl8N+iiWmzKOjoG2ZLbez1clZCms/JPJrXhEMMOxWpVzkQyN336VWHmGgMcjaKCGSeA
-2nnESIGuiCXMrkHlGfabYIsKcHFCo2t13uXyZPf0zSPTkuD0Eh92wqC9pvA3gvrrCUfo9Mn3bs+e
-KWKmDlpcs8mDn032oIg+zrQhIduMqXVn3evzeVM3B5MBOGMvg51/SXg7R+MC/463juQQEb9IVe/I
-YGnO//oWm9lw/377Af/qH+FnN02obJw1FvesQIs9e5RHNQykKbO+vmVJQl1nd9DZWrHDNO7/80Yz
-2hCm7Tws5nSRN2iFlyRaYJHr7ypxkU2rCak2r6ua7XDwu1qU2RT3+qPjT1RuxQ2oTlHyGkKPMZGC
-Rc+CSWz5aeeCmHZVwdb3nC8YpfsujMiYqygLeuQ82pjKuR7DIKGmnfcOLdv5F+Ek2Wyy0D98iSgk
-+aoQGYLhL9llU13pn21uRsDY5uGcXiIw1IETFlTdgENEv8futZuJsegrp7fmFXyNoNyFNyypeDrM
-6ZqR4vKxFjg3tKKeVpkw/W4EAklzMxmNiazGNDBHsnYV3rwPlKa+HeeE2YxnsKwGLCNgRYUXTaJk
-461vS160z3dvh/mLfdZ7MYCkmO3bNE3ELUDAw7YQkSuo9ujzdFKte9LC34sjg9fOex3ThAg5Y50n
-wYm4zBmGM7yEqL8O6QgnM6tIDFS9XryDaLNzcGhMWqMvhzO6sC/AA2WfLgwS517Cp03IkJQWqG9q
-w52+E+GAtpioJfczEhlv9BrhjttdugRSjJrG8SYVYE4zG3Aur5eNBoGaALIOHOtPw8+JovQmIWcF
-oaJ/WQuglFrWtew51IK6F8RiHAOBVavZOuZcO7tV+5enVfreOd0rX8ZOy4hYmHhmF1hOrrWOn+Ee
-E0SYKonXN01BM9xMBIIBSLCvNAppnGPTUGjwbMJRg1VJ2KMiBWH5oJp8tyfIAxMuWFdtaLYbRSOD
-XbOAshPVK8JAY8DQDkzqaCTAkLTfSRAt9yY6SbUpMsRv7xa8nMZNJBJzJT9b/wNjgiOJgaGuJMkV
-2g/DX2jfP3PrMM/Sbnz7edORXHj1Pa5XTT8nG5MS0FuZgvevdq3o/gVVAz+ZCKOH3ShMzZvfp01l
-SX5gaJTflmU6cdNwtn2yZ6IScF7OrjUeA9iEoSVR9dQcA+4lB3RAG3LMwcnxXY35D7+PMJzHIZdF
-cSnq+n03ACY2/E/T31iijRH29rvYHGI+mP/ieYs45iq4fTWo6i1HofeWLdP0fX7xW3XO0/hWYFiw
-BxKu66whAbRhaib3XJNvetVs25ToYXyiDpjG+cd5rCMei8sGQwTBj9Zeh0URoeMW1inTP0JvCmMU
-rZgAAAAAAAAAAAAA
-
diff --git a/app/openssl/crypto/pkcs7/t/msie-enc-02.pem b/app/openssl/crypto/pkcs7/t/msie-enc-02.pem
deleted file mode 100644
index 279c5d83..00000000
--- a/app/openssl/crypto/pkcs7/t/msie-enc-02.pem
+++ /dev/null
@@ -1,106 +0,0 @@
------BEGIN PKCS7-----
-MIAGCSqGSIb3DQEHA6CAMIITQAIBADGCAcIwgcwCAQAwdjBiMREwDwYDVQQHEwhJ
-bnRlcm5ldDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNDAyBgNVBAsTK1ZlcmlT
-aWduIENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFsIFN1YnNjcmliZXICEGBAmILep9sJ
-uN2Pkg1gucowDQYJKoZIhvcNAQEBBQAEQAKvi2eRLO+jdoiUd8ksZt+iQ0JXoWN0
-M/W9CEv6R1c42pwUIR/1F4RMK9oeyUiv9Z6lzmPaGNmx6XOCoueszVkwgfACAQAw
-gZkwgZIxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQH
-EwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRzb2Z0IFB0eSBMdGQxIjAgBgNVBAsT
-GURFTU9OU1RSQVRJT04gQU5EIFRFU1RJTkcxGzAZBgNVBAMTEkRFTU8gWkVSTyBW
-QUxVRSBDQQICBG4wDQYJKoZIhvcNAQEBBQAEQFqcHEo69ShGfcOIVjnmWXLZM+7Y
-K/50j8YuvNbqq+dQxk9YY8ZpSU/JYsxmtcnEZdlSJEkpMHAO73V+eh1QQr0wghFz
-BgkqhkiG9w0BBwEwGgYIKoZIhvcNAwIwDgICAKAECJsSmRA1jxLjgIIRSIGLVtf+
-pzeB6oXJ9GlfsnIij+DgIOvrYaXC9qywAaUg7zMnln9QMgiih5XpBLgPg5Y/KYp3
-RZeHBwkjTIFwlNYSjE0PbsszsJYUmkDTsCjFUJEdM4+Cbv3g3Kct5w1Q6pVMXJLg
-JG4uFUY8CTScVkb9ETbIy3HisCRKJWA57ERLvCr/Fa6gNJKa5Mw1A5Nsp+QQqp0U
-uQz93raAPbCdqmHu8qQ88rzbB1k/ysXedRQLlzhqFs2hryD7kHe0gX8nPdlkre8Y
-tTQhY76LtbjnV2drXcyCUMONc56KQ2VcuxB0BWjSeyN8a75/rpt6wmiM/PKw0D4g
-RmXqA1ZR62X2WKbhKqvG5tQTF1LauZeddeYS4Rb8cLt2VMB5irkKWrHmJ3qyWELY
-Lah6AzDDdcf3LEfDo6rO9djqlU8RJwS0ExAuBooVBP6bZJG1tNUUbtxBydQ4PJUH
-UhulBMXUMd545fVb8d+lZnKbx3OS2LpILJ66Yeao7jTrEOIgxUq0c6ozzqcQe4Ax
-mytwvL57LpMQm9HpLg3xBHOeDwkkNkNMldA3qrzhoS52yc6vDYrI5XA+kjp7LioG
-wdSBDyQAXLmWxBpZXjmHp7GBTBsFwouA9kYWP450PZEomxNvzf9SpslLlD+UZeHM
-GWdpi5zInESmtHFue2Zyc4Q8Ul761ENTA5N3uqUmWN2Egkv64Nyigv0CGCjoLB6n
-q1256S/ZxISiEl5MTwO/LfhhGExsu+cU12aek3Ks1kNhVXHFoqjJ3YB8Hw08VmHV
-V0Bh8jdHVABDaRcR5/k00h9VB8zMP1qQmfhE/4q/fZBrGbgWucrGbBHIYlKFq8gF
-zZrH4XWvX41le5IEefm9+hFPE6TRJPh1ezDvh2eVhQxFpK7iqpR0z2OxdLJ5fhmB
-CCRHZuRpg7p7MWB6cUhrtBZXDytdkARnlqJsLFudjVUTjU9gi+GUt1sUmEf2Bjba
-z58UC7CfPIBJGMLjQD1oAQi1GVo9K1ZIaKqUtGA2QEHB2m/aXZg8F3ZDMfHp6Tpc
-au9Em4AL42Hrau1ArCk0fnhgA4dbnmZoEVbZJDdMX5xno1tuqEKYdPLJHuZxJhz2
-xdJUNYSFgpDWLJTzvTOEdZWm+CVmLNl60kJkWNh7HdvWeBV1yBquA6+k+r26sIoq
-LaZuSq/8QWnNJYZeQpKl8Ib9d8ycQ62Q2sHxLTq+eTYlwkE4Gomi3665IfmE6DS9
-OnFfYO440lKJZJbJ9ET+VN8kkVfCGh3tJdyVTJc95LKJtxKJzaFUDMObCMPfWOz+
-PaTTY8j9qA+GvdRDxwyBw0CJqgIps1pZ+foEZsIBtNyHHNSWjZxImIuWtfYgNmZ9
-dteZkKibWyZYgb64rgMQ2+nViwGMlQaDfYWCOAIj3mQGPTLb0OgFfKNvxBZuj72B
-l8tx3oufN9Ah9DwXl+ynXen39ct901v5eakpCC9VC0xke6JBXyXjxw5qtXRbevyT
-jKbYkPFkruwrCUL2fVUxV3mBXGagjz2XNTaz3oDSu9GX/UMViGwwHryeSiwX9XOo
-/KVNv+i57w2OlY2k72EoK+700fHlcx+EZu+1tIjh8YOVXDg7+nBklcrr21/FABqP
-Apm+fBEQ7QQyQUF1aViizQLgyfRl/J9szZKY2S2z0pHJroahmgSQRPwWgk5FEFpW
-PXSG0bRJ8SFNZn2zz3cdT6WvA6hg40jrEHSnCmDTWbWshMPvhCKZqXQTbCqYQnwf
-FBCtlpJOGVVvqshqIv69DBbLztTZkjjmdKP48v2B5qHlER4T8vewDt3lU5BAGuQn
-yRCcm5qOeuwg8PxcKBgFAoLKM+65cczLna/yIRyB/gD4p53MV5RztnnLxw/YvA2h
-xgPLVYn4LFIakKGYnlC7rXhfeDuVAMTpL+NVGbLGE8DeJ2KzdUJHrGZdwV+DkUuB
-BN9Pz0NtwEX91mabWawiXrxptmWMxnofMYNe5gg34izvm33+Kj/+Jgvej7uImuo+
-LaOQcCiCUv/gwrqA/FnkiheKboF0JDFIh3UJzZ1T/Uqdjv+JcuZjvCc60AufVdm5
-0zQaj4aZ6PJHybyuU8qT0lQvm083q596yelHHgd7K3J/c8SsfRnTcnSUI8lo7/Hn
-N593dZ7kMIc+UNOdzQYSI8KBoNxqOyzuou/GTpaRe3XKADtdzXxy8jY58hwmolrV
-UU3Lfay3+bzdNLq0p/GCZ4B5NXkyivJxxiHDoOmHWAzg9pxOV8EYoyponhvF2t3i
-kc32y9OhqwUBDZXuiZgtd9W6d3EVcaY6vqOkQGxqDJuMiArC+Hk2qwkK7Mh5qDx6
-q/dVB6PdWr8sVO5J1phIV9u8m5rK7PGnmcDx4sS9eE3soa7gqkVb5H9SrOz/s/DD
-1G6BjakHtlizfJLQhhK9eTvDCUf3pvOhtNyX6OKGsPw1VB+UcC0+mnHnThrszIf9
-q/AXJnpoVUPP3Fr1eGCdLTluIc8lRwuYUH/LGdy88Vyx+joZ626a4cb63W2knQoV
-mQwz9Gwgm8RIZMLgZAXimazG8EUz/kz0z2C1Ux/wpii8yof9deLZBpMjt4R0uKhM
-VFd/Rdko+JspcfoQ9PttA/aZ7aTYu4bXHBpTpusjTOvWrf9/pC4CScqCJWsS3AlG
-BzTInw7fk96f7eVOF5g+d7lEOjPHb4/7naj3pDUlH7Htecq3faYzreT3CbqltvKt
-LBR3/aRyIM912RTHuTw+6acOq0vguiK+D62C7ZDVtiCm+BbtNNB/UJm79/OQ5mp5
-bTI0kPmDeycaWTa0Ojpum+c/dpG/iJOBDICj7jHOXSHT7JlGyX6aSFJUltucAnZv
-wzhPDmdDaIDiKSk85GqgdDWVfGosSCX9Ph/T3WpIxnwfWSDRtIHkWTjly+pe4yy5
-K6/XISy/L5Zh/fhiI5fjHjgzmlibs2ru4nVw6hBhUvlSSe2BEs5d9h/yNH8Wy3qv
-b2D3jh7hkepFtZJGNTHp8ZUC7Ns2JIpQYObsaxdI65i3mMOu7fRwI+0/4ejsWhP6
-KCEiLgwvLg0qM82ma6YB7qHAHboaczRVEffDcJUG4a5uycB0DoZFn+uEaEFyili2
-0hCn4hVfsqUQk2PT8Mo1tSl5e30xI1YJZrRgiJm9nHRX6fLizngP+ILJLPHZsPvl
-SVIfY+/v/FR8feKOjaGhyGF51BAxaM2NIQ4jMP5/X+U5gQybi0E6u7rroDhaHsKm
-CMgXqszwXWCpedA/sEbeHpiTC59YlPPSlIOMc9vPKo/mQCfWy/9icUaIfKQldvkl
-lUxxNkqu6AbIpHVscbAEzSPs5xbQXU8EZNNCDisFnnpY3nQ3eLnlm89saTJxRb7N
-WHRMlmPv7qgD7uMIq3vdOGA7i5wT9MeoNIgK1/DsgH30s6RWjJy4YyyLmRTXPzbj
-hbQVpEmiMRbEidIvUx2OjKVxVQIcgtLsa2lvHQ4XL1cpLr5GVtOgy0fMg5OCDUUD
-svjgjgLQ3P2Up2nVY5FM6/QpPc5DTLuuR9ekI2/c9Biz09RtcYDUQK2ajdo8h1Iy
-KqHFoB7h48OXxXKKY94DY0TGx6PonB/epj8orAw4QKmm5M0vXYwBOqRymCTHTqOJ
-GObdLx1euFFyqguzHJOU2gAGZI0z9Lg1yRuFyhdPZyuniIcmtLNxRZ1duYHErcAy
-X56qndmLXt7UVkATai/rIMuoJLfAsUnVuTUS5p7tJM754UZT7lTcXvDJgOUNnBRa
-IcxC3pxvbrYDJ2iFJ72xkxUP2p74gucqg25XnCVmQuLg6zDDxF6CLuw9isxyXg4p
-kneMN//7fpp8GYl9nyZm2yqYYM+jcw0fcVc64L+X4w/gL3H2UMGgxIHSJp7HIG7V
-KHtXrNyjdPXXPVUsMsAAimqOr0Lr2sZWirfuivLaPTqhbkvG5PF7K3gT80AOIcd/
-6EIHBy2hZ7ukfjHmdP4LyQOhTQklaKzGHI0mypq0uFLWJOUlZnVrMiLP1xrWkpC8
-Ro9eo6mfjjQ45z8adC43a47klwTEzvod3rNEFIGJJUEjAN3mbqie7IxoSJknBBJK
-0D9lZEQ8lZWlq7vuN8JdqPM6xh155jMVsPwjLK6Tzkj5BpRD9Tgm3u6HPeCRYQ3v
-ky71MaixdjTGbWTorqw+/wv3j0KstajivUjYsDTvZtMa9A/bxWyFQDvqOBxPWhwL
-770+iS0grXRgKrnD4V8wBDTgp4Je4B2aJjaIBPhKV5rrU8wIy1reZUbItRkIsSY/
-4jRQpHmaU7R8YRyNT2PxOZuNmrE0WqWguxTuhKLs6zQS1geR0BWsTFTI5z9kOJ7p
-8GN0tOYt0KZsT0k3COVtfKl1Nm6kaAs2EoYMiyRQAAzBlhrIjph9IgyQ0J4BhOeM
-64ZlnWawJcZex8wFHWx9QiP1R4aPAPyCr5RVUdf+h6gf+bR4nmmmqLf6dSWBz0O+
-liwL8WDQbYq5hv0H5Un5rgYzNBI9ESgW1CkH120uQFvsdr+GkZZMh2rNbR4CjmWX
-I3wU2+XYW7Yhwto2ZYU7r2AuNEpCimnR28U67ABUjp+8YOOnVaKCg1sVmXw36KJa
-bMo6OgbZktt7PVyVkKaz8k8mteEQww7FalXORDI3ffpVYeYaAxyNooIZJ4DaecRI
-ga6IJcyuQeUZ9ptgiwpwcUKja3Xe5fJk9/TNI9OS4PQSH3bCoL2m8DeC+usJR+j0
-yfduz54pYqYOWlyzyYOfTfagiD7OtCEh24ypdWfd6/N5UzcHkwE4Yy+DnX9JeDtH
-4wL/jreO5BARv0hV78hgac7/+hab2XD/fvsB/+of4Wc3TahsnDUW96xAiz17lEc1
-DKQps76+ZUlCXWd30NlascM07v/zRjPaEKbtPCzmdJE3aIWXJFpgkevvKnGRTasJ
-qTavq5rtcPC7WpTZFPf6o+NPVG7FDahOUfIaQo8xkYJFz4JJbPlp54KYdlXB1vec
-Lxil+y6MyJirKAt65DzamMq5HsMgoaad9w4t2/kX4STZbLLQP3yJKCT5qhAZguEv
-2WVTXemfbW5GwNjm4ZxeIjDUgRMWVN2AQ0S/x+61m4mx6Cunt+YVfI2g3IU3LKl4
-OszpmpHi8rEWODe0op5WmTD9bgQCSXMzGY2JrMY0MEeydhXevA+Upr4d54TZjGew
-rAYsI2BFhRdNomTjrW9LXrTPd2+H+Yt91nsxgKSY7ds0TcQtQMDDthCRK6j26PN0
-Uq170sLfiyOD1857HdOECDljnSfBibjMGYYzvISovw7pCCczq0gMVL1evINos3Nw
-aExaoy+HM7qwL8ADZZ8uDBLnXsKnTciQlBaob2rDnb4T4YC2mKgl9zMSGW/0GuGO
-2126BFKMmsbxJhVgTjMbcC6vl40GgZoAsg4c60/Dz4mi9CYhZwWhon9ZC6CUWta1
-7DnUgroXxGIcA4FVq9k65lw7u1X7l6dV+t453Stfxk7LiFiYeGYXWE6utY6f4R4T
-RJgqidc3TUEz3EywrzQKaZxj01Bo8GzCUYNVSdijIgVh+aCafLcnyAMTLlhXbWi2
-G0Ujg12zgLIT1SvCQGPA0A5M6mgkwJC030kQLfcmOkm1KTLEb+8WvJzGTSQScyU/
-W/8DY4IjiYGhriTJFdoPw19o3z9z6zDP0m58+3nTkVx49T2uV00/JxuTEtBbmYL3
-r3at6P4FVQM/mQijh90oTM2b36dNZUl+YGiU35ZlOnHTcLZ9smeiEnBezq41HgPY
-hKElUfXUHAPuJQd0QBtyzMHJ8V2N+Q+/jzCcxyGXRXEp6vp9NwAmNvxP099Yoo0R
-9va72BxiPpj/4nmLOOYquH01qOotR6H3li3T9H1+8Vt1ztP4VmBYsAcSruusIQG0
-YWom91yTb3rVbNuU6GF8og6YxvnHeawjHovLBkMEwY/WXodFEaHjFtYp0z9Cbwpj
-FK2YAAAAAA==
------END PKCS7-----
diff --git a/app/openssl/crypto/pkcs7/t/msie-s-a-e b/app/openssl/crypto/pkcs7/t/msie-s-a-e
deleted file mode 100644
index 0067794d..00000000
--- a/app/openssl/crypto/pkcs7/t/msie-s-a-e
+++ /dev/null
@@ -1,91 +0,0 @@
-
-MIAGCSqGSIb3DQEHA6CAMIACAQAxggHCMIHMAgEAMHYwYjERMA8GA1UEBxMISW50ZXJuZXQxFzAV
-BgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytWZXJpU2lnbiBDbGFzcyAxIENBIC0gSW5k
-aXZpZHVhbCBTdWJzY3JpYmVyAhBgQJiC3qfbCbjdj5INYLnKMA0GCSqGSIb3DQEBAQUABECjscaS
-G0U299fqiEAgTqTFQBp8Ai6zzjl557cVb3k6z4QZ7CbqBjSXAjLbh5e7S5Hd/FrFcDnxl1Ka06ha
-VHGPMIHwAgEAMIGZMIGSMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDERMA8GA1UE
-BxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29mdCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNU
-UkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQDExJERU1PIFpFUk8gVkFMVUUgQ0ECAgRuMA0GCSqG
-SIb3DQEBAQUABECsyHXZ1xaiv0UQRvOmVYsaF38AL2XX75wxbCsz5/wOg7g3RP4aicZxaR4sBog0
-f2G1o9om/hu+A0rIYF/L4/GUMIAGCSqGSIb3DQEHATAaBggqhkiG9w0DAjAOAgIAoAQIsozQrnwj
-cc2ggASCBAAQz/LPoJe/+iYWeTwSebz6Q9UeKZzQ2UWm7GLtEM3s3c9SCvpmkwIRdEhLjWaBJMyI
-DiL7t1I1vMf9inB8LXgAcIEYkpNScjS8ERA9Ebb7ieNKSBg7w7B8ATHFxLSlDADqRgoZrB1Ctfgf
-ximp3EgxTgnhtyQhZxXW7kBQyFRwumplrJXOp7albP7IothrOKncw30IJT1fwPxWNMItI9juXF0U
-CbWVSjPzGBo4+XNXMvUO6MplOQEz/ywEQ9E8OZAQex1Zw9qq5ppsXB2pMsYV5sLJGikukMYKquiz
-3YK+tN6J8ahLcDUs+VGwqvZi17gpBTlbEP+ZmXJpnO63t1yTEB0V5AZcRKWUOhzlCBM5YUagqNoY
-cpsmSvOK6bYzkUKOrzWpDCAtGZ/Dvul5dTZZmxs2WpM+iyeHXMxO3huy8K1brPTqt1f1sHhuq1jD
-1eXedaCjIgUW9qV18vNAQCof/Yb6T/1fxztf/jD7pPLQJ+7LJkKCAEHGcaizpoKqhYcttaEhLq1G
-O+Ohqf7yFegMdTJ3wwP324w5ZYSU5fLo2Z34/Edf6EGvXyTIqVfAmEBALd6JGVdN5GlYYTxrL+eO
-P80Z4ao4YKoxwEmRp5bmQsQ8B29QhOFKmC6eiG5B96qLMtp7Zmu1grDNxTd6OXShWVwYARD0/B1P
-Sy0PAfk9Gb4fAkO9fZJDQYZ7s0mM5iOPEeSR7820TolOb+KfRabLA9d714jsc2jEykKlpP66Bh4j
-aCsyqJ0uUQcE8SnzrKAqGwgWiCGQpiTa+HBiP6eRlRGOKQj5Y06vcNx6Ija4cGe6+yCN8HV8tCY0
-okZK98NQCl5t79R/ZB2c3NvBJH+/g3ulU48ikT3tVmDxE3mOZofZyGFEM99P+YCMScLDxTl3hzGy
-0YkI8U855P7qOAbcFfh2T5n+LSELwLhbkymEfZT917GWTfmypBWMvJx0WHeDhKwQYPdzbKgWETnc
-yeKasaCW+oLdhBwrd6Ws2r4MA8cwiYXDLbwYmCxJA8VF++8kubF2HJOjSyMBS+QT2PSV/0D9UWoi
-Vfk7R4OvWBJVvq7nV+lXS0O5igjExxlmx1OaBfg7+Cr/MbK4zVNrKSJn82NnKKt6LC6RaTmvFYay
-0sDFxQ7Xo+Th6tDNKmKWJt6Kegfjc+qTWJTKb3kL+UI8vS0zTLy1+M/rZ4ekos/JiS5rYIcAswvg
-58kBgp/0rc6upBeWjBaK5O0aLAeBQfLulo1axWX04OSVKmYeoAltyR6UO9ME3acurQyg7Ta24yqO
-whi/PrIaEiO7dsWvFtzsshVzBLic02NlAkPkMUzliPYnZHWQglDAVxL5K2qhvK1OFCkQpIgBsBDM
-6KYRL/mkBIIEALIl927rIkaN37/BQIcxLcSa05YfC0Hl3mxWESt1A0D4lA37A9S8EbYmDfAYlMc0
-3HhZGdZEtawfpJFyDHzNZceNWBch6nxeNZCY4YFdsbzuGS0RKpwNA9S/czOJ4p9ymBCxuhGepI3U
-PKbC8C749Www1/wMdAot1n+K7M/PBGR8hWmaH5SS7U3yMwAB1fq2NDjx4ur+Um+MclSdN01MDXzG
-EO+eAo1pdAY8479234l8dB2YVAhZ1ZlJ4KmbqMKJrGJXnQUEYS6/cTDRjsUocsoW7uGg1ci2GiHa
-qjlkfpBfie3SdhFW/K8hwAH0HALs56oFN66wUkP/AaJAPfIUNhR6RpHKzZ9zCC42oB2mNawQRMnF
-ETBl1s/SwMxLKRp7jAfKs4NZxSY6I9z/2dTpzS3tsHMjxVDuxkolvRNWBILEMeL1CBvip2HhmoUw
-/Sz5NDgyzk1aQLV6DQNJ2RZLMZDRCtSwZSBu6lhhSgTJGazP0+NbqXXC5aQTrqrFIcWyDXz+ADle
-kszzYM/gSaQTCALTwfDDaU9Ek3xVgW+XBtExtJ3U+0AN3l0j86rUIdIvp6eWdxWQqv9LtpoorKMD
-KfUc5PYV09Z1JgsT4X51Zzq+74l5dz7udIM7UNbdTpmRm9PDj3TUbGCvNR9hqOEGTLbkvb1ZR24a
-h6uGRl2znB25IpDAGRhNRb9is/pO2tvHwHTDMOjrgvZG/pNvXgSUxz0pRjUjXIcqBe2X2gcQfeal
-r8gY76o83WEGL6ODryV9vTQVHt52+izgpYoBZaVlpgqbZl54c+OE0Zxf9RwXwDbcYu5Ku5E0MPL0
-qUjc0y2+Y6E4P5bAWaZGMGT+ORkyVUzcaWmM/+XlO7PER5wrWlCIMZCX1L/nvioY0q0CKqALn7DJ
-QU+qenbwrb6uwS7uNZY6V86s0aDYpU7yRyqxC5SbuyNJb02gdxUCgpIscFaMUjMVRml4M4BIjX/b
-U+HgHoVMUm8SnN9gRcT2izPrgOGVcMTJjfenzoCKoCPo9RjgGMctgB4DvKamErNU7OrilIfuoqzE
-PNSeP9SPw/zkDmNvMebM499We9CVnsHUWqF00/ZJWoua77+0f1bLS/tmci1JBvIcMo/4SJvgH+KF
-o0gijP9gqAPd5iCOnpnJlHUqRIym42SmyKEDuzdSwXKjAR6j7uXda39JyMJr8gGzEsu0jYRkAmj1
-YdiqwKXUcLMkcj1AKeU/PxTUVw0YKsv/rowrPYww3xQUWqNivrXB7GCHE3BzsYNdHsmziaGIXQbA
-+EBHdkuKrM8BcC+fxhF/l/KUxngsD1E75IcUv8zFDF+sk4CBYHqks9S4JYlcubuizqsILbdGzIMN
-Z7w34k0XT+sEggQAyzr8MHeIJGsT+AYnZr08PeTbyr01JEoT7lPYT6PzX4F63QKKDl+mB+PwLMzY
-CXrxZcUmuay6/MV8w/f5T6vQXdoSw5puWodBYwVReYh1IaEN+jiTapm9YBVmcIsJPO6abHowknSV
-OWSvST0AtAX57fFOTckm+facfBK9s9T1lUUgF44Bh5e8f9qKqfOV44nqdCOEyUm0Dao497ieN4Eg
-XBLNvOZY9+irMiXjp0lcyFvhrJOczfyCr9EiiaiH1TfSzKGKsf2W84iKn/JH6x2eOo7xjwJ40BQD
-c6S1cUNEuqBhP6by0FioOXYOKVyifpxk84Eb+F/4CNdTJTvCPwsiegdfsX/Q53DvKVtXp9Ycam5J
-TmKRHXK/bMHF4ONv3p/O/kn/BqRx+fbbP2eMX8Z1F/ltHKfp6B+06HljUwQLBJs9XtCfqH5Zgdz9
-gad5WZF5ykFArmHDgeFlgggvbZ7z9vqnjN/TH68TxJzauYQ5vLHQ6wGXik4/4uq7/TqNmhxlQEM4
-zVkwsn203bUmKLyz+yl1zItDpn5zy1uXfGo99rBdUzdbdE9LmEFPMaFsaHd4a8oDaUroD7FgCbeD
-JJVld3ac6F8+3QbExPs48OrgA1kI3/UwXr52ldjiYzTLfAGR9BjqNFTw45FUHuMf8TEM5hcHx56w
-95eKAqraDk28o9k+M2UKpcmrdlWoWzdqVVFeWGpM8x9Y9Nt0lf/4VUQgrXjqTkUCQkJyqTeTeGgH
-rn3QBk2XAgpxZhaJs3InW0BkAlBmK99cMinUiJeFt5a4p5wPeXrVuh6V9m7Mpl9hzpogg++EZqah
-fzzNnDgxOZfW342DX052PdgXo0NnkhCk005LvFt6M2mRn0fLgNVfyUZZoOp8cO5ZWbhXXlrhrgUt
-j2zKPK6Q94Zj4kdXHBGpAkrB8ZQ4EGGODE0Dqusm8WPXzB+9236IMHPU7lFbyjBrFNI7O4jg+qRI
-Ipi+7tX0FsilqEbmjG+OPwhZXrdqUqyF+rjKQuSRq7lOeDB4c6S2dq4OOny01i5HCbbyc9UvSHRm
-hOhGqUlzHyHLo3W7j+26V/MhkDXJ+Tx+qfylv4pbliwTteJJj+CZwzjv29qb6lxYi+38Bw10ERap
-m8UCRFBecVN7xXlcIfyeAl666Vi7EBJZv3EdFNrx1nlLwM65nYya7uj6L7IwJWotIUx8E0XH0/cU
-xS/dG8bxf9L/8652h5gq3LI+wTNGuEX0DMuz7BGQG+NtgabrZ6SsKGthGa7eULTpz0McWTLRU0y/
-/tkckpm5pDnXSFbIMskwwjECz82UZBSPpigdN/Pjg5d+0yWu7s3VJxw4ENWPPpzZ+j7sOXmdvn9P
-O1tQd60EO+3awASCBAAZQvWV3/yJ6FxPttbP+qeURpJoPEZfpN2UYZmd8HqtR0YbaOZ6Rln9nvpd
-K9fylXdw9z2xeCbjDWUttJB4VqZxGJM8eCTC1VDVyAOsQ5n7SY55dMkQbU+o4Z/4J5m8+wz50BBI
-LfruL1eZ6/CF6CdvxVRiJ10sXc0Tn2sVMXqkw7Adp1GYoCI9c6VFSFK74+n+y7LVFQ5HBnbQyKJc
-dvdLOXwZOPaFHC5UNXRmOpcwdPqyXUe+xIsOMYbzdlAnI9eGDNeRDktUa/Rh0CbZCxjmJzoZEYOE
-ZjsYZlEfp1Kb61t8z4m28hGLEg88T1Ihmxa2HeUWes1RpmgIOP+/2Lb3smj/l/fpSu4gabFgyCAV
-H5HdCYMScUv8SVu55+tpeO8ELoHHQUXV4rr084O4budzhgNSOPyLGDl5sfDUXiyusPCxS4JVO/KY
-6V2Qrtg/q2wtmXpEkZnGT+Qi3WDzwt4W81alztnYMP17oGLmxX71KV9OEiMZjI4WaaGt+OOINLtR
-qefioZ1NI2L1s5M0tybwTsyU9WERM+3pUwXIfJVsbMZRlNaO2OogcHbaR4UWvhOj+3CTG1sThiYQ
-MxMnp1Rpqx3nhyzqLO3TRrkYvxnA3cdPBn9EeqpgBMg7X3hCiMV3Fl5cj/WOMhtHYgY7BgeCXo46
-EFVZ4+WroGZ46xGiRDiIblo8bzLd7QCxvukzxy3mUDgsZQ8pds4N28weSUhBk5MAPbfBpRvXUVJx
-MhKqXucQU1Md1qSGLbuuIQuz9pAGp1JFUx/vEkCgm74daSoVWCZuB+1ZE4f48clvrBj51xMNf8CP
-EFE7vySzVb6X2H1i5X3Z+Y3DdIcWw4Y2FClfcJk4Mwq8Cq2GALGFEge9YSEE9YmyuU6OFeU0ICon
-iXAgZ72SM8fBwJPruLFbdsNYKW+oAfmPisXSWMcZmdSbfk0GYv+vKtu3eegSbWw1UsCVtZOh9E5Z
-uQ83l59CBqO9sV/SFU3WrrJ0qNWxrmXu9nJn5Qf5iCRoFGYNHYHkIG5FS6N00GEDZxGkxmro2d++
-Adj5LVHc/b1cYWmrux+jEqI8ZK8cyTB0XMbBA/HYbx9NXazr7znP4/Mlv3pZToEcYt+lgLHAArtU
-AdhybhbLIwNMq0gr6EwtDklBa3ns4Wx/rJU8H7LGs6gV8uqeaSketv+nz+sQhfctxZ1rx+5qzXfy
-FOQVpO23KDQunBi1Bl9k61Di4q9JWcyADBXPHXJzp7mL8Fk7zdvMAEfuED1phdRm6GgDYoYUs4yQ
-IrhSjFlWyk7hT8475xk3BIv++obvWSAv/3+pF6A6U2RXDChVmnG0JnPa9wYYtdzBmLfZKBjX+DjD
-yEMsuhPsCzuN4R6tBIIBWCVRKmKwdkatmpsQBgDw48u0/Arffl5/DRlS9ee+QffFecUitDdCK+kt
-X5L2fGYrL5g6SltncMIeV1ptx4nuSjC/O944q1KYtqvQiPFWJqEXIRMNbbYOC47sjLza0tEFrimN
-wxcrWGSzsy5R9beFQ1aHPcMrDWfCoviNRk2qPtxuKIC5Qk2ZuOmJLjCiLwUGEb0/1Mpzv3MqQa7d
-mRayXg3DZWJPajxNZv6eS357ElMvwGQmqafb2mlQJwWLsg9m9PG7uqEoyrqSc6MiuY+icLEFib9j
-OfRQrx70rTSKUfTr4MtP0aZZAefjCrpVIyTekhFDOk0Nmx057eonlyGgmGpl5/Uo+t1J1Z11Ya/l
-bNbfmebRISJeTVW0I8FhseAZMI1GSwp/ludJxSLYOgyRkh+GX134MexNo7O9F1SxLCfWaSG9Fc3s
-5ify04ua9/t8SGrYZPm/l3MkAAAAAAAAAAAAAA==
-
-
diff --git a/app/openssl/crypto/pkcs7/t/msie-s-a-e.pem b/app/openssl/crypto/pkcs7/t/msie-s-a-e.pem
deleted file mode 100644
index 55dbd8f8..00000000
--- a/app/openssl/crypto/pkcs7/t/msie-s-a-e.pem
+++ /dev/null
@@ -1,106 +0,0 @@
------BEGIN PKCS7-----
-MIAGCSqGSIb3DQEHA6CAMIITUAIBADGCAcIwgcwCAQAwdjBiMREwDwYDVQQHEwhJ
-bnRlcm5ldDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNDAyBgNVBAsTK1ZlcmlT
-aWduIENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFsIFN1YnNjcmliZXICEGBAmILep9sJ
-uN2Pkg1gucowDQYJKoZIhvcNAQEBBQAEQKOxxpIbRTb31+qIQCBOpMVAGnwCLrPO
-OXnntxVveTrPhBnsJuoGNJcCMtuHl7tLkd38WsVwOfGXUprTqFpUcY8wgfACAQAw
-gZkwgZIxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQH
-EwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRzb2Z0IFB0eSBMdGQxIjAgBgNVBAsT
-GURFTU9OU1RSQVRJT04gQU5EIFRFU1RJTkcxGzAZBgNVBAMTEkRFTU8gWkVSTyBW
-QUxVRSBDQQICBG4wDQYJKoZIhvcNAQEBBQAEQKzIddnXFqK/RRBG86ZVixoXfwAv
-ZdfvnDFsKzPn/A6DuDdE/hqJxnFpHiwGiDR/YbWj2ib+G74DSshgX8vj8ZQwghGD
-BgkqhkiG9w0BBwEwGgYIKoZIhvcNAwIwDgICAKAECLKM0K58I3HNgIIRWBDP8s+g
-l7/6JhZ5PBJ5vPpD1R4pnNDZRabsYu0Qzezdz1IK+maTAhF0SEuNZoEkzIgOIvu3
-UjW8x/2KcHwteABwgRiSk1JyNLwRED0RtvuJ40pIGDvDsHwBMcXEtKUMAOpGChms
-HUK1+B/GKancSDFOCeG3JCFnFdbuQFDIVHC6amWslc6ntqVs/sii2Gs4qdzDfQgl
-PV/A/FY0wi0j2O5cXRQJtZVKM/MYGjj5c1cy9Q7oymU5ATP/LARD0Tw5kBB7HVnD
-2qrmmmxcHakyxhXmwskaKS6Qxgqq6LPdgr603onxqEtwNSz5UbCq9mLXuCkFOVsQ
-/5mZcmmc7re3XJMQHRXkBlxEpZQ6HOUIEzlhRqCo2hhymyZK84rptjORQo6vNakM
-IC0Zn8O+6Xl1NlmbGzZakz6LJ4dczE7eG7LwrVus9Oq3V/WweG6rWMPV5d51oKMi
-BRb2pXXy80BAKh/9hvpP/V/HO1/+MPuk8tAn7ssmQoIAQcZxqLOmgqqFhy21oSEu
-rUY746Gp/vIV6Ax1MnfDA/fbjDllhJTl8ujZnfj8R1/oQa9fJMipV8CYQEAt3okZ
-V03kaVhhPGsv544/zRnhqjhgqjHASZGnluZCxDwHb1CE4UqYLp6IbkH3qosy2ntm
-a7WCsM3FN3o5dKFZXBgBEPT8HU9LLQ8B+T0Zvh8CQ719kkNBhnuzSYzmI48R5JHv
-zbROiU5v4p9FpssD13vXiOxzaMTKQqWk/roGHiNoKzKonS5RBwTxKfOsoCobCBaI
-IZCmJNr4cGI/p5GVEY4pCPljTq9w3HoiNrhwZ7r7II3wdXy0JjSiRkr3w1AKXm3v
-1H9kHZzc28Ekf7+De6VTjyKRPe1WYPETeY5mh9nIYUQz30/5gIxJwsPFOXeHMbLR
-iQjxTznk/uo4BtwV+HZPmf4tIQvAuFuTKYR9lP3XsZZN+bKkFYy8nHRYd4OErBBg
-93NsqBYROdzJ4pqxoJb6gt2EHCt3pazavgwDxzCJhcMtvBiYLEkDxUX77yS5sXYc
-k6NLIwFL5BPY9JX/QP1RaiJV+TtHg69YElW+rudX6VdLQ7mKCMTHGWbHU5oF+Dv4
-Kv8xsrjNU2spImfzY2coq3osLpFpOa8VhrLSwMXFDtej5OHq0M0qYpYm3op6B+Nz
-6pNYlMpveQv5Qjy9LTNMvLX4z+tnh6Siz8mJLmtghwCzC+DnyQGCn/Stzq6kF5aM
-Fork7RosB4FB8u6WjVrFZfTg5JUqZh6gCW3JHpQ70wTdpy6tDKDtNrbjKo7CGL8+
-shoSI7t2xa8W3OyyFXMEuJzTY2UCQ+QxTOWI9idkdZCCUMBXEvkraqG8rU4UKRCk
-iAGwEMzophEv+aSyJfdu6yJGjd+/wUCHMS3EmtOWHwtB5d5sVhErdQNA+JQN+wPU
-vBG2Jg3wGJTHNNx4WRnWRLWsH6SRcgx8zWXHjVgXIep8XjWQmOGBXbG87hktESqc
-DQPUv3MzieKfcpgQsboRnqSN1DymwvAu+PVsMNf8DHQKLdZ/iuzPzwRkfIVpmh+U
-ku1N8jMAAdX6tjQ48eLq/lJvjHJUnTdNTA18xhDvngKNaXQGPOO/dt+JfHQdmFQI
-WdWZSeCpm6jCiaxiV50FBGEuv3Ew0Y7FKHLKFu7hoNXIthoh2qo5ZH6QX4nt0nYR
-VvyvIcAB9BwC7OeqBTeusFJD/wGiQD3yFDYUekaRys2fcwguNqAdpjWsEETJxREw
-ZdbP0sDMSykae4wHyrODWcUmOiPc/9nU6c0t7bBzI8VQ7sZKJb0TVgSCxDHi9Qgb
-4qdh4ZqFMP0s+TQ4Ms5NWkC1eg0DSdkWSzGQ0QrUsGUgbupYYUoEyRmsz9PjW6l1
-wuWkE66qxSHFsg18/gA5XpLM82DP4EmkEwgC08Hww2lPRJN8VYFvlwbRMbSd1PtA
-Dd5dI/Oq1CHSL6enlncVkKr/S7aaKKyjAyn1HOT2FdPWdSYLE+F+dWc6vu+JeXc+
-7nSDO1DW3U6ZkZvTw4901GxgrzUfYajhBky25L29WUduGoerhkZds5wduSKQwBkY
-TUW/YrP6Ttrbx8B0wzDo64L2Rv6Tb14ElMc9KUY1I1yHKgXtl9oHEH3mpa/IGO+q
-PN1hBi+jg68lfb00FR7edvos4KWKAWWlZaYKm2ZeeHPjhNGcX/UcF8A23GLuSruR
-NDDy9KlI3NMtvmOhOD+WwFmmRjBk/jkZMlVM3GlpjP/l5TuzxEecK1pQiDGQl9S/
-574qGNKtAiqgC5+wyUFPqnp28K2+rsEu7jWWOlfOrNGg2KVO8kcqsQuUm7sjSW9N
-oHcVAoKSLHBWjFIzFUZpeDOASI1/21Ph4B6FTFJvEpzfYEXE9osz64DhlXDEyY33
-p86AiqAj6PUY4BjHLYAeA7ymphKzVOzq4pSH7qKsxDzUnj/Uj8P85A5jbzHmzOPf
-VnvQlZ7B1FqhdNP2SVqLmu+/tH9Wy0v7ZnItSQbyHDKP+Eib4B/ihaNIIoz/YKgD
-3eYgjp6ZyZR1KkSMpuNkpsihA7s3UsFyowEeo+7l3Wt/ScjCa/IBsxLLtI2EZAJo
-9WHYqsCl1HCzJHI9QCnlPz8U1FcNGCrL/66MKz2MMN8UFFqjYr61wexghxNwc7GD
-XR7Js4mhiF0GwPhAR3ZLiqzPAXAvn8YRf5fylMZ4LA9RO+SHFL/MxQxfrJOAgWB6
-pLPUuCWJXLm7os6rCC23RsyDDWe8N+JNF0/ryzr8MHeIJGsT+AYnZr08PeTbyr01
-JEoT7lPYT6PzX4F63QKKDl+mB+PwLMzYCXrxZcUmuay6/MV8w/f5T6vQXdoSw5pu
-WodBYwVReYh1IaEN+jiTapm9YBVmcIsJPO6abHowknSVOWSvST0AtAX57fFOTckm
-+facfBK9s9T1lUUgF44Bh5e8f9qKqfOV44nqdCOEyUm0Dao497ieN4EgXBLNvOZY
-9+irMiXjp0lcyFvhrJOczfyCr9EiiaiH1TfSzKGKsf2W84iKn/JH6x2eOo7xjwJ4
-0BQDc6S1cUNEuqBhP6by0FioOXYOKVyifpxk84Eb+F/4CNdTJTvCPwsiegdfsX/Q
-53DvKVtXp9Ycam5JTmKRHXK/bMHF4ONv3p/O/kn/BqRx+fbbP2eMX8Z1F/ltHKfp
-6B+06HljUwQLBJs9XtCfqH5Zgdz9gad5WZF5ykFArmHDgeFlgggvbZ7z9vqnjN/T
-H68TxJzauYQ5vLHQ6wGXik4/4uq7/TqNmhxlQEM4zVkwsn203bUmKLyz+yl1zItD
-pn5zy1uXfGo99rBdUzdbdE9LmEFPMaFsaHd4a8oDaUroD7FgCbeDJJVld3ac6F8+
-3QbExPs48OrgA1kI3/UwXr52ldjiYzTLfAGR9BjqNFTw45FUHuMf8TEM5hcHx56w
-95eKAqraDk28o9k+M2UKpcmrdlWoWzdqVVFeWGpM8x9Y9Nt0lf/4VUQgrXjqTkUC
-QkJyqTeTeGgHrn3QBk2XAgpxZhaJs3InW0BkAlBmK99cMinUiJeFt5a4p5wPeXrV
-uh6V9m7Mpl9hzpogg++EZqahfzzNnDgxOZfW342DX052PdgXo0NnkhCk005LvFt6
-M2mRn0fLgNVfyUZZoOp8cO5ZWbhXXlrhrgUtj2zKPK6Q94Zj4kdXHBGpAkrB8ZQ4
-EGGODE0Dqusm8WPXzB+9236IMHPU7lFbyjBrFNI7O4jg+qRIIpi+7tX0FsilqEbm
-jG+OPwhZXrdqUqyF+rjKQuSRq7lOeDB4c6S2dq4OOny01i5HCbbyc9UvSHRmhOhG
-qUlzHyHLo3W7j+26V/MhkDXJ+Tx+qfylv4pbliwTteJJj+CZwzjv29qb6lxYi+38
-Bw10ERapm8UCRFBecVN7xXlcIfyeAl666Vi7EBJZv3EdFNrx1nlLwM65nYya7uj6
-L7IwJWotIUx8E0XH0/cUxS/dG8bxf9L/8652h5gq3LI+wTNGuEX0DMuz7BGQG+Nt
-gabrZ6SsKGthGa7eULTpz0McWTLRU0y//tkckpm5pDnXSFbIMskwwjECz82UZBSP
-pigdN/Pjg5d+0yWu7s3VJxw4ENWPPpzZ+j7sOXmdvn9PO1tQd60EO+3awBlC9ZXf
-/InoXE+21s/6p5RGkmg8Rl+k3ZRhmZ3weq1HRhto5npGWf2e+l0r1/KVd3D3PbF4
-JuMNZS20kHhWpnEYkzx4JMLVUNXIA6xDmftJjnl0yRBtT6jhn/gnmbz7DPnQEEgt
-+u4vV5nr8IXoJ2/FVGInXSxdzROfaxUxeqTDsB2nUZigIj1zpUVIUrvj6f7LstUV
-DkcGdtDIolx290s5fBk49oUcLlQ1dGY6lzB0+rJdR77Eiw4xhvN2UCcj14YM15EO
-S1Rr9GHQJtkLGOYnOhkRg4RmOxhmUR+nUpvrW3zPibbyEYsSDzxPUiGbFrYd5RZ6
-zVGmaAg4/7/YtveyaP+X9+lK7iBpsWDIIBUfkd0JgxJxS/xJW7nn62l47wQugcdB
-RdXiuvTzg7hu53OGA1I4/IsYOXmx8NReLK6w8LFLglU78pjpXZCu2D+rbC2ZekSR
-mcZP5CLdYPPC3hbzVqXO2dgw/XugYubFfvUpX04SIxmMjhZpoa3444g0u1Gp5+Kh
-nU0jYvWzkzS3JvBOzJT1YREz7elTBch8lWxsxlGU1o7Y6iBwdtpHhRa+E6P7cJMb
-WxOGJhAzEyenVGmrHeeHLOos7dNGuRi/GcDdx08Gf0R6qmAEyDtfeEKIxXcWXlyP
-9Y4yG0diBjsGB4JejjoQVVnj5augZnjrEaJEOIhuWjxvMt3tALG+6TPHLeZQOCxl
-Dyl2zg3bzB5JSEGTkwA9t8GlG9dRUnEyEqpe5xBTUx3WpIYtu64hC7P2kAanUkVT
-H+8SQKCbvh1pKhVYJm4H7VkTh/jxyW+sGPnXEw1/wI8QUTu/JLNVvpfYfWLlfdn5
-jcN0hxbDhjYUKV9wmTgzCrwKrYYAsYUSB71hIQT1ibK5To4V5TQgKieJcCBnvZIz
-x8HAk+u4sVt2w1gpb6gB+Y+KxdJYxxmZ1Jt+TQZi/68q27d56BJtbDVSwJW1k6H0
-Tlm5DzeXn0IGo72xX9IVTdausnSo1bGuZe72cmflB/mIJGgUZg0dgeQgbkVLo3TQ
-YQNnEaTGaujZ374B2PktUdz9vVxhaau7H6MSojxkrxzJMHRcxsED8dhvH01drOvv
-Oc/j8yW/ellOgRxi36WAscACu1QB2HJuFssjA0yrSCvoTC0OSUFreezhbH+slTwf
-ssazqBXy6p5pKR62/6fP6xCF9y3FnWvH7mrNd/IU5BWk7bcoNC6cGLUGX2TrUOLi
-r0lZzIAMFc8dcnOnuYvwWTvN28wAR+4QPWmF1GboaANihhSzjJAiuFKMWVbKTuFP
-zjvnGTcEi/76hu9ZIC//f6kXoDpTZFcMKFWacbQmc9r3Bhi13MGYt9koGNf4OMPI
-Qyy6E+wLO43hHq0lUSpisHZGrZqbEAYA8OPLtPwK335efw0ZUvXnvkH3xXnFIrQ3
-QivpLV+S9nxmKy+YOkpbZ3DCHldabceJ7kowvzveOKtSmLar0IjxViahFyETDW22
-DguO7Iy82tLRBa4pjcMXK1hks7MuUfW3hUNWhz3DKw1nwqL4jUZNqj7cbiiAuUJN
-mbjpiS4woi8FBhG9P9TKc79zKkGu3ZkWsl4Nw2ViT2o8TWb+nkt+exJTL8BkJqmn
-29ppUCcFi7IPZvTxu7qhKMq6knOjIrmPonCxBYm/Yzn0UK8e9K00ilH06+DLT9Gm
-WQHn4wq6VSMk3pIRQzpNDZsdOe3qJ5choJhqZef1KPrdSdWddWGv5WzW35nm0SEi
-Xk1VtCPBYbHgGTCNRksKf5bnScUi2DoMkZIfhl9d+DHsTaOzvRdUsSwn1mkhvRXN
-7OYn8tOLmvf7fEhq2GT5v5dzJAAAAAA=
------END PKCS7-----
diff --git a/app/openssl/crypto/pkcs7/t/nav-smime b/app/openssl/crypto/pkcs7/t/nav-smime
deleted file mode 100644
index 6ee4b597..00000000
--- a/app/openssl/crypto/pkcs7/t/nav-smime
+++ /dev/null
@@ -1,157 +0,0 @@
-From angela@c2.net.au Thu May 14 13:32:27 1998
-X-UIDL: 83c94dd550e54329bf9571b72038b8c8
-Return-Path: angela@c2.net.au
-Received: from cryptsoft.com (play.cryptsoft.com [203.56.44.3]) by pandora.cryptsoft.com (8.8.3/8.7.3) with ESMTP id NAA27838 for <tjh@cryptsoft.com>; Thu, 14 May 1998 13:32:26 +1000 (EST)
-Message-ID: <355A6779.4B63E64C@cryptsoft.com>
-Date: Thu, 14 May 1998 13:39:37 +1000
-From: Angela van Lent <angela@c2.net.au>
-X-Mailer: Mozilla 4.03 [en] (Win95; U)
-MIME-Version: 1.0
-To: tjh@cryptsoft.com
-Subject: signed
-Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms9A58844C95949ECC78A1C54C"
-Content-Length: 2604
-Status: OR
-
-This is a cryptographically signed message in MIME format.
-
---------------ms9A58844C95949ECC78A1C54C
-Content-Type: text/plain; charset=us-ascii
-Content-Transfer-Encoding: 7bit
-
-signed body
-
---------------ms9A58844C95949ECC78A1C54C
-Content-Type: application/x-pkcs7-signature; name="smime.p7s"
-Content-Transfer-Encoding: base64
-Content-Disposition: attachment; filename="smime.p7s"
-Content-Description: S/MIME Cryptographic Signature
-
-MIIGHgYJKoZIhvcNAQcCoIIGDzCCBgsCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC
-BGswggJTMIIB/aADAgECAgIEfjANBgkqhkiG9w0BAQQFADCBkjELMAkGA1UEBhMCQVUxEzAR
-BgNVBAgTClF1ZWVuc2xhbmQxETAPBgNVBAcTCEJyaXNiYW5lMRowGAYDVQQKExFDcnlwdHNv
-ZnQgUHR5IEx0ZDEiMCAGA1UECxMZREVNT05TVFJBVElPTiBBTkQgVEVTVElORzEbMBkGA1UE
-AxMSREVNTyBaRVJPIFZBTFVFIENBMB4XDTk4MDUxMzA2MjY1NloXDTAwMDUxMjA2MjY1Nlow
-gaUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFu
-ZTEaMBgGA1UEChMRQ3J5cHRzb2Z0IFB0eSBMdGQxEjAQBgNVBAsTCVNNSU1FIDAwMzEZMBcG
-A1UEAxMQQW5nZWxhIHZhbiBMZWVudDEjMCEGCSqGSIb3DQEJARYUYW5nZWxhQGNyeXB0c29m
-dC5jb20wXDANBgkqhkiG9w0BAQEFAANLADBIAkEAuC3+7dAb2LhuO7gt2cTM8vsNjhG5JfDh
-hX1Vl/wVGbKEEj0MA6vWEolvefQlxB+EzwCtR0YZ7eEC/T/4JoCyeQIDAQABoygwJjAkBglg
-hkgBhvhCAQ0EFxYVR2VuZXJhdGVkIHdpdGggU1NMZWF5MA0GCSqGSIb3DQEBBAUAA0EAUnSP
-igs6TMFISTjw8cBtJYb98czgAVkVFjKyJQwYMH8FbDnCyx6NocM555nsyDstaw8fKR11Khds
-syd3ikkrhDCCAhAwggG6AgEDMA0GCSqGSIb3DQEBBAUAMIGSMQswCQYDVQQGEwJBVTETMBEG
-A1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m
-dCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNUUkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQD
-ExJERU1PIFpFUk8gVkFMVUUgQ0EwHhcNOTgwMzAzMDc0MTMyWhcNMDgwMjI5MDc0MTMyWjCB
-kjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxETAPBgNVBAcTCEJyaXNiYW5l
-MRowGAYDVQQKExFDcnlwdHNvZnQgUHR5IEx0ZDEiMCAGA1UECxMZREVNT05TVFJBVElPTiBB
-TkQgVEVTVElORzEbMBkGA1UEAxMSREVNTyBaRVJPIFZBTFVFIENBMFwwDQYJKoZIhvcNAQEB
-BQADSwAwSAJBAL+0E2fLej3FSCwe2A2iRnMuC3z12qHIp6Ky1wo2zZcxft7AI+RfkrWrSGtf
-mfzBEuPrLdfulncC5Y1pNcM8RTUCAwEAATANBgkqhkiG9w0BAQQFAANBAGSbLMphL6F5pp3s
-8o0Xyh86FHFdpVOwYx09ELLkuG17V/P9pgIc0Eo/gDMbN+KT3IdgECf8S//pCRA6RrNjcXIx
-ggF7MIIBdwIBATCBmTCBkjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxETAP
-BgNVBAcTCEJyaXNiYW5lMRowGAYDVQQKExFDcnlwdHNvZnQgUHR5IEx0ZDEiMCAGA1UECxMZ
-REVNT05TVFJBVElPTiBBTkQgVEVTVElORzEbMBkGA1UEAxMSREVNTyBaRVJPIFZBTFVFIENB
-AgIEfjAJBgUrDgMCGgUAoHowGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAbBgkqhkiG9w0B
-CQ8xDjAMMAoGCCqGSIb3DQMHMBwGCSqGSIb3DQEJBTEPFw05ODA1MTQwMzM5MzdaMCMGCSqG
-SIb3DQEJBDEWBBQstNMnSV26ba8PapQEDhO21yNFrjANBgkqhkiG9w0BAQEFAARAW9Xb9YXv
-BfcNkutgFX9Gr8iXhBVsNtGEVrjrpkQwpKa7jHI8SjAlLhk/4RFwDHf+ISB9Np3Z1WDWnLcA
-9CWR6g==
---------------ms9A58844C95949ECC78A1C54C--
-
-
-From angela@c2.net.au Thu May 14 13:33:16 1998
-X-UIDL: 8f076c44ff7c5967fd5b00c4588a8731
-Return-Path: angela@c2.net.au
-Received: from cryptsoft.com (play.cryptsoft.com [203.56.44.3]) by pandora.cryptsoft.com (8.8.3/8.7.3) with ESMTP id NAA27847 for <tjh@cryptsoft.com>; Thu, 14 May 1998 13:33:15 +1000 (EST)
-Message-ID: <355A67AB.2AF38806@cryptsoft.com>
-Date: Thu, 14 May 1998 13:40:27 +1000
-From: Angela van Lent <angela@c2.net.au>
-X-Mailer: Mozilla 4.03 [en] (Win95; U)
-MIME-Version: 1.0
-To: tjh@cryptsoft.com
-Subject: signed
-Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------msD7863B84BD61E02C407F2F5E"
-Content-Length: 2679
-Status: OR
-
-This is a cryptographically signed message in MIME format.
-
---------------msD7863B84BD61E02C407F2F5E
-Content-Type: text/plain; charset=us-ascii
-Content-Transfer-Encoding: 7bit
-
-signed body 2
-
---------------msD7863B84BD61E02C407F2F5E
-Content-Type: application/x-pkcs7-signature; name="smime.p7s"
-Content-Transfer-Encoding: base64
-Content-Disposition: attachment; filename="smime.p7s"
-Content-Description: S/MIME Cryptographic Signature
-
-MIIGVgYJKoZIhvcNAQcCoIIGRzCCBkMCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC
-BGswggJTMIIB/aADAgECAgIEfjANBgkqhkiG9w0BAQQFADCBkjELMAkGA1UEBhMCQVUxEzAR
-BgNVBAgTClF1ZWVuc2xhbmQxETAPBgNVBAcTCEJyaXNiYW5lMRowGAYDVQQKExFDcnlwdHNv
-ZnQgUHR5IEx0ZDEiMCAGA1UECxMZREVNT05TVFJBVElPTiBBTkQgVEVTVElORzEbMBkGA1UE
-AxMSREVNTyBaRVJPIFZBTFVFIENBMB4XDTk4MDUxMzA2MjY1NloXDTAwMDUxMjA2MjY1Nlow
-gaUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFu
-ZTEaMBgGA1UEChMRQ3J5cHRzb2Z0IFB0eSBMdGQxEjAQBgNVBAsTCVNNSU1FIDAwMzEZMBcG
-A1UEAxMQQW5nZWxhIHZhbiBMZWVudDEjMCEGCSqGSIb3DQEJARYUYW5nZWxhQGNyeXB0c29m
-dC5jb20wXDANBgkqhkiG9w0BAQEFAANLADBIAkEAuC3+7dAb2LhuO7gt2cTM8vsNjhG5JfDh
-hX1Vl/wVGbKEEj0MA6vWEolvefQlxB+EzwCtR0YZ7eEC/T/4JoCyeQIDAQABoygwJjAkBglg
-hkgBhvhCAQ0EFxYVR2VuZXJhdGVkIHdpdGggU1NMZWF5MA0GCSqGSIb3DQEBBAUAA0EAUnSP
-igs6TMFISTjw8cBtJYb98czgAVkVFjKyJQwYMH8FbDnCyx6NocM555nsyDstaw8fKR11Khds
-syd3ikkrhDCCAhAwggG6AgEDMA0GCSqGSIb3DQEBBAUAMIGSMQswCQYDVQQGEwJBVTETMBEG
-A1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m
-dCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNUUkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQD
-ExJERU1PIFpFUk8gVkFMVUUgQ0EwHhcNOTgwMzAzMDc0MTMyWhcNMDgwMjI5MDc0MTMyWjCB
-kjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxETAPBgNVBAcTCEJyaXNiYW5l
-MRowGAYDVQQKExFDcnlwdHNvZnQgUHR5IEx0ZDEiMCAGA1UECxMZREVNT05TVFJBVElPTiBB
-TkQgVEVTVElORzEbMBkGA1UEAxMSREVNTyBaRVJPIFZBTFVFIENBMFwwDQYJKoZIhvcNAQEB
-BQADSwAwSAJBAL+0E2fLej3FSCwe2A2iRnMuC3z12qHIp6Ky1wo2zZcxft7AI+RfkrWrSGtf
-mfzBEuPrLdfulncC5Y1pNcM8RTUCAwEAATANBgkqhkiG9w0BAQQFAANBAGSbLMphL6F5pp3s
-8o0Xyh86FHFdpVOwYx09ELLkuG17V/P9pgIc0Eo/gDMbN+KT3IdgECf8S//pCRA6RrNjcXIx
-ggGzMIIBrwIBATCBmTCBkjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxETAP
-BgNVBAcTCEJyaXNiYW5lMRowGAYDVQQKExFDcnlwdHNvZnQgUHR5IEx0ZDEiMCAGA1UECxMZ
-REVNT05TVFJBVElPTiBBTkQgVEVTVElORzEbMBkGA1UEAxMSREVNTyBaRVJPIFZBTFVFIENB
-AgIEfjAJBgUrDgMCGgUAoIGxMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcN
-AQkFMQ8XDTk4MDUxNDAzNDAyN1owIwYJKoZIhvcNAQkEMRYEFOKcV8mNYJnM8rHQajcSEqJN
-rwdDMFIGCSqGSIb3DQEJDzFFMEMwCgYIKoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMAcGBSsO
-AwIHMA0GCCqGSIb3DQMCAgFAMA0GCCqGSIb3DQMCAgEoMA0GCSqGSIb3DQEBAQUABEADPE/N
-coH+zTFuX5YpolupTKxKK8eEjc48TuADuO8bIHHDE/fEYaWunlwDuTlcFJl1ig0idffPB1qC
-Zp8SSVVY
---------------msD7863B84BD61E02C407F2F5E--
-
-
-From angela@c2.net.au Thu May 14 14:05:32 1998
-X-UIDL: a7d629b4b9acacaee8b39371b860a32a
-Return-Path: angela@c2.net.au
-Received: from cryptsoft.com (play.cryptsoft.com [203.56.44.3]) by pandora.cryptsoft.com (8.8.3/8.7.3) with ESMTP id OAA28033 for <tjh@cryptsoft.com>; Thu, 14 May 1998 14:05:32 +1000 (EST)
-Message-ID: <355A6F3B.AC385981@cryptsoft.com>
-Date: Thu, 14 May 1998 14:12:43 +1000
-From: Angela van Lent <angela@c2.net.au>
-X-Mailer: Mozilla 4.03 [en] (Win95; U)
-MIME-Version: 1.0
-To: tjh@cryptsoft.com
-Subject: encrypted
-Content-Type: application/x-pkcs7-mime; name="smime.p7m"
-Content-Transfer-Encoding: base64
-Content-Disposition: attachment; filename="smime.p7m"
-Content-Description: S/MIME Encrypted Message
-Content-Length: 905
-Status: OR
-
-MIAGCSqGSIb3DQEHA6CAMIACAQAxggHmMIHwAgEAMIGZMIGSMQswCQYDVQQGEwJBVTETMBEG
-A1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m
-dCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNUUkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQD
-ExJERU1PIFpFUk8gVkFMVUUgQ0ECAgR+MA0GCSqGSIb3DQEBAQUABEA92N29Yk39RUY2tIVd
-exGT2MFX3J6H8LB8aDRJjw7843ALgJ5zXpM5+f80QkAWwEN2A6Pl3VxiCeKLi435zXVyMIHw
-AgEAMIGZMIGSMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMI
-QnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29mdCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNU
-UkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQDExJERU1PIFpFUk8gVkFMVUUgQ0ECAgRuMA0G
-CSqGSIb3DQEBAQUABECR9IfyHtvnjFmZ8B2oUCEs1vxMsG0u1kxKE4RMPFyDqDCEARq7zXMg
-nzSUI7Wgv5USSKDqcLRJeW+jvYURv/nJMIAGCSqGSIb3DQEHATAaBggqhkiG9w0DAjAOAgIA
-oAQIrLqrij2ZMpeggAQoibtn6reRZWuWk5Iv5IAhgitr8EYE4w4ySQ7EMB6mTlBoFpccUMWX
-BwQgQn1UoWCvYAlhDzURdbui64Dc0rS2wtj+kE/InS6y25EEEPe4NUKaF8/UlE+lo3LtILQE
-CL3uV8k7m0iqAAAAAAAAAAAAAA==
-
diff --git a/app/openssl/crypto/pkcs7/t/s.pem b/app/openssl/crypto/pkcs7/t/s.pem
deleted file mode 100644
index 4fa925b1..00000000
--- a/app/openssl/crypto/pkcs7/t/s.pem
+++ /dev/null
@@ -1,57 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIBOgIBAAJBAK3nI4nuDYe3nDJES5WBc90igEstxWC4/h4YY+/ciYki35U8ets9
-mgaoCNYp/e9BCZHtvK2Y+fYokGJv5+cMTQsCAwEAAQJBAIHpvXvqEcOEoDRRHuIG
-fkcB4jPHcr9KE9TpxabH6xs9beN6OJnkePXAHwaz5MnUgSnbpOKq+cw8miKjXwe/
-zVECIQDVLwncT2lRmXarEYHzb+q/0uaSvKhWKKt3kJasLNTrAwIhANDUc/ghut29
-p3jJYjurzUKuG774/5eLjPLsxPPIZzNZAiA/10hSq41UnGqHLEUIS9m2/EeEZe7b
-bm567dfRU9OnVQIgDo8ROrZXSchEGbaog5J5r/Fle83uO8l93R3GqVxKXZkCIFfk
-IPD5PIYQAyyod3hyKKza7ZP4CGY4oOfZetbkSGGG
------END RSA PRIVATE KEY-----
-issuer :/C=AU/SP=Queensland/L=Brisbane/O=Cryptsoft Pty Ltd/OU=DEMONSTRATION AND TESTING/CN=DEMO ZERO VALUE CA
-subject:/C=AU/SP=Queensland/L=Brisbane/O=Cryptsoft Pty Ltd/OU=SMIME 003/CN=Information/Email=info@cryptsoft.com
-serial :047D
-
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 1149 (0x47d)
-        Signature Algorithm: md5withRSAEncryption
-        Issuer: C=AU, SP=Queensland, L=Brisbane, O=Cryptsoft Pty Ltd, OU=DEMONSTRATION AND TESTING, CN=DEMO ZERO VALUE CA
-        Validity
-            Not Before: May 13 05:40:58 1998 GMT
-            Not After : May 12 05:40:58 2000 GMT
-        Subject: C=AU, SP=Queensland, L=Brisbane, O=Cryptsoft Pty Ltd, OU=SMIME 003, CN=Information/Email=info@cryptsoft.com
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-                Modulus:
-                    00:ad:e7:23:89:ee:0d:87:b7:9c:32:44:4b:95:81:
-                    73:dd:22:80:4b:2d:c5:60:b8:fe:1e:18:63:ef:dc:
-                    89:89:22:df:95:3c:7a:db:3d:9a:06:a8:08:d6:29:
-                    fd:ef:41:09:91:ed:bc:ad:98:f9:f6:28:90:62:6f:
-                    e7:e7:0c:4d:0b
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            Netscape Comment: 
-                Generated with SSLeay
-    Signature Algorithm: md5withRSAEncryption
-        52:15:ea:88:f4:f0:f9:0b:ef:ce:d5:f8:83:40:61:16:5e:55:
-        f9:ce:2d:d1:8b:31:5c:03:c6:2d:10:7c:61:d5:5c:0a:42:97:
-        d1:fd:65:b6:b6:84:a5:39:ec:46:ec:fc:e0:0d:d9:22:da:1b:
-        50:74:ad:92:cb:4e:90:e5:fa:7d
-
------BEGIN CERTIFICATE-----
-MIICTDCCAfagAwIBAgICBH0wDQYJKoZIhvcNAQEEBQAwgZIxCzAJBgNVBAYTAkFV
-MRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UE
-ChMRQ3J5cHRzb2Z0IFB0eSBMdGQxIjAgBgNVBAsTGURFTU9OU1RSQVRJT04gQU5E
-IFRFU1RJTkcxGzAZBgNVBAMTEkRFTU8gWkVSTyBWQUxVRSBDQTAeFw05ODA1MTMw
-NTQwNThaFw0wMDA1MTIwNTQwNThaMIGeMQswCQYDVQQGEwJBVTETMBEGA1UECBMK
-UXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m
-dCBQdHkgTHRkMRIwEAYDVQQLEwlTTUlNRSAwMDMxFDASBgNVBAMTC0luZm9ybWF0
-aW9uMSEwHwYJKoZIhvcNAQkBFhJpbmZvQGNyeXB0c29mdC5jb20wXDANBgkqhkiG
-9w0BAQEFAANLADBIAkEArecjie4Nh7ecMkRLlYFz3SKASy3FYLj+Hhhj79yJiSLf
-lTx62z2aBqgI1in970EJke28rZj59iiQYm/n5wxNCwIDAQABoygwJjAkBglghkgB
-hvhCAQ0EFxYVR2VuZXJhdGVkIHdpdGggU1NMZWF5MA0GCSqGSIb3DQEBBAUAA0EA
-UhXqiPTw+QvvztX4g0BhFl5V+c4t0YsxXAPGLRB8YdVcCkKX0f1ltraEpTnsRuz8
-4A3ZItobUHStkstOkOX6fQ==
------END CERTIFICATE-----
-
diff --git a/app/openssl/crypto/pkcs7/t/server.pem b/app/openssl/crypto/pkcs7/t/server.pem
deleted file mode 100644
index 989baf87..00000000
--- a/app/openssl/crypto/pkcs7/t/server.pem
+++ /dev/null
@@ -1,57 +0,0 @@
-issuer :/C=AU/SP=Queensland/L=Brisbane/O=Cryptsoft Pty Ltd/OU=DEMONSTRATION AND TESTING/CN=DEMO ZERO VALUE CA
-subject:/C=AU/SP=Queensland/L=Brisbane/O=Cryptsoft Pty Ltd/OU=SMIME 003/CN=Information/Email=info@cryptsoft.com
-serial :047D
-
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 1149 (0x47d)
-        Signature Algorithm: md5withRSAEncryption
-        Issuer: C=AU, SP=Queensland, L=Brisbane, O=Cryptsoft Pty Ltd, OU=DEMONSTRATION AND TESTING, CN=DEMO ZERO VALUE CA
-        Validity
-            Not Before: May 13 05:40:58 1998 GMT
-            Not After : May 12 05:40:58 2000 GMT
-        Subject: C=AU, SP=Queensland, L=Brisbane, O=Cryptsoft Pty Ltd, OU=SMIME 003, CN=Information/Email=info@cryptsoft.com
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-                Modulus:
-                    00:ad:e7:23:89:ee:0d:87:b7:9c:32:44:4b:95:81:
-                    73:dd:22:80:4b:2d:c5:60:b8:fe:1e:18:63:ef:dc:
-                    89:89:22:df:95:3c:7a:db:3d:9a:06:a8:08:d6:29:
-                    fd:ef:41:09:91:ed:bc:ad:98:f9:f6:28:90:62:6f:
-                    e7:e7:0c:4d:0b
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            Netscape Comment: 
-                Generated with SSLeay
-    Signature Algorithm: md5withRSAEncryption
-        52:15:ea:88:f4:f0:f9:0b:ef:ce:d5:f8:83:40:61:16:5e:55:
-        f9:ce:2d:d1:8b:31:5c:03:c6:2d:10:7c:61:d5:5c:0a:42:97:
-        d1:fd:65:b6:b6:84:a5:39:ec:46:ec:fc:e0:0d:d9:22:da:1b:
-        50:74:ad:92:cb:4e:90:e5:fa:7d
-
------BEGIN CERTIFICATE-----
-MIICTDCCAfagAwIBAgICBH0wDQYJKoZIhvcNAQEEBQAwgZIxCzAJBgNVBAYTAkFV
-MRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UE
-ChMRQ3J5cHRzb2Z0IFB0eSBMdGQxIjAgBgNVBAsTGURFTU9OU1RSQVRJT04gQU5E
-IFRFU1RJTkcxGzAZBgNVBAMTEkRFTU8gWkVSTyBWQUxVRSBDQTAeFw05ODA1MTMw
-NTQwNThaFw0wMDA1MTIwNTQwNThaMIGeMQswCQYDVQQGEwJBVTETMBEGA1UECBMK
-UXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m
-dCBQdHkgTHRkMRIwEAYDVQQLEwlTTUlNRSAwMDMxFDASBgNVBAMTC0luZm9ybWF0
-aW9uMSEwHwYJKoZIhvcNAQkBFhJpbmZvQGNyeXB0c29mdC5jb20wXDANBgkqhkiG
-9w0BAQEFAANLADBIAkEArecjie4Nh7ecMkRLlYFz3SKASy3FYLj+Hhhj79yJiSLf
-lTx62z2aBqgI1in970EJke28rZj59iiQYm/n5wxNCwIDAQABoygwJjAkBglghkgB
-hvhCAQ0EFxYVR2VuZXJhdGVkIHdpdGggU1NMZWF5MA0GCSqGSIb3DQEBBAUAA0EA
-UhXqiPTw+QvvztX4g0BhFl5V+c4t0YsxXAPGLRB8YdVcCkKX0f1ltraEpTnsRuz8
-4A3ZItobUHStkstOkOX6fQ==
------END CERTIFICATE-----
-
------BEGIN RSA PRIVATE KEY-----
-MIIBOgIBAAJBAK3nI4nuDYe3nDJES5WBc90igEstxWC4/h4YY+/ciYki35U8ets9
-mgaoCNYp/e9BCZHtvK2Y+fYokGJv5+cMTQsCAwEAAQJBAIHpvXvqEcOEoDRRHuIG
-fkcB4jPHcr9KE9TpxabH6xs9beN6OJnkePXAHwaz5MnUgSnbpOKq+cw8miKjXwe/
-zVECIQDVLwncT2lRmXarEYHzb+q/0uaSvKhWKKt3kJasLNTrAwIhANDUc/ghut29
-p3jJYjurzUKuG774/5eLjPLsxPPIZzNZAiA/10hSq41UnGqHLEUIS9m2/EeEZe7b
-bm567dfRU9OnVQIgDo8ROrZXSchEGbaog5J5r/Fle83uO8l93R3GqVxKXZkCIFfk
-IPD5PIYQAyyod3hyKKza7ZP4CGY4oOfZetbkSGGG
------END RSA PRIVATE KEY-----
diff --git a/app/openssl/crypto/pkcs7/verify.c b/app/openssl/crypto/pkcs7/verify.c
deleted file mode 100644
index b40f2603..00000000
--- a/app/openssl/crypto/pkcs7/verify.c
+++ /dev/null
@@ -1,263 +0,0 @@
-/* crypto/pkcs7/verify.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-#include <stdio.h>
-#include <string.h>
-#include <openssl/bio.h>
-#include <openssl/asn1.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-#include <openssl/err.h>
-#include "example.h"
-
-int verify_callback(int ok, X509_STORE_CTX *ctx);
-
-BIO *bio_err=NULL;
-BIO *bio_out=NULL;
-
-int main(argc,argv)
-int argc;
-char *argv[];
-	{
-	PKCS7 *p7;
-	PKCS7_SIGNER_INFO *si;
-	X509_STORE_CTX cert_ctx;
-	X509_STORE *cert_store=NULL;
-	BIO *data,*detached=NULL,*p7bio=NULL;
-	char buf[1024*4];
-	char *pp;
-	int i,printit=0;
-	STACK_OF(PKCS7_SIGNER_INFO) *sk;
-
-	bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
-	bio_out=BIO_new_fp(stdout,BIO_NOCLOSE);
-#ifndef OPENSSL_NO_MD2
-	EVP_add_digest(EVP_md2());
-#endif
-#ifndef OPENSSL_NO_MD5
-	EVP_add_digest(EVP_md5());
-#endif
-#ifndef OPENSSL_NO_SHA1
-	EVP_add_digest(EVP_sha1());
-#endif
-#ifndef OPENSSL_NO_MDC2
-	EVP_add_digest(EVP_mdc2());
-#endif
-
-	data=BIO_new(BIO_s_file());
-
-	pp=NULL;
-	while (argc > 1)
-		{
-		argc--;
-		argv++;
-		if (strcmp(argv[0],"-p") == 0)
-			{
-			printit=1;
-			}
-		else if ((strcmp(argv[0],"-d") == 0) && (argc >= 2))
-			{
-			detached=BIO_new(BIO_s_file());
-			if (!BIO_read_filename(detached,argv[1]))
-				goto err;
-			argc--;
-			argv++;
-			}
-		else
-			{
-			pp=argv[0];
-			if (!BIO_read_filename(data,argv[0]))
-				goto err;
-			}
-		}
-
-	if (pp == NULL)
-		BIO_set_fp(data,stdin,BIO_NOCLOSE);
-
-
-	/* Load the PKCS7 object from a file */
-	if ((p7=PEM_read_bio_PKCS7(data,NULL,NULL,NULL)) == NULL) goto err;
-
-	/* This stuff is being setup for certificate verification.
-	 * When using SSL, it could be replaced with a 
-	 * cert_stre=SSL_CTX_get_cert_store(ssl_ctx); */
-	cert_store=X509_STORE_new();
-	X509_STORE_set_default_paths(cert_store);
-	X509_STORE_load_locations(cert_store,NULL,"../../certs");
-	X509_STORE_set_verify_cb_func(cert_store,verify_callback);
-
-	ERR_clear_error();
-
-	/* We need to process the data */
-	if ((PKCS7_get_detached(p7) || detached))
-		{
-		if (detached == NULL)
-			{
-			printf("no data to verify the signature on\n");
-			exit(1);
-			}
-		else
-			p7bio=PKCS7_dataInit(p7,detached);
-		}
-	else
-		{
-		p7bio=PKCS7_dataInit(p7,NULL);
-		}
-
-	/* We now have to 'read' from p7bio to calculate digests etc. */
-	for (;;)
-		{
-		i=BIO_read(p7bio,buf,sizeof(buf));
-		/* print it? */
-		if (i <= 0) break;
-		}
-
-	/* We can now verify signatures */
-	sk=PKCS7_get_signer_info(p7);
-	if (sk == NULL)
-		{
-		printf("there are no signatures on this data\n");
-		exit(1);
-		}
-
-	/* Ok, first we need to, for each subject entry, see if we can verify */
-	for (i=0; i<sk_PKCS7_SIGNER_INFO_num(sk); i++)
-		{
-		ASN1_UTCTIME *tm;
-		char *str1,*str2;
-		int rc;
-
-		si=sk_PKCS7_SIGNER_INFO_value(sk,i);
-		rc=PKCS7_dataVerify(cert_store,&cert_ctx,p7bio,p7,si);
-		if (rc <= 0)
-			goto err;
-		printf("signer info\n");
-		if ((tm=get_signed_time(si)) != NULL)
-			{
-			BIO_printf(bio_out,"Signed time:");
-			ASN1_UTCTIME_print(bio_out,tm);
-			ASN1_UTCTIME_free(tm);
-			BIO_printf(bio_out,"\n");
-			}
-		if (get_signed_seq2string(si,&str1,&str2))
-			{
-			BIO_printf(bio_out,"String 1 is %s\n",str1);
-			BIO_printf(bio_out,"String 2 is %s\n",str2);
-			}
-
-		}
-
-	X509_STORE_free(cert_store);
-
-	printf("done\n");
-	exit(0);
-err:
-	ERR_load_crypto_strings();
-	ERR_print_errors_fp(stderr);
-	exit(1);
-	}
-
-/* should be X509 * but we can just have them as char *. */
-int verify_callback(int ok, X509_STORE_CTX *ctx)
-	{
-	char buf[256];
-	X509 *err_cert;
-	int err,depth;
-
-	err_cert=X509_STORE_CTX_get_current_cert(ctx);
-	err=	X509_STORE_CTX_get_error(ctx);
-	depth=	X509_STORE_CTX_get_error_depth(ctx);
-
-	X509_NAME_oneline(X509_get_subject_name(err_cert),buf,256);
-	BIO_printf(bio_err,"depth=%d %s\n",depth,buf);
-	if (!ok)
-		{
-		BIO_printf(bio_err,"verify error:num=%d:%s\n",err,
-			X509_verify_cert_error_string(err));
-		if (depth < 6)
-			{
-			ok=1;
-			X509_STORE_CTX_set_error(ctx,X509_V_OK);
-			}
-		else
-			{
-			ok=0;
-			X509_STORE_CTX_set_error(ctx,X509_V_ERR_CERT_CHAIN_TOO_LONG);
-			}
-		}
-	switch (ctx->error)
-		{
-	case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
-		X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert),buf,256);
-		BIO_printf(bio_err,"issuer= %s\n",buf);
-		break;
-	case X509_V_ERR_CERT_NOT_YET_VALID:
-	case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
-		BIO_printf(bio_err,"notBefore=");
-		ASN1_UTCTIME_print(bio_err,X509_get_notBefore(ctx->current_cert));
-		BIO_printf(bio_err,"\n");
-		break;
-	case X509_V_ERR_CERT_HAS_EXPIRED:
-	case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
-		BIO_printf(bio_err,"notAfter=");
-		ASN1_UTCTIME_print(bio_err,X509_get_notAfter(ctx->current_cert));
-		BIO_printf(bio_err,"\n");
-		break;
-		}
-	BIO_printf(bio_err,"verify return:%d\n",ok);
-	return(ok);
-	}
diff --git a/app/openssl/crypto/pqueue/pqueue.h b/app/openssl/crypto/pqueue/pqueue.h
index 87fc9037..26b53480 100644
--- a/app/openssl/crypto/pqueue/pqueue.h
+++ b/app/openssl/crypto/pqueue/pqueue.h
@@ -64,6 +64,9 @@
 #include <stdlib.h>
 #include <string.h>
 
+#ifdef  __cplusplus
+extern "C" {
+#endif
 typedef struct _pqueue *pqueue;
 
 typedef struct _pitem
@@ -91,4 +94,7 @@ pitem *pqueue_next(piterator *iter);
 void   pqueue_print(pqueue pq);
 int    pqueue_size(pqueue pq);
 
+#ifdef  __cplusplus
+}
+#endif
 #endif /* ! HEADER_PQUEUE_H */
diff --git a/app/openssl/crypto/rand/md_rand.c b/app/openssl/crypto/rand/md_rand.c
index aee1c30b..888b4eb8 100644
--- a/app/openssl/crypto/rand/md_rand.c
+++ b/app/openssl/crypto/rand/md_rand.c
@@ -159,7 +159,6 @@ const char RAND_version[]="RAND" OPENSSL_VERSION_PTEXT;
 static void ssleay_rand_cleanup(void);
 static void ssleay_rand_seed(const void *buf, int num);
 static void ssleay_rand_add(const void *buf, int num, double add_entropy);
-static int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo);
 static int ssleay_rand_nopseudo_bytes(unsigned char *buf, int num);
 static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num);
 static int ssleay_rand_status(void);
@@ -334,7 +333,7 @@ static void ssleay_rand_seed(const void *buf, int num)
 	ssleay_rand_add(buf, num, (double)num);
 	}
 
-static int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo)
+int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo, int lock)
 	{
 	static volatile int stirred_pool = 0;
 	int i,j,k,st_num,st_idx;
@@ -383,10 +382,7 @@ static int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo)
 	 * are fed into the hash function and the results are kept in the
 	 * global 'md'.
 	 */
-#ifdef OPENSSL_FIPS
-	/* NB: in FIPS mode we are already under a lock */
-	if (!FIPS_mode())
-#endif
+	if (lock)
 		CRYPTO_w_lock(CRYPTO_LOCK_RAND);
 
 	/* prevent ssleay_rand_bytes() from trying to obtain the lock again */
@@ -466,9 +462,7 @@ static int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo)
 
 	/* before unlocking, we must clear 'crypto_lock_rand' */
 	crypto_lock_rand = 0;
-#ifdef OPENSSL_FIPS
-	if (!FIPS_mode())
-#endif
+	if (lock)
 		CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
 
 	while (num > 0)
@@ -521,15 +515,11 @@ static int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo)
 	MD_Init(&m);
 	MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c));
 	MD_Update(&m,local_md,MD_DIGEST_LENGTH);
-#ifdef OPENSSL_FIPS
-	if (!FIPS_mode())
-#endif
+	if (lock)
 		CRYPTO_w_lock(CRYPTO_LOCK_RAND);
 	MD_Update(&m,md,MD_DIGEST_LENGTH);
 	MD_Final(&m,md);
-#ifdef OPENSSL_FIPS
-	if (!FIPS_mode())
-#endif
+	if (lock)
 		CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
 
 	EVP_MD_CTX_cleanup(&m);
@@ -548,14 +538,14 @@ static int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo)
 
 static int ssleay_rand_nopseudo_bytes(unsigned char *buf, int num)
 	{
-	return ssleay_rand_bytes(buf, num, 0);
+	return ssleay_rand_bytes(buf, num, 0, 1);
 	}
 
 /* pseudo-random bytes that are guaranteed to be unique but not
    unpredictable */
 static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num) 
 	{
-	return ssleay_rand_bytes(buf, num, 1);
+	return ssleay_rand_bytes(buf, num, 1, 1);
 	}
 
 static int ssleay_rand_status(void)
diff --git a/app/openssl/crypto/rand/rand_lcl.h b/app/openssl/crypto/rand/rand_lcl.h
index 618a8ec8..0fabf8dc 100644
--- a/app/openssl/crypto/rand/rand_lcl.h
+++ b/app/openssl/crypto/rand/rand_lcl.h
@@ -154,5 +154,6 @@
 #define	MD(a,b,c)		EVP_Digest(a,b,c,NULL,EVP_md2(), NULL)
 #endif
 
+int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo, int lock);
 
 #endif
diff --git a/app/openssl/crypto/rand/rand_lib.c b/app/openssl/crypto/rand/rand_lib.c
index 5ac0e14c..239a1cde 100644
--- a/app/openssl/crypto/rand/rand_lib.c
+++ b/app/openssl/crypto/rand/rand_lib.c
@@ -68,6 +68,7 @@
 #ifdef OPENSSL_FIPS
 #include <openssl/fips.h>
 #include <openssl/fips_rand.h>
+#include "rand_lcl.h"
 #endif
 
 #ifndef OPENSSL_NO_ENGINE
@@ -199,7 +200,7 @@ static size_t drbg_get_entropy(DRBG_CTX *ctx, unsigned char **pout,
 	*pout = OPENSSL_malloc(min_len);
 	if (!*pout)
 		return 0;
-	if (RAND_SSLeay()->bytes(*pout, min_len) <= 0)
+	if (ssleay_rand_bytes(*pout, min_len, 0, 0) <= 0)
 		{
 		OPENSSL_free(*pout);
 		*pout = NULL;
diff --git a/app/openssl/crypto/rand/randfile.c b/app/openssl/crypto/rand/randfile.c
index 7f142807..14ba69d4 100644
--- a/app/openssl/crypto/rand/randfile.c
+++ b/app/openssl/crypto/rand/randfile.c
@@ -79,6 +79,7 @@
 #endif
 #ifndef OPENSSL_NO_POSIX_IO
 # include <sys/stat.h>
+# include <fcntl.h>
 #endif
 
 #ifdef _WIN32
diff --git a/app/openssl/crypto/rsa/rsa.h b/app/openssl/crypto/rsa/rsa.h
index 5f269e57..11853fee 100644
--- a/app/openssl/crypto/rsa/rsa.h
+++ b/app/openssl/crypto/rsa/rsa.h
@@ -559,6 +559,7 @@ void ERR_load_RSA_strings(void);
 #define RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE	 158
 #define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE	 148
 #define RSA_R_PADDING_CHECK_FAILED			 114
+#define RSA_R_PKCS_DECODING_ERROR			 159
 #define RSA_R_P_NOT_PRIME				 128
 #define RSA_R_Q_NOT_PRIME				 129
 #define RSA_R_RSA_OPERATIONS_NOT_SUPPORTED		 130
diff --git a/app/openssl/crypto/rsa/rsa_eay.c b/app/openssl/crypto/rsa/rsa_eay.c
index 88ee2cb5..aa810459 100644
--- a/app/openssl/crypto/rsa/rsa_eay.c
+++ b/app/openssl/crypto/rsa/rsa_eay.c
@@ -459,7 +459,7 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
 	if (padding == RSA_X931_PADDING)
 		{
 		BN_sub(f, rsa->n, ret);
-		if (BN_cmp(ret, f))
+		if (BN_cmp(ret, f) > 0)
 			res = f;
 		else
 			res = ret;
diff --git a/app/openssl/crypto/rsa/rsa_err.c b/app/openssl/crypto/rsa/rsa_err.c
index 46e0bf99..9da79d92 100644
--- a/app/openssl/crypto/rsa/rsa_err.c
+++ b/app/openssl/crypto/rsa/rsa_err.c
@@ -175,6 +175,7 @@ static ERR_STRING_DATA RSA_str_reasons[]=
 {ERR_REASON(RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE),"operation not allowed in fips mode"},
 {ERR_REASON(RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE),"operation not supported for this keytype"},
 {ERR_REASON(RSA_R_PADDING_CHECK_FAILED)  ,"padding check failed"},
+{ERR_REASON(RSA_R_PKCS_DECODING_ERROR)   ,"pkcs decoding error"},
 {ERR_REASON(RSA_R_P_NOT_PRIME)           ,"p not prime"},
 {ERR_REASON(RSA_R_Q_NOT_PRIME)           ,"q not prime"},
 {ERR_REASON(RSA_R_RSA_OPERATIONS_NOT_SUPPORTED),"rsa operations not supported"},
diff --git a/app/openssl/crypto/rsa/rsa_oaep.c b/app/openssl/crypto/rsa/rsa_oaep.c
index af4d24a5..c3633319 100644
--- a/app/openssl/crypto/rsa/rsa_oaep.c
+++ b/app/openssl/crypto/rsa/rsa_oaep.c
@@ -18,6 +18,7 @@
  * an equivalent notion.
  */
 
+#include "constant_time_locl.h"
 
 #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
 #include <stdio.h>
@@ -95,92 +96,117 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
 	const unsigned char *from, int flen, int num,
 	const unsigned char *param, int plen)
 	{
-	int i, dblen, mlen = -1;
-	const unsigned char *maskeddb;
-	int lzero;
-	unsigned char *db = NULL, seed[SHA_DIGEST_LENGTH], phash[SHA_DIGEST_LENGTH];
-	unsigned char *padded_from;
-	int bad = 0;
-
-	if (--num < 2 * SHA_DIGEST_LENGTH + 1)
-		/* 'num' is the length of the modulus, i.e. does not depend on the
-		 * particular ciphertext. */
-		goto decoding_err;
+	int i, dblen, mlen = -1, one_index = 0, msg_index;
+	unsigned int good, found_one_byte;
+	const unsigned char *maskedseed, *maskeddb;
+	/* |em| is the encoded message, zero-padded to exactly |num| bytes:
+	 * em = Y || maskedSeed || maskedDB */
+	unsigned char *db = NULL, *em = NULL, seed[EVP_MAX_MD_SIZE],
+		phash[EVP_MAX_MD_SIZE];
 
-	lzero = num - flen;
-	if (lzero < 0)
-		{
-		/* signalling this error immediately after detection might allow
-		 * for side-channel attacks (e.g. timing if 'plen' is huge
-		 * -- cf. James H. Manger, "A Chosen Ciphertext Attack on RSA Optimal
-		 * Asymmetric Encryption Padding (OAEP) [...]", CRYPTO 2001),
-		 * so we use a 'bad' flag */
-		bad = 1;
-		lzero = 0;
-		flen = num; /* don't overflow the memcpy to padded_from */
-		}
+        if (tlen <= 0 || flen <= 0)
+		return -1;
 
-	dblen = num - SHA_DIGEST_LENGTH;
-	db = OPENSSL_malloc(dblen + num);
-	if (db == NULL)
+	/*
+	 * |num| is the length of the modulus; |flen| is the length of the
+	 * encoded message. Therefore, for any |from| that was obtained by
+	 * decrypting a ciphertext, we must have |flen| <= |num|. Similarly,
+	 * num < 2 * SHA_DIGEST_LENGTH + 2 must hold for the modulus
+	 * irrespective of the ciphertext, see PKCS #1 v2.2, section 7.1.2.
+	 * This does not leak any side-channel information.
+	 */
+	if (num < flen || num < 2 * SHA_DIGEST_LENGTH + 2)
+		goto decoding_err;
+
+	dblen = num - SHA_DIGEST_LENGTH - 1;
+	db = OPENSSL_malloc(dblen);
+	em = OPENSSL_malloc(num);
+	if (db == NULL || em == NULL)
 		{
 		RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, ERR_R_MALLOC_FAILURE);
-		return -1;
+		goto cleanup;
 		}
 
-	/* Always do this zero-padding copy (even when lzero == 0)
-	 * to avoid leaking timing info about the value of lzero. */
-	padded_from = db + dblen;
-	memset(padded_from, 0, lzero);
-	memcpy(padded_from + lzero, from, flen);
+	/*
+	 * Always do this zero-padding copy (even when num == flen) to avoid
+	 * leaking that information. The copy still leaks some side-channel
+	 * information, but it's impossible to have a fixed  memory access
+	 * pattern since we can't read out of the bounds of |from|.
+	 *
+	 * TODO(emilia): Consider porting BN_bn2bin_padded from BoringSSL.
+	 */
+	memset(em, 0, num);
+	memcpy(em + num - flen, from, flen);
 
-	maskeddb = padded_from + SHA_DIGEST_LENGTH;
+	/*
+	 * The first byte must be zero, however we must not leak if this is
+	 * true. See James H. Manger, "A Chosen Ciphertext  Attack on RSA
+	 * Optimal Asymmetric Encryption Padding (OAEP) [...]", CRYPTO 2001).
+	 */
+	good = constant_time_is_zero(em[0]);
+
+	maskedseed = em + 1;
+	maskeddb = em + 1 + SHA_DIGEST_LENGTH;
 
 	if (MGF1(seed, SHA_DIGEST_LENGTH, maskeddb, dblen))
-		return -1;
+		goto cleanup;
 	for (i = 0; i < SHA_DIGEST_LENGTH; i++)
-		seed[i] ^= padded_from[i];
-  
+		seed[i] ^= maskedseed[i];
+
 	if (MGF1(db, dblen, seed, SHA_DIGEST_LENGTH))
-		return -1;
+		goto cleanup;
 	for (i = 0; i < dblen; i++)
 		db[i] ^= maskeddb[i];
 
 	if (!EVP_Digest((void *)param, plen, phash, NULL, EVP_sha1(), NULL))
-		return -1;
+		goto cleanup;
+
+	good &= constant_time_is_zero(CRYPTO_memcmp(db, phash, SHA_DIGEST_LENGTH));
 
-	if (CRYPTO_memcmp(db, phash, SHA_DIGEST_LENGTH) != 0 || bad)
+	found_one_byte = 0;
+	for (i = SHA_DIGEST_LENGTH; i < dblen; i++)
+		{
+		/* Padding consists of a number of 0-bytes, followed by a 1. */
+		unsigned int equals1 = constant_time_eq(db[i], 1);
+		unsigned int equals0 = constant_time_is_zero(db[i]);
+		one_index = constant_time_select_int(~found_one_byte & equals1,
+			i, one_index);
+		found_one_byte |= equals1;
+		good &= (found_one_byte | equals0);
+		}
+
+	good &= found_one_byte;
+
+	/*
+	 * At this point |good| is zero unless the plaintext was valid,
+	 * so plaintext-awareness ensures timing side-channels are no longer a
+	 * concern.
+	 */
+	if (!good)
 		goto decoding_err;
+
+	msg_index = one_index + 1;
+	mlen = dblen - msg_index;
+
+	if (tlen < mlen)
+		{
+		RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_DATA_TOO_LARGE);
+		mlen = -1;
+		}
 	else
 		{
-		for (i = SHA_DIGEST_LENGTH; i < dblen; i++)
-			if (db[i] != 0x00)
-				break;
-		if (i == dblen || db[i] != 0x01)
-			goto decoding_err;
-		else
-			{
-			/* everything looks OK */
-
-			mlen = dblen - ++i;
-			if (tlen < mlen)
-				{
-				RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_DATA_TOO_LARGE);
-				mlen = -1;
-				}
-			else
-				memcpy(to, db + i, mlen);
-			}
+		memcpy(to, db + msg_index, mlen);
+		goto cleanup;
 		}
-	OPENSSL_free(db);
-	return mlen;
 
 decoding_err:
-	/* to avoid chosen ciphertext attacks, the error message should not reveal
-	 * which kind of decoding error happened */
+	/* To avoid chosen ciphertext attacks, the error message should not reveal
+	 * which kind of decoding error happened. */
 	RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_OAEP_DECODING_ERROR);
+cleanup:
 	if (db != NULL) OPENSSL_free(db);
-	return -1;
+	if (em != NULL) OPENSSL_free(em);
+	return mlen;
 	}
 
 int PKCS1_MGF1(unsigned char *mask, long len,
diff --git a/app/openssl/crypto/rsa/rsa_pk1.c b/app/openssl/crypto/rsa/rsa_pk1.c
index 8560755f..c2da56f6 100644
--- a/app/openssl/crypto/rsa/rsa_pk1.c
+++ b/app/openssl/crypto/rsa/rsa_pk1.c
@@ -56,6 +56,8 @@
  * [including the GNU Public Licence.]
  */
 
+#include "constant_time_locl.h"
+
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/bn.h>
@@ -181,44 +183,87 @@ int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen,
 int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
 	     const unsigned char *from, int flen, int num)
 	{
-	int i,j;
-	const unsigned char *p;
+	int i;
+	/* |em| is the encoded message, zero-padded to exactly |num| bytes */
+	unsigned char *em = NULL;
+	unsigned int good, found_zero_byte;
+	int zero_index = 0, msg_index, mlen = -1;
 
-	p=from;
-	if ((num != (flen+1)) || (*(p++) != 02))
-		{
-		RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,RSA_R_BLOCK_TYPE_IS_NOT_02);
-		return(-1);
-		}
-#ifdef PKCS1_CHECK
-	return(num-11);
-#endif
+        if (tlen < 0 || flen < 0)
+		return -1;
 
-	/* scan over padding data */
-	j=flen-1; /* one for type. */
-	for (i=0; i<j; i++)
-		if (*(p++) == 0) break;
+	/* PKCS#1 v1.5 decryption. See "PKCS #1 v2.2: RSA Cryptography
+	 * Standard", section 7.2.2. */
 
-	if (i == j)
+	if (flen > num)
+		goto err;
+
+	if (num < 11)
+		goto err;
+
+	em = OPENSSL_malloc(num);
+	if (em == NULL)
 		{
-		RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,RSA_R_NULL_BEFORE_BLOCK_MISSING);
-		return(-1);
+		RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2, ERR_R_MALLOC_FAILURE);
+		return -1;
 		}
+	memset(em, 0, num);
+	/*
+	 * Always do this zero-padding copy (even when num == flen) to avoid
+	 * leaking that information. The copy still leaks some side-channel
+	 * information, but it's impossible to have a fixed  memory access
+	 * pattern since we can't read out of the bounds of |from|.
+	 *
+	 * TODO(emilia): Consider porting BN_bn2bin_padded from BoringSSL.
+	 */
+	memcpy(em + num - flen, from, flen);
 
-	if (i < 8)
+	good = constant_time_is_zero(em[0]);
+	good &= constant_time_eq(em[1], 2);
+
+	found_zero_byte = 0;
+	for (i = 2; i < num; i++)
 		{
-		RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,RSA_R_BAD_PAD_BYTE_COUNT);
-		return(-1);
+		unsigned int equals0 = constant_time_is_zero(em[i]);
+		zero_index = constant_time_select_int(~found_zero_byte & equals0, i, zero_index);
+		found_zero_byte |= equals0;
 		}
-	i++; /* Skip over the '\0' */
-	j-=i;
-	if (j > tlen)
+
+	/*
+	 * PS must be at least 8 bytes long, and it starts two bytes into |em|.
+         * If we never found a 0-byte, then |zero_index| is 0 and the check
+	 * also fails.
+	 */
+	good &= constant_time_ge((unsigned int)(zero_index), 2 + 8);
+
+	/* Skip the zero byte. This is incorrect if we never found a zero-byte
+	 * but in this case we also do not copy the message out. */
+	msg_index = zero_index + 1;
+	mlen = num - msg_index;
+
+	/* For good measure, do this check in constant time as well; it could
+	 * leak something if |tlen| was assuming valid padding. */
+	good &= constant_time_ge((unsigned int)(tlen), (unsigned int)(mlen));
+
+	/*
+	 * We can't continue in constant-time because we need to copy the result
+	 * and we cannot fake its length. This unavoidably leaks timing
+	 * information at the API boundary.
+	 * TODO(emilia): this could be addressed at the call site,
+	 * see BoringSSL commit 0aa0767340baf925bda4804882aab0cb974b2d26.
+	 */
+	if (!good)
 		{
-		RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,RSA_R_DATA_TOO_LARGE);
-		return(-1);
+		mlen = -1;
+		goto err;
 		}
-	memcpy(to,p,(unsigned int)j);
 
-	return(j);
-	}
+	memcpy(to, em + msg_index, mlen);
 
+err:
+	if (em != NULL)
+		OPENSSL_free(em);
+	if (mlen == -1)
+		RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2, RSA_R_PKCS_DECODING_ERROR);
+	return mlen;
+	}
diff --git a/app/openssl/crypto/rsa/rsa_sign.c b/app/openssl/crypto/rsa/rsa_sign.c
index b6f6037a..225bcfe2 100644
--- a/app/openssl/crypto/rsa/rsa_sign.c
+++ b/app/openssl/crypto/rsa/rsa_sign.c
@@ -151,6 +151,25 @@ int RSA_sign(int type, const unsigned char *m, unsigned int m_len,
 	return(ret);
 	}
 
+/*
+ * Check DigestInfo structure does not contain extraneous data by reencoding
+ * using DER and checking encoding against original. 
+ */
+static int rsa_check_digestinfo(X509_SIG *sig, const unsigned char *dinfo, int dinfolen)
+	{
+	unsigned char *der = NULL;
+	int derlen;
+	int ret = 0;
+	derlen = i2d_X509_SIG(sig, &der);
+	if (derlen <= 0)
+		return 0;
+	if (derlen == dinfolen && !memcmp(dinfo, der, derlen))
+		ret = 1;
+	OPENSSL_cleanse(der, derlen);
+	OPENSSL_free(der);
+	return ret;
+	}
+
 int int_rsa_verify(int dtype, const unsigned char *m,
 			  unsigned int m_len,
 			  unsigned char *rm, size_t *prm_len,
@@ -228,7 +247,7 @@ int int_rsa_verify(int dtype, const unsigned char *m,
 		if (sig == NULL) goto err;
 
 		/* Excess data can be used to create forgeries */
-		if(p != s+i)
+		if(p != s+i || !rsa_check_digestinfo(sig, s, i))
 			{
 			RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
 			goto err;
diff --git a/app/openssl/crypto/srp/srp_lib.c b/app/openssl/crypto/srp/srp_lib.c
index 7c1dcc51..83d417a3 100644
--- a/app/openssl/crypto/srp/srp_lib.c
+++ b/app/openssl/crypto/srp/srp_lib.c
@@ -89,6 +89,9 @@ static BIGNUM *srp_Calc_k(BIGNUM *N, BIGNUM *g)
 	int longg ;
 	int longN = BN_num_bytes(N);
 
+	if (BN_ucmp(g, N) >= 0)
+		return NULL;
+
 	if ((tmp = OPENSSL_malloc(longN)) == NULL)
 		return NULL;
 	BN_bn2bin(N,tmp) ;
@@ -121,6 +124,9 @@ BIGNUM *SRP_Calc_u(BIGNUM *A, BIGNUM *B, BIGNUM *N)
 	if ((A == NULL) ||(B == NULL) || (N == NULL))
 		return NULL;
 
+	if (BN_ucmp(A, N) >= 0 || BN_ucmp(B, N) >= 0)
+		return NULL;
+
 	longN= BN_num_bytes(N);
 
 	if ((cAB = OPENSSL_malloc(2*longN)) == NULL) 
diff --git a/app/openssl/crypto/stack/safestack.h b/app/openssl/crypto/stack/safestack.h
index ea3aa0d8..bc194cb2 100644
--- a/app/openssl/crypto/stack/safestack.h
+++ b/app/openssl/crypto/stack/safestack.h
@@ -57,6 +57,10 @@
 
 #include <openssl/stack.h>
 
+#ifdef __cplusplus
+extern "C" {
+#endif
+
 #ifndef CHECKED_PTR_OF
 #define CHECKED_PTR_OF(type, p) \
     ((void*) (1 ? p : (type*)0))
@@ -2660,4 +2664,8 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void)
 #define lh_SSL_SESSION_free(lh) LHM_lh_free(SSL_SESSION,lh)
 /* End of util/mkstack.pl block, you may now edit :-) */
 
+
+#ifdef  __cplusplus
+}
+#endif
 #endif /* !defined HEADER_SAFESTACK_H */
diff --git a/app/openssl/crypto/ui/ui_lib.c b/app/openssl/crypto/ui/ui_lib.c
index a8abc270..167da002 100644
--- a/app/openssl/crypto/ui/ui_lib.c
+++ b/app/openssl/crypto/ui/ui_lib.c
@@ -916,9 +916,9 @@ int UI_set_result(UI *ui, UI_STRING *uis, const char *result)
 				break;
 				}
 			}
+		}
 	default:
 		break;
 		}
-		}
 	return 0;
 	}
diff --git a/app/openssl/e_os.h b/app/openssl/e_os.h
index 6a0aad1d..733155e4 100644
--- a/app/openssl/e_os.h
+++ b/app/openssl/e_os.h
@@ -373,7 +373,16 @@ static unsigned int _strlen31(const char *str)
 #  define check_winnt() (1)
 #else
 #  define check_winnt() (GetVersion() < 0x80000000)
-#endif 
+#endif
+
+/*
+ * Visual Studio: inline is available in C++ only, however
+ * __inline is available for C, see
+ * http://msdn.microsoft.com/en-us/library/z8y1yy88.aspx
+ */
+#if defined(_MSC_VER) && !defined(__cplusplus) && !defined(inline)
+#  define inline __inline
+#endif
 
 #else /* The non-microsoft world */
 
@@ -738,4 +747,3 @@ struct servent *getservbyname(const char *name, const char *proto);
 #endif
 
 #endif
-
diff --git a/app/openssl/flavor.mk b/app/openssl/flavor.mk
new file mode 100644
index 00000000..f32fe41a
--- /dev/null
+++ b/app/openssl/flavor.mk
@@ -0,0 +1,4 @@
+# This makefile exists to be included by makefiles in other directories so that
+# they can detect whether BoringSSL or OpenSSL is being used.
+
+OPENSSL_FLAVOR=OpenSSL
diff --git a/app/openssl/import_openssl.sh b/app/openssl/import_openssl.sh
index f16596bc..dc4049ca 100755
--- a/app/openssl/import_openssl.sh
+++ b/app/openssl/import_openssl.sh
@@ -439,6 +439,9 @@ LOCAL_ADDITIONAL_DEPENDENCIES += \$(LOCAL_PATH)/$(basename $output)
     print_vardef_with_prefix_in_mk common_c_includes external/openssl/ $common_includes
 
     for arch in $all_archs; do
+      arch_clang_asflags=$(var_sorted_value OPENSSL_${prefix}_CLANG_ASFLAGS_${arch})
+      print_vardef_in_mk ${arch}_clang_asflags $arch_clang_asflags
+
       arch_defines=$(var_sorted_value OPENSSL_${prefix}_DEFINES_${arch})
       print_defines_in_mk ${arch}_cflags $arch_defines
 
@@ -457,7 +460,8 @@ LOCAL_C_INCLUDES += \$(common_c_includes)"
       for arch in $all_archs; do
         echo "
 LOCAL_SRC_FILES_${arch} += \$(filter-out \$(${arch}_exclude_files),\$(common_src_files) \$(${arch}_src_files))
-LOCAL_CFLAGS_${arch} += \$(${arch}_cflags)"
+LOCAL_CFLAGS_${arch} += \$(${arch}_cflags)
+LOCAL_CLANG_ASFLAGS_${arch} += \$(${arch}_clang_asflags)"
       done
     else
       echo "
diff --git a/app/openssl/include/openssl/dtls1.h b/app/openssl/include/openssl/dtls1.h
index e65d5011..192c5def 100644
--- a/app/openssl/include/openssl/dtls1.h
+++ b/app/openssl/include/openssl/dtls1.h
@@ -84,6 +84,8 @@ extern "C" {
 #endif
 
 #define DTLS1_VERSION			0xFEFF
+#define DTLS_MAX_VERSION		DTLS1_VERSION
+
 #define DTLS1_BAD_VER			0x0100
 
 #if 0
@@ -284,4 +286,3 @@ typedef struct dtls1_record_data_st
 }
 #endif
 #endif
-
diff --git a/app/openssl/include/openssl/ebcdic.h b/app/openssl/include/openssl/ebcdic.h
index 6d65afcf..85f3cf7f 100644
--- a/app/openssl/include/openssl/ebcdic.h
+++ b/app/openssl/include/openssl/ebcdic.h
@@ -5,6 +5,10 @@
 
 #include <sys/types.h>
 
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
 /* Avoid name clashes with other applications */
 #define os_toascii   _openssl_os_toascii
 #define os_toebcdic  _openssl_os_toebcdic
@@ -16,4 +20,7 @@ extern const unsigned char os_toebcdic[256];
 void *ebcdic2ascii(void *dest, const void *srce, size_t count);
 void *ascii2ebcdic(void *dest, const void *srce, size_t count);
 
+#ifdef  __cplusplus
+}
+#endif
 #endif
diff --git a/app/openssl/include/openssl/ec.h b/app/openssl/include/openssl/ec.h
index d008a0da..b6e745b8 100644
--- a/app/openssl/include/openssl/ec.h
+++ b/app/openssl/include/openssl/ec.h
@@ -629,7 +629,7 @@ int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN
 int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx);
 int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[], BN_CTX *ctx);
 
-/** Computes r = generator * n sum_{i=0}^num p[i] * m[i]
+/** Computes r = generator * n sum_{i=0}^{num-1} p[i] * m[i]
  *  \param  group  underlying EC_GROUP object
  *  \param  r      EC_POINT object for the result
  *  \param  n      BIGNUM with the multiplier for the group generator (optional)
diff --git a/app/openssl/include/openssl/modes.h b/app/openssl/include/openssl/modes.h
index f18215bb..7773c254 100644
--- a/app/openssl/include/openssl/modes.h
+++ b/app/openssl/include/openssl/modes.h
@@ -7,6 +7,9 @@
 
 #include <stddef.h>
 
+#ifdef  __cplusplus
+extern "C" {
+#endif
 typedef void (*block128_f)(const unsigned char in[16],
 			unsigned char out[16],
 			const void *key);
@@ -133,3 +136,6 @@ typedef struct xts128_context XTS128_CONTEXT;
 
 int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx, const unsigned char iv[16],
 	const unsigned char *inp, unsigned char *out, size_t len, int enc);
+#ifdef  __cplusplus
+}
+#endif
diff --git a/app/openssl/include/openssl/opensslconf-32.h b/app/openssl/include/openssl/opensslconf-32.h
index caf6f1b8..b5b3dd2b 100644
--- a/app/openssl/include/openssl/opensslconf-32.h
+++ b/app/openssl/include/openssl/opensslconf-32.h
@@ -1,6 +1,9 @@
 /* opensslconf.h */
 /* WARNING: Generated automatically from opensslconf.h.in by Configure. */
 
+#ifdef  __cplusplus
+extern "C" {
+#endif
 /* OpenSSL was configured with the following options: */
 #ifndef OPENSSL_DOING_MAKEDEPEND
 
@@ -74,6 +77,9 @@
 #ifndef OPENSSL_NO_STORE
 # define OPENSSL_NO_STORE
 #endif
+#ifndef OPENSSL_NO_UNIT_TEST
+# define OPENSSL_NO_UNIT_TEST
+#endif
 #ifndef OPENSSL_NO_WHIRLPOOL
 # define OPENSSL_NO_WHIRLPOOL
 #endif
@@ -161,6 +167,9 @@
 # if defined(OPENSSL_NO_STORE) && !defined(NO_STORE)
 #  define NO_STORE
 # endif
+# if defined(OPENSSL_NO_UNIT_TEST) && !defined(NO_UNIT_TEST)
+#  define NO_UNIT_TEST
+# endif
 # if defined(OPENSSL_NO_WHIRLPOOL) && !defined(NO_WHIRLPOOL)
 #  define NO_WHIRLPOOL
 # endif
@@ -320,3 +329,6 @@ YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
 
 #endif /* DES_DEFAULT_OPTIONS */
 #endif /* HEADER_DES_LOCL_H */
+#ifdef  __cplusplus
+}
+#endif
diff --git a/app/openssl/include/openssl/opensslconf-64.h b/app/openssl/include/openssl/opensslconf-64.h
index 88fb0419..30e7ad86 100644
--- a/app/openssl/include/openssl/opensslconf-64.h
+++ b/app/openssl/include/openssl/opensslconf-64.h
@@ -1,6 +1,9 @@
 /* opensslconf.h */
 /* WARNING: Generated automatically from opensslconf.h.in by Configure. */
 
+#ifdef  __cplusplus
+extern "C" {
+#endif
 /* OpenSSL was configured with the following options: */
 #ifndef OPENSSL_DOING_MAKEDEPEND
 
@@ -74,6 +77,9 @@
 #ifndef OPENSSL_NO_STORE
 # define OPENSSL_NO_STORE
 #endif
+#ifndef OPENSSL_NO_UNIT_TEST
+# define OPENSSL_NO_UNIT_TEST
+#endif
 #ifndef OPENSSL_NO_WHIRLPOOL
 # define OPENSSL_NO_WHIRLPOOL
 #endif
@@ -161,6 +167,9 @@
 # if defined(OPENSSL_NO_STORE) && !defined(NO_STORE)
 #  define NO_STORE
 # endif
+# if defined(OPENSSL_NO_UNIT_TEST) && !defined(NO_UNIT_TEST)
+#  define NO_UNIT_TEST
+# endif
 # if defined(OPENSSL_NO_WHIRLPOOL) && !defined(NO_WHIRLPOOL)
 #  define NO_WHIRLPOOL
 # endif
@@ -320,3 +329,6 @@ YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
 
 #endif /* DES_DEFAULT_OPTIONS */
 #endif /* HEADER_DES_LOCL_H */
+#ifdef  __cplusplus
+}
+#endif
diff --git a/app/openssl/include/openssl/opensslconf-static-32.h b/app/openssl/include/openssl/opensslconf-static-32.h
index caf6f1b8..b5b3dd2b 100644
--- a/app/openssl/include/openssl/opensslconf-static-32.h
+++ b/app/openssl/include/openssl/opensslconf-static-32.h
@@ -1,6 +1,9 @@
 /* opensslconf.h */
 /* WARNING: Generated automatically from opensslconf.h.in by Configure. */
 
+#ifdef  __cplusplus
+extern "C" {
+#endif
 /* OpenSSL was configured with the following options: */
 #ifndef OPENSSL_DOING_MAKEDEPEND
 
@@ -74,6 +77,9 @@
 #ifndef OPENSSL_NO_STORE
 # define OPENSSL_NO_STORE
 #endif
+#ifndef OPENSSL_NO_UNIT_TEST
+# define OPENSSL_NO_UNIT_TEST
+#endif
 #ifndef OPENSSL_NO_WHIRLPOOL
 # define OPENSSL_NO_WHIRLPOOL
 #endif
@@ -161,6 +167,9 @@
 # if defined(OPENSSL_NO_STORE) && !defined(NO_STORE)
 #  define NO_STORE
 # endif
+# if defined(OPENSSL_NO_UNIT_TEST) && !defined(NO_UNIT_TEST)
+#  define NO_UNIT_TEST
+# endif
 # if defined(OPENSSL_NO_WHIRLPOOL) && !defined(NO_WHIRLPOOL)
 #  define NO_WHIRLPOOL
 # endif
@@ -320,3 +329,6 @@ YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
 
 #endif /* DES_DEFAULT_OPTIONS */
 #endif /* HEADER_DES_LOCL_H */
+#ifdef  __cplusplus
+}
+#endif
diff --git a/app/openssl/include/openssl/opensslconf-static-64.h b/app/openssl/include/openssl/opensslconf-static-64.h
index 88fb0419..30e7ad86 100644
--- a/app/openssl/include/openssl/opensslconf-static-64.h
+++ b/app/openssl/include/openssl/opensslconf-static-64.h
@@ -1,6 +1,9 @@
 /* opensslconf.h */
 /* WARNING: Generated automatically from opensslconf.h.in by Configure. */
 
+#ifdef  __cplusplus
+extern "C" {
+#endif
 /* OpenSSL was configured with the following options: */
 #ifndef OPENSSL_DOING_MAKEDEPEND
 
@@ -74,6 +77,9 @@
 #ifndef OPENSSL_NO_STORE
 # define OPENSSL_NO_STORE
 #endif
+#ifndef OPENSSL_NO_UNIT_TEST
+# define OPENSSL_NO_UNIT_TEST
+#endif
 #ifndef OPENSSL_NO_WHIRLPOOL
 # define OPENSSL_NO_WHIRLPOOL
 #endif
@@ -161,6 +167,9 @@
 # if defined(OPENSSL_NO_STORE) && !defined(NO_STORE)
 #  define NO_STORE
 # endif
+# if defined(OPENSSL_NO_UNIT_TEST) && !defined(NO_UNIT_TEST)
+#  define NO_UNIT_TEST
+# endif
 # if defined(OPENSSL_NO_WHIRLPOOL) && !defined(NO_WHIRLPOOL)
 #  define NO_WHIRLPOOL
 # endif
@@ -320,3 +329,6 @@ YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
 
 #endif /* DES_DEFAULT_OPTIONS */
 #endif /* HEADER_DES_LOCL_H */
+#ifdef  __cplusplus
+}
+#endif
diff --git a/app/openssl/include/openssl/opensslconf-static-trusty.h b/app/openssl/include/openssl/opensslconf-static-trusty.h
index 06f9f982..bff5910c 100644
--- a/app/openssl/include/openssl/opensslconf-static-trusty.h
+++ b/app/openssl/include/openssl/opensslconf-static-trusty.h
@@ -1,6 +1,9 @@
 /* opensslconf.h */
 /* WARNING: Generated automatically from opensslconf.h.in by Configure. */
 
+#ifdef  __cplusplus
+extern "C" {
+#endif
 /* OpenSSL was configured with the following options: */
 #ifndef OPENSSL_DOING_MAKEDEPEND
 
@@ -137,6 +140,9 @@
 #ifndef OPENSSL_NO_UI
 # define OPENSSL_NO_UI
 #endif
+#ifndef OPENSSL_NO_UNIT_TEST
+# define OPENSSL_NO_UNIT_TEST
+#endif
 #ifndef OPENSSL_NO_WHIRLPOOL
 # define OPENSSL_NO_WHIRLPOOL
 #endif
@@ -287,6 +293,9 @@
 # if defined(OPENSSL_NO_UI) && !defined(NO_UI)
 #  define NO_UI
 # endif
+# if defined(OPENSSL_NO_UNIT_TEST) && !defined(NO_UNIT_TEST)
+#  define NO_UNIT_TEST
+# endif
 # if defined(OPENSSL_NO_WHIRLPOOL) && !defined(NO_WHIRLPOOL)
 #  define NO_WHIRLPOOL
 # endif
@@ -446,3 +455,6 @@ YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
 
 #endif /* DES_DEFAULT_OPTIONS */
 #endif /* HEADER_DES_LOCL_H */
+#ifdef  __cplusplus
+}
+#endif
diff --git a/app/openssl/include/openssl/opensslconf-trusty.h b/app/openssl/include/openssl/opensslconf-trusty.h
index 06f9f982..bff5910c 100644
--- a/app/openssl/include/openssl/opensslconf-trusty.h
+++ b/app/openssl/include/openssl/opensslconf-trusty.h
@@ -1,6 +1,9 @@
 /* opensslconf.h */
 /* WARNING: Generated automatically from opensslconf.h.in by Configure. */
 
+#ifdef  __cplusplus
+extern "C" {
+#endif
 /* OpenSSL was configured with the following options: */
 #ifndef OPENSSL_DOING_MAKEDEPEND
 
@@ -137,6 +140,9 @@
 #ifndef OPENSSL_NO_UI
 # define OPENSSL_NO_UI
 #endif
+#ifndef OPENSSL_NO_UNIT_TEST
+# define OPENSSL_NO_UNIT_TEST
+#endif
 #ifndef OPENSSL_NO_WHIRLPOOL
 # define OPENSSL_NO_WHIRLPOOL
 #endif
@@ -287,6 +293,9 @@
 # if defined(OPENSSL_NO_UI) && !defined(NO_UI)
 #  define NO_UI
 # endif
+# if defined(OPENSSL_NO_UNIT_TEST) && !defined(NO_UNIT_TEST)
+#  define NO_UNIT_TEST
+# endif
 # if defined(OPENSSL_NO_WHIRLPOOL) && !defined(NO_WHIRLPOOL)
 #  define NO_WHIRLPOOL
 # endif
@@ -446,3 +455,6 @@ YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
 
 #endif /* DES_DEFAULT_OPTIONS */
 #endif /* HEADER_DES_LOCL_H */
+#ifdef  __cplusplus
+}
+#endif
diff --git a/app/openssl/include/openssl/opensslv.h b/app/openssl/include/openssl/opensslv.h
index c3b6acec..f375967e 100644
--- a/app/openssl/include/openssl/opensslv.h
+++ b/app/openssl/include/openssl/opensslv.h
@@ -1,6 +1,10 @@
 #ifndef HEADER_OPENSSLV_H
 #define HEADER_OPENSSLV_H
 
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
 /* Numeric release version identifier:
  * MNNFFPPS: major minor fix patch status
  * The status nibble has one of the values 0 for development, 1 to e for betas
@@ -25,11 +29,11 @@
  * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
  *  major minor fix final patch/beta)
  */
-#define OPENSSL_VERSION_NUMBER	0x1000108fL
+#define OPENSSL_VERSION_NUMBER	0x100010afL
 #ifdef OPENSSL_FIPS
-#define OPENSSL_VERSION_TEXT	"OpenSSL 1.0.1h-fips 5 Jun 2014"
+#define OPENSSL_VERSION_TEXT	"OpenSSL 1.0.1j-fips 15 Oct 2014"
 #else
-#define OPENSSL_VERSION_TEXT	"OpenSSL 1.0.1h 5 Jun 2014"
+#define OPENSSL_VERSION_TEXT	"OpenSSL 1.0.1j 15 Oct 2014"
 #endif
 #define OPENSSL_VERSION_PTEXT	" part of " OPENSSL_VERSION_TEXT
 
@@ -86,4 +90,7 @@
 #define SHLIB_VERSION_NUMBER "1.0.0"
 
 
+#ifdef  __cplusplus
+}
+#endif
 #endif /* HEADER_OPENSSLV_H */
diff --git a/app/openssl/include/openssl/ossl_typ.h b/app/openssl/include/openssl/ossl_typ.h
index ea9227f6..12cdd43b 100644
--- a/app/openssl/include/openssl/ossl_typ.h
+++ b/app/openssl/include/openssl/ossl_typ.h
@@ -55,6 +55,10 @@
 #ifndef HEADER_OPENSSL_TYPES_H
 #define HEADER_OPENSSL_TYPES_H
 
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
 #include <openssl/e_os2.h>
 
 #ifdef NO_ASN1_TYPEDEFS
@@ -199,4 +203,7 @@ typedef struct ocsp_req_ctx_st OCSP_REQ_CTX;
 typedef struct ocsp_response_st OCSP_RESPONSE;
 typedef struct ocsp_responder_id_st OCSP_RESPID;
 
+#ifdef  __cplusplus
+}
+#endif
 #endif /* def HEADER_OPENSSL_TYPES_H */
diff --git a/app/openssl/include/openssl/pkcs7.h b/app/openssl/include/openssl/pkcs7.h
index 04f60379..5d54c4ac 100644
--- a/app/openssl/include/openssl/pkcs7.h
+++ b/app/openssl/include/openssl/pkcs7.h
@@ -233,10 +233,6 @@ DECLARE_PKCS12_STACK_OF(PKCS7)
 		(OBJ_obj2nid((a)->type) == NID_pkcs7_signedAndEnveloped)
 #define PKCS7_type_is_data(a)   (OBJ_obj2nid((a)->type) == NID_pkcs7_data)
 #define PKCS7_type_is_digest(a)   (OBJ_obj2nid((a)->type) == NID_pkcs7_digest)
-#define PKCS7_type_is_encrypted(a) \
-		(OBJ_obj2nid((a)->type) == NID_pkcs7_encrypted)
-
-#define PKCS7_type_is_digest(a)   (OBJ_obj2nid((a)->type) == NID_pkcs7_digest)
 
 #define PKCS7_set_detached(p,v) \
 		PKCS7_ctrl(p,PKCS7_OP_SET_DETACHED_SIGNATURE,v,NULL)
diff --git a/app/openssl/include/openssl/pqueue.h b/app/openssl/include/openssl/pqueue.h
index 87fc9037..26b53480 100644
--- a/app/openssl/include/openssl/pqueue.h
+++ b/app/openssl/include/openssl/pqueue.h
@@ -64,6 +64,9 @@
 #include <stdlib.h>
 #include <string.h>
 
+#ifdef  __cplusplus
+extern "C" {
+#endif
 typedef struct _pqueue *pqueue;
 
 typedef struct _pitem
@@ -91,4 +94,7 @@ pitem *pqueue_next(piterator *iter);
 void   pqueue_print(pqueue pq);
 int    pqueue_size(pqueue pq);
 
+#ifdef  __cplusplus
+}
+#endif
 #endif /* ! HEADER_PQUEUE_H */
diff --git a/app/openssl/include/openssl/rsa.h b/app/openssl/include/openssl/rsa.h
index 5f269e57..11853fee 100644
--- a/app/openssl/include/openssl/rsa.h
+++ b/app/openssl/include/openssl/rsa.h
@@ -559,6 +559,7 @@ void ERR_load_RSA_strings(void);
 #define RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE	 158
 #define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE	 148
 #define RSA_R_PADDING_CHECK_FAILED			 114
+#define RSA_R_PKCS_DECODING_ERROR			 159
 #define RSA_R_P_NOT_PRIME				 128
 #define RSA_R_Q_NOT_PRIME				 129
 #define RSA_R_RSA_OPERATIONS_NOT_SUPPORTED		 130
diff --git a/app/openssl/include/openssl/safestack.h b/app/openssl/include/openssl/safestack.h
index ea3aa0d8..bc194cb2 100644
--- a/app/openssl/include/openssl/safestack.h
+++ b/app/openssl/include/openssl/safestack.h
@@ -57,6 +57,10 @@
 
 #include <openssl/stack.h>
 
+#ifdef __cplusplus
+extern "C" {
+#endif
+
 #ifndef CHECKED_PTR_OF
 #define CHECKED_PTR_OF(type, p) \
     ((void*) (1 ? p : (type*)0))
@@ -2660,4 +2664,8 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void)
 #define lh_SSL_SESSION_free(lh) LHM_lh_free(SSL_SESSION,lh)
 /* End of util/mkstack.pl block, you may now edit :-) */
 
+
+#ifdef  __cplusplus
+}
+#endif
 #endif /* !defined HEADER_SAFESTACK_H */
diff --git a/app/openssl/include/openssl/srtp.h b/app/openssl/include/openssl/srtp.h
index c0cf33ef..24f23309 100644
--- a/app/openssl/include/openssl/srtp.h
+++ b/app/openssl/include/openssl/srtp.h
@@ -130,6 +130,8 @@ extern "C" {
 #define SRTP_NULL_SHA1_80      0x0005
 #define SRTP_NULL_SHA1_32      0x0006
 
+#ifndef OPENSSL_NO_SRTP
+
 int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles);
 int SSL_set_tlsext_use_srtp(SSL *ctx, const char *profiles);
 SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s);
@@ -137,6 +139,8 @@ SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s);
 STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *ssl);
 SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s);
 
+#endif
+
 #ifdef  __cplusplus
 }
 #endif
diff --git a/app/openssl/include/openssl/ssl.h b/app/openssl/include/openssl/ssl.h
index 7566f2df..7a1fce89 100644
--- a/app/openssl/include/openssl/ssl.h
+++ b/app/openssl/include/openssl/ssl.h
@@ -264,6 +264,7 @@ extern "C" {
 #define SSL_TXT_aGOST94	"aGOST94"
 #define SSL_TXT_aGOST01 "aGOST01"
 #define SSL_TXT_aGOST  "aGOST"
+#define SSL_TXT_aSRP            "aSRP"
 
 #define	SSL_TXT_DSS		"DSS"
 #define SSL_TXT_DH		"DH"
@@ -664,11 +665,15 @@ struct ssl_session_st
  */
 #define SSL_MODE_SEND_CLIENTHELLO_TIME 0x00000020L
 #define SSL_MODE_SEND_SERVERHELLO_TIME 0x00000040L
+/* Send TLS_FALLBACK_SCSV in the ClientHello.
+ * To be set by applications that reconnect with a downgraded protocol
+ * version; see draft-ietf-tls-downgrade-scsv-00 for details. */
+#define SSL_MODE_SEND_FALLBACK_SCSV 0x00000080L
 
 /* When set, clients may send application data before receipt of CCS
  * and Finished.  This mode enables full-handshakes to 'complete' in
  * one RTT. */
-#define SSL_MODE_HANDSHAKE_CUTTHROUGH 0x00000080L
+#define SSL_MODE_HANDSHAKE_CUTTHROUGH 0x00000200L
 
 /* When set, TLS 1.0 and SSLv3, multi-byte, CBC records will be split in two:
  * the first record will contain a single byte and the second will contain the
@@ -1615,6 +1620,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 #define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE
 #define SSL_AD_BAD_CERTIFICATE_HASH_VALUE TLS1_AD_BAD_CERTIFICATE_HASH_VALUE
 #define SSL_AD_UNKNOWN_PSK_IDENTITY     TLS1_AD_UNKNOWN_PSK_IDENTITY /* fatal */
+#define SSL_AD_INAPPROPRIATE_FALLBACK	TLS1_AD_INAPPROPRIATE_FALLBACK /* fatal */
 
 #define SSL_ERROR_NONE			0
 #define SSL_ERROR_SSL			1
@@ -1729,6 +1735,8 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 #define SSL_CTRL_GET_EXTRA_CHAIN_CERTS		82
 #define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS	83
 
+#define SSL_CTRL_CHECK_PROTO_VERSION		119
+
 #define DTLSv1_get_timeout(ssl, arg) \
 	SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg)
 #define DTLSv1_handle_timeout(ssl) \
@@ -2191,6 +2199,10 @@ int SSL_set_session_secret_cb(SSL *s, tls_session_secret_cb_fn tls_session_secre
 void SSL_set_debug(SSL *s, int debug);
 int SSL_cache_hit(SSL *s);
 
+#ifndef OPENSSL_NO_UNIT_TEST
+const struct openssl_ssl_test_functions *SSL_test_functions(void);
+#endif
+
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
  * made after this point may be overwritten when the script is next run.
@@ -2459,6 +2471,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_BAD_SRP_B_LENGTH				 348
 #define SSL_R_BAD_SRP_G_LENGTH				 349
 #define SSL_R_BAD_SRP_N_LENGTH				 350
+#define SSL_R_BAD_SRP_PARAMETERS			 371
 #define SSL_R_BAD_SRP_S_LENGTH				 351
 #define SSL_R_BAD_SRTP_MKI_VALUE			 352
 #define SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST		 353
@@ -2519,6 +2532,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_HTTPS_PROXY_REQUEST			 155
 #define SSL_R_HTTP_REQUEST				 156
 #define SSL_R_ILLEGAL_PADDING				 283
+#define SSL_R_INAPPROPRIATE_FALLBACK			 373
 #define SSL_R_INCONSISTENT_COMPRESSION			 340
 #define SSL_R_INVALID_CHALLENGE_LENGTH			 158
 #define SSL_R_INVALID_COMMAND				 280
@@ -2668,6 +2682,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED		 1021
 #define SSL_R_TLSV1_ALERT_DECRYPT_ERROR			 1051
 #define SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION		 1060
+#define SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK	 1086
 #define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY		 1071
 #define SSL_R_TLSV1_ALERT_INTERNAL_ERROR		 1080
 #define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION		 1100
diff --git a/app/openssl/include/openssl/ssl3.h b/app/openssl/include/openssl/ssl3.h
index 83d59bff..cba94345 100644
--- a/app/openssl/include/openssl/ssl3.h
+++ b/app/openssl/include/openssl/ssl3.h
@@ -128,9 +128,14 @@
 extern "C" {
 #endif
 
-/* Signalling cipher suite value: from draft-ietf-tls-renegotiation-03.txt */
+/* Signalling cipher suite value from RFC 5746
+ * (TLS_EMPTY_RENEGOTIATION_INFO_SCSV) */
 #define SSL3_CK_SCSV				0x030000FF
 
+/* Signalling cipher suite value from draft-ietf-tls-downgrade-scsv-00
+ * (TLS_FALLBACK_SCSV) */
+#define SSL3_CK_FALLBACK_SCSV			0x03005600
+
 #define SSL3_CK_RSA_NULL_MD5			0x03000001
 #define SSL3_CK_RSA_NULL_SHA			0x03000002
 #define SSL3_CK_RSA_RC4_40_MD5 			0x03000003
diff --git a/app/openssl/include/openssl/tls1.h b/app/openssl/include/openssl/tls1.h
index b9a0899e..dc36f79f 100644
--- a/app/openssl/include/openssl/tls1.h
+++ b/app/openssl/include/openssl/tls1.h
@@ -159,17 +159,19 @@ extern "C" {
 
 #define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES	0
 
+#define TLS1_VERSION			0x0301
+#define TLS1_1_VERSION			0x0302
 #define TLS1_2_VERSION			0x0303
-#define TLS1_2_VERSION_MAJOR		0x03
-#define TLS1_2_VERSION_MINOR		0x03
+#define TLS_MAX_VERSION			TLS1_2_VERSION
+
+#define TLS1_VERSION_MAJOR		0x03
+#define TLS1_VERSION_MINOR		0x01
 
-#define TLS1_1_VERSION			0x0302
 #define TLS1_1_VERSION_MAJOR		0x03
 #define TLS1_1_VERSION_MINOR		0x02
 
-#define TLS1_VERSION			0x0301
-#define TLS1_VERSION_MAJOR		0x03
-#define TLS1_VERSION_MINOR		0x01
+#define TLS1_2_VERSION_MAJOR		0x03
+#define TLS1_2_VERSION_MINOR		0x03
 
 #define TLS1_get_version(s) \
 		((s->version >> 8) == TLS1_VERSION_MAJOR ? s->version : 0)
@@ -187,6 +189,7 @@ extern "C" {
 #define TLS1_AD_PROTOCOL_VERSION	70	/* fatal */
 #define TLS1_AD_INSUFFICIENT_SECURITY	71	/* fatal */
 #define TLS1_AD_INTERNAL_ERROR		80	/* fatal */
+#define TLS1_AD_INAPPROPRIATE_FALLBACK	86	/* fatal */
 #define TLS1_AD_USER_CANCELLED		90
 #define TLS1_AD_NO_RENEGOTIATION	100
 /* codes 110-114 are from RFC3546 */
diff --git a/app/openssl/openssl.config b/app/openssl/openssl.config
index 867711fe..9edd51e2 100644
--- a/app/openssl/openssl.config
+++ b/app/openssl/openssl.config
@@ -128,6 +128,7 @@ crypto/cmac/Makefile \
 crypto/cms/Makefile \
 crypto/comp/Makefile \
 crypto/conf/Makefile \
+crypto/constant_time_test.c \
 crypto/crypto-lib.com \
 crypto/des/Makefile \
 crypto/des/des-lib.com \
@@ -220,6 +221,7 @@ ssl/heartbeat_test.c \
 ssl/install-ssl.com \
 ssl/ssl-lib.com \
 ssl/ssl_task.c \
+ssl/ssl_utst.c \
 "
 
 NEEDED_SOURCES="\
@@ -237,6 +239,10 @@ OPENSSL_CRYPTO_DEFINES="\
 NO_WINDOWS_BRAINDEATH \
 "
 
+OPENSSL_CRYPTO_CLANG_ASFLAGS_arm="\
+-no-integrated-as \
+"
+
 OPENSSL_CRYPTO_DEFINES_arm="\
 AES_ASM \
 BSAES_ASM \
@@ -250,6 +256,10 @@ SHA256_ASM \
 SHA512_ASM \
 "
 
+OPENSSL_CRYPTO_CLANG_ASFLAGS_arm64="\
+-no-integrated-as \
+"
+
 OPENSSL_CRYPTO_DEFINES_arm64="\
 DES_UNROLL \
 OPENSSL_CPUID_OBJ \
@@ -491,6 +501,7 @@ crypto/conf/conf_lib.c \
 crypto/conf/conf_mall.c \
 crypto/conf/conf_mod.c \
 crypto/conf/conf_sap.c \
+crypto/constant_time_locl.h \
 crypto/des/cbc_cksm.c \
 crypto/des/cbc_enc.c \
 crypto/des/cfb64ede.c \
diff --git a/app/openssl/openssl.version b/app/openssl/openssl.version
index ab2e62bf..293396f3 100644
--- a/app/openssl/openssl.version
+++ b/app/openssl/openssl.version
@@ -1 +1 @@
-OPENSSL_VERSION=1.0.1h
+OPENSSL_VERSION=1.0.1j
diff --git a/app/openssl/patches/README b/app/openssl/patches/README
index 13e9bd8b..53444701 100644
--- a/app/openssl/patches/README
+++ b/app/openssl/patches/README
@@ -75,3 +75,8 @@ psk_client_callback_128_byte_id_bug.patch
 
 Fixes the issue where it was impossible to return a 128 byte long PSK identity
 (the maximum supported length) from psk_client_callback.
+
+tls_fallback_scsv.patch
+
+Adds the signalling cipher suite value (SCSV) from
+https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00
diff --git a/app/openssl/rules.mk b/app/openssl/rules.mk
index 252dbbb3..1c3ae64f 100644
--- a/app/openssl/rules.mk
+++ b/app/openssl/rules.mk
@@ -26,6 +26,8 @@ MODULE_SRCS += $(addprefix $(LOCAL_DIR)/,$(LOCAL_SRC_FILES_$(ARCH)))
 
 MODULE_CFLAGS += $(LOCAL_CFLAGS)
 MODULE_CFLAGS += -Wno-error=implicit-function-declaration
+MODULE_CFLAGS += -Wno-empty-body
+MODULE_CFLAGS += -Wno-missing-field-initializers
 
 # Global for other modules which include openssl headers
 GLOBAL_DEFINES += OPENSSL_SYS_TRUSTY
diff --git a/app/openssl/ssl/d1_both.c b/app/openssl/ssl/d1_both.c
index 04aa2310..2e4250fc 100644
--- a/app/openssl/ssl/d1_both.c
+++ b/app/openssl/ssl/d1_both.c
@@ -587,29 +587,32 @@ dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok)
 		return 0;
 	}
 
+/* dtls1_max_handshake_message_len returns the maximum number of bytes
+ * permitted in a DTLS handshake message for |s|. The minimum is 16KB, but may
+ * be greater if the maximum certificate list size requires it. */
+static unsigned long dtls1_max_handshake_message_len(const SSL *s)
+	{
+	unsigned long max_len = DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH;
+	if (max_len < (unsigned long)s->max_cert_list)
+		return s->max_cert_list;
+	return max_len;
+	}
 
 static int
-dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok)
+dtls1_reassemble_fragment(SSL *s, const struct hm_header_st* msg_hdr, int *ok)
 	{
 	hm_fragment *frag = NULL;
 	pitem *item = NULL;
 	int i = -1, is_complete;
 	unsigned char seq64be[8];
-	unsigned long frag_len = msg_hdr->frag_len, max_len;
+	unsigned long frag_len = msg_hdr->frag_len;
 
-	if ((msg_hdr->frag_off+frag_len) > msg_hdr->msg_len)
+	if ((msg_hdr->frag_off+frag_len) > msg_hdr->msg_len ||
+	    msg_hdr->msg_len > dtls1_max_handshake_message_len(s))
 		goto err;
 
-	/* Determine maximum allowed message size. Depends on (user set)
-	 * maximum certificate length, but 16k is minimum.
-	 */
-	if (DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH < s->max_cert_list)
-		max_len = s->max_cert_list;
-	else
-		max_len = DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH;
-
-	if ((msg_hdr->frag_off+frag_len) > max_len)
-		goto err;
+	if (frag_len == 0)
+		return DTLS1_HM_FRAGMENT_RETRY;
 
 	/* Try to find item in queue */
 	memset(seq64be,0,sizeof(seq64be));
@@ -639,7 +642,8 @@ dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok)
 
 
 	/* If message is already reassembled, this must be a
-	 * retransmit and can be dropped.
+	 * retransmit and can be dropped. In this case item != NULL and so frag
+	 * does not need to be freed.
 	 */
 	if (frag->reassembly == NULL)
 		{
@@ -659,7 +663,9 @@ dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok)
 	/* read the body of the fragment (header has already been read */
 	i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,
 		frag->fragment + msg_hdr->frag_off,frag_len,0);
-	if (i<=0 || (unsigned long)i!=frag_len)
+	if ((unsigned long)i!=frag_len)
+		i=-1;
+	if (i<=0)
 		goto err;
 
 	RSMBLY_BITMASK_MARK(frag->reassembly, (long)msg_hdr->frag_off,
@@ -676,10 +682,6 @@ dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok)
 
 	if (item == NULL)
 		{
-		memset(seq64be,0,sizeof(seq64be));
-		seq64be[6] = (unsigned char)(msg_hdr->seq>>8);
-		seq64be[7] = (unsigned char)(msg_hdr->seq);
-
 		item = pitem_new(seq64be, frag);
 		if (item == NULL)
 			{
@@ -687,21 +689,25 @@ dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok)
 			goto err;
 			}
 
-		pqueue_insert(s->d1->buffered_messages, item);
+		item = pqueue_insert(s->d1->buffered_messages, item);
+		/* pqueue_insert fails iff a duplicate item is inserted.
+		 * However, |item| cannot be a duplicate. If it were,
+		 * |pqueue_find|, above, would have returned it and control
+		 * would never have reached this branch. */
+		OPENSSL_assert(item != NULL);
 		}
 
 	return DTLS1_HM_FRAGMENT_RETRY;
 
 err:
-	if (frag != NULL) dtls1_hm_fragment_free(frag);
-	if (item != NULL) OPENSSL_free(item);
+	if (frag != NULL && item == NULL) dtls1_hm_fragment_free(frag);
 	*ok = 0;
 	return i;
 	}
 
 
 static int
-dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok)
+dtls1_process_out_of_seq_message(SSL *s, const struct hm_header_st* msg_hdr, int *ok)
 {
 	int i=-1;
 	hm_fragment *frag = NULL;
@@ -721,7 +727,7 @@ dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok)
 	/* If we already have an entry and this one is a fragment,
 	 * don't discard it and rather try to reassemble it.
 	 */
-	if (item != NULL && frag_len < msg_hdr->msg_len)
+	if (item != NULL && frag_len != msg_hdr->msg_len)
 		item = NULL;
 
 	/* Discard the message if sequence number was already there, is
@@ -746,9 +752,12 @@ dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok)
 		}
 	else
 		{
-		if (frag_len && frag_len < msg_hdr->msg_len)
+		if (frag_len != msg_hdr->msg_len)
 			return dtls1_reassemble_fragment(s, msg_hdr, ok);
 
+		if (frag_len > dtls1_max_handshake_message_len(s))
+			goto err;
+
 		frag = dtls1_hm_fragment_new(frag_len, 0);
 		if ( frag == NULL)
 			goto err;
@@ -760,26 +769,31 @@ dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok)
 			/* read the body of the fragment (header has already been read */
 			i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,
 				frag->fragment,frag_len,0);
-			if (i<=0 || (unsigned long)i!=frag_len)
+			if ((unsigned long)i!=frag_len)
+				i = -1;
+			if (i<=0)
 				goto err;
 			}
 
-		memset(seq64be,0,sizeof(seq64be));
-		seq64be[6] = (unsigned char)(msg_hdr->seq>>8);
-		seq64be[7] = (unsigned char)(msg_hdr->seq);
-
 		item = pitem_new(seq64be, frag);
 		if ( item == NULL)
 			goto err;
 
-		pqueue_insert(s->d1->buffered_messages, item);
+		item = pqueue_insert(s->d1->buffered_messages, item);
+		/* pqueue_insert fails iff a duplicate item is inserted.
+		 * However, |item| cannot be a duplicate. If it were,
+		 * |pqueue_find|, above, would have returned it. Then, either
+		 * |frag_len| != |msg_hdr->msg_len| in which case |item| is set
+		 * to NULL and it will have been processed with
+		 * |dtls1_reassemble_fragment|, above, or the record will have
+		 * been discarded. */
+		OPENSSL_assert(item != NULL);
 		}
 
 	return DTLS1_HM_FRAGMENT_RETRY;
 
 err:
-	if ( frag != NULL) dtls1_hm_fragment_free(frag);
-	if ( item != NULL) OPENSSL_free(item);
+	if (frag != NULL && item == NULL) dtls1_hm_fragment_free(frag);
 	*ok = 0;
 	return i;
 	}
@@ -1180,6 +1194,8 @@ dtls1_buffer_message(SSL *s, int is_ccs)
 	OPENSSL_assert(s->init_off == 0);
 
 	frag = dtls1_hm_fragment_new(s->init_num, 0);
+	if (!frag)
+		return 0;
 
 	memcpy(frag->fragment, s->init_buf->data, s->init_num);
 
@@ -1476,6 +1492,9 @@ dtls1_process_heartbeat(SSL *s)
 	/* Read type and payload length first */
 	if (1 + 2 + 16 > s->s3->rrec.length)
 		return 0; /* silently discard */
+	if (s->s3->rrec.length > SSL3_RT_MAX_PLAIN_LENGTH)
+		return 0; /* silently discard per RFC 6520 sec. 4 */
+
 	hbtype = *p++;
 	n2s(p, payload);
 	if (1 + 2 + payload + 16 > s->s3->rrec.length)
diff --git a/app/openssl/ssl/d1_clnt.c b/app/openssl/ssl/d1_clnt.c
index 5ee8f58e..37dd5483 100644
--- a/app/openssl/ssl/d1_clnt.c
+++ b/app/openssl/ssl/d1_clnt.c
@@ -882,12 +882,18 @@ int dtls1_client_hello(SSL *s)
 		*(p++)=0; /* Add the NULL method */
 
 #ifndef OPENSSL_NO_TLSEXT
+		/* TLS extensions*/
+		if (ssl_prepare_clienthello_tlsext(s) <= 0)
+			{
+			SSLerr(SSL_F_DTLS1_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT);
+			goto err;
+			}
 		if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL)
 			{
 			SSLerr(SSL_F_DTLS1_CLIENT_HELLO,ERR_R_INTERNAL_ERROR);
 			goto err;
 			}
-#endif		
+#endif
 
 		l=(p-d);
 		d=buf;
@@ -996,6 +1002,13 @@ int dtls1_send_client_key_exchange(SSL *s)
 			RSA *rsa;
 			unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
 
+			if (s->session->sess_cert == NULL)
+				{
+				/* We should always have a server certificate with SSL_kRSA. */
+				SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
+				goto err;
+				}
+
 			if (s->session->sess_cert->peer_rsa_tmp != NULL)
 				rsa=s->session->sess_cert->peer_rsa_tmp;
 			else
@@ -1186,6 +1199,13 @@ int dtls1_send_client_key_exchange(SSL *s)
 			{
 			DH *dh_srvr,*dh_clnt;
 
+			if (s->session->sess_cert == NULL)
+				{
+				ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE);
+				SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE);
+				goto err;
+				}
+
 			if (s->session->sess_cert->peer_dh_tmp != NULL)
 				dh_srvr=s->session->sess_cert->peer_dh_tmp;
 			else
@@ -1245,6 +1265,13 @@ int dtls1_send_client_key_exchange(SSL *s)
 			int ecdh_clnt_cert = 0;
 			int field_size = 0;
 
+			if (s->session->sess_cert == NULL)
+				{
+				ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE);
+				SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE);
+				goto err;
+				}
+
 			/* Did we send out the client's
 			 * ECDH share for use in premaster
 			 * computation as part of client certificate?
@@ -1709,5 +1736,3 @@ int dtls1_send_client_certificate(SSL *s)
 	/* SSL3_ST_CW_CERT_D */
 	return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
 	}
-
-
diff --git a/app/openssl/ssl/d1_lib.c b/app/openssl/ssl/d1_lib.c
index 6bde16fa..82ca6539 100644
--- a/app/openssl/ssl/d1_lib.c
+++ b/app/openssl/ssl/d1_lib.c
@@ -266,6 +266,16 @@ long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg)
 	case DTLS_CTRL_LISTEN:
 		ret = dtls1_listen(s, parg);
 		break;
+	case SSL_CTRL_CHECK_PROTO_VERSION:
+		/* For library-internal use; checks that the current protocol
+		 * is the highest enabled version (according to s->ctx->method,
+		 * as version negotiation may have changed s->method). */
+#if DTLS_MAX_VERSION != DTLS1_VERSION
+#  error Code needs update for DTLS_method() support beyond DTLS1_VERSION.
+#endif
+		/* Just one protocol version is supported so far;
+		 * fail closed if the version is not as expected. */
+		return s->version == DTLS_MAX_VERSION;
 
 	default:
 		ret = ssl3_ctrl(s, cmd, larg, parg);
diff --git a/app/openssl/ssl/d1_srtp.c b/app/openssl/ssl/d1_srtp.c
index ab9c4192..535539ba 100644
--- a/app/openssl/ssl/d1_srtp.c
+++ b/app/openssl/ssl/d1_srtp.c
@@ -168,25 +168,6 @@ static int find_profile_by_name(char *profile_name,
 	return 1;
 	}
 
-static int find_profile_by_num(unsigned profile_num,
-			       SRTP_PROTECTION_PROFILE **pptr)
-	{
-	SRTP_PROTECTION_PROFILE *p;
-
-	p=srtp_known_profiles;
-	while(p->name)
-		{
-		if(p->id == profile_num)
-			{
-			*pptr=p;
-			return 0;
-			}
-		p++;
-		}
-
-	return 1;
-	}
-
 static int ssl_ctx_make_profiles(const char *profiles_string,STACK_OF(SRTP_PROTECTION_PROFILE) **out)
 	{
 	STACK_OF(SRTP_PROTECTION_PROFILE) *profiles;
@@ -209,11 +190,19 @@ static int ssl_ctx_make_profiles(const char *profiles_string,STACK_OF(SRTP_PROTE
 		if(!find_profile_by_name(ptr,&p,
 					 col ? col-ptr : (int)strlen(ptr)))
 			{
+			if (sk_SRTP_PROTECTION_PROFILE_find(profiles,p) >= 0)
+				{
+				SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES,SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
+				sk_SRTP_PROTECTION_PROFILE_free(profiles);
+				return 1;
+				}
+
 			sk_SRTP_PROTECTION_PROFILE_push(profiles,p);
 			}
 		else
 			{
 			SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES,SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE);
+			sk_SRTP_PROTECTION_PROFILE_free(profiles);
 			return 1;
 			}
 
@@ -305,13 +294,12 @@ int ssl_add_clienthello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int max
 
 int ssl_parse_clienthello_use_srtp_ext(SSL *s, unsigned char *d, int len,int *al)
 	{
-	SRTP_PROTECTION_PROFILE *cprof,*sprof;
-	STACK_OF(SRTP_PROTECTION_PROFILE) *clnt=0,*srvr;
+	SRTP_PROTECTION_PROFILE *sprof;
+	STACK_OF(SRTP_PROTECTION_PROFILE) *srvr;
         int ct;
         int mki_len;
-	int i,j;
-	int id;
-	int ret;
+	int i, srtp_pref;
+	unsigned int id;
 
          /* Length value + the MKI length */
         if(len < 3)
@@ -341,22 +329,32 @@ int ssl_parse_clienthello_use_srtp_ext(SSL *s, unsigned char *d, int len,int *al
 		return 1;
 		}
 
+	srvr=SSL_get_srtp_profiles(s);
+	s->srtp_profile = NULL;
+	/* Search all profiles for a match initially */
+	srtp_pref = sk_SRTP_PROTECTION_PROFILE_num(srvr);
         
-	clnt=sk_SRTP_PROTECTION_PROFILE_new_null();
-
 	while(ct)
 		{
 		n2s(d,id);
 		ct-=2;
                 len-=2;
 
-		if(!find_profile_by_num(id,&cprof))
+		/*
+		 * Only look for match in profiles of higher preference than
+		 * current match.
+		 * If no profiles have been have been configured then this
+		 * does nothing.
+		 */
+		for (i = 0; i < srtp_pref; i++)
 			{
-			sk_SRTP_PROTECTION_PROFILE_push(clnt,cprof);
-			}
-		else
-			{
-			; /* Ignore */
+			sprof = sk_SRTP_PROTECTION_PROFILE_value(srvr, i);
+			if (sprof->id == id)
+				{
+				s->srtp_profile = sprof;
+				srtp_pref = i;
+				break;
+				}
 			}
 		}
 
@@ -371,36 +369,7 @@ int ssl_parse_clienthello_use_srtp_ext(SSL *s, unsigned char *d, int len,int *al
 		return 1;
 		}
 
-	srvr=SSL_get_srtp_profiles(s);
-
-	/* Pick our most preferred profile. If no profiles have been
-	 configured then the outer loop doesn't run 
-	 (sk_SRTP_PROTECTION_PROFILE_num() = -1)
-	 and so we just return without doing anything */
-	for(i=0;i<sk_SRTP_PROTECTION_PROFILE_num(srvr);i++)
-		{
-		sprof=sk_SRTP_PROTECTION_PROFILE_value(srvr,i);
-
-		for(j=0;j<sk_SRTP_PROTECTION_PROFILE_num(clnt);j++)
-			{
-			cprof=sk_SRTP_PROTECTION_PROFILE_value(clnt,j);
-            
-			if(cprof->id==sprof->id)
-				{
-				s->srtp_profile=sprof;
-				*al=0;
-				ret=0;
-				goto done;
-				}
-			}
-		}
-
-	ret=0;
-    
-done:
-	if(clnt) sk_SRTP_PROTECTION_PROFILE_free(clnt);
-
-	return ret;
+	return 0;
 	}
 
 int ssl_add_serverhello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int maxlen)
diff --git a/app/openssl/ssl/d1_srvr.c b/app/openssl/ssl/d1_srvr.c
index c181db6d..03b20a27 100644
--- a/app/openssl/ssl/d1_srvr.c
+++ b/app/openssl/ssl/d1_srvr.c
@@ -598,10 +598,11 @@ int dtls1_accept(SSL *s)
 				s->state = SSL3_ST_SR_CLNT_HELLO_C;
 				}
 			else {
-				/* could be sent for a DH cert, even if we
-				 * have not asked for it :-) */
-				ret=ssl3_get_client_certificate(s);
-				if (ret <= 0) goto end;
+				if (s->s3->tmp.cert_request)
+					{
+					ret=ssl3_get_client_certificate(s);
+					if (ret <= 0) goto end;
+					}
 				s->init_num=0;
 				s->state=SSL3_ST_SR_KEY_EXCH_A;
 			}
@@ -980,6 +981,11 @@ int dtls1_send_server_hello(SSL *s)
 #endif
 
 #ifndef OPENSSL_NO_TLSEXT
+		if (ssl_prepare_serverhello_tlsext(s) <= 0)
+			{
+			SSLerr(SSL_F_DTLS1_SEND_SERVER_HELLO,SSL_R_SERVERHELLO_TLSEXT);
+			return -1;
+			}
 		if ((p = ssl_add_serverhello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL)
 			{
 			SSLerr(SSL_F_DTLS1_SEND_SERVER_HELLO,ERR_R_INTERNAL_ERROR);
diff --git a/app/openssl/ssl/dtls1.h b/app/openssl/ssl/dtls1.h
index e65d5011..192c5def 100644
--- a/app/openssl/ssl/dtls1.h
+++ b/app/openssl/ssl/dtls1.h
@@ -84,6 +84,8 @@ extern "C" {
 #endif
 
 #define DTLS1_VERSION			0xFEFF
+#define DTLS_MAX_VERSION		DTLS1_VERSION
+
 #define DTLS1_BAD_VER			0x0100
 
 #if 0
@@ -284,4 +286,3 @@ typedef struct dtls1_record_data_st
 }
 #endif
 #endif
-
diff --git a/app/openssl/ssl/s23_clnt.c b/app/openssl/ssl/s23_clnt.c
index 2bc92141..f02c275c 100644
--- a/app/openssl/ssl/s23_clnt.c
+++ b/app/openssl/ssl/s23_clnt.c
@@ -125,9 +125,11 @@ static const SSL_METHOD *ssl23_get_client_method(int ver)
 	if (ver == SSL2_VERSION)
 		return(SSLv2_client_method());
 #endif
+#ifndef OPENSSL_NO_SSL3
 	if (ver == SSL3_VERSION)
 		return(SSLv3_client_method());
-	else if (ver == TLS1_VERSION)
+#endif
+	if (ver == TLS1_VERSION)
 		return(TLSv1_client_method());
 	else if (ver == TLS1_1_VERSION)
 		return(TLSv1_1_client_method());
@@ -698,6 +700,7 @@ static int ssl23_get_server_hello(SSL *s)
 		{
 		/* we have sslv3 or tls1 (server hello or alert) */
 
+#ifndef OPENSSL_NO_SSL3
 		if ((p[2] == SSL3_VERSION_MINOR) &&
 			!(s->options & SSL_OP_NO_SSLv3))
 			{
@@ -712,7 +715,9 @@ static int ssl23_get_server_hello(SSL *s)
 			s->version=SSL3_VERSION;
 			s->method=SSLv3_client_method();
 			}
-		else if ((p[2] == TLS1_VERSION_MINOR) &&
+		else
+#endif
+		if ((p[2] == TLS1_VERSION_MINOR) &&
 			!(s->options & SSL_OP_NO_TLSv1))
 			{
 			s->version=TLS1_VERSION;
@@ -736,6 +741,9 @@ static int ssl23_get_server_hello(SSL *s)
 			goto err;
 			}
 
+		/* ensure that TLS_MAX_VERSION is up-to-date */
+		OPENSSL_assert(s->version <= TLS_MAX_VERSION);
+
 		if (p[0] == SSL3_RT_ALERT && p[5] != SSL3_AL_WARNING)
 			{
 			/* fatal alert */
diff --git a/app/openssl/ssl/s23_lib.c b/app/openssl/ssl/s23_lib.c
index 3bf72831..f3c29d1d 100644
--- a/app/openssl/ssl/s23_lib.c
+++ b/app/openssl/ssl/s23_lib.c
@@ -107,6 +107,13 @@ int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
 	long l;
 
 	/* We can write SSLv2 and SSLv3 ciphers */
+	/* but no ECC ciphers */
+	if (c->algorithm_mkey == SSL_kECDHr ||
+		c->algorithm_mkey == SSL_kECDHe ||
+		c->algorithm_mkey == SSL_kEECDH ||
+		c->algorithm_auth == SSL_aECDH ||
+		c->algorithm_auth == SSL_aECDSA)
+		return 0;
 	if (p != NULL)
 		{
 		l=c->id;
diff --git a/app/openssl/ssl/s23_srvr.c b/app/openssl/ssl/s23_srvr.c
index 48778490..93ca7d53 100644
--- a/app/openssl/ssl/s23_srvr.c
+++ b/app/openssl/ssl/s23_srvr.c
@@ -127,9 +127,11 @@ static const SSL_METHOD *ssl23_get_server_method(int ver)
 	if (ver == SSL2_VERSION)
 		return(SSLv2_server_method());
 #endif
+#ifndef OPENSSL_NO_SSL3
 	if (ver == SSL3_VERSION)
 		return(SSLv3_server_method());
-	else if (ver == TLS1_VERSION)
+#endif
+	if (ver == TLS1_VERSION)
 		return(TLSv1_server_method());
 	else if (ver == TLS1_1_VERSION)
 		return(TLSv1_1_server_method());
@@ -348,23 +350,19 @@ int ssl23_get_client_hello(SSL *s)
 			 * Client Hello message, this would be difficult, and we'd have
 			 * to read more records to find out.
 			 * No known SSL 3.0 client fragments ClientHello like this,
-			 * so we simply assume TLS 1.0 to avoid protocol version downgrade
-			 * attacks. */
+			 * so we simply reject such connections to avoid
+			 * protocol version downgrade attacks. */
 			if (p[3] == 0 && p[4] < 6)
 				{
-#if 0
 				SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_SMALL);
 				goto err;
-#else
-				v[1] = TLS1_VERSION_MINOR;
-#endif
 				}
 			/* if major version number > 3 set minor to a value
 			 * which will use the highest version 3 we support.
 			 * If TLS 2.0 ever appears we will need to revise
 			 * this....
 			 */
-			else if (p[9] > SSL3_VERSION_MAJOR)
+			if (p[9] > SSL3_VERSION_MAJOR)
 				v[1]=0xff;
 			else
 				v[1]=p[10]; /* minor version according to client_version */
@@ -425,6 +423,9 @@ int ssl23_get_client_hello(SSL *s)
 			}
 		}
 
+	/* ensure that TLS_MAX_VERSION is up-to-date */
+	OPENSSL_assert(s->version <= TLS_MAX_VERSION);
+
 #ifdef OPENSSL_FIPS
 	if (FIPS_mode() && (s->version < TLS1_VERSION))
 		{
@@ -444,14 +445,34 @@ int ssl23_get_client_hello(SSL *s)
 		v[0] = p[3]; /* == SSL3_VERSION_MAJOR */
 		v[1] = p[4];
 
+		/* An SSLv3/TLSv1 backwards-compatible CLIENT-HELLO in an SSLv2
+		 * header is sent directly on the wire, not wrapped as a TLS
+		 * record. It's format is:
+		 * Byte  Content
+		 * 0-1   msg_length
+		 * 2     msg_type
+		 * 3-4   version
+		 * 5-6   cipher_spec_length
+		 * 7-8   session_id_length
+		 * 9-10  challenge_length
+		 * ...   ...
+		 */
 		n=((p[0]&0x7f)<<8)|p[1];
 		if (n > (1024*4))
 			{
 			SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_LARGE);
 			goto err;
 			}
+		if (n < 9)
+			{
+			SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_LENGTH_MISMATCH);
+			goto err;
+			}
 
 		j=ssl23_read_bytes(s,n+2);
+		/* We previously read 11 bytes, so if j > 0, we must have
+		 * j == n+2 == s->packet_length. We have at least 11 valid
+		 * packet bytes. */
 		if (j <= 0) return(j);
 
 		ssl3_finish_mac(s, s->packet+2, s->packet_length-2);
@@ -581,6 +602,12 @@ int ssl23_get_client_hello(SSL *s)
 	if ((type == 2) || (type == 3))
 		{
 		/* we have SSLv3/TLSv1 (type 2: SSL2 style, type 3: SSL3/TLS style) */
+                s->method = ssl23_get_server_method(s->version);
+		if (s->method == NULL)
+			{
+			SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);
+			goto err;
+			}
 
 		if (!ssl_init_wbio_buffer(s,1)) goto err;
 
@@ -608,14 +635,6 @@ int ssl23_get_client_hello(SSL *s)
 			s->s3->rbuf.left=0;
 			s->s3->rbuf.offset=0;
 			}
-		if (s->version == TLS1_2_VERSION)
-			s->method = TLSv1_2_server_method();
-		else if (s->version == TLS1_1_VERSION)
-			s->method = TLSv1_1_server_method();
-		else if (s->version == TLS1_VERSION)
-			s->method = TLSv1_server_method();
-		else
-			s->method = SSLv3_server_method();
 #if 0 /* ssl3_get_client_hello does this */
 		s->client_version=(v[0]<<8)|v[1];
 #endif
diff --git a/app/openssl/ssl/s2_lib.c b/app/openssl/ssl/s2_lib.c
index 99146041..c63be305 100644
--- a/app/openssl/ssl/s2_lib.c
+++ b/app/openssl/ssl/s2_lib.c
@@ -250,7 +250,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_ciphers[]={
 	SSL_SSLV2,
 	SSL_NOT_EXP|SSL_HIGH,
 	0,
-	168,
+	112,
 	168,
 	},
 
@@ -391,6 +391,8 @@ long ssl2_ctrl(SSL *s, int cmd, long larg, void *parg)
 	case SSL_CTRL_GET_SESSION_REUSED:
 		ret=s->hit;
 		break;
+	case SSL_CTRL_CHECK_PROTO_VERSION:
+		return ssl3_ctrl(s, SSL_CTRL_CHECK_PROTO_VERSION, larg, parg);
 	default:
 		break;
 		}
@@ -437,7 +439,7 @@ int ssl2_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
 	if (p != NULL)
 		{
 		l=c->id;
-		if ((l & 0xff000000) != 0x02000000) return(0);
+		if ((l & 0xff000000) != 0x02000000 && l != SSL3_CK_FALLBACK_SCSV) return(0);
 		p[0]=((unsigned char)(l>>16L))&0xFF;
 		p[1]=((unsigned char)(l>> 8L))&0xFF;
 		p[2]=((unsigned char)(l     ))&0xFF;
diff --git a/app/openssl/ssl/s3_cbc.c b/app/openssl/ssl/s3_cbc.c
index 443a31e7..11f13adb 100644
--- a/app/openssl/ssl/s3_cbc.c
+++ b/app/openssl/ssl/s3_cbc.c
@@ -53,6 +53,7 @@
  *
  */
 
+#include "../crypto/constant_time_locl.h"
 #include "ssl_locl.h"
 
 #include <openssl/md5.h>
@@ -67,37 +68,6 @@
  * supported by TLS.) */
 #define MAX_HASH_BLOCK_SIZE 128
 
-/* Some utility functions are needed:
- *
- * These macros return the given value with the MSB copied to all the other
- * bits. They use the fact that arithmetic shift shifts-in the sign bit.
- * However, this is not ensured by the C standard so you may need to replace
- * them with something else on odd CPUs. */
-#define DUPLICATE_MSB_TO_ALL(x) ( (unsigned)( (int)(x) >> (sizeof(int)*8-1) ) )
-#define DUPLICATE_MSB_TO_ALL_8(x) ((unsigned char)(DUPLICATE_MSB_TO_ALL(x)))
-
-/* constant_time_lt returns 0xff if a<b and 0x00 otherwise. */
-static unsigned constant_time_lt(unsigned a, unsigned b)
-	{
-	a -= b;
-	return DUPLICATE_MSB_TO_ALL(a);
-	}
-
-/* constant_time_ge returns 0xff if a>=b and 0x00 otherwise. */
-static unsigned constant_time_ge(unsigned a, unsigned b)
-	{
-	a -= b;
-	return DUPLICATE_MSB_TO_ALL(~a);
-	}
-
-/* constant_time_eq_8 returns 0xff if a==b and 0x00 otherwise. */
-static unsigned char constant_time_eq_8(unsigned a, unsigned b)
-	{
-	unsigned c = a ^ b;
-	c--;
-	return DUPLICATE_MSB_TO_ALL_8(c);
-	}
-
 /* ssl3_cbc_remove_padding removes padding from the decrypted, SSLv3, CBC
  * record in |rec| by updating |rec->length| in constant time.
  *
@@ -126,8 +96,8 @@ int ssl3_cbc_remove_padding(const SSL* s,
 	padding_length = good & (padding_length+1);
 	rec->length -= padding_length;
 	rec->type |= padding_length<<8;	/* kludge: pass padding length */
-	return (int)((good & 1) | (~good & -1));
-}
+	return constant_time_select_int(good, 1, -1);
+	}
 
 /* tls1_cbc_remove_padding removes the CBC padding from the decrypted, TLS, CBC
  * record in |rec| in constant time and returns 1 if the padding is valid and
@@ -208,7 +178,7 @@ int tls1_cbc_remove_padding(const SSL* s,
 
 	for (i = 0; i < to_check; i++)
 		{
-		unsigned char mask = constant_time_ge(padding_length, i);
+		unsigned char mask = constant_time_ge_8(padding_length, i);
 		unsigned char b = rec->data[rec->length-1-i];
 		/* The final |padding_length+1| bytes should all have the value
 		 * |padding_length|. Therefore the XOR should be zero. */
@@ -216,20 +186,14 @@ int tls1_cbc_remove_padding(const SSL* s,
 		}
 
 	/* If any of the final |padding_length+1| bytes had the wrong value,
-	 * one or more of the lower eight bits of |good| will be cleared. We
-	 * AND the bottom 8 bits together and duplicate the result to all the
-	 * bits. */
-	good &= good >> 4;
-	good &= good >> 2;
-	good &= good >> 1;
-	good <<= sizeof(good)*8-1;
-	good = DUPLICATE_MSB_TO_ALL(good);
-
+	 * one or more of the lower eight bits of |good| will be cleared.
+	 */
+	good = constant_time_eq(0xff, good & 0xff);
 	padding_length = good & (padding_length+1);
 	rec->length -= padding_length;
 	rec->type |= padding_length<<8;	/* kludge: pass padding length */
 
-	return (int)((good & 1) | (~good & -1));
+	return constant_time_select_int(good, 1, -1);
 	}
 
 /* ssl3_cbc_copy_mac copies |md_size| bytes from the end of |rec| to |out| in
@@ -296,8 +260,8 @@ void ssl3_cbc_copy_mac(unsigned char* out,
 	memset(rotated_mac, 0, md_size);
 	for (i = scan_start, j = 0; i < orig_len; i++)
 		{
-		unsigned char mac_started = constant_time_ge(i, mac_start);
-		unsigned char mac_ended = constant_time_ge(i, mac_end);
+		unsigned char mac_started = constant_time_ge_8(i, mac_start);
+		unsigned char mac_ended = constant_time_ge_8(i, mac_end);
 		unsigned char b = rec->data[i];
 		rotated_mac[j++] |= b & mac_started & ~mac_ended;
 		j &= constant_time_lt(j,md_size);
@@ -683,12 +647,12 @@ void ssl3_cbc_digest_record(
 				b = data[k-header_length];
 			k++;
 
-			is_past_c = is_block_a & constant_time_ge(j, c);
-			is_past_cp1 = is_block_a & constant_time_ge(j, c+1);
+			is_past_c = is_block_a & constant_time_ge_8(j, c);
+			is_past_cp1 = is_block_a & constant_time_ge_8(j, c+1);
 			/* If this is the block containing the end of the
 			 * application data, and we are at the offset for the
 			 * 0x80 value, then overwrite b with 0x80. */
-			b = (b&~is_past_c) | (0x80&is_past_c);
+                        b =  constant_time_select_8(is_past_c, 0x80, b);
 			/* If this the the block containing the end of the
 			 * application data and we're past the 0x80 value then
 			 * just write zero. */
@@ -704,7 +668,8 @@ void ssl3_cbc_digest_record(
 			if (j >= md_block_size - md_length_size)
 				{
 				/* If this is index_b, write a length byte. */
-				b = (b&~is_block_b) | (is_block_b&length_bytes[j-(md_block_size-md_length_size)]);
+				b = constant_time_select_8(
+					is_block_b, length_bytes[j-(md_block_size-md_length_size)], b);
 				}
 			block[j] = b;
 			}
diff --git a/app/openssl/ssl/s3_clnt.c b/app/openssl/ssl/s3_clnt.c
index 486f538b..8a81793e 100644
--- a/app/openssl/ssl/s3_clnt.c
+++ b/app/openssl/ssl/s3_clnt.c
@@ -332,9 +332,9 @@ int ssl3_connect(SSL *s)
 				break;
 				}
 #endif
-			/* Check if it is anon DH/ECDH */
+			/* Check if it is anon DH/ECDH, SRP auth */
 			/* or non-RSA PSK */
-			if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) &&
+			if (!(s->s3->tmp.new_cipher->algorithm_auth & (SSL_aNULL|SSL_aSRP)) &&
 			    !((s->s3->tmp.new_cipher->algorithm_auth & SSL_aPSK) &&
 			      !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kRSA)))
 				{
@@ -530,6 +530,7 @@ int ssl3_connect(SSL *s)
 				s->method->ssl3_enc->client_finished_label,
 				s->method->ssl3_enc->client_finished_label_len);
 			if (ret <= 0) goto end;
+			s->s3->flags |= SSL3_FLAGS_CCS_OK;
 			s->state=SSL3_ST_CW_FLUSH;
 
 			/* clear flags */
@@ -975,6 +976,7 @@ int ssl3_get_server_hello(SSL *s)
 			{
 			s->session->cipher = pref_cipher ?
 				pref_cipher : ssl_get_cipher_by_char(s, p+j);
+	    		s->s3->flags |= SSL3_FLAGS_CCS_OK;
 			}
 		}
 #endif /* OPENSSL_NO_TLSEXT */
@@ -1032,6 +1034,15 @@ int ssl3_get_server_hello(SSL *s)
 		SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_WRONG_CIPHER_RETURNED);
 		goto f_err;
 		}
+#ifndef OPENSSL_NO_SRP
+	if (((c->algorithm_mkey & SSL_kSRP) || (c->algorithm_auth & SSL_aSRP)) &&
+		    !(s->srp_ctx.srp_Mask & SSL_kSRP))
+		{
+		al=SSL_AD_ILLEGAL_PARAMETER;
+		SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_WRONG_CIPHER_RETURNED);
+		goto f_err;
+		}
+#endif /* OPENSSL_NO_SRP */
 	p+=ssl_put_cipher_by_char(s,NULL,NULL);
 
 	sk=ssl_get_ciphers_by_id(s);
@@ -1346,8 +1357,8 @@ int ssl3_get_key_exchange(SSL *s)
 #endif
 	EVP_MD_CTX md_ctx;
 	unsigned char *param,*p;
-	int al,i,j,param_len,ok;
-	long n,alg_k,alg_a;
+	int al,j,ok;
+	long i,param_len,n,alg_k,alg_a;
 	EVP_PKEY *pkey=NULL;
 	const EVP_MD *md = NULL;
 #ifndef OPENSSL_NO_RSA
@@ -1425,19 +1436,29 @@ int ssl3_get_key_exchange(SSL *s)
 		s->session->sess_cert=ssl_sess_cert_new();
 		}
 
+	/* Total length of the parameters including the length prefix */
 	param_len=0;
+
 	alg_k=s->s3->tmp.new_cipher->algorithm_mkey;
 	alg_a=s->s3->tmp.new_cipher->algorithm_auth;
 	EVP_MD_CTX_init(&md_ctx);
 
+	al=SSL_AD_DECODE_ERROR;
+
 #ifndef OPENSSL_NO_PSK
 	if (alg_a & SSL_aPSK)
 		{
 		char tmp_id_hint[PSK_MAX_IDENTITY_LEN+1];
 
-		al=SSL_AD_HANDSHAKE_FAILURE;
+		param_len = 2;
+		if (param_len > n)
+			{
+			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
+				SSL_R_LENGTH_TOO_SHORT);
+			goto f_err;
+			}
 		n2s(p,i);
-		param_len=i+2;
+
 		if (s->session->psk_identity_hint)
 			{
 			OPENSSL_free(s->session->psk_identity_hint);
@@ -1451,17 +1472,19 @@ int ssl3_get_key_exchange(SSL *s)
 			 * long as the maximum length of a PSK identity. */
 			if (i > PSK_MAX_IDENTITY_LEN)
 				{
+				al=SSL_AD_HANDSHAKE_FAILURE;
 				SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
 					SSL_R_DATA_LENGTH_TOO_LONG);
 				goto f_err;
 				}
-			if (param_len > n)
+			if (i > n - param_len)
 				{
-				al=SSL_AD_DECODE_ERROR;
 				SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
 					SSL_R_BAD_PSK_IDENTITY_HINT_LENGTH);
 				goto f_err;
 				}
+			param_len += i;
+
 			/* If received PSK identity hint contains NULL
 			 * characters, the hint is truncated from the first
 			 * NULL. p may not be ending with NULL, so create a
@@ -1471,6 +1494,7 @@ int ssl3_get_key_exchange(SSL *s)
 			s->session->psk_identity_hint = BUF_strdup(tmp_id_hint);
 			if (s->session->psk_identity_hint == NULL)
 				{
+				al=SSL_AD_HANDSHAKE_FAILURE;
 				SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
 				goto f_err;
 				}
@@ -1484,14 +1508,22 @@ int ssl3_get_key_exchange(SSL *s)
 #ifndef OPENSSL_NO_SRP
 	else if (alg_k & SSL_kSRP)
 		{
-		n2s(p,i);
-		param_len=i+2;
+		param_len = 2;
 		if (param_len > n)
 			{
-			al=SSL_AD_DECODE_ERROR;
+			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
+				SSL_R_LENGTH_TOO_SHORT);
+			goto f_err;
+			}
+		n2s(p,i);
+
+		if (i > n - param_len)
+			{
 			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SRP_N_LENGTH);
 			goto f_err;
 			}
+		param_len += i;
+
 		if (!(s->srp_ctx.N=BN_bin2bn(p,i,NULL)))
 			{
 			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
@@ -1499,14 +1531,24 @@ int ssl3_get_key_exchange(SSL *s)
 			}
 		p+=i;
 
+
+		if (2 > n - param_len)
+			{
+			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
+				SSL_R_LENGTH_TOO_SHORT);
+			goto f_err;
+			}
+		param_len += 2;
+
 		n2s(p,i);
-		param_len+=i+2;
-		if (param_len > n)
+
+		if (i > n - param_len)
 			{
-			al=SSL_AD_DECODE_ERROR;
 			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SRP_G_LENGTH);
 			goto f_err;
 			}
+		param_len += i;
+
 		if (!(s->srp_ctx.g=BN_bin2bn(p,i,NULL)))
 			{
 			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
@@ -1514,15 +1556,25 @@ int ssl3_get_key_exchange(SSL *s)
 			}
 		p+=i;
 
+
+		if (1 > n - param_len)
+			{
+			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
+				SSL_R_LENGTH_TOO_SHORT);
+			goto f_err;
+			}
+		param_len += 1;
+
 		i = (unsigned int)(p[0]);
 		p++;
-		param_len+=i+1;
-		if (param_len > n)
+
+		if (i > n - param_len)
 			{
-			al=SSL_AD_DECODE_ERROR;
 			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SRP_S_LENGTH);
 			goto f_err;
 			}
+		param_len += i;
+
 		if (!(s->srp_ctx.s=BN_bin2bn(p,i,NULL)))
 			{
 			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
@@ -1530,14 +1582,23 @@ int ssl3_get_key_exchange(SSL *s)
 			}
 		p+=i;
 
+		if (2 > n - param_len)
+			{
+			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
+				SSL_R_LENGTH_TOO_SHORT);
+			goto f_err;
+			}
+		param_len += 2;
+
 		n2s(p,i);
-		param_len+=i+2;
-		if (param_len > n)
+
+		if (i > n - param_len)
 			{
-			al=SSL_AD_DECODE_ERROR;
 			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SRP_B_LENGTH);
 			goto f_err;
 			}
+		param_len += i;
+
 		if (!(s->srp_ctx.B=BN_bin2bn(p,i,NULL)))
 			{
 			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
@@ -1546,6 +1607,12 @@ int ssl3_get_key_exchange(SSL *s)
 		p+=i;
 		n-=param_len;
 
+		if (!srp_verify_server_param(s, &al))
+			{
+			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SRP_PARAMETERS);
+			goto f_err;
+			}
+
 /* We must check if there is a certificate */
 #ifndef OPENSSL_NO_RSA
 		if (alg_a & SSL_aRSA)
@@ -1568,14 +1635,23 @@ int ssl3_get_key_exchange(SSL *s)
 			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
 			goto err;
 			}
-		n2s(p,i);
-		param_len=i+2;
+
+		param_len = 2;
 		if (param_len > n)
 			{
-			al=SSL_AD_DECODE_ERROR;
+			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
+				SSL_R_LENGTH_TOO_SHORT);
+			goto f_err;
+			}
+		n2s(p,i);
+
+		if (i > n - param_len)
+			{
 			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_RSA_MODULUS_LENGTH);
 			goto f_err;
 			}
+		param_len += i;
+
 		if (!(rsa->n=BN_bin2bn(p,i,rsa->n)))
 			{
 			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
@@ -1583,14 +1659,23 @@ int ssl3_get_key_exchange(SSL *s)
 			}
 		p+=i;
 
+		if (2 > n - param_len)
+			{
+			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
+				SSL_R_LENGTH_TOO_SHORT);
+			goto f_err;
+			}
+		param_len += 2;
+
 		n2s(p,i);
-		param_len+=i+2;
-		if (param_len > n)
+
+		if (i > n - param_len)
 			{
-			al=SSL_AD_DECODE_ERROR;
 			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_RSA_E_LENGTH);
 			goto f_err;
 			}
+		param_len += i;
+
 		if (!(rsa->e=BN_bin2bn(p,i,rsa->e)))
 			{
 			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
@@ -1619,14 +1704,23 @@ int ssl3_get_key_exchange(SSL *s)
 			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_DH_LIB);
 			goto err;
 			}
-		n2s(p,i);
-		param_len=i+2;
+
+		param_len = 2;
 		if (param_len > n)
 			{
-			al=SSL_AD_DECODE_ERROR;
+			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
+				SSL_R_LENGTH_TOO_SHORT);
+			goto f_err;
+			}
+		n2s(p,i);
+
+		if (i > n - param_len)
+			{
 			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_DH_P_LENGTH);
 			goto f_err;
 			}
+		param_len += i;
+
 		if (!(dh->p=BN_bin2bn(p,i,NULL)))
 			{
 			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
@@ -1634,14 +1728,23 @@ int ssl3_get_key_exchange(SSL *s)
 			}
 		p+=i;
 
+		if (2 > n - param_len)
+			{
+			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
+				SSL_R_LENGTH_TOO_SHORT);
+			goto f_err;
+			}
+		param_len += 2;
+
 		n2s(p,i);
-		param_len+=i+2;
-		if (param_len > n)
+
+		if (i > n - param_len)
 			{
-			al=SSL_AD_DECODE_ERROR;
 			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_DH_G_LENGTH);
 			goto f_err;
 			}
+		param_len += i;
+
 		if (!(dh->g=BN_bin2bn(p,i,NULL)))
 			{
 			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
@@ -1649,14 +1752,23 @@ int ssl3_get_key_exchange(SSL *s)
 			}
 		p+=i;
 
+		if (2 > n - param_len)
+			{
+			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
+				SSL_R_LENGTH_TOO_SHORT);
+			goto f_err;
+			}
+		param_len += 2;
+
 		n2s(p,i);
-		param_len+=i+2;
-		if (param_len > n)
+
+		if (i > n - param_len)
 			{
-			al=SSL_AD_DECODE_ERROR;
 			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_DH_PUB_KEY_LENGTH);
 			goto f_err;
 			}
+		param_len += i;
+
 		if (!(dh->pub_key=BN_bin2bn(p,i,NULL)))
 			{
 			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
@@ -1708,12 +1820,19 @@ int ssl3_get_key_exchange(SSL *s)
 		 */
 
 		/* XXX: For now we only support named (not generic) curves
-		 * and the ECParameters in this case is just three bytes.
+		 * and the ECParameters in this case is just three bytes. We
+		 * also need one byte for the length of the encoded point
 		 */
-		param_len=3;
-		if ((param_len > n) ||
-		    (*p != NAMED_CURVE_TYPE) || 
-		    ((curve_nid = tls1_ec_curve_id2nid(*(p + 2))) == 0)) 
+		param_len=4;
+		if (param_len > n)
+			{
+			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
+				SSL_R_LENGTH_TOO_SHORT);
+			goto f_err;
+			}
+
+		if ((*p != NAMED_CURVE_TYPE) || 
+		    ((curve_nid = tls1_ec_curve_id2nid(*(p + 2))) == 0))
 			{
 			al=SSL_AD_INTERNAL_ERROR;
 			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS);
@@ -1755,15 +1874,15 @@ int ssl3_get_key_exchange(SSL *s)
 
 		encoded_pt_len = *p;  /* length of encoded point */
 		p+=1;
-		param_len += (1 + encoded_pt_len);
-		if ((param_len > n) ||
+
+		if ((encoded_pt_len > n - param_len) ||
 		    (EC_POINT_oct2point(group, srvr_ecpoint, 
 			p, encoded_pt_len, bn_ctx) == 0))
 			{
-			al=SSL_AD_DECODE_ERROR;
 			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_ECPOINT);
 			goto f_err;
 			}
+		param_len += encoded_pt_len;
 
 		n-=param_len;
 		p+=encoded_pt_len;
@@ -1806,7 +1925,15 @@ int ssl3_get_key_exchange(SSL *s)
 		{
 		if (TLS1_get_version(s) >= TLS1_2_VERSION)
 			{
-			int sigalg = tls12_get_sigid(pkey);
+			int sigalg;
+			if (2 > n)
+				{
+				SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
+					SSL_R_LENGTH_TOO_SHORT);
+				goto f_err;
+				}
+
+			sigalg = tls12_get_sigid(pkey);
 			/* Should never happen */
 			if (sigalg == -1)
 				{
@@ -1824,7 +1951,6 @@ int ssl3_get_key_exchange(SSL *s)
 			if (md == NULL)
 				{
 				SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_UNKNOWN_DIGEST);
-				al=SSL_AD_DECODE_ERROR;
 				goto f_err;
 				}
 #ifdef SSL_DEBUG
@@ -1835,15 +1961,21 @@ fprintf(stderr, "USING TLSv1.2 HASH %s\n", EVP_MD_name(md));
 			}
 		else
 			md = EVP_sha1();
-			
+
+		if (2 > n)
+			{
+			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
+				SSL_R_LENGTH_TOO_SHORT);
+			goto f_err;
+			}
 		n2s(p,i);
 		n-=2;
 		j=EVP_PKEY_size(pkey);
 
+		/* Check signature length. If n is 0 then signature is empty */
 		if ((i != n) || (n > j) || (n <= 0))
 			{
 			/* wrong packet length */
-			al=SSL_AD_DECODE_ERROR;
 			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_WRONG_SIGNATURE_LENGTH);
 			goto f_err;
 			}
@@ -1852,6 +1984,7 @@ fprintf(stderr, "USING TLSv1.2 HASH %s\n", EVP_MD_name(md));
 		if (pkey->type == EVP_PKEY_RSA && TLS1_get_version(s) < TLS1_2_VERSION)
 			{
 			int num;
+			unsigned int size;
 
 			j=0;
 			q=md_buf;
@@ -1864,9 +1997,9 @@ fprintf(stderr, "USING TLSv1.2 HASH %s\n", EVP_MD_name(md));
 				EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
 				EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
 				EVP_DigestUpdate(&md_ctx,param,param_len);
-				EVP_DigestFinal_ex(&md_ctx,q,(unsigned int *)&i);
-				q+=i;
-				j+=i;
+				EVP_DigestFinal_ex(&md_ctx,q,&size);
+				q+=size;
+				j+=size;
 				}
 			i=RSA_verify(NID_md5_sha1, md_buf, j, p, n,
 								pkey->pkey.rsa);
@@ -1902,7 +2035,7 @@ fprintf(stderr, "USING TLSv1.2 HASH %s\n", EVP_MD_name(md));
 		}
 	else
 		{
-		if (!(alg_a & SSL_aNULL) &&
+		if (!(alg_a & (SSL_aNULL|SSL_aSRP)) &&
 			/* Among PSK ciphers only RSA_PSK needs a public key */
 			!((alg_a & SSL_aPSK) && !(alg_k & SSL_kRSA)))
 			{
@@ -1912,7 +2045,6 @@ fprintf(stderr, "USING TLSv1.2 HASH %s\n", EVP_MD_name(md));
 		/* still data left over */
 		if (n != 0)
 			{
-			al=SSL_AD_DECODE_ERROR;
 			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_EXTRA_DATA_IN_MESSAGE);
 			goto f_err;
 			}
@@ -2338,7 +2470,10 @@ int ssl3_send_client_key_exchange(SSL *s)
 #ifndef OPENSSL_NO_PSK
 		if (alg_a & SSL_aPSK)
 			{
-			char identity[PSK_MAX_IDENTITY_LEN + 1];
+			/* The callback needs PSK_MAX_IDENTITY_LEN + 1 bytes
+			 * to return a \0-terminated identity. The last byte
+			 * is for us for simulating strnlen. */
+			char identity[PSK_MAX_IDENTITY_LEN + 2];
 			size_t identity_len;
 			unsigned char *t = NULL;
 			unsigned char pre_ms[PSK_MAX_PSK_LEN*2+4];
@@ -2355,7 +2490,7 @@ int ssl3_send_client_key_exchange(SSL *s)
 
 			memset(identity, 0, sizeof(identity));
 			psk_len = s->psk_client_callback(s, s->session->psk_identity_hint,
-				identity, sizeof(identity), psk, sizeof(psk));
+				identity, sizeof(identity - 1), psk, sizeof(psk));
 			if (psk_len > PSK_MAX_PSK_LEN)
 				{
 				SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
@@ -2368,14 +2503,14 @@ int ssl3_send_client_key_exchange(SSL *s)
 					SSL_R_PSK_IDENTITY_NOT_FOUND);
 				goto psk_err;
 				}
-			identity_len = strnlen(identity, sizeof(identity));
+			identity[PSK_MAX_IDENTITY_LEN + 1] = '\0';
+			identity_len = strlen(identity);
 			if (identity_len > PSK_MAX_IDENTITY_LEN)
 				{
 				SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
 					ERR_R_INTERNAL_ERROR);
 				goto psk_err;
 				}
-
 			if (!(alg_k & SSL_kEECDH))
 				{
 				/* Create the shared secret now if we're not using ECDHE-PSK.*/
@@ -2407,7 +2542,7 @@ int ssl3_send_client_key_exchange(SSL *s)
 				}
 			psk_err = 0;
 		psk_err:
-			OPENSSL_cleanse(identity, PSK_MAX_IDENTITY_LEN);
+			OPENSSL_cleanse(identity, sizeof(identity));
 			OPENSSL_cleanse(pre_ms, sizeof(pre_ms));
 			if (psk_err != 0)
 				{
@@ -2424,6 +2559,13 @@ int ssl3_send_client_key_exchange(SSL *s)
 			RSA *rsa;
 			unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
 
+			if (s->session->sess_cert == NULL)
+				{
+				/* We should always have a server certificate with SSL_kRSA. */
+				SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
+				goto err;
+				}
+
 			if (s->session->sess_cert->peer_rsa_tmp != NULL)
 				rsa=s->session->sess_cert->peer_rsa_tmp;
 			else
@@ -2820,7 +2962,7 @@ int ssl3_send_client_key_exchange(SSL *s)
 			/* ECDHE PSK ciphersuites from RFC 5489 */
 			if ((alg_a & SSL_aPSK) && psk_len != 0)
 				{
-				pre_ms_len = 2+psk_len+2+n;
+				pre_ms_len = 2+n+2+psk_len;
 				pre_ms = OPENSSL_malloc(pre_ms_len);
 				if (pre_ms == NULL)
 					{
@@ -2830,11 +2972,11 @@ int ssl3_send_client_key_exchange(SSL *s)
 					}
 				memset(pre_ms, 0, pre_ms_len);
 				t = pre_ms;
-				s2n(psk_len, t);
-				memcpy(t, psk, psk_len);
-				t += psk_len;
 				s2n(n, t);
 				memcpy(t, p, n);
+				t += n;
+				s2n(psk_len, t);
+				memcpy(t, psk, psk_len);
 				s->session->master_key_length = s->method->ssl3_enc \
 					-> generate_master_secret(s,
 						s->session->master_key, pre_ms, pre_ms_len);
@@ -3341,7 +3483,7 @@ int ssl3_check_cert_and_algorithm(SSL *s)
 	alg_a=s->s3->tmp.new_cipher->algorithm_auth;
 
 	/* we don't have a certificate */
-	if ((alg_a & (SSL_aDH|SSL_aNULL|SSL_aKRB5)) || ((alg_a & SSL_aPSK) && !(alg_k & SSL_kRSA)))
+	if ((alg_a & (SSL_aDH|SSL_aNULL|SSL_aKRB5)) || (alg_k & SSL_kPSK))
 		return(1);
 
 	sc=s->session->sess_cert;
diff --git a/app/openssl/ssl/s3_enc.c b/app/openssl/ssl/s3_enc.c
index 53b94b7c..bcb65d48 100644
--- a/app/openssl/ssl/s3_enc.c
+++ b/app/openssl/ssl/s3_enc.c
@@ -641,10 +641,18 @@ int ssl3_cert_verify_mac(SSL *s, int md_nid, unsigned char *p)
 int ssl3_final_finish_mac(SSL *s, 
 	     const char *sender, int len, unsigned char *p)
 	{
-	int ret;
+	int ret, sha1len;
 	ret=ssl3_handshake_mac(s,NID_md5,sender,len,p);
+	if(ret == 0)
+		return 0;
+
 	p+=ret;
-	ret+=ssl3_handshake_mac(s,NID_sha1,sender,len,p);
+
+	sha1len=ssl3_handshake_mac(s,NID_sha1,sender,len,p);
+	if(sha1len == 0)
+		return 0;
+
+	ret+=sha1len;
 	return(ret);
 	}
 static int ssl3_handshake_mac(SSL *s, int md_nid,
@@ -891,7 +899,7 @@ int ssl3_alert_code(int code)
 	case SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE: return(SSL3_AD_HANDSHAKE_FAILURE);
 	case SSL_AD_BAD_CERTIFICATE_HASH_VALUE: return(SSL3_AD_HANDSHAKE_FAILURE);
 	case SSL_AD_UNKNOWN_PSK_IDENTITY:return(TLS1_AD_UNKNOWN_PSK_IDENTITY);
+	case SSL_AD_INAPPROPRIATE_FALLBACK:return(TLS1_AD_INAPPROPRIATE_FALLBACK);
 	default:			return(-1);
 		}
 	}
-
diff --git a/app/openssl/ssl/s3_lib.c b/app/openssl/ssl/s3_lib.c
index 896d1e19..c378dd60 100644
--- a/app/openssl/ssl/s3_lib.c
+++ b/app/openssl/ssl/s3_lib.c
@@ -328,7 +328,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	SSL_SSLV3,
 	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	168,
+	112,
 	168,
 	},
 
@@ -377,7 +377,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	SSL_SSLV3,
 	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	168,
+	112,
 	168,
 	},
 
@@ -425,7 +425,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	SSL_SSLV3,
 	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	168,
+	112,
 	168,
 	},
 
@@ -474,7 +474,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	SSL_SSLV3,
 	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	168,
+	112,
 	168,
 	},
 
@@ -522,7 +522,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	SSL_SSLV3,
 	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	168,
+	112,
 	168,
 	},
 
@@ -602,7 +602,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	SSL_SSLV3,
 	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	168,
+	112,
 	168,
 	},
 
@@ -687,7 +687,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	SSL_SSLV3,
 	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	168,
+	112,
 	168,
 	},
 
@@ -751,7 +751,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	SSL_SSLV3,
 	SSL_NOT_EXP|SSL_HIGH,
 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	168,
+	112,
 	168,
 	},
 
@@ -1685,7 +1685,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	SSL_TLSV1,
 	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	168,
+	112,
 	168,
 	},
 
@@ -2062,7 +2062,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	SSL_TLSV1,
 	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	168,
+	112,
 	168,
 	},
 
@@ -2142,7 +2142,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	SSL_TLSV1,
 	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	168,
+	112,
 	168,
 	},
 
@@ -2222,7 +2222,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	SSL_TLSV1,
 	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	168,
+	112,
 	168,
 	},
 
@@ -2302,7 +2302,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	SSL_TLSV1,
 	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	168,
+	112,
 	168,
 	},
 
@@ -2382,7 +2382,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	SSL_TLSV1,
 	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	168,
+	112,
 	168,
 	},
 
@@ -2426,13 +2426,13 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
 	TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
 	SSL_kSRP,
-	SSL_aNULL,
+	SSL_aSRP,
 	SSL_3DES,
 	SSL_SHA1,
 	SSL_TLSV1,
 	SSL_NOT_EXP|SSL_HIGH,
 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	168,
+	112,
 	168,
 	},
 
@@ -2448,7 +2448,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	SSL_TLSV1,
 	SSL_NOT_EXP|SSL_HIGH,
 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	168,
+	112,
 	168,
 	},
 
@@ -2464,7 +2464,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	SSL_TLSV1,
 	SSL_NOT_EXP|SSL_HIGH,
 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	168,
+	112,
 	168,
 	},
 
@@ -2474,7 +2474,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA,
 	TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA,
 	SSL_kSRP,
-	SSL_aNULL,
+	SSL_aSRP,
 	SSL_AES128,
 	SSL_SHA1,
 	SSL_TLSV1,
@@ -2522,7 +2522,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA,
 	TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA,
 	SSL_kSRP,
-	SSL_aNULL,
+	SSL_aSRP,
 	SSL_AES256,
 	SSL_SHA1,
 	SSL_TLSV1,
@@ -3439,6 +3439,33 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
 		return 64;
 
 #endif /* !OPENSSL_NO_TLSEXT */
+
+	case SSL_CTRL_CHECK_PROTO_VERSION:
+		/* For library-internal use; checks that the current protocol
+		 * is the highest enabled version (according to s->ctx->method,
+		 * as version negotiation may have changed s->method). */
+		if (s->version == s->ctx->method->version)
+			return 1;
+		/* Apparently we're using a version-flexible SSL_METHOD
+		 * (not at its highest protocol version). */
+		if (s->ctx->method->version == SSLv23_method()->version)
+			{
+#if TLS_MAX_VERSION != TLS1_2_VERSION
+#  error Code needs update for SSLv23_method() support beyond TLS1_2_VERSION.
+#endif
+			if (!(s->options & SSL_OP_NO_TLSv1_2))
+				return s->version == TLS1_2_VERSION;
+			if (!(s->options & SSL_OP_NO_TLSv1_1))
+				return s->version == TLS1_1_VERSION;
+			if (!(s->options & SSL_OP_NO_TLSv1))
+				return s->version == TLS1_VERSION;
+			if (!(s->options & SSL_OP_NO_SSLv3))
+				return s->version == SSL3_VERSION;
+			if (!(s->options & SSL_OP_NO_SSLv2))
+				return s->version == SSL2_VERSION;
+			}
+		return 0; /* Unexpected state; fail closed. */
+
 	default:
 		break;
 		}
@@ -3816,6 +3843,7 @@ long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
 		break;
 #endif
 #endif
+
 	default:
 		return(0);
 		}
@@ -3924,10 +3952,15 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
 		emask_k = cert->export_mask_k;
 		emask_a = cert->export_mask_a;
 #ifndef OPENSSL_NO_SRP
-		mask_k=cert->mask_k | s->srp_ctx.srp_Mask;
-		emask_k=cert->export_mask_k | s->srp_ctx.srp_Mask;
+		if (s->srp_ctx.srp_Mask & SSL_kSRP)
+			{
+			mask_k |= SSL_kSRP;
+			emask_k |= SSL_kSRP;
+			mask_a |= SSL_aSRP;
+			emask_a |= SSL_aSRP;
+			}
 #endif
-			
+
 #ifdef KSSL_DEBUG
 /*		printf("ssl3_choose_cipher %d alg= %lx\n", i,c->algorithms);*/
 #endif    /* KSSL_DEBUG */
@@ -4406,4 +4439,3 @@ long ssl_get_algorithm2(SSL *s)
 		return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
 	return alg2;
 	}
-		
diff --git a/app/openssl/ssl/s3_pkt.c b/app/openssl/ssl/s3_pkt.c
index df436cf7..4a2f5d6c 100644
--- a/app/openssl/ssl/s3_pkt.c
+++ b/app/openssl/ssl/s3_pkt.c
@@ -273,6 +273,12 @@ int ssl3_read_n(SSL *s, int n, int max, int extend)
 	return(n);
 	}
 
+/* MAX_EMPTY_RECORDS defines the number of consecutive, empty records that will
+ * be processed per call to ssl3_get_record. Without this limit an attacker
+ * could send empty records at a faster rate than we can process and cause
+ * ssl3_get_record to loop forever. */
+#define MAX_EMPTY_RECORDS 32
+
 /* Call this to get a new input record.
  * It will return <= 0 if more data is needed, normally due to an error
  * or non-blocking IO.
@@ -293,6 +299,7 @@ static int ssl3_get_record(SSL *s)
 	short version;
 	unsigned mac_size, orig_len;
 	size_t extra;
+	unsigned empty_record_count = 0;
 
 	rr= &(s->s3->rrec);
 	sess=s->session;
@@ -523,7 +530,17 @@ printf("\n");
 	s->packet_length=0;
 
 	/* just read a 0 length packet */
-	if (rr->length == 0) goto again;
+	if (rr->length == 0)
+		{
+		empty_record_count++;
+		if (empty_record_count > MAX_EMPTY_RECORDS)
+			{
+			al=SSL_AD_UNEXPECTED_MESSAGE;
+			SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_RECORD_TOO_SMALL);
+			goto f_err;
+			}
+		goto again;
+		}
 
 #if 0
 fprintf(stderr, "Ultimate Record type=%d, Length=%d\n", rr->type, rr->length);
@@ -979,7 +996,7 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
 		if (!ssl3_setup_read_buffer(s))
 			return(-1);
 
-	if ((type && (type != SSL3_RT_APPLICATION_DATA) && (type != SSL3_RT_HANDSHAKE) && type) ||
+	if ((type && (type != SSL3_RT_APPLICATION_DATA) && (type != SSL3_RT_HANDSHAKE)) ||
 	    (peek && (type != SSL3_RT_APPLICATION_DATA)))
 		{
 		SSLerr(SSL_F_SSL3_READ_BYTES, ERR_R_INTERNAL_ERROR);
diff --git a/app/openssl/ssl/s3_srvr.c b/app/openssl/ssl/s3_srvr.c
index f83c9366..a42fc9e3 100644
--- a/app/openssl/ssl/s3_srvr.c
+++ b/app/openssl/ssl/s3_srvr.c
@@ -154,6 +154,7 @@
 #include <stdio.h>
 #include "ssl_locl.h"
 #include "kssl_lcl.h"
+#include "../crypto/constant_time_locl.h"
 #include <openssl/buffer.h>
 #include <openssl/rand.h>
 #include <openssl/objects.h>
@@ -414,11 +415,10 @@ int ssl3_accept(SSL *s)
 		case SSL3_ST_SW_CERT_B:
 			/* Check if it is anon DH or anon ECDH, */
 			/* non-RSA PSK or KRB5 or SRP */
-			if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL)
+			if (!(s->s3->tmp.new_cipher->algorithm_auth & (SSL_aNULL|SSL_aKRB5|SSL_aSRP))
 				/* Among PSK ciphersuites only RSA_PSK uses server certificate */
 				&& !(s->s3->tmp.new_cipher->algorithm_auth & SSL_aPSK &&
-					 !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kRSA))
-				&& !(s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5))
+					 !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kRSA)))
 				{
 				ret=ssl3_send_server_certificate(s);
 				if (ret <= 0) goto end;
@@ -524,7 +524,9 @@ int ssl3_accept(SSL *s)
 				  * (against the specs, but s3_clnt.c accepts this for SSL 3) */
 				 !(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) ||
 				 /* never request cert in Kerberos ciphersuites */
-				(s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5)
+				(s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5) ||
+				/* don't request certificate for SRP auth */
+				(s->s3->tmp.new_cipher->algorithm_auth & SSL_aSRP)
 				/* With normal PSK Certificates and
 				 * Certificate Requests are omitted */
 				|| (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK))
@@ -1905,7 +1907,7 @@ int ssl3_send_server_key_exchange(SSL *s)
 			n+=2+nr[i];
 			}
 
-		if (!(alg_a & SSL_aNULL)
+		if (!(alg_a & (SSL_aNULL|SSL_aSRP))
 			/* Among PSK ciphersuites only RSA uses a certificate */
 			&& !((alg_a & SSL_aPSK) && !(alg_k & SSL_kRSA)))
 			{
@@ -2325,6 +2327,10 @@ int ssl3_get_client_key_exchange(SSL *s)
 #ifndef OPENSSL_NO_RSA
 	if (alg_k & SSL_kRSA)
 		{
+		unsigned char rand_premaster_secret[SSL_MAX_MASTER_KEY_LENGTH];
+		int decrypt_len;
+		unsigned char decrypt_good, version_good;
+
 		/* FIX THIS UP EAY EAY EAY EAY */
 		if (s->s3->tmp.use_rsa_tmp)
 			{
@@ -2372,54 +2378,61 @@ int ssl3_get_client_key_exchange(SSL *s)
 				n=i;
 			}
 
-		i=RSA_private_decrypt((int)n,p,p,rsa,RSA_PKCS1_PADDING);
-
-		al = -1;
-		
-		if (i != SSL_MAX_MASTER_KEY_LENGTH)
-			{
-			al=SSL_AD_DECODE_ERROR;
-			/* SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT); */
-			}
+		/* We must not leak whether a decryption failure occurs because
+		 * of Bleichenbacher's attack on PKCS #1 v1.5 RSA padding (see
+		 * RFC 2246, section 7.4.7.1). The code follows that advice of
+		 * the TLS RFC and generates a random premaster secret for the
+		 * case that the decrypt fails. See
+		 * https://tools.ietf.org/html/rfc5246#section-7.4.7.1 */
 
-		if ((al == -1) && !((p[0] == (s->client_version>>8)) && (p[1] == (s->client_version & 0xff))))
-			{
-			/* The premaster secret must contain the same version number as the
-			 * ClientHello to detect version rollback attacks (strangely, the
-			 * protocol does not offer such protection for DH ciphersuites).
-			 * However, buggy clients exist that send the negotiated protocol
-			 * version instead if the server does not support the requested
-			 * protocol version.
-			 * If SSL_OP_TLS_ROLLBACK_BUG is set, tolerate such clients. */
-			if (!((s->options & SSL_OP_TLS_ROLLBACK_BUG) &&
-				(p[0] == (s->version>>8)) && (p[1] == (s->version & 0xff))))
-				{
-				al=SSL_AD_DECODE_ERROR;
-				/* SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_PROTOCOL_VERSION_NUMBER); */
-
-				/* The Klima-Pokorny-Rosa extension of Bleichenbacher's attack
-				 * (http://eprint.iacr.org/2003/052/) exploits the version
-				 * number check as a "bad version oracle" -- an alert would
-				 * reveal that the plaintext corresponding to some ciphertext
-				 * made up by the adversary is properly formatted except
-				 * that the version number is wrong.  To avoid such attacks,
-				 * we should treat this just like any other decryption error. */
-				}
+		/* should be RAND_bytes, but we cannot work around a failure. */
+		if (RAND_pseudo_bytes(rand_premaster_secret,
+				      sizeof(rand_premaster_secret)) <= 0)
+			goto err;
+		decrypt_len = RSA_private_decrypt((int)n,p,p,rsa,RSA_PKCS1_PADDING);
+		ERR_clear_error();
+
+		/* decrypt_len should be SSL_MAX_MASTER_KEY_LENGTH.
+		 * decrypt_good will be 0xff if so and zero otherwise. */
+		decrypt_good = constant_time_eq_int_8(decrypt_len, SSL_MAX_MASTER_KEY_LENGTH);
+
+		/* If the version in the decrypted pre-master secret is correct
+		 * then version_good will be 0xff, otherwise it'll be zero.
+		 * The Klima-Pokorny-Rosa extension of Bleichenbacher's attack
+		 * (http://eprint.iacr.org/2003/052/) exploits the version
+		 * number check as a "bad version oracle". Thus version checks
+		 * are done in constant time and are treated like any other
+		 * decryption error. */
+		version_good = constant_time_eq_8(p[0], (unsigned)(s->client_version>>8));
+		version_good &= constant_time_eq_8(p[1], (unsigned)(s->client_version&0xff));
+
+		/* The premaster secret must contain the same version number as
+		 * the ClientHello to detect version rollback attacks
+		 * (strangely, the protocol does not offer such protection for
+		 * DH ciphersuites). However, buggy clients exist that send the
+		 * negotiated protocol version instead if the server does not
+		 * support the requested protocol version. If
+		 * SSL_OP_TLS_ROLLBACK_BUG is set, tolerate such clients. */
+		if (s->options & SSL_OP_TLS_ROLLBACK_BUG)
+			{
+			unsigned char workaround_good;
+			workaround_good = constant_time_eq_8(p[0], (unsigned)(s->version>>8));
+			workaround_good &= constant_time_eq_8(p[1], (unsigned)(s->version&0xff));
+			version_good |= workaround_good;
+			}
+
+		/* Both decryption and version must be good for decrypt_good
+		 * to remain non-zero (0xff). */
+		decrypt_good &= version_good;
+
+		/* Now copy rand_premaster_secret over p using
+		 * decrypt_good_mask. */
+		for (i = 0; i < (int) sizeof(rand_premaster_secret); i++)
+			{
+			p[i] = constant_time_select_8(decrypt_good, p[i],
+						      rand_premaster_secret[i]);
 			}
 
-		if (al != -1)
-			{
-			/* Some decryption failure -- use random value instead as countermeasure
-			 * against Bleichenbacher's attack on PKCS #1 v1.5 RSA padding
-			 * (see RFC 2246, section 7.4.7.1). */
-			ERR_clear_error();
-			i = SSL_MAX_MASTER_KEY_LENGTH;
-			p[0] = s->client_version >> 8;
-			p[1] = s->client_version & 0xff;
-			if (RAND_pseudo_bytes(p+2, i-2) <= 0) /* should be RAND_bytes, but we cannot work around a failure */
-				goto err;
-			}
-	
 		s->session->master_key_length=
 			s->method->ssl3_enc->generate_master_secret(s,
 				s->session->master_key,
@@ -2837,7 +2850,7 @@ int ssl3_get_client_key_exchange(SSL *s)
 		/* ECDHE PSK ciphersuites from RFC 5489 */
 	    if ((alg_a & SSL_aPSK) && psk_len != 0)
 			{
-			pre_ms_len = 2+psk_len+2+i;
+			pre_ms_len = 2+i+2+psk_len;
 			pre_ms = OPENSSL_malloc(pre_ms_len);
 			if (pre_ms == NULL)
 				{
@@ -2847,11 +2860,11 @@ int ssl3_get_client_key_exchange(SSL *s)
 				}
 			memset(pre_ms, 0, pre_ms_len);
 			t = pre_ms;
-			s2n(psk_len, t);
-			memcpy(t, psk, psk_len);
-			t += psk_len;
 			s2n(i, t);
 			memcpy(t, p, i);
+			t += i;
+			s2n(psk_len, t);
+			memcpy(t, psk, psk_len);
 			s->session->master_key_length = s->method->ssl3_enc \
 				-> generate_master_secret(s,
 					s->session->master_key, pre_ms, pre_ms_len);
@@ -3009,7 +3022,7 @@ int ssl3_get_cert_verify(SSL *s)
 		SSL3_ST_SR_CERT_VRFY_A,
 		SSL3_ST_SR_CERT_VRFY_B,
 		-1,
-		516, /* Enough for 4096 bit RSA key with TLS v1.2 */
+		SSL3_RT_MAX_PLAIN_LENGTH,
 		&ok);
 
 	if (!ok) return((int)n);
diff --git a/app/openssl/ssl/srtp.h b/app/openssl/ssl/srtp.h
index c0cf33ef..24f23309 100644
--- a/app/openssl/ssl/srtp.h
+++ b/app/openssl/ssl/srtp.h
@@ -130,6 +130,8 @@ extern "C" {
 #define SRTP_NULL_SHA1_80      0x0005
 #define SRTP_NULL_SHA1_32      0x0006
 
+#ifndef OPENSSL_NO_SRTP
+
 int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles);
 int SSL_set_tlsext_use_srtp(SSL *ctx, const char *profiles);
 SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s);
@@ -137,6 +139,8 @@ SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s);
 STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *ssl);
 SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s);
 
+#endif
+
 #ifdef  __cplusplus
 }
 #endif
diff --git a/app/openssl/ssl/ssl.h b/app/openssl/ssl/ssl.h
index 7566f2df..7a1fce89 100644
--- a/app/openssl/ssl/ssl.h
+++ b/app/openssl/ssl/ssl.h
@@ -264,6 +264,7 @@ extern "C" {
 #define SSL_TXT_aGOST94	"aGOST94"
 #define SSL_TXT_aGOST01 "aGOST01"
 #define SSL_TXT_aGOST  "aGOST"
+#define SSL_TXT_aSRP            "aSRP"
 
 #define	SSL_TXT_DSS		"DSS"
 #define SSL_TXT_DH		"DH"
@@ -664,11 +665,15 @@ struct ssl_session_st
  */
 #define SSL_MODE_SEND_CLIENTHELLO_TIME 0x00000020L
 #define SSL_MODE_SEND_SERVERHELLO_TIME 0x00000040L
+/* Send TLS_FALLBACK_SCSV in the ClientHello.
+ * To be set by applications that reconnect with a downgraded protocol
+ * version; see draft-ietf-tls-downgrade-scsv-00 for details. */
+#define SSL_MODE_SEND_FALLBACK_SCSV 0x00000080L
 
 /* When set, clients may send application data before receipt of CCS
  * and Finished.  This mode enables full-handshakes to 'complete' in
  * one RTT. */
-#define SSL_MODE_HANDSHAKE_CUTTHROUGH 0x00000080L
+#define SSL_MODE_HANDSHAKE_CUTTHROUGH 0x00000200L
 
 /* When set, TLS 1.0 and SSLv3, multi-byte, CBC records will be split in two:
  * the first record will contain a single byte and the second will contain the
@@ -1615,6 +1620,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 #define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE
 #define SSL_AD_BAD_CERTIFICATE_HASH_VALUE TLS1_AD_BAD_CERTIFICATE_HASH_VALUE
 #define SSL_AD_UNKNOWN_PSK_IDENTITY     TLS1_AD_UNKNOWN_PSK_IDENTITY /* fatal */
+#define SSL_AD_INAPPROPRIATE_FALLBACK	TLS1_AD_INAPPROPRIATE_FALLBACK /* fatal */
 
 #define SSL_ERROR_NONE			0
 #define SSL_ERROR_SSL			1
@@ -1729,6 +1735,8 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 #define SSL_CTRL_GET_EXTRA_CHAIN_CERTS		82
 #define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS	83
 
+#define SSL_CTRL_CHECK_PROTO_VERSION		119
+
 #define DTLSv1_get_timeout(ssl, arg) \
 	SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg)
 #define DTLSv1_handle_timeout(ssl) \
@@ -2191,6 +2199,10 @@ int SSL_set_session_secret_cb(SSL *s, tls_session_secret_cb_fn tls_session_secre
 void SSL_set_debug(SSL *s, int debug);
 int SSL_cache_hit(SSL *s);
 
+#ifndef OPENSSL_NO_UNIT_TEST
+const struct openssl_ssl_test_functions *SSL_test_functions(void);
+#endif
+
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
  * made after this point may be overwritten when the script is next run.
@@ -2459,6 +2471,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_BAD_SRP_B_LENGTH				 348
 #define SSL_R_BAD_SRP_G_LENGTH				 349
 #define SSL_R_BAD_SRP_N_LENGTH				 350
+#define SSL_R_BAD_SRP_PARAMETERS			 371
 #define SSL_R_BAD_SRP_S_LENGTH				 351
 #define SSL_R_BAD_SRTP_MKI_VALUE			 352
 #define SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST		 353
@@ -2519,6 +2532,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_HTTPS_PROXY_REQUEST			 155
 #define SSL_R_HTTP_REQUEST				 156
 #define SSL_R_ILLEGAL_PADDING				 283
+#define SSL_R_INAPPROPRIATE_FALLBACK			 373
 #define SSL_R_INCONSISTENT_COMPRESSION			 340
 #define SSL_R_INVALID_CHALLENGE_LENGTH			 158
 #define SSL_R_INVALID_COMMAND				 280
@@ -2668,6 +2682,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED		 1021
 #define SSL_R_TLSV1_ALERT_DECRYPT_ERROR			 1051
 #define SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION		 1060
+#define SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK	 1086
 #define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY		 1071
 #define SSL_R_TLSV1_ALERT_INTERNAL_ERROR		 1080
 #define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION		 1100
diff --git a/app/openssl/ssl/ssl3.h b/app/openssl/ssl/ssl3.h
index 83d59bff..cba94345 100644
--- a/app/openssl/ssl/ssl3.h
+++ b/app/openssl/ssl/ssl3.h
@@ -128,9 +128,14 @@
 extern "C" {
 #endif
 
-/* Signalling cipher suite value: from draft-ietf-tls-renegotiation-03.txt */
+/* Signalling cipher suite value from RFC 5746
+ * (TLS_EMPTY_RENEGOTIATION_INFO_SCSV) */
 #define SSL3_CK_SCSV				0x030000FF
 
+/* Signalling cipher suite value from draft-ietf-tls-downgrade-scsv-00
+ * (TLS_FALLBACK_SCSV) */
+#define SSL3_CK_FALLBACK_SCSV			0x03005600
+
 #define SSL3_CK_RSA_NULL_MD5			0x03000001
 #define SSL3_CK_RSA_NULL_SHA			0x03000002
 #define SSL3_CK_RSA_RC4_40_MD5 			0x03000003
diff --git a/app/openssl/ssl/ssl_ciph.c b/app/openssl/ssl/ssl_ciph.c
index e8794d4b..cd9f1082 100644
--- a/app/openssl/ssl/ssl_ciph.c
+++ b/app/openssl/ssl/ssl_ciph.c
@@ -270,6 +270,7 @@ static const SSL_CIPHER cipher_aliases[]={
 	{0,SSL_TXT_aGOST94,0,0,SSL_aGOST94,0,0,0,0,0,0,0},
 	{0,SSL_TXT_aGOST01,0,0,SSL_aGOST01,0,0,0,0,0,0,0},
 	{0,SSL_TXT_aGOST,0,0,SSL_aGOST94|SSL_aGOST01,0,0,0,0,0,0,0},
+	{0,SSL_TXT_aSRP,0,    0,SSL_aSRP,  0,0,0,0,0,0,0},
 
 	/* aliases combining key exchange and server authentication */
 	{0,SSL_TXT_EDH,0,     SSL_kEDH,~SSL_aNULL,0,0,0,0,0,0,0},
@@ -562,7 +563,7 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
 		break;
 		}
 
-	if ((i < 0) || (i > SSL_ENC_NUM_IDX))
+	if ((i < 0) || (i >= SSL_ENC_NUM_IDX))
 		*enc=NULL;
 	else
 		{
@@ -596,7 +597,7 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
 		i= -1;
 		break;
 		}
-	if ((i < 0) || (i > SSL_MD_NUM_IDX))
+	if ((i < 0) || (i >= SSL_MD_NUM_IDX))
 	{
 		*md=NULL; 
 		if (mac_pkey_type!=NULL) *mac_pkey_type = NID_undef;
@@ -925,7 +926,7 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id,
 		int rule, int strength_bits,
 		CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
 	{
-	CIPHER_ORDER *head, *tail, *curr, *curr2, *last;
+	CIPHER_ORDER *head, *tail, *curr, *next, *last;
 	const SSL_CIPHER *cp;
 	int reverse = 0;
 
@@ -942,21 +943,25 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id,
 
 	if (reverse)
 		{
-		curr = tail;
+		next = tail;
 		last = head;
 		}
 	else
 		{
-		curr = head;
+		next = head;
 		last = tail;
 		}
 
-	curr2 = curr;
+	curr = NULL;
 	for (;;)
 		{
-		if ((curr == NULL) || (curr == last)) break;
-		curr = curr2;
-		curr2 = reverse ? curr->prev : curr->next;
+		if (curr == last) break;
+
+		curr = next;
+
+		if (curr == NULL) break;
+
+		next = reverse ? curr->prev : curr->next;
 
 		cp = curr->cipher;
 
@@ -1598,6 +1603,9 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
 	case SSL_kSRP:
 		kx="SRP";
 		break;
+	case SSL_kGOST:
+		kx="GOST";
+		break;
 	default:
 		kx="unknown";
 		}
@@ -1628,6 +1636,15 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
 	case SSL_aPSK:
 		au="PSK";
 		break;
+	case SSL_aSRP:
+		au="SRP";
+		break;
+	case SSL_aGOST94:
+		au="GOST94";
+		break;
+	case SSL_aGOST01:
+		au="GOST01";
+		break;
 	default:
 		au="unknown";
 		break;
@@ -1675,6 +1692,9 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
 	case SSL_SEED:
 		enc="SEED(128)";
 		break;
+	case SSL_eGOST2814789CNT:
+		enc="GOST89(256)";
+		break;
 	default:
 		enc="unknown";
 		break;
@@ -1697,6 +1717,12 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
 	case SSL_AEAD:
 		mac="AEAD";
 		break;
+	case SSL_GOST89MAC:
+		mac="GOST89";
+		break;
+	case SSL_GOST94:
+		mac="GOST94";
+		break;
 	default:
 		mac="unknown";
 		break;
diff --git a/app/openssl/ssl/ssl_err.c b/app/openssl/ssl/ssl_err.c
index ac0aad9b..0e92ccb0 100644
--- a/app/openssl/ssl/ssl_err.c
+++ b/app/openssl/ssl/ssl_err.c
@@ -331,6 +331,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {ERR_REASON(SSL_R_BAD_SRP_B_LENGTH)      ,"bad srp b length"},
 {ERR_REASON(SSL_R_BAD_SRP_G_LENGTH)      ,"bad srp g length"},
 {ERR_REASON(SSL_R_BAD_SRP_N_LENGTH)      ,"bad srp n length"},
+{ERR_REASON(SSL_R_BAD_SRP_PARAMETERS)    ,"bad srp parameters"},
 {ERR_REASON(SSL_R_BAD_SRP_S_LENGTH)      ,"bad srp s length"},
 {ERR_REASON(SSL_R_BAD_SRTP_MKI_VALUE)    ,"bad srtp mki value"},
 {ERR_REASON(SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST),"bad srtp protection profile list"},
@@ -391,6 +392,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {ERR_REASON(SSL_R_HTTPS_PROXY_REQUEST)   ,"https proxy request"},
 {ERR_REASON(SSL_R_HTTP_REQUEST)          ,"http request"},
 {ERR_REASON(SSL_R_ILLEGAL_PADDING)       ,"illegal padding"},
+{ERR_REASON(SSL_R_INAPPROPRIATE_FALLBACK),"inappropriate fallback"},
 {ERR_REASON(SSL_R_INCONSISTENT_COMPRESSION),"inconsistent compression"},
 {ERR_REASON(SSL_R_INVALID_CHALLENGE_LENGTH),"invalid challenge length"},
 {ERR_REASON(SSL_R_INVALID_COMMAND)       ,"invalid command"},
@@ -540,6 +542,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPTION_FAILED),"tlsv1 alert decryption failed"},
 {ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPT_ERROR),"tlsv1 alert decrypt error"},
 {ERR_REASON(SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION),"tlsv1 alert export restriction"},
+{ERR_REASON(SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK),"tlsv1 alert inappropriate fallback"},
 {ERR_REASON(SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY),"tlsv1 alert insufficient security"},
 {ERR_REASON(SSL_R_TLSV1_ALERT_INTERNAL_ERROR),"tlsv1 alert internal error"},
 {ERR_REASON(SSL_R_TLSV1_ALERT_NO_RENEGOTIATION),"tlsv1 alert no renegotiation"},
diff --git a/app/openssl/ssl/ssl_lib.c b/app/openssl/ssl/ssl_lib.c
index 3de68a78..eb1ae782 100644
--- a/app/openssl/ssl/ssl_lib.c
+++ b/app/openssl/ssl/ssl_lib.c
@@ -1441,6 +1441,8 @@ int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p,
 
 	if (sk == NULL) return(0);
 	q=p;
+	if (put_cb == NULL)
+		put_cb = s->method->put_cipher_by_char;
 
 	for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
 		{
@@ -1460,24 +1462,41 @@ int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p,
 		    s->psk_client_callback == NULL)
 			continue;
 #endif /* OPENSSL_NO_PSK */
-		j = put_cb ? put_cb(c,p) : ssl_put_cipher_by_char(s,c,p);
+#ifndef OPENSSL_NO_SRP
+		if (((c->algorithm_mkey & SSL_kSRP) || (c->algorithm_auth & SSL_aSRP)) &&
+		    !(s->srp_ctx.srp_Mask & SSL_kSRP))
+		    continue;
+#endif /* OPENSSL_NO_SRP */
+		j = put_cb(c,p);
 		p+=j;
 		}
-	/* If p == q, no ciphers and caller indicates an error. Otherwise
-	 * add SCSV if not renegotiating.
-	 */
-	if (p != q && !s->renegotiate)
+	/* If p == q, no ciphers; caller indicates an error.
+	 * Otherwise, add applicable SCSVs. */
+	if (p != q)
 		{
-		static SSL_CIPHER scsv =
+		if (!s->renegotiate)
 			{
-			0, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0
-			};
-		j = put_cb ? put_cb(&scsv,p) : ssl_put_cipher_by_char(s,&scsv,p);
-		p+=j;
+			static SSL_CIPHER scsv =
+				{
+				0, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0
+				};
+			j = put_cb(&scsv,p);
+			p+=j;
 #ifdef OPENSSL_RI_DEBUG
-		fprintf(stderr, "SCSV sent by client\n");
+			fprintf(stderr, "TLS_EMPTY_RENEGOTIATION_INFO_SCSV sent by client\n");
 #endif
-		}
+			}
+
+		if (s->mode & SSL_MODE_SEND_FALLBACK_SCSV)
+			{
+			static SSL_CIPHER scsv =
+				{
+				0, NULL, SSL3_CK_FALLBACK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0
+				};
+			j = put_cb(&scsv,p);
+			p+=j;
+			}
+ 		}
 
 	return(p-q);
 	}
@@ -1488,11 +1507,12 @@ STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num,
 	const SSL_CIPHER *c;
 	STACK_OF(SSL_CIPHER) *sk;
 	int i,n;
+
 	if (s->s3)
 		s->s3->send_connection_binding = 0;
 
 	n=ssl_put_cipher_by_char(s,NULL,NULL);
-	if ((num%n) != 0)
+	if (n == 0 || (num%n) != 0)
 		{
 		SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
 		return(NULL);
@@ -1507,7 +1527,7 @@ STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num,
 
 	for (i=0; i<num; i+=n)
 		{
-		/* Check for SCSV */
+		/* Check for TLS_EMPTY_RENEGOTIATION_INFO_SCSV */
 		if (s->s3 && (n != 3 || !p[0]) &&
 			(p[n-2] == ((SSL3_CK_SCSV >> 8) & 0xff)) &&
 			(p[n-1] == (SSL3_CK_SCSV & 0xff)))
@@ -1527,6 +1547,23 @@ STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num,
 			continue;
 			}
 
+		/* Check for TLS_FALLBACK_SCSV */
+		if ((n != 3 || !p[0]) &&
+			(p[n-2] == ((SSL3_CK_FALLBACK_SCSV >> 8) & 0xff)) &&
+			(p[n-1] == (SSL3_CK_FALLBACK_SCSV & 0xff)))
+			{
+			/* The SCSV indicates that the client previously tried a higher version.
+			 * Fail if the current version is an unexpected downgrade. */
+			if (!SSL_ctrl(s, SSL_CTRL_CHECK_PROTO_VERSION, 0, NULL))
+				{
+				SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,SSL_R_INAPPROPRIATE_FALLBACK);
+				if (s->s3)
+					ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_INAPPROPRIATE_FALLBACK);
+				goto err;
+				}
+			continue;
+			}
+
 		c=ssl_get_cipher_by_char(s,p);
 		p+=n;
 		if (c != NULL)
diff --git a/app/openssl/ssl/ssl_locl.h b/app/openssl/ssl/ssl_locl.h
index 6b7731a4..ca399078 100644
--- a/app/openssl/ssl/ssl_locl.h
+++ b/app/openssl/ssl/ssl_locl.h
@@ -311,6 +311,7 @@
 #define SSL_aPSK                0x00000080L /* PSK auth */
 #define SSL_aGOST94				0x00000100L /* GOST R 34.10-94 signature auth */
 #define SSL_aGOST01 			0x00000200L /* GOST R 34.10-2001 signature auth */
+#define SSL_aSRP 		0x00000400L /* SRP auth */
 
 
 /* Bits for algorithm_enc (symmetric encryption) */
@@ -809,6 +810,16 @@ const SSL_METHOD *func_name(void)  \
 	return &func_name##_data; \
 	}
 
+struct openssl_ssl_test_functions
+	{
+	int (*p_ssl_init_wbio_buffer)(SSL *s, int push);
+	int (*p_ssl3_setup_buffers)(SSL *s);
+	int (*p_tls1_process_heartbeat)(SSL *s);
+	int (*p_dtls1_process_heartbeat)(SSL *s);
+	};
+
+#ifndef OPENSSL_UNIT_TEST
+
 void ssl_clear_cipher_ctx(SSL *s);
 int ssl_clear_bad_session(SSL *s);
 CERT *ssl_cert_new(void);
@@ -1096,8 +1107,8 @@ int tls1_ec_nid2curve_id(int nid);
 #endif /* OPENSSL_NO_EC */
 
 #ifndef OPENSSL_NO_TLSEXT
-unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit); 
-unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit); 
+unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned char *limit); 
+unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, unsigned char *limit); 
 int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **data, unsigned char *d, int n, int *al);
 int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **data, unsigned char *d, int n, int *al);
 int ssl_prepare_clienthello_tlsext(SSL *s);
@@ -1179,4 +1190,14 @@ void tls_fips_digest_extra(
 	const EVP_CIPHER_CTX *cipher_ctx, EVP_MD_CTX *mac_ctx,
 	const unsigned char *data, size_t data_len, size_t orig_len);
 
+int srp_verify_server_param(SSL *s, int *al);
+
+#else
+
+#define ssl_init_wbio_buffer SSL_test_functions()->p_ssl_init_wbio_buffer
+#define ssl3_setup_buffers SSL_test_functions()->p_ssl3_setup_buffers
+#define tls1_process_heartbeat SSL_test_functions()->p_tls1_process_heartbeat
+#define dtls1_process_heartbeat SSL_test_functions()->p_dtls1_process_heartbeat
+
+#endif
 #endif
diff --git a/app/openssl/ssl/ssl_stat.c b/app/openssl/ssl/ssl_stat.c
index 144b81e5..c5a15ce5 100644
--- a/app/openssl/ssl/ssl_stat.c
+++ b/app/openssl/ssl/ssl_stat.c
@@ -212,7 +212,6 @@ case SSL3_ST_SR_CERT_VRFY_A:	str="SSLv3 read certificate verify A"; break;
 case SSL3_ST_SR_CERT_VRFY_B:	str="SSLv3 read certificate verify B"; break;
 #endif
 
-#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
 /* SSLv2/v3 compatibility states */
 /* client */
 case SSL23_ST_CW_CLNT_HELLO_A:	str="SSLv2/v3 write client hello A"; break;
@@ -222,7 +221,6 @@ case SSL23_ST_CR_SRVR_HELLO_B:	str="SSLv2/v3 read server hello B"; break;
 /* server */
 case SSL23_ST_SR_CLNT_HELLO_A:	str="SSLv2/v3 read client hello A"; break;
 case SSL23_ST_SR_CLNT_HELLO_B:	str="SSLv2/v3 read client hello B"; break;
-#endif
 
 /* DTLS */
 case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A: str="DTLS1 read hello verify request A"; break;
@@ -366,7 +364,6 @@ case SSL3_ST_SR_CERT_VRFY_A:			str="3RCV_A"; break;
 case SSL3_ST_SR_CERT_VRFY_B:			str="3RCV_B"; break;
 #endif
 
-#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
 /* SSLv2/v3 compatibility states */
 /* client */
 case SSL23_ST_CW_CLNT_HELLO_A:			str="23WCHA"; break;
@@ -376,7 +373,7 @@ case SSL23_ST_CR_SRVR_HELLO_B:			str="23RSHA"; break;
 /* server */
 case SSL23_ST_SR_CLNT_HELLO_A:			str="23RCHA"; break;
 case SSL23_ST_SR_CLNT_HELLO_B:			str="23RCHB"; break;
-#endif
+
 /* DTLS */
 case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A: str="DRCHVA"; break;
 case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B: str="DRCHVB"; break;
diff --git a/app/openssl/ssl/t1_enc.c b/app/openssl/ssl/t1_enc.c
index 22dd3cab..455992ad 100644
--- a/app/openssl/ssl/t1_enc.c
+++ b/app/openssl/ssl/t1_enc.c
@@ -1153,7 +1153,7 @@ int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen,
 	int rv;
 
 #ifdef KSSL_DEBUG
-	printf ("tls1_export_keying_material(%p,%p,%d,%s,%d,%p,%d)\n", s, out, olen, label, llen, p, plen);
+	printf ("tls1_export_keying_material(%p,%p,%d,%s,%d,%p,%d)\n", s, out, olen, label, llen, context, contextlen);
 #endif	/* KSSL_DEBUG */
 
 	buff = OPENSSL_malloc(olen);
@@ -1266,6 +1266,7 @@ int tls1_alert_code(int code)
 	case SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE: return(TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE);
 	case SSL_AD_BAD_CERTIFICATE_HASH_VALUE: return(TLS1_AD_BAD_CERTIFICATE_HASH_VALUE);
 	case SSL_AD_UNKNOWN_PSK_IDENTITY:return(TLS1_AD_UNKNOWN_PSK_IDENTITY);
+	case SSL_AD_INAPPROPRIATE_FALLBACK:return(TLS1_AD_INAPPROPRIATE_FALLBACK);
 #if 0 /* not appropriate for TLS, not used for DTLS */
 	case DTLS1_AD_MISSING_HANDSHAKE_MESSAGE: return 
 					  (DTLS1_AD_MISSING_HANDSHAKE_MESSAGE);
diff --git a/app/openssl/ssl/t1_lib.c b/app/openssl/ssl/t1_lib.c
index 122a25f5..d0b893b5 100644
--- a/app/openssl/ssl/t1_lib.c
+++ b/app/openssl/ssl/t1_lib.c
@@ -352,15 +352,16 @@ int tls12_get_req_sig_algs(SSL *s, unsigned char *p)
 	return (int)slen;
 	}
 
-unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit)
+unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned char *limit)
 	{
 	int extdatalen=0;
-	unsigned char *ret = p;
+	unsigned char *orig = buf;
+	unsigned char *ret = buf;
 
 	/* don't add extensions for SSLv3 unless doing secure renegotiation */
 	if (s->client_version == SSL3_VERSION
 					&& !s->s3->send_connection_binding)
-		return p;
+		return orig;
 
 	ret+=2;
 
@@ -409,7 +410,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
               return NULL;
               }
 
-          if((limit - p - 4 - el) < 0) return NULL;
+          if((limit - ret - 4 - el) < 0) return NULL;
           
           s2n(TLSEXT_TYPE_renegotiate,ret);
           s2n(el,ret);
@@ -452,8 +453,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
 #endif
 
 #ifndef OPENSSL_NO_EC
-	if (s->tlsext_ecpointformatlist != NULL &&
-	    s->version != DTLS1_VERSION)
+	if (s->tlsext_ecpointformatlist != NULL)
 		{
 		/* Add TLS extension ECPointFormats to the ClientHello message */
 		long lenmax; 
@@ -472,8 +472,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
 		memcpy(ret, s->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist_length);
 		ret+=s->tlsext_ecpointformatlist_length;
 		}
-	if (s->tlsext_ellipticcurvelist != NULL &&
-	    s->version != DTLS1_VERSION)
+	if (s->tlsext_ellipticcurvelist != NULL)
 		{
 		/* Add TLS extension EllipticCurves to the ClientHello message */
 		long lenmax; 
@@ -669,13 +668,13 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
 		}
 
 #ifndef OPENSSL_NO_SRTP
-        if(SSL_get_srtp_profiles(s))
+	if(SSL_IS_DTLS(s) && SSL_get_srtp_profiles(s))
                 {
                 int el;
 
                 ssl_add_clienthello_use_srtp_ext(s, 0, &el, 0);
                 
-                if((limit - p - 4 - el) < 0) return NULL;
+                if((limit - ret - 4 - el) < 0) return NULL;
 
                 s2n(TLSEXT_TYPE_use_srtp,ret);
                 s2n(el,ret);
@@ -718,24 +717,25 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
 			}
 		}
 
-	if ((extdatalen = ret-p-2)== 0) 
-		return p;
+	if ((extdatalen = ret-orig-2)== 0) 
+		return orig;
 
-	s2n(extdatalen,p);
+	s2n(extdatalen, orig);
 	return ret;
 	}
 
-unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit)
+unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, unsigned char *limit)
 	{
 	int extdatalen=0;
-	unsigned char *ret = p;
+	unsigned char *orig = buf;
+	unsigned char *ret = buf;
 #ifndef OPENSSL_NO_NEXTPROTONEG
 	int next_proto_neg_seen;
 #endif
 
 	/* don't add extensions for SSLv3, unless doing secure renegotiation */
 	if (s->version == SSL3_VERSION && !s->s3->send_connection_binding)
-		return p;
+		return orig;
 	
 	ret+=2;
 	if (ret>=limit) return NULL; /* this really never occurs, but ... */
@@ -758,7 +758,7 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned cha
               return NULL;
               }
 
-          if((limit - p - 4 - el) < 0) return NULL;
+          if((limit - ret - 4 - el) < 0) return NULL;
           
           s2n(TLSEXT_TYPE_renegotiate,ret);
           s2n(el,ret);
@@ -773,8 +773,7 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned cha
         }
 
 #ifndef OPENSSL_NO_EC
-	if (s->tlsext_ecpointformatlist != NULL &&
-	    s->version != DTLS1_VERSION)
+	if (s->tlsext_ecpointformatlist != NULL)
 		{
 		/* Add TLS extension ECPointFormats to the ServerHello message */
 		long lenmax; 
@@ -832,13 +831,13 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned cha
 #endif
 
 #ifndef OPENSSL_NO_SRTP
-        if(s->srtp_profile)
+	if(SSL_IS_DTLS(s) && s->srtp_profile)
                 {
                 int el;
 
                 ssl_add_serverhello_use_srtp_ext(s, 0, &el, 0);
                 
-                if((limit - p - 4 - el) < 0) return NULL;
+                if((limit - ret - 4 - el) < 0) return NULL;
 
                 s2n(TLSEXT_TYPE_use_srtp,ret);
                 s2n(el,ret);
@@ -937,10 +936,10 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned cha
 		ret += len;
 		}
 
-	if ((extdatalen = ret-p-2)== 0) 
-		return p;
+	if ((extdatalen = ret-orig-2)== 0) 
+		return orig;
 
-	s2n(extdatalen,p);
+	s2n(extdatalen, orig);
 	return ret;
 	}
 
@@ -1288,8 +1287,7 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
 #endif
 
 #ifndef OPENSSL_NO_EC
-		else if (type == TLSEXT_TYPE_ec_point_formats &&
-	             s->version != DTLS1_VERSION)
+		else if (type == TLSEXT_TYPE_ec_point_formats)
 			{
 			unsigned char *sdata = data;
 			int ecpointformatlist_length = *(sdata++);
@@ -1323,8 +1321,7 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
 			fprintf(stderr,"\n");
 #endif
 			}
-		else if (type == TLSEXT_TYPE_elliptic_curves &&
-	             s->version != DTLS1_VERSION)
+		else if (type == TLSEXT_TYPE_elliptic_curves)
 			{
 			unsigned char *sdata = data;
 			int ellipticcurvelist_length = (*(sdata++) << 8);
@@ -1600,7 +1597,8 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
 
 		/* session ticket processed earlier */
 #ifndef OPENSSL_NO_SRTP
-		else if (type == TLSEXT_TYPE_use_srtp)
+		else if (SSL_IS_DTLS(s) && SSL_get_srtp_profiles(s)
+			 && type == TLSEXT_TYPE_use_srtp)
 			{
 			if(ssl_parse_clienthello_use_srtp_ext(s, data, size,
 							      al))
@@ -1706,8 +1704,7 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
 			}
 
 #ifndef OPENSSL_NO_EC
-		else if (type == TLSEXT_TYPE_ec_point_formats &&
-	             s->version != DTLS1_VERSION)
+		else if (type == TLSEXT_TYPE_ec_point_formats)
 			{
 			unsigned char *sdata = data;
 			int ecpointformatlist_length = *(sdata++);
@@ -1718,15 +1715,18 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
 				*al = TLS1_AD_DECODE_ERROR;
 				return 0;
 				}
-			s->session->tlsext_ecpointformatlist_length = 0;
-			if (s->session->tlsext_ecpointformatlist != NULL) OPENSSL_free(s->session->tlsext_ecpointformatlist);
-			if ((s->session->tlsext_ecpointformatlist = OPENSSL_malloc(ecpointformatlist_length)) == NULL)
+			if (!s->hit)
 				{
-				*al = TLS1_AD_INTERNAL_ERROR;
-				return 0;
+				s->session->tlsext_ecpointformatlist_length = 0;
+				if (s->session->tlsext_ecpointformatlist != NULL) OPENSSL_free(s->session->tlsext_ecpointformatlist);
+				if ((s->session->tlsext_ecpointformatlist = OPENSSL_malloc(ecpointformatlist_length)) == NULL)
+					{
+					*al = TLS1_AD_INTERNAL_ERROR;
+					return 0;
+					}
+				s->session->tlsext_ecpointformatlist_length = ecpointformatlist_length;
+				memcpy(s->session->tlsext_ecpointformatlist, sdata, ecpointformatlist_length);
 				}
-			s->session->tlsext_ecpointformatlist_length = ecpointformatlist_length;
-			memcpy(s->session->tlsext_ecpointformatlist, sdata, ecpointformatlist_length);
 #if 0
 			fprintf(stderr,"ssl_parse_serverhello_tlsext s->session->tlsext_ecpointformatlist ");
 			sdata = s->session->tlsext_ecpointformatlist;
@@ -1912,7 +1912,7 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
 			}
 #endif
 #ifndef OPENSSL_NO_SRTP
-		else if (type == TLSEXT_TYPE_use_srtp)
+		else if (SSL_IS_DTLS(s) && type == TLSEXT_TYPE_use_srtp)
 			{
                         if(ssl_parse_serverhello_use_srtp_ext(s, data, size,
 							      al))
@@ -2561,7 +2561,10 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, int eticklen,
 	HMAC_Final(&hctx, tick_hmac, NULL);
 	HMAC_CTX_cleanup(&hctx);
 	if (CRYPTO_memcmp(tick_hmac, etick + eticklen, mlen))
+		{
+		EVP_CIPHER_CTX_cleanup(&ctx);
 		return 2;
+		}
 	/* Attempt to decrypt session data */
 	/* Move p after IV to start of encrypted ticket, update length */
 	p = etick + 16 + EVP_CIPHER_CTX_iv_length(&ctx);
@@ -2574,7 +2577,11 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, int eticklen,
 		}
 	EVP_DecryptUpdate(&ctx, sdec, &slen, p, eticklen);
 	if (EVP_DecryptFinal(&ctx, sdec + slen, &mlen) <= 0)
+		{
+		EVP_CIPHER_CTX_cleanup(&ctx);
+		OPENSSL_free(sdec);
 		return 2;
+		}
 	slen += mlen;
 	EVP_CIPHER_CTX_cleanup(&ctx);
 	p = sdec;
diff --git a/app/openssl/ssl/tls1.h b/app/openssl/ssl/tls1.h
index b9a0899e..dc36f79f 100644
--- a/app/openssl/ssl/tls1.h
+++ b/app/openssl/ssl/tls1.h
@@ -159,17 +159,19 @@ extern "C" {
 
 #define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES	0
 
+#define TLS1_VERSION			0x0301
+#define TLS1_1_VERSION			0x0302
 #define TLS1_2_VERSION			0x0303
-#define TLS1_2_VERSION_MAJOR		0x03
-#define TLS1_2_VERSION_MINOR		0x03
+#define TLS_MAX_VERSION			TLS1_2_VERSION
+
+#define TLS1_VERSION_MAJOR		0x03
+#define TLS1_VERSION_MINOR		0x01
 
-#define TLS1_1_VERSION			0x0302
 #define TLS1_1_VERSION_MAJOR		0x03
 #define TLS1_1_VERSION_MINOR		0x02
 
-#define TLS1_VERSION			0x0301
-#define TLS1_VERSION_MAJOR		0x03
-#define TLS1_VERSION_MINOR		0x01
+#define TLS1_2_VERSION_MAJOR		0x03
+#define TLS1_2_VERSION_MINOR		0x03
 
 #define TLS1_get_version(s) \
 		((s->version >> 8) == TLS1_VERSION_MAJOR ? s->version : 0)
@@ -187,6 +189,7 @@ extern "C" {
 #define TLS1_AD_PROTOCOL_VERSION	70	/* fatal */
 #define TLS1_AD_INSUFFICIENT_SECURITY	71	/* fatal */
 #define TLS1_AD_INTERNAL_ERROR		80	/* fatal */
+#define TLS1_AD_INAPPROPRIATE_FALLBACK	86	/* fatal */
 #define TLS1_AD_USER_CANCELLED		90
 #define TLS1_AD_NO_RENEGOTIATION	100
 /* codes 110-114 are from RFC3546 */
diff --git a/app/openssl/ssl/tls_srp.c b/app/openssl/ssl/tls_srp.c
index 2315a7c0..e7368a8f 100644
--- a/app/openssl/ssl/tls_srp.c
+++ b/app/openssl/ssl/tls_srp.c
@@ -408,16 +408,46 @@ err:
 	return ret;
 	}
 
-int SRP_Calc_A_param(SSL *s)
+int srp_verify_server_param(SSL *s, int *al)
 	{
-	unsigned char rnd[SSL_MAX_MASTER_KEY_LENGTH];
+	SRP_CTX *srp = &s->srp_ctx;
+	/* Sanity check parameters: we can quickly check B % N == 0
+	 * by checking B != 0 since B < N
+	 */
+	if (BN_ucmp(srp->g, srp->N) >=0 || BN_ucmp(srp->B, srp->N) >= 0
+		|| BN_is_zero(srp->B))
+		{
+		*al = SSL3_AD_ILLEGAL_PARAMETER;
+		return 0;
+		}
 
-	if (BN_num_bits(s->srp_ctx.N) < s->srp_ctx.strength)
-		return -1;
+	if (BN_num_bits(srp->N) < srp->strength)
+		{
+		*al = TLS1_AD_INSUFFICIENT_SECURITY;
+		return 0;
+		}
 
-	if (s->srp_ctx.SRP_verify_param_callback ==NULL && 
-		!SRP_check_known_gN_param(s->srp_ctx.g,s->srp_ctx.N))
-		return -1 ;
+	if (srp->SRP_verify_param_callback)
+		{
+		if (srp->SRP_verify_param_callback(s, srp->SRP_cb_arg) <= 0)
+			{
+			*al = TLS1_AD_INSUFFICIENT_SECURITY;
+			return 0;
+			}
+		}
+	else if(!SRP_check_known_gN_param(srp->g, srp->N))
+		{
+		*al = TLS1_AD_INSUFFICIENT_SECURITY;
+		return 0;
+		}
+
+	return 1;
+	}
+	
+
+int SRP_Calc_A_param(SSL *s)
+	{
+	unsigned char rnd[SSL_MAX_MASTER_KEY_LENGTH];
 
 	RAND_bytes(rnd, sizeof(rnd));
 	s->srp_ctx.a = BN_bin2bn(rnd, sizeof(rnd), s->srp_ctx.a);
@@ -426,10 +456,6 @@ int SRP_Calc_A_param(SSL *s)
 	if (!(s->srp_ctx.A = SRP_Calc_A(s->srp_ctx.a,s->srp_ctx.N,s->srp_ctx.g)))
 		return -1;
 
-	/* We can have a callback to verify SRP param!! */
-	if (s->srp_ctx.SRP_verify_param_callback !=NULL) 
-		return s->srp_ctx.SRP_verify_param_callback(s,s->srp_ctx.SRP_cb_arg);
-
 	return 1;
 	}
 
diff --git a/app/openvpn/.gitignore b/app/openvpn/.gitignore
deleted file mode 100644
index 538c0208..00000000
--- a/app/openvpn/.gitignore
+++ /dev/null
@@ -1,59 +0,0 @@
-*.[oa]
-*.l[oa]
-*.dll
-*.exe
-*.exe.*
-*.obj
-*.pyc
-*.so
-*~
-*.idb
-*.suo
-*.ncb
-*.vcproj.*
-*.vcxproj.user
-*.sln.cache
-*.log
-Release
-Debug
-Win32-Output
-.deps
-.libs
-Makefile
-Makefile.in
-aclocal.m4
-autodefs.h
-autom4te.cache
-config.guess
-config.h
-config.h.in
-config.log
-config.status
-config.sub
-configure
-configure.h
-depcomp
-stamp-h1
-install-sh
-missing
-ltmain.sh
-libtool
-m4/libtool.m4
-m4/ltoptions.m4
-m4/ltsugar.m4
-m4/ltversion.m4
-m4/lt~obsolete.m4
-
-version.sh
-msvc-env-local.bat
-config-msvc-local.h
-config-msvc-version.h
-doc/openvpn.8.html
-distro/rpm/openvpn.spec
-tests/t_client.sh
-tests/t_client-*-20??????-??????/
-src/openvpn/openvpn
-config-version.h
-nbproject
-test-driver
-compile
diff --git a/app/openvpn/config-version.h b/app/openvpn/config-version.h
index 762b9dc6..1fca2b7a 100644
--- a/app/openvpn/config-version.h
+++ b/app/openvpn/config-version.h
@@ -1,2 +1,2 @@
-#define CONFIGURE_GIT_REVISION "icsopenvpn_618-e63b88d330782d14"
+#define CONFIGURE_GIT_REVISION "icsopenvpn_621-b603913ee5d54ab8"
 #define CONFIGURE_GIT_FLAGS ""
diff --git a/app/openvpn/config.h b/app/openvpn/config.h
index b825e2bd..6b699028 100644
--- a/app/openvpn/config.h
+++ b/app/openvpn/config.h
@@ -631,3 +631,5 @@
 #define IPPROTO_IP IPPROTO_IP
 #define IPPROTO_TCP IPPROTO_TCP
 
+
+#define HAVE_AEAD_CIPHER_MODES 1
diff --git a/app/openvpn/configure.ac b/app/openvpn/configure.ac
index ffba3749..608ab6d1 100644
--- a/app/openvpn/configure.ac
+++ b/app/openvpn/configure.ac
@@ -368,15 +368,18 @@ AC_ARG_VAR([IPROUTE], [full path to ip utility])
 AC_ARG_VAR([NETSTAT], [path to netstat utility]) # tests
 AC_ARG_VAR([MAN2HTML], [path to man2html utility])
 AC_ARG_VAR([GIT], [path to git utility])
+AC_ARG_VAR([SYSTEMD_ASK_PASSWORD], [path to systemd-ask-password utility])
 AC_PATH_PROGS([IFCONFIG], [ifconfig],, [$PATH:/usr/local/sbin:/usr/sbin:/sbin])
 AC_PATH_PROGS([ROUTE], [route],, [$PATH:/usr/local/sbin:/usr/sbin:/sbin])
 AC_PATH_PROGS([IPROUTE], [ip],, [$PATH:/usr/local/sbin:/usr/sbin:/sbin])
+AC_PATH_PROGS([SYSTEMD_ASK_PASSWORD], [systemd-ask-password],, [$PATH:/usr/local/bin:/usr/bin:/bin])
 AC_CHECK_PROGS([NETSTAT], [netstat], [netstat], [$PATH:/usr/local/sbin:/usr/sbin:/sbin:/etc]) # tests
 AC_CHECK_PROGS([MAN2HTML], [man2html])
 AC_CHECK_PROGS([GIT], [git]) # optional
 AC_DEFINE_UNQUOTED([IFCONFIG_PATH], ["$IFCONFIG"], [Path to ifconfig tool])
 AC_DEFINE_UNQUOTED([IPROUTE_PATH], ["$IPROUTE"], [Path to iproute tool])
 AC_DEFINE_UNQUOTED([ROUTE_PATH], ["$ROUTE"], [Path to route tool])
+AC_DEFINE_UNQUOTED([SYSTEMD_ASK_PASSWORD_PATH], ["$SYSTEMD_ASK_PASSWORD"], [Path to systemd-ask-password tool])
 
 #
 # Libtool
@@ -994,6 +997,28 @@ if test "$enable_lz4" = "yes" && test "$enable_comp_stub" = "no"; then
 fi
 
 
+dnl
+dnl Check for systemd
+dnl
+
+if test "$enable_systemd" = "yes" ; then
+    PKG_CHECK_MODULES([libsystemd], [systemd libsystemd],
+                      [],
+                      [PKG_CHECK_MODULES([libsystemd], [libsystemd-daemon])]
+                      )
+    AC_CHECK_HEADERS(systemd/sd-daemon.h,
+       ,
+       [
+	   AC_MSG_ERROR([systemd development headers not found.])
+       ])
+
+    saved_LIBS="${LIBS}"
+    LIBS="${LIBS} ${libsystemd_LIBS}"
+    AC_CHECK_FUNCS([sd_booted], [], [AC_MSG_ERROR([systemd library is missing sd_booted()])])
+    OPTIONAL_SYSTEMD_LIBS="${libsystemd_LIBS}"
+    AC_DEFINE(ENABLE_SYSTEMD, 1, [Enable systemd integration])
+    LIBS="${saved_LIBS}"
+fi
 
 
 AC_MSG_CHECKING([git checkout])
@@ -1034,7 +1059,6 @@ test "${enable_def_auth}" = "yes" && AC_DEFINE([ENABLE_DEF_AUTH], [1], [Enable d
 test "${enable_pf}" = "yes" && AC_DEFINE([ENABLE_PF], [1], [Enable internal packet filter])
 test "${enable_strict_options}" = "yes" && AC_DEFINE([ENABLE_STRICT_OPTIONS_CHECK], [1], [Enable strict options check between peers])
 test "${enable_password_save}" = "yes" && AC_DEFINE([ENABLE_PASSWORD_SAVE], [1], [Allow --askpass and --auth-user-pass passwords to be read from a file])
-test "${enable_systemd}" = "yes" && AC_DEFINE([ENABLE_SYSTEMD], [1], [Enable systemd support])
 
 case "${with_crypto_library}" in
 	openssl)
@@ -1167,6 +1191,7 @@ AC_SUBST([OPTIONAL_SNAPPY_CFLAGS])
 AC_SUBST([OPTIONAL_SNAPPY_LIBS])
 AC_SUBST([OPTIONAL_LZ4_CFLAGS])
 AC_SUBST([OPTIONAL_LZ4_LIBS])
+AC_SUBST([OPTIONAL_SYSTEMD_LIBS])
 AC_SUBST([OPTIONAL_PKCS11_HELPER_CFLAGS])
 AC_SUBST([OPTIONAL_PKCS11_HELPER_LIBS])
 
diff --git a/app/openvpn/contrib/OCSP_check/OCSP_check.sh b/app/openvpn/contrib/OCSP_check/OCSP_check.sh
index 553c3dce..6876c6d8 100644
--- a/app/openvpn/contrib/OCSP_check/OCSP_check.sh
+++ b/app/openvpn/contrib/OCSP_check/OCSP_check.sh
@@ -97,12 +97,19 @@ if [ $check_depth -eq -1 ] || [ $cur_depth -eq $check_depth ]; then
                     "$nonce" \
                     -CAfile "$verify" \
                     -url "$ocsp_url" \
-                    -serial "${serial}" 2>/dev/null)
+                    -serial "${serial}" 2>&1)
 
     if [ $? -eq 0 ]; then
-      # check that it's good
+      # check if ocsp didn't report any errors
+      if echo "$status" | grep -Eq "(error|fail)"; then
+          exit 1
+      fi
+      # check that the reported status of certificate is ok
       if echo "$status" | grep -Fq "^${serial}: good"; then
-        exit 0
+        # check if signature on the OCSP response verified correctly
+        if echo "$status" | grep -Fq "^Response verify OK"; then
+            exit 0
+        fi
       fi
     fi
   fi
diff --git a/app/openvpn/distro/rpm/openvpn.spec b/app/openvpn/distro/rpm/openvpn.spec
new file mode 100644
index 00000000..86ed85c9
--- /dev/null
+++ b/app/openvpn/distro/rpm/openvpn.spec
@@ -0,0 +1,248 @@
+# OpenVPN spec file, used to drive rpmbuild
+
+# OPTIONS
+#
+# Disable LZO
+#   rpmbuild -tb [openvpn.x.tar.gz] --define 'without_lzo 1'
+#
+# Disable PAM plugin
+#   rpmbuild -tb [openvpn.x.tar.gz] --define 'without_pam 1'
+#
+# Allow passwords to be read from files
+#   rpmbuild -tb [openvpn.x.tar.gz] --define 'with_password_save 1'
+
+Summary:	OpenVPN is a robust and highly flexible VPN daemon by James Yonan.
+Name:		openvpn
+Version:	2.3_master
+Release:	1
+URL:		http://openvpn.net/
+Source0:	http://prdownloads.sourceforge.net/openvpn/%{name}-%{version}.tar.gz
+
+License:	GPL
+Group:		Applications/Internet
+Vendor:		James Yonan <jim@yonan.net>
+Packager:	James Yonan <jim@yonan.net>
+BuildRoot:	%{_tmppath}/%{name}-%(id -un)
+
+#
+# Include dependencies manually
+#
+
+AutoReq: 0
+
+BuildRequires:	openssl-devel >= 0.9.7
+Requires:	openssl       >= 0.9.7
+
+%if "%{_vendor}" == "Mandrakesoft"
+%{!?without_lzo:BuildRequires:	liblzo1-devel >= 1.07}
+%{!?without_lzo:Requires:	liblzo1       >= 1.07}
+%else
+%if "%{_vendor}" == "MandrakeSoft"
+%{!?without_lzo:BuildRequires:	liblzo1-devel >= 1.07}
+%{!?without_lzo:Requires:	liblzo1       >= 1.07}
+%else
+%{!?without_lzo:BuildRequires:	lzo-devel >= 1.07}
+%{!?without_lzo:Requires:	lzo       >= 1.07}
+%endif
+%endif
+
+%{!?without_pam:BuildRequires:	pam-devel}
+%{!?without_pam:Requires:	pam}
+
+%{?with_pkcs11:BuildRequires:	pkcs11-helper-devel}
+%{?with_pkcs11:Requires:	pkcs11-helper}
+
+#
+# Description
+#
+
+%description
+OpenVPN is a robust and highly flexible VPN daemon by James Yonan.
+OpenVPN supports SSL/TLS security,
+ethernet bridging,
+TCP or UDP tunnel transport through proxies or NAT,
+support for dynamic IP addresses and DHCP,
+scalability to hundreds or thousands of users,
+and portability to most major OS platforms.
+
+%package devel
+Summary:	OpenVPN is a robust and highly flexible VPN daemon by James Yonan.
+Group:		Applications/Internet
+Requires:	%{name}
+%description devel
+Development support for OpenVPN.
+
+#
+# Define vendor type
+#
+
+%if "%{_vendor}" == "suse" || "%{_vendor}" == "pc"
+%define VENDOR SuSE
+%else
+%define VENDOR %_vendor
+%endif
+
+#
+# Other definitions
+#
+
+%define debug_package %{nil}
+
+#
+# Build OpenVPN binary
+#
+
+%prep
+%setup -q
+
+%build
+%configure \
+	--disable-dependency-tracking \
+	--docdir="%{_docdir}/%{name}-%{version}" \
+	%{?with_password_save:--enable-password-save} \
+	%{!?without_lzo:--enable-lzo} \
+	%{?with_pkcs11:--enable-pkcs11} \
+	%{?without_pam:--disable-plugin-auth-pam}
+%__make
+
+#
+# Installation section
+#
+
+%install
+[ %{buildroot} != "/" ] && rm -rf %{buildroot}
+%__make install DESTDIR="%{buildroot}"
+
+# Install init script
+%if "%{VENDOR}" == "SuSE"
+%__install -c -d -m 755 "%{buildroot}/etc/init.d"
+%__install -c -m 755 "distro/rpm/%{name}.init.d.suse" "%{buildroot}/etc/init.d/%{name}"
+%else
+%__install -c -d -m 755 "%{buildroot}/etc/rc.d/init.d"
+%__install -c -m 755 distro/rpm/%{name}.init.d.rhel "%{buildroot}/etc/rc.d/init.d/%{name}"
+%endif
+
+# Install /etc/openvpn
+%__install -c -d -m 755 "%{buildroot}/etc/%{name}"
+
+# Install extra %doc stuff
+cp -r AUTHORS ChangeLog NEWS contrib/ sample/ \
+	"%{buildroot}/%{_docdir}/%{name}-%{version}"
+
+#
+# Clean section
+#
+
+%clean
+[ %{buildroot} != "/" ] && rm -rf "%{buildroot}"
+
+#
+# On Linux 2.4, make the device node
+#
+
+%post
+case "`uname -r`" in
+2.4*)
+	/bin/mkdir /dev/net >/dev/null 2>&1
+	/bin/mknod /dev/net/tun c 10 200 >/dev/null 2>&1
+	;;
+esac
+
+#
+# Handle the init script
+#
+
+/sbin/chkconfig --add %{name}
+%if "%{VENDOR}" == "SuSE"
+/etc/init.d/openvpn restart
+%else
+/sbin/service %{name} condrestart
+%endif
+%preun
+if [ "$1" = 0 ]
+then
+	%if "%{VENDOR}" == "SuSE"
+	/etc/init.d/openvpn stop
+	%else
+	/sbin/service %{name} stop
+	%endif
+	/sbin/chkconfig --del %{name}
+fi
+
+#
+# Files section
+#
+# don't use %doc as old rpmbuild removes it[1].
+# [1] http://rpm.org/ticket/836
+
+%files
+%defattr(-,root,root)
+%{_mandir}
+%{_sbindir}/%{name}
+%{_libdir}/%{name}
+%{_docdir}/%{name}-%{version}
+%dir /etc/%{name}
+%if "%{VENDOR}" == "SuSE"
+/etc/init.d/%{name}
+%else
+/etc/rc.d/init.d/%{name}
+%endif
+
+%files devel
+%defattr(-,root,root)
+%{_includedir}/*
+
+%changelog
+* Thu Jul 30 2009 David Sommerseth <dazo@users.sourceforge.net>
+- Removed management/ directory from %doc
+
+* Thu Dec 14 2006 Alon Bar-Lev
+- Added with_pkcs11
+
+* Mon Aug 2 2005 James Yonan
+- Fixed build problem with --define 'without_pam 1'
+
+* Mon Apr 4 2005 James Yonan
+- Moved some files from /usr/share/openvpn to %doc for compatibility
+  with Dag Wieers' RPM repository
+
+* Sat Mar 12 2005 Tom Walsh
+- Added MandrakeSoft liblzo1 require
+
+* Fri Dec 10 2004 James Yonan
+- Added AutoReq: 0 for manual dependencies
+
+* Fri Dec 10 2004 James Yonan
+- Packaged the plugins
+
+* Sun Nov 7 2004 Umberto Nicoletti
+- SuSE support
+
+* Wed Aug 18 2004 Bishop Clark (LC957) <bishop@platypus.bc.ca>
+- restrict what we claim in /etc/ to avoid ownership conflicts
+
+* Sun Feb 23 2003 Matthias Andree <matthias.andree@gmx.de> 1.3.2.14-1.
+- Have the version number filled in by autoconf.
+
+* Wed Jul 10 2002 James Yonan <jim@yonan.net> 1.3.1-1
+- Fixed %preun to only remove service on final uninstall
+
+* Mon Jun 17 2002 bishop clark (LC957) <bishop@platypus.bc.ca> 1.2.2-1
+- Added condrestart to openvpn.spec & openvpn.init.
+
+* Wed May 22 2002 James Yonan <jim@yonan.net> 1.2.0-1
+- Added mknod for Linux 2.4.
+
+* Wed May 15 2002 Doug Keller <dsk@voidstar.dyndns.org> 1.1.1.16-2
+- Added init scripts
+- Added conf file support
+
+* Mon May 13 2002 bishop clark (LC957) <bishop@platypus.bc.ca> 1.1.1.14-1
+- Added new directories for config examples and such
+
+* Sun May 12 2002 bishop clark (LC957) <bishop@platypus.bc.ca> 1.1.1.13-1
+- Updated buildroot directive and cleanup command
+- added easy-rsa utilities
+
+* Mon Mar 25 2002 bishop clark (LC957) <bishop@platypus.bc.ca> 1.0-1
+- Initial build.
diff --git a/app/openvpn/distro/systemd/openvpn@.service b/app/openvpn/distro/systemd/openvpn@.service
new file mode 100644
index 00000000..7cd36c36
--- /dev/null
+++ b/app/openvpn/distro/systemd/openvpn@.service
@@ -0,0 +1,19 @@
+[Unit]
+Description=OpenVPN tunnel for %I
+After=syslog.target network.target
+Documentation=man:openvpn(8)
+Documentation=https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage
+Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO
+
+[Service]
+PrivateTmp=true
+Type=forking
+PIDFile=/var/run/openvpn/%i.pid
+ExecStart=/usr/sbin/openvpn --daemon --writepid /var/run/openvpn/%i.pid --cd /etc/openvpn/ --config %i.conf
+CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_READ_SEARCH
+LimitNPROC=10
+DeviceAllow=/dev/null rw
+DeviceAllow=/dev/net/tun rw
+
+[Install]
+WantedBy=multi-user.target
diff --git a/app/openvpn/doc/android.txt b/app/openvpn/doc/android.txt
index cf8b3c79..137edfc5 100644
--- a/app/openvpn/doc/android.txt
+++ b/app/openvpn/doc/android.txt
@@ -55,6 +55,21 @@ To set the DNS server and search domain.
 The GUI will then respond with a "needok 'command' ok' or "needok
 'command' cancel', e.g. "needok 'IFCONFIG' ok".
 
+PERSIST_TUN_ACTION
+
+In Android 4.4-4.4.2 a bug exists that does not allow to open a new tun fd
+while a tun fd is still open. When OpenVPN wants to open an fd it will do
+this query. The UI should compare the last configuration of
+the tun device with the current tun configuration and reply with either (or
+always respond with OPEN_AFTER_BEFORE/OPEN_BEFORE_CLOSE)
+
+- NOACTION: Keep using the old fd
+- OPEN_AFTER_CLOSE: First close the old fd and then open a new to workaround the bug
+- OPEN_BEFORE_CLOSE: the normal behaviour when the VPN configuration changed
+
+For example the UI could respond with
+needok 'PERSIST_TUN_ACTION' OPEN_AFTER_CLOSE
+
 To protect a socket the OpenVPN will send a PROTECTFD to the UI.
 When sending the PROTECTFD command command to the UI it will send
 the fd of the socket as ancillary message over the UNIX socket.
@@ -74,12 +89,3 @@ are not specific to Android but are rarely used on other platform.
 For example using SIGUSR1 and management-hold to restart, pause,
 continue the VPN on network changes or the external key management
 --management-external-key option and inline files.
-
-Due to a bug in Android 4.4-4.4.2 there the Android Control will also
-query what action the daemon should take when opening the fd. The GUI
-should compare the last configuration of the tun device with the current
-tun configuration and reply with either
-
-- NOACTION: Keep using the old fd
-- OPEN_AFTER_CLOSE: First close the old fd and then open a new to workaround the bug
-- OPEN_BEFORE_CLOSE: the normal behaviour when the VPN configuration changed
diff --git a/app/openvpn/src/openvpn/Makefile.am b/app/openvpn/src/openvpn/Makefile.am
index fd593c57..d089f50f 100644
--- a/app/openvpn/src/openvpn/Makefile.am
+++ b/app/openvpn/src/openvpn/Makefile.am
@@ -126,6 +126,7 @@ openvpn_LDADD = \
 	$(OPTIONAL_PKCS11_HELPER_LIBS) \
 	$(OPTIONAL_CRYPTO_LIBS) \
 	$(OPTIONAL_SELINUX_LIBS) \
+	$(OPTIONAL_SYSTEMD_LIBS) \
 	$(OPTIONAL_DL_LIBS)
 if WIN32
 openvpn_SOURCES += openvpn_win32_resources.rc
diff --git a/app/openvpn/src/openvpn/base64.c b/app/openvpn/src/openvpn/base64.c
index 6dc8479f..258b258e 100644
--- a/app/openvpn/src/openvpn/base64.c
+++ b/app/openvpn/src/openvpn/base64.c
@@ -108,7 +108,7 @@ token_decode(const char *token)
     int i;
     unsigned int val = 0;
     int marker = 0;
-    if (strlen(token) < 4)
+    if (!token[0] || !token[1] || !token[2] || !token[3])
 	return DECODE_ERROR;
     for (i = 0; i < 4; i++) {
 	val *= 64;
diff --git a/app/openvpn/src/openvpn/console.c b/app/openvpn/src/openvpn/console.c
index afda8ca3..d66d4087 100644
--- a/app/openvpn/src/openvpn/console.c
+++ b/app/openvpn/src/openvpn/console.c
@@ -34,6 +34,10 @@
 #include "buffer.h"
 #include "misc.h"
 
+#ifdef ENABLE_SYSTEMD
+#include <systemd/sd-daemon.h>
+#endif
+
 #ifdef WIN32
 
 #include "win32.h"
@@ -143,14 +147,14 @@ close_tty (FILE *fp)
 static bool
 check_systemd_running ()
 {
-  struct stat a, b;
+  struct stat c;
 
   /* We simply test whether the systemd cgroup hierarchy is
-   * mounted */
+   * mounted, as well as the systemd-ask-password executable
+   * being available */
 
-  return (lstat("/sys/fs/cgroup", &a) == 0)
-	  && (lstat("/sys/fs/cgroup/systemd", &b) == 0)
-	  && (a.st_dev != b.st_dev);
+  return (sd_booted() > 0)
+	  && (stat(SYSTEMD_ASK_PASSWORD_PATH, &c) == 0);
 
 }
 
@@ -162,7 +166,7 @@ get_console_input_systemd (const char *prompt, const bool echo, char *input, con
   struct argv argv;
 
   argv_init (&argv);
-  argv_printf (&argv, "/bin/systemd-ask-password");
+  argv_printf (&argv, SYSTEMD_ASK_PASSWORD_PATH);
   argv_printf_cat (&argv, "%s", prompt);
 
   if ((std_out = openvpn_popen (&argv, NULL)) < 0) {
diff --git a/app/openvpn/src/openvpn/crypto.c b/app/openvpn/src/openvpn/crypto.c
index 62c4ab28..69df29de 100644
--- a/app/openvpn/src/openvpn/crypto.c
+++ b/app/openvpn/src/openvpn/crypto.c
@@ -223,6 +223,30 @@ err:
   return;
 }
 
+int verify_hmac(struct buffer *buf, struct key_ctx *ctx, int offset)
+{
+  uint8_t local_hmac[MAX_HMAC_KEY_LENGTH]; /* HMAC of ciphertext computed locally */
+  int hmac_len = 0;
+
+  hmac_ctx_reset(ctx->hmac);
+  /* Assume the length of the input HMAC */
+  hmac_len = hmac_ctx_size (ctx->hmac);
+
+  /* Authentication fails if insufficient data in packet for HMAC */
+  if (buf->len - offset < hmac_len)
+    return 0;
+
+  hmac_ctx_update (ctx->hmac, BPTR (buf) + hmac_len + offset,
+	BLEN (buf) - hmac_len - offset);
+  hmac_ctx_final (ctx->hmac, local_hmac);
+
+  /* Compare locally computed HMAC with packet HMAC */
+  if (memcmp_constant_time (local_hmac, BPTR (buf) + offset, hmac_len) == 0)
+    return hmac_len;
+
+  return 0;
+}
+
 /*
  * If (opt->flags & CO_USE_IV) is not NULL, we will read an IV from the packet.
  *
@@ -249,25 +273,9 @@ openvpn_decrypt (struct buffer *buf, struct buffer work,
       /* Verify the HMAC */
       if (ctx->hmac)
 	{
-	  int hmac_len;
-	  uint8_t local_hmac[MAX_HMAC_KEY_LENGTH]; /* HMAC of ciphertext computed locally */
-
-	  hmac_ctx_reset(ctx->hmac);
-
-	  /* Assume the length of the input HMAC */
-	  hmac_len = hmac_ctx_size (ctx->hmac);
-
-	  /* Authentication fails if insufficient data in packet for HMAC */
-	  if (buf->len < hmac_len)
-	    CRYPT_ERROR ("missing authentication info");
-
-	  hmac_ctx_update (ctx->hmac, BPTR (buf) + hmac_len, BLEN (buf) - hmac_len);
-	  hmac_ctx_final (ctx->hmac, local_hmac);
-
-	  /* Compare locally computed HMAC with packet HMAC */
-	  if (memcmp_constant_time (local_hmac, BPTR (buf), hmac_len))
+	  int hmac_len = verify_hmac(buf, ctx, 0);
+	  if (hmac_len == 0)
 	    CRYPT_ERROR ("packet HMAC authentication failed");
-
 	  ASSERT (buf_advance (buf, hmac_len));
 	}
 
@@ -399,10 +407,6 @@ openvpn_decrypt (struct buffer *buf, struct buffer work,
 bool
 crypto_test_hmac (struct buffer *buf, const struct crypto_options *opt)
 {
-  struct gc_arena gc;
-  gc_init (&gc);
-  int offset = 4; /* 1 byte opcode + 3 bytes session-id */
-
   if (buf->len > 0 && opt->key_ctx_bi)
     {
       struct key_ctx *ctx = &opt->key_ctx_bi->decrypt;
@@ -410,38 +414,10 @@ crypto_test_hmac (struct buffer *buf, const struct crypto_options *opt)
       /* Verify the HMAC */
       if (ctx->hmac)
 	{
-	  int hmac_len;
-	  uint8_t local_hmac[MAX_HMAC_KEY_LENGTH]; /* HMAC of ciphertext computed locally */
-
-	  hmac_ctx_reset(ctx->hmac);
-
-	  /* Assume the length of the input HMAC */
-	  hmac_len = hmac_ctx_size (ctx->hmac);
-
-	  /* Authentication fails if insufficient data in packet for HMAC */
-	  if ((buf->len - offset) < hmac_len)
-	    {
-	      gc_free (&gc);
-	      return false;
-	    }
-
-	  hmac_ctx_update (ctx->hmac, BPTR (buf) + offset + hmac_len,
-			   BLEN (buf) - offset - hmac_len);
-	  hmac_ctx_final (ctx->hmac, local_hmac);
-
-	  /* Compare locally computed HMAC with packet HMAC */
-	  if (memcmp (local_hmac, BPTR (buf) + offset, hmac_len))
-	    {
-	      gc_free (&gc);
-	      return false;
-	    }
-
-	  gc_free (&gc);
-	  return true;
+	  /* sizeof(uint32_t) comes from peer_id (3 bytes) and opcode (1 byte) */
+	  return verify_hmac(buf, ctx, sizeof(uint32_t)) != 0;
 	}
     }
-
-  gc_free (&gc);
   return false;
 }
 
diff --git a/app/openvpn/src/openvpn/crypto_backend.h b/app/openvpn/src/openvpn/crypto_backend.h
index a48ad6c5..87498785 100644
--- a/app/openvpn/src/openvpn/crypto_backend.h
+++ b/app/openvpn/src/openvpn/crypto_backend.h
@@ -223,7 +223,7 @@ int cipher_kt_block_size (const cipher_kt_t *cipher_kt);
 /**
  * Returns the mode that the cipher runs in.
  *
- * @param cipher_kt 	Static cipher parameters
+ * @param cipher_kt	Static cipher parameters. May not be NULL.
  *
  * @return 		Cipher mode, either \c OPENVPN_MODE_CBC, \c
  * 			OPENVPN_MODE_OFB or \c OPENVPN_MODE_CFB
@@ -231,9 +231,9 @@ int cipher_kt_block_size (const cipher_kt_t *cipher_kt);
 int cipher_kt_mode (const cipher_kt_t *cipher_kt);
 
 /**
- * Check of the supplied cipher is a supported CBC mode cipher.
+ * Check if the supplied cipher is a supported CBC mode cipher.
  *
- * @param cipher	Static cipher parameters. May not be NULL.
+ * @param cipher	Static cipher parameters.
  *
  * @return		true iff the cipher is a CBC mode cipher.
  */
@@ -241,9 +241,9 @@ bool cipher_kt_mode_cbc(const cipher_kt_t *cipher)
   __attribute__((nonnull));
 
 /**
- * Check of the supplied cipher is a supported OFB or CFB mode cipher.
+ * Check if the supplied cipher is a supported OFB or CFB mode cipher.
  *
- * @param cipher	Static cipher parameters. May not be NULL.
+ * @param cipher	Static cipher parameters.
  *
  * @return		true iff the cipher is a OFB or CFB mode cipher.
  */
diff --git a/app/openvpn/src/openvpn/crypto_openssl.c b/app/openvpn/src/openvpn/crypto_openssl.c
index 0ac89a19..f7a491d6 100644
--- a/app/openvpn/src/openvpn/crypto_openssl.c
+++ b/app/openvpn/src/openvpn/crypto_openssl.c
@@ -492,7 +492,7 @@ cipher_kt_mode (const EVP_CIPHER *cipher_kt)
 bool
 cipher_kt_mode_cbc(const cipher_kt_t *cipher)
 {
-  return cipher_kt_mode(cipher) == OPENVPN_MODE_CBC
+  return cipher && cipher_kt_mode(cipher) == OPENVPN_MODE_CBC
 #ifdef EVP_CIPH_FLAG_AEAD_CIPHER
       /* Exclude AEAD cipher modes, they require a different API */
       && !(EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER)
@@ -503,7 +503,7 @@ cipher_kt_mode_cbc(const cipher_kt_t *cipher)
 bool
 cipher_kt_mode_ofb_cfb(const cipher_kt_t *cipher)
 {
-  return (cipher_kt_mode(cipher) == OPENVPN_MODE_OFB ||
+  return cipher && (cipher_kt_mode(cipher) == OPENVPN_MODE_OFB ||
 	  cipher_kt_mode(cipher) == OPENVPN_MODE_CFB)
 #ifdef EVP_CIPH_FLAG_AEAD_CIPHER
       /* Exclude AEAD cipher modes, they require a different API */
diff --git a/app/openvpn/src/openvpn/crypto_polarssl.c b/app/openvpn/src/openvpn/crypto_polarssl.c
index 1a986dbd..e083398f 100644
--- a/app/openvpn/src/openvpn/crypto_polarssl.c
+++ b/app/openvpn/src/openvpn/crypto_polarssl.c
@@ -419,13 +419,13 @@ cipher_kt_mode (const cipher_info_t *cipher_kt)
 bool
 cipher_kt_mode_cbc(const cipher_kt_t *cipher)
 {
-  return cipher_kt_mode(cipher) == OPENVPN_MODE_CBC;
+  return cipher && cipher_kt_mode(cipher) == OPENVPN_MODE_CBC;
 }
 
 bool
 cipher_kt_mode_ofb_cfb(const cipher_kt_t *cipher)
 {
-  return (cipher_kt_mode(cipher) == OPENVPN_MODE_OFB ||
+  return cipher && (cipher_kt_mode(cipher) == OPENVPN_MODE_OFB ||
 	  cipher_kt_mode(cipher) == OPENVPN_MODE_CFB);
 }
 
diff --git a/app/openvpn/src/openvpn/forward.c b/app/openvpn/src/openvpn/forward.c
index a43361b4..0bbdedb0 100644
--- a/app/openvpn/src/openvpn/forward.c
+++ b/app/openvpn/src/openvpn/forward.c
@@ -948,6 +948,15 @@ read_incoming_tun (struct context *c)
       return;		  
     }
 
+  /* Was TUN/TAP I/O operation aborted? */
+  if (tuntap_abort(c->c2.buf.len))
+  {
+     register_signal(c, SIGTERM, "tun-abort");
+     msg(M_FATAL, "TUN/TAP I/O operation aborted, exiting");
+     perf_pop();
+     return;
+  }
+
   /* Check the status return from read() */
   check_status (c->c2.buf.len, "read from TUN/TAP", NULL, c->c1.tuntap);
 
diff --git a/app/openvpn/src/openvpn/init.c b/app/openvpn/src/openvpn/init.c
index 6137588d..7cec8d9b 100644
--- a/app/openvpn/src/openvpn/init.c
+++ b/app/openvpn/src/openvpn/init.c
@@ -1718,7 +1718,8 @@ pull_permission_mask (const struct context *c)
     | OPT_P_MESSAGES
     | OPT_P_EXPLICIT_NOTIFY
     | OPT_P_ECHO
-    | OPT_P_PULL_MODE;
+    | OPT_P_PULL_MODE
+    | OPT_P_PEER_ID;
 
   if (!c->options.route_nopull)
     flags |= (OPT_P_ROUTE | OPT_P_IPWIN32);
@@ -1795,6 +1796,13 @@ do_deferred_options (struct context *c, const unsigned int found)
     msg (D_PUSH, "OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified");
   if (found & OPT_P_SETENV)
     msg (D_PUSH, "OPTIONS IMPORT: environment modified");
+
+  if (found & OPT_P_PEER_ID)
+    {
+      msg (D_PUSH, "OPTIONS IMPORT: peer-id set");
+      c->c2.tls_multi->use_peer_id = true;
+      c->c2.tls_multi->peer_id = c->options.peer_id;
+    }
 }
 
 /*
@@ -3179,7 +3187,7 @@ managmenet_callback_network_change (void *arg)
      reestablishing the connection is required */
 
   socketfd = c->c2.link_socket->sd;
-  if (!c->options.pull || c->c2.tls_multi->use_session_id)
+  if (!c->options.pull || c->c2.tls_multi->use_peer_id)
     return socketfd;
   else
     return -2;
diff --git a/app/openvpn/src/openvpn/misc.c b/app/openvpn/src/openvpn/misc.c
index 63b4c1cf..61bc523d 100644
--- a/app/openvpn/src/openvpn/misc.c
+++ b/app/openvpn/src/openvpn/misc.c
@@ -365,24 +365,29 @@ openvpn_popen (const struct argv *a,  const struct env_set *es)
 		      pid = fork ();
 		      if (pid == (pid_t)0) /* child side */
 			{
-			  close (pipe_stdout[0]);
+			  close (pipe_stdout[0]);  /* Close read end */
 			  dup2 (pipe_stdout[1],1);
 			  execve (cmd, argv, envp);
 			  exit (127);
 			}
-		      else if (pid < (pid_t)0) /* fork failed */
+		      else if (pid > (pid_t)0) /* parent side */
 			{
-			  msg (M_ERR, "openvpn_popen: unable to fork");
+                          int status = 0;
+
+                          close (pipe_stdout[1]); /* Close write end */
+                          waitpid(pid, &status, 0);
+                          ret = pipe_stdout[0];
 			}
-		      else /* parent side */
+		      else /* fork failed */
 			{
-                            ret=pipe_stdout[0];
-			    close (pipe_stdout[1]);
+                          close (pipe_stdout[0]);
+                          close (pipe_stdout[1]);
+			  msg (M_ERR, "openvpn_popen: unable to fork %s", cmd);
 			}
 	      }
 	      else {
-		      msg (M_WARN, "openvpn_popen: unable to create stdout pipe");
-		      ret = -1;
+                msg (M_WARN, "openvpn_popen: unable to create stdout pipe for %s", cmd);
+                ret = -1;
 	      }
 	}
       else if (!warn_shown && (script_security < SSEC_SCRIPTS))
diff --git a/app/openvpn/src/openvpn/mudp.c b/app/openvpn/src/openvpn/mudp.c
index f7ab6253..51227a90 100644
--- a/app/openvpn/src/openvpn/mudp.c
+++ b/app/openvpn/src/openvpn/mudp.c
@@ -105,29 +105,29 @@ multi_get_create_instance_udp (struct multi_context *m)
       struct hash_element *he;
       const uint32_t hv = hash_value (hash, &real);
       struct hash_bucket *bucket = hash_bucket (hash, hv);
-      uint8_t* ptr  = BPTR(&m->top.c2.buf);
+      uint8_t* ptr = BPTR(&m->top.c2.buf);
       uint8_t op = ptr[0] >> P_OPCODE_SHIFT;
-      uint32_t sess_id;
-      bool session_forged = false;
+      uint32_t peer_id;
+      bool hmac_mismatch = false;
 
       if (op == P_DATA_V2)
 	{
-	  sess_id = (*(uint32_t*)ptr) >> 8;
-	  if ((sess_id < m->max_clients) && (m->instances[sess_id]))
+	  peer_id = ntohl((*(uint32_t*)ptr)) & 0xFFFFFF;
+	  if ((peer_id < m->max_clients) && (m->instances[peer_id]))
 	    {
-	      mi = m->instances[sess_id];
+	      mi = m->instances[peer_id];
 
 	      if (!link_socket_actual_match(&mi->context.c2.from, &m->top.c2.from))
 		{
-		  msg(D_MULTI_MEDIUM, "floating detected from %s to %s",
-		      print_link_socket_actual (&mi->context.c2.from, &gc), print_link_socket_actual (&m->top.c2.from, &gc));
+		  msg(D_MULTI_MEDIUM, "float from %s to %s",
+			print_link_socket_actual (&mi->context.c2.from, &gc), print_link_socket_actual (&m->top.c2.from, &gc));
 
-		  /* session-id is not trusted, so check hmac */
-		  session_forged = !(crypto_test_hmac(&m->top.c2.buf, &mi->context.c2.crypto_options));
-		  if (session_forged)
+		  /* peer-id is not trusted, so check hmac */
+		  hmac_mismatch = !(crypto_test_hmac(&m->top.c2.buf, &mi->context.c2.crypto_options));
+		  if (hmac_mismatch)
 		    {
 		      mi = NULL;
-		      msg (D_MULTI_MEDIUM, "hmac verification failed, session forge detected!");
+		      msg (D_MULTI_MEDIUM, "HMAC mismatch for peer-id %d", peer_id);
 		    }
 		  else
 		    {
@@ -144,7 +144,7 @@ multi_get_create_instance_udp (struct multi_context *m)
 	      mi = (struct multi_instance *) he->value;
 	    }
 	}
-      if (!mi && !session_forged)
+      if (!mi && !hmac_mismatch)
 	{
 	  if (!m->top.c2.tls_auth_standalone
 	      || tls_pre_decrypt_lite (m->top.c2.tls_auth_standalone, &m->top.c2.from, &m->top.c2.buf))
@@ -162,7 +162,7 @@ multi_get_create_instance_udp (struct multi_context *m)
 			{
 			  if (!m->instances[i])
 			    {
-			      mi->context.c2.tls_multi->vpn_session_id = i;
+			      mi->context.c2.tls_multi->peer_id = i;
 			      m->instances[i] = mi;
 			      break;
 			    }
@@ -183,15 +183,6 @@ multi_get_create_instance_udp (struct multi_context *m)
 	{
 	  const char *status = mi ? "[ok]" : "[failed]";
 
-	  /*
-	  if (he && mi)
-	    status = "[succeeded]";
-	  else if (!he && mi)
-	    status = "[created]";
-	  else
-	    status = "[failed]";
-	  */
-
 	  dmsg (D_MULTI_DEBUG, "GET INST BY REAL: %s %s",
 	       mroute_addr_print (&real, &gc),
 	       status);
diff --git a/app/openvpn/src/openvpn/multi.c b/app/openvpn/src/openvpn/multi.c
index a4289ac7..bd5948c8 100644
--- a/app/openvpn/src/openvpn/multi.c
+++ b/app/openvpn/src/openvpn/multi.c
@@ -303,7 +303,6 @@ multi_init (struct multi_context *m, struct context *t, bool tcp_mode, int threa
 			   cid_compare_function);
 #endif
 
-
   /*
    * This is our scheduler, for time-based wakeup
    * events.
@@ -374,12 +373,7 @@ multi_init (struct multi_context *m, struct context *t, bool tcp_mode, int threa
    */
   m->max_clients = t->options.max_clients;
 
-  int i;
-  m->instances = malloc(sizeof(struct multi_instance*) * m->max_clients);
-  for (i = 0; i < m->max_clients; ++ i)
-    {
-      m->instances[i] = NULL;
-    }
+  m->instances = calloc(m->max_clients, sizeof(struct multi_instance*));
 
   /*
    * Initialize multi-socket TCP I/O wait object
@@ -561,7 +555,7 @@ multi_close_instance (struct multi_context *m,
 	}
 #endif
 
-      m->instances[mi->context.c2.tls_multi->vpn_session_id] = NULL;
+      m->instances[mi->context.c2.tls_multi->peer_id] = NULL;
 
       schedule_remove_entry (m->schedule, (struct schedule_entry *) mi);
 
@@ -664,6 +658,8 @@ multi_create_instance (struct multi_context *m, const struct mroute_addr *real)
 
   perf_push (PERF_MULTI_CREATE_INSTANCE);
 
+  msg (D_MULTI_MEDIUM, "MULTI: multi_create_instance called");
+
   ALLOC_OBJ_CLEAR (mi, struct multi_instance);
 
   mi->gc = gc_new ();
@@ -1467,10 +1463,6 @@ multi_client_connect_post (struct multi_context *m,
 			     option_types_found,
 			     mi->context.c2.es);
 
-      if (!platform_unlink (dc_file))
-	msg (D_MULTI_ERRORS, "MULTI: problem deleting temporary file: %s",
-	     dc_file);
-
       /*
        * If the --client-connect script generates a config file
        * with an --ifconfig-push directive, it will override any
@@ -1713,6 +1705,11 @@ multi_connection_established (struct multi_context *m, struct multi_instance *mi
 	      multi_client_connect_post (m, mi, dc_file, option_permissions_mask, &option_types_found);
 	      ++cc_succeeded_count;
 	    }
+
+	  if (!platform_unlink (dc_file))
+	    msg (D_MULTI_ERRORS, "MULTI: problem deleting temporary file: %s",
+		 dc_file);
+
         script_depr_failed:
 	  argv_reset (&argv);
 	}
@@ -1766,6 +1763,11 @@ multi_connection_established (struct multi_context *m, struct multi_instance *mi
 	    }
 	  else
 	    cc_succeeded = false;
+
+	  if (!platform_unlink (dc_file))
+	    msg (D_MULTI_ERRORS, "MULTI: problem deleting temporary file: %s",
+		 dc_file);
+
         script_failed:
 	  argv_reset (&argv);
 	}
diff --git a/app/openvpn/src/openvpn/options.c b/app/openvpn/src/openvpn/options.c
index 9ff2db5a..1ca4ad57 100644
--- a/app/openvpn/src/openvpn/options.c
+++ b/app/openvpn/src/openvpn/options.c
@@ -2926,8 +2926,8 @@ options_string (const struct options *o,
 		     o->ifconfig_ipv6_local,
 		     o->ifconfig_ipv6_netbits,
 		     o->ifconfig_ipv6_remote,
-		     (in_addr_t)0,
-		     (in_addr_t)0,
+		     NULL,
+		     NULL,
 		     false,
 		     NULL);
       if (tt)
@@ -3913,17 +3913,7 @@ apply_push_options (struct options *options,
       ++line_num;
       if (parse_line (line, p, SIZE (p), file, line_num, msglevel, &options->gc))
 	{
-	  if (streq(p[0], "session_id"))
-	    {
-	      /* Server supports P_DATA_V2 */
-	      tls_multi->vpn_session_id = atoi(p[1]);
-	      tls_multi->use_session_id = true;
-	      msg(D_PUSH, "session id: %d", tls_multi->vpn_session_id);
-	    }
-	  else
-	    {
-	      add_option (options, p, file, line_num, 0, msglevel, permission_mask, option_types_found, es);
-	    }
+	  add_option (options, p, file, line_num, 0, msglevel, permission_mask, option_types_found, es);
 	}
     }
   return true;
@@ -6986,6 +6976,12 @@ add_option (struct options *options,
       options->persist_mode = 1;
     }
 #endif
+  else if (streq (p[0], "peer-id"))
+    {
+      VERIFY_PERMISSION (OPT_P_PEER_ID);
+      options->use_peer_id = true;
+      options->peer_id = atoi(p[1]);
+    }
   else
     {
       int i;
diff --git a/app/openvpn/src/openvpn/options.h b/app/openvpn/src/openvpn/options.h
index 77c942ca..d5f7e95d 100644
--- a/app/openvpn/src/openvpn/options.h
+++ b/app/openvpn/src/openvpn/options.h
@@ -591,6 +591,9 @@ struct options
   bool show_net_up;
   int route_method;
 #endif
+
+  bool use_peer_id;
+  uint32_t peer_id;
 };
 
 #define streq(x, y) (!strcmp((x), (y)))
@@ -626,6 +629,7 @@ struct options
 #define OPT_P_SOCKBUF         (1<<25)
 #define OPT_P_SOCKFLAGS       (1<<26)
 #define OPT_P_CONNECTION      (1<<27)
+#define OPT_P_PEER_ID         (1<<28)
 
 #define OPT_P_DEFAULT   (~(OPT_P_INSTANCE|OPT_P_PULL_MODE))
 
diff --git a/app/openvpn/src/openvpn/plugin.c b/app/openvpn/src/openvpn/plugin.c
index 0948f238..54c5b52d 100644
--- a/app/openvpn/src/openvpn/plugin.c
+++ b/app/openvpn/src/openvpn/plugin.c
@@ -291,7 +291,7 @@ plugin_init_item (struct plugin *p, const struct plugin_option *o)
 static void
 plugin_vlog (openvpn_plugin_log_flags_t flags, const char *name, const char *format, va_list arglist)
 {
-  unsigned int msg_flags;
+  unsigned int msg_flags = 0;
 
   if (!format)
     return;
diff --git a/app/openvpn/src/openvpn/push.c b/app/openvpn/src/openvpn/push.c
index 028d838e..c7844499 100644
--- a/app/openvpn/src/openvpn/push.c
+++ b/app/openvpn/src/openvpn/push.c
@@ -303,9 +303,17 @@ send_push_reply (struct context *c)
   if (multi_push)
     buf_printf (&buf, ",push-continuation 1");
 
-  /* Send session_id if client supports it */
-  if (c->c2.tls_multi->peer_info && strstr(c->c2.tls_multi->peer_info, "IV_PROTO=2")) {
-      buf_printf(&buf, ",session_id %d", c->c2.tls_multi->vpn_session_id);
+  /* Send peer-id if client supports it */
+  if (c->c2.tls_multi->peer_info)
+    {
+      const char* proto_str = strstr(c->c2.tls_multi->peer_info, "IV_PROTO=");
+      if (proto_str)
+	{
+	  int proto = 0;
+	  int r = sscanf(proto_str, "IV_PROTO=%d", &proto);
+	  if ((r == 1) && (proto >= 2))
+	    buf_printf(&buf, ",peer-id %d", c->c2.tls_multi->peer_id);
+	}
   }
 
   if (BLEN (&buf) > sizeof(cmd)-1)
diff --git a/app/openvpn/src/openvpn/route.c b/app/openvpn/src/openvpn/route.c
index 562af9fe..c330169a 100644
--- a/app/openvpn/src/openvpn/route.c
+++ b/app/openvpn/src/openvpn/route.c
@@ -863,10 +863,12 @@ redirect_default_route_to_vpn (struct route_list *rl, const struct tuntap *tt, u
 	{
 	  msg (M_WARN, "%s VPN gateway parameter (--route-gateway or --ifconfig) is missing", err);
 	}
+#ifndef TARGET_ANDROID
       else if (!(rl->rgi.flags & RGI_ADDR_DEFINED))
 	{
 	  msg (M_WARN, "%s Cannot read current default gateway from system", err);
 	}
+#endif
       else if (!(rl->spec.flags & RTSA_REMOTE_HOST))
 	{
 	  msg (M_WARN, "%s Cannot obtain current remote host address", err);
@@ -913,6 +915,16 @@ redirect_default_route_to_vpn (struct route_list *rl, const struct tuntap *tt, u
 
 	  if (rl->flags & RG_REROUTE_GW)
 	    {
+#ifdef TARGET_ANDROID
+	      add_route3 (0,
+			  0,
+			  rl->spec.remote_endpoint,
+			  tt,
+			  flags,
+			  &rl->rgi,
+			  es);
+
+#else
 	      if (rl->flags & RG_DEF1)
 		{
 		  /* add new default route (1st component) */
@@ -953,6 +965,7 @@ redirect_default_route_to_vpn (struct route_list *rl, const struct tuntap *tt, u
 			      &rl->rgi,
 			      es);
 		}
+#endif
 	    }
 
 	  /* set a flag so we can undo later */
@@ -1338,15 +1351,18 @@ add_route (struct route_ipv4 *r,
 
 #if defined(TARGET_LINUX)
 #ifdef ENABLE_IPROUTE
-  /* FIXME -- add on-link support for ENABLE_IPROUTE */
-  argv_printf (&argv, "%s route add %s/%d via %s",
+  argv_printf (&argv, "%s route add %s/%d",
   	      iproute_path,
 	      network,
-	      count_netmask_bits(netmask),
-	      gateway);
+             count_netmask_bits(netmask));
+
   if (r->flags & RT_METRIC_DEFINED)
     argv_printf_cat (&argv, "metric %d", r->metric);
 
+  if (is_on_link (is_local_route, flags, rgi))
+    argv_printf_cat (&argv, "dev %s", rgi->iface);
+  else
+    argv_printf_cat (&argv, "via %s", gateway);
 #else
   argv_printf (&argv, "%s add -net %s netmask %s",
 	       ROUTE_PATH,
diff --git a/app/openvpn/src/openvpn/sig.c b/app/openvpn/src/openvpn/sig.c
index 90e39a42..a3d29de0 100644
--- a/app/openvpn/src/openvpn/sig.c
+++ b/app/openvpn/src/openvpn/sig.c
@@ -126,7 +126,7 @@ print_signal (const struct signal_info *si, const char *title, int msglevel)
     {
       const char *type = (si->signal_text ? si->signal_text : "");
       const char *t = (title ? title : "process");
-      const char *hs;
+      const char *hs = NULL;
       switch (si->source)
         {
         case SIG_SOURCE_SOFT:
diff --git a/app/openvpn/src/openvpn/socket.c b/app/openvpn/src/openvpn/socket.c
index 9e6bd10c..c649d627 100644
--- a/app/openvpn/src/openvpn/socket.c
+++ b/app/openvpn/src/openvpn/socket.c
@@ -2354,12 +2354,12 @@ print_sockaddr_ex (const struct sockaddr *sa,
 				   struct gc_arena *gc)
 {
   struct buffer out = alloc_buf_gc (128, gc);
-  bool addr_is_defined;
+  bool addr_is_defined = false;
   char hostaddr[NI_MAXHOST] = "";
   char servname[NI_MAXSERV] = "";
   int status;
 
-  socklen_t salen;
+  socklen_t salen = 0;
   switch(sa->sa_family)
     {
     case AF_INET:
diff --git a/app/openvpn/src/openvpn/ssl.c b/app/openvpn/src/openvpn/ssl.c
index 929f95fa..f79f42d9 100644
--- a/app/openvpn/src/openvpn/ssl.c
+++ b/app/openvpn/src/openvpn/ssl.c
@@ -1056,7 +1056,7 @@ tls_multi_init (struct tls_options *tls_options)
   ret->key_scan[2] = &ret->session[TM_LAME_DUCK].key[KS_LAME_DUCK];
 
   /* By default not use P_DATA_V2 */
-  ret->use_session_id = false;
+  ret->use_peer_id = false;
 
   return ret;
 }
@@ -2826,7 +2826,17 @@ tls_pre_decrypt (struct tls_multi *multi,
 		  opt->flags &= multi->opt.crypto_flags_and;
 		  opt->flags |= multi->opt.crypto_flags_or;
 
-		  ASSERT (buf_advance (buf, op == P_DATA_V1 ? 1 : 4));
+		  ASSERT (buf_advance (buf, 1));
+		  if (op == P_DATA_V2)
+		    {
+		      if (buf->len < 4)
+			{
+			  msg (D_TLS_ERRORS, "Protocol error: received P_DATA_V2 from %s but length is < 4",
+				print_link_socket_actual (from, &gc));
+			  goto error;
+			}
+		      ASSERT (buf_advance (buf, 3));
+		    }
 
 		  ++ks->n_packets;
 		  ks->n_bytes += buf->len;
@@ -3324,7 +3334,6 @@ tls_pre_decrypt_lite (const struct tls_auth_standalone *tas,
   return ret;
 
  error:
-
   tls_clear_error();
   gc_free (&gc);
   return ret;
@@ -3393,7 +3402,7 @@ tls_post_encrypt (struct tls_multi *multi, struct buffer *buf)
 {
   struct key_state *ks;
   uint8_t *op;
-  uint32_t sess;
+  uint32_t peer;
 
   ks = multi->save_ks;
   multi->save_ks = NULL;
@@ -3401,10 +3410,10 @@ tls_post_encrypt (struct tls_multi *multi, struct buffer *buf)
     {
       ASSERT (ks);
 
-      if (!multi->opt.server && multi->use_session_id)
+      if (!multi->opt.server && multi->use_peer_id)
 	{
-	  sess = ((P_DATA_V2 << P_OPCODE_SHIFT) | ks->key_id) | (multi->vpn_session_id << 8);
-	  ASSERT (buf_write_prepend (buf, &sess, 4));
+	  peer = htonl(((P_DATA_V2 << P_OPCODE_SHIFT) | ks->key_id) << 24 | (multi->peer_id & 0xFFFFFF));
+	  ASSERT (buf_write_prepend (buf, &peer, 4));
 	}
       else
 	{
diff --git a/app/openvpn/src/openvpn/ssl.h b/app/openvpn/src/openvpn/ssl.h
index 9bdd641f..a338745e 100644
--- a/app/openvpn/src/openvpn/ssl.h
+++ b/app/openvpn/src/openvpn/ssl.h
@@ -60,7 +60,7 @@
 #define P_CONTROL_V1                   4     /* control channel packet (usually TLS ciphertext) */
 #define P_ACK_V1                       5     /* acknowledgement for packets received */
 #define P_DATA_V1                      6     /* data channel packet */
-#define P_DATA_V2                      9     /* data channel packet with session_id */
+#define P_DATA_V2                      9     /* data channel packet with peer-id */
 
 /* indicates key_method >= 2 */
 #define P_CONTROL_HARD_RESET_CLIENT_V2 7     /* initial key from client, forget previous state */
diff --git a/app/openvpn/src/openvpn/ssl_common.h b/app/openvpn/src/openvpn/ssl_common.h
index 2fc72aa6..cb0ba628 100644
--- a/app/openvpn/src/openvpn/ssl_common.h
+++ b/app/openvpn/src/openvpn/ssl_common.h
@@ -496,8 +496,8 @@ struct tls_multi
 #endif
 
   /* For P_DATA_V2 */
-  uint32_t vpn_session_id;
-  int use_session_id;
+  uint32_t peer_id;
+  bool use_peer_id;
 
   /*
    * Our session objects.
diff --git a/app/openvpn/src/openvpn/ssl_polarssl.c b/app/openvpn/src/openvpn/ssl_polarssl.c
index ddccf1d9..387e6369 100644
--- a/app/openvpn/src/openvpn/ssl_polarssl.c
+++ b/app/openvpn/src/openvpn/ssl_polarssl.c
@@ -40,6 +40,7 @@
 
 #include "errlevel.h"
 #include "ssl_backend.h"
+#include "base64.h"
 #include "buffer.h"
 #include "misc.h"
 #include "manage.h"
@@ -49,8 +50,10 @@
 
 #include "ssl_verify_polarssl.h"
 #include <polarssl/error.h>
+#include <polarssl/oid.h>
 #include <polarssl/pem.h>
 #include <polarssl/sha256.h>
+#include <polarssl/version.h>
 
 void
 tls_init_lib()
@@ -210,12 +213,13 @@ tls_ctx_restrict_ciphers(struct tls_root_ctx *ctx, const char *ciphers)
 
 void
 tls_ctx_load_dh_params (struct tls_root_ctx *ctx, const char *dh_file,
-    const char *dh_file_inline
+    const char *dh_inline
     )
 {
-  if (!strcmp (dh_file, INLINE_FILE_TAG) && dh_file_inline)
+  if (!strcmp (dh_file, INLINE_FILE_TAG) && dh_inline)
     {
-      if (0 != dhm_parse_dhm(ctx->dhm_ctx, dh_file_inline, strlen(dh_file_inline)))
+      if (0 != dhm_parse_dhm(ctx->dhm_ctx, (const unsigned char *) dh_inline,
+	  strlen(dh_inline)))
 	msg (M_FATAL, "Cannot read inline DH parameters");
   }
 else
@@ -257,15 +261,15 @@ tls_ctx_load_cryptoapi(struct tls_root_ctx *ctx, const char *cryptoapi_cert)
 
 void
 tls_ctx_load_cert_file (struct tls_root_ctx *ctx, const char *cert_file,
-    const char *cert_file_inline
+    const char *cert_inline
     )
 {
   ASSERT(NULL != ctx);
 
-  if (!strcmp (cert_file, INLINE_FILE_TAG) && cert_file_inline)
+  if (!strcmp (cert_file, INLINE_FILE_TAG) && cert_inline)
     {
-      if (0 != x509_crt_parse(ctx->crt_chain, cert_file_inline,
-	  strlen(cert_file_inline)))
+      if (0 != x509_crt_parse(ctx->crt_chain,
+	  (const unsigned char *) cert_inline, strlen(cert_inline)))
         msg (M_FATAL, "Cannot load inline certificate file");
     }
   else
@@ -282,31 +286,31 @@ tls_ctx_load_cert_file (struct tls_root_ctx *ctx, const char *cert_file,
 
 int
 tls_ctx_load_priv_file (struct tls_root_ctx *ctx, const char *priv_key_file,
-    const char *priv_key_file_inline
+    const char *priv_key_inline
     )
 {
   int status;
   ASSERT(NULL != ctx);
 
-  if (!strcmp (priv_key_file, INLINE_FILE_TAG) && priv_key_file_inline)
+  if (!strcmp (priv_key_file, INLINE_FILE_TAG) && priv_key_inline)
     {
       status = pk_parse_key(ctx->priv_key,
-	  priv_key_file_inline, strlen(priv_key_file_inline),
+	  (const unsigned char *) priv_key_inline, strlen(priv_key_inline),
 	  NULL, 0);
 
-      if (POLARSSL_ERR_PEM_PASSWORD_REQUIRED == status)
+      if (POLARSSL_ERR_PK_PASSWORD_REQUIRED == status)
 	{
 	  char passbuf[512] = {0};
 	  pem_password_callback(passbuf, 512, 0, NULL);
 	  status = pk_parse_key(ctx->priv_key,
-	      priv_key_file_inline, strlen(priv_key_file_inline),
+	      (const unsigned char *) priv_key_inline, strlen(priv_key_inline),
 	      (unsigned char *) passbuf, strlen(passbuf));
 	}
     }
   else
     {
       status = pk_parse_keyfile(ctx->priv_key, priv_key_file, NULL);
-      if (POLARSSL_ERR_PEM_PASSWORD_REQUIRED == status)
+      if (POLARSSL_ERR_PK_PASSWORD_REQUIRED == status)
 	{
 	  char passbuf[512] = {0};
 	  pem_password_callback(passbuf, 512, 0, NULL);
@@ -316,7 +320,7 @@ tls_ctx_load_priv_file (struct tls_root_ctx *ctx, const char *priv_key_file,
   if (0 != status)
     {
 #ifdef ENABLE_MANAGEMENT
-      if (management && (POLARSSL_ERR_PEM_PASSWORD_MISMATCH == status))
+      if (management && (POLARSSL_ERR_PK_PASSWORD_MISMATCH == status))
 	  management_auth_failure (management, UP_TYPE_PRIVATE_KEY, NULL);
 #endif
       msg (M_WARN, "Cannot load private key file %s", priv_key_file);
diff --git a/app/openvpn/src/openvpn/ssl_verify_openssl.c b/app/openvpn/src/openvpn/ssl_verify_openssl.c
index cbcff022..33cd757d 100644
--- a/app/openvpn/src/openvpn/ssl_verify_openssl.c
+++ b/app/openvpn/src/openvpn/ssl_verify_openssl.c
@@ -101,9 +101,7 @@ static
 bool extract_x509_extension(X509 *cert, char *fieldname, char *out, int size)
 {
   bool retval = false;
-  X509_EXTENSION *pExt;
   char *buf = 0;
-  int length = 0;
   GENERAL_NAMES *extensions;
   int nid = OBJ_txt2nid(fieldname);
 
@@ -140,8 +138,8 @@ bool extract_x509_extension(X509 *cert, char *fieldname, char *out, int size)
                   }
                 break;
               default:
-                msg (D_TLS_ERRORS, "ASN1 ERROR: can not handle field type %i",
-                     name->type);
+                msg (D_TLS_DEBUG, "%s: ignoring general name field type %i",
+                    __func__, name->type);
                 break;
             }
           }
diff --git a/app/openvpn/src/openvpn/tun.h b/app/openvpn/src/openvpn/tun.h
index 631b53c6..79e2d188 100644
--- a/app/openvpn/src/openvpn/tun.h
+++ b/app/openvpn/src/openvpn/tun.h
@@ -391,6 +391,19 @@ tuntap_stop (int status)
   return false;
 }
 
+static inline bool
+tuntap_abort(int status)
+{
+  /*
+   * Typically generated when driver is halted.
+   */
+  if (status < 0)
+    {
+      return openvpn_errno() == ERROR_OPERATION_ABORTED;
+    }
+  return false;
+}
+
 static inline int
 tun_write_win32 (struct tuntap *tt, struct buffer *buf)
 {
@@ -432,6 +445,12 @@ tuntap_stop (int status)
   return false;
 }
 
+static inline bool
+tuntap_abort(int status)
+{
+  return false;
+}
+
 static inline void
 tun_standby_init (struct tuntap *tt)
 {
diff --git a/app/openvpn/src/plugins/Makefile.in b/app/openvpn/src/plugins/Makefile.in
new file mode 100644
index 00000000..6a366c4b
--- /dev/null
+++ b/app/openvpn/src/plugins/Makefile.in
@@ -0,0 +1,546 @@
+# Makefile.in generated by automake 1.10 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+#
+#  OpenVPN -- An application to securely tunnel IP networks
+#             over a single UDP port, with support for SSL/TLS-based
+#             session authentication and key exchange,
+#             packet encryption, packet authentication, and
+#             packet compression.
+#
+#  Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>
+#  Copyright (C) 2006-2012 Alon Bar-Lev <alon.barlev@gmail.com>
+#
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+subdir = src/plugins
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/ax_emptyarray.m4 \
+	$(top_srcdir)/m4/ax_socklen_t.m4 \
+	$(top_srcdir)/m4/ax_varargs.m4 $(top_srcdir)/m4/libtool.m4 \
+	$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
+	$(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
+	$(top_srcdir)/m4/pkg.m4 $(top_srcdir)/version.m4 \
+	$(top_srcdir)/compat.m4 $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+	$(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+SOURCES =
+DIST_SOURCES =
+RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \
+	html-recursive info-recursive install-data-recursive \
+	install-dvi-recursive install-exec-recursive \
+	install-html-recursive install-info-recursive \
+	install-pdf-recursive install-ps-recursive install-recursive \
+	installcheck-recursive installdirs-recursive pdf-recursive \
+	ps-recursive uninstall-recursive
+RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive	\
+  distclean-recursive maintainer-clean-recursive
+ETAGS = etags
+CTAGS = ctags
+DIST_SUBDIRS = $(SUBDIRS)
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+AR = @AR@
+AS = @AS@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DLLTOOL = @DLLTOOL@
+DL_LIBS = @DL_LIBS@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+GIT = @GIT@
+GREP = @GREP@
+IFCONFIG = @IFCONFIG@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+IPROUTE = @IPROUTE@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LIBOBJS = @LIBOBJS@
+LIBPAM_CFLAGS = @LIBPAM_CFLAGS@
+LIBPAM_LIBS = @LIBPAM_LIBS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+LZO_CFLAGS = @LZO_CFLAGS@
+LZO_LIBS = @LZO_LIBS@
+MAKEINFO = @MAKEINFO@
+MAN2HTML = @MAN2HTML@
+MKDIR_P = @MKDIR_P@
+NETSTAT = @NETSTAT@
+NM = @NM@
+NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OPENSSL_CRYPTO_CFLAGS = @OPENSSL_CRYPTO_CFLAGS@
+OPENSSL_CRYPTO_LIBS = @OPENSSL_CRYPTO_LIBS@
+OPENSSL_SSL_CFLAGS = @OPENSSL_SSL_CFLAGS@
+OPENSSL_SSL_LIBS = @OPENSSL_SSL_LIBS@
+OPTIONAL_CRYPTO_CFLAGS = @OPTIONAL_CRYPTO_CFLAGS@
+OPTIONAL_CRYPTO_LIBS = @OPTIONAL_CRYPTO_LIBS@
+OPTIONAL_DL_LIBS = @OPTIONAL_DL_LIBS@
+OPTIONAL_LZO_CFLAGS = @OPTIONAL_LZO_CFLAGS@
+OPTIONAL_LZO_LIBS = @OPTIONAL_LZO_LIBS@
+OPTIONAL_PKCS11_HELPER_CFLAGS = @OPTIONAL_PKCS11_HELPER_CFLAGS@
+OPTIONAL_PKCS11_HELPER_LIBS = @OPTIONAL_PKCS11_HELPER_LIBS@
+OPTIONAL_SELINUX_LIBS = @OPTIONAL_SELINUX_LIBS@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PKCS11_HELPER_CFLAGS = @PKCS11_HELPER_CFLAGS@
+PKCS11_HELPER_LIBS = @PKCS11_HELPER_LIBS@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
+PLUGIN_AUTH_PAM_CFLAGS = @PLUGIN_AUTH_PAM_CFLAGS@
+PLUGIN_AUTH_PAM_LIBS = @PLUGIN_AUTH_PAM_LIBS@
+POLARSSL_CFLAGS = @POLARSSL_CFLAGS@
+POLARSSL_LIBS = @POLARSSL_LIBS@
+RANLIB = @RANLIB@
+RC = @RC@
+ROUTE = @ROUTE@
+SED = @SED@
+SELINUX_LIBS = @SELINUX_LIBS@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+SOCKETS_LIBS = @SOCKETS_LIBS@
+STRIP = @STRIP@
+TAP_CFLAGS = @TAP_CFLAGS@
+TAP_WIN_COMPONENT_ID = @TAP_WIN_COMPONENT_ID@
+TAP_WIN_MIN_MAJOR = @TAP_WIN_MIN_MAJOR@
+TAP_WIN_MIN_MINOR = @TAP_WIN_MIN_MINOR@
+VERSION = @VERSION@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+plugindir = @plugindir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sampledir = @sampledir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+MAINTAINERCLEANFILES = \
+	$(srcdir)/Makefile.in
+
+SUBDIRS = auth-pam down-root
+all: all-recursive
+
+.SUFFIXES:
+$(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
+	@for dep in $?; do \
+	  case '$(am__configure_deps)' in \
+	    *$$dep*) \
+	      cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
+		&& exit 0; \
+	      exit 1;; \
+	  esac; \
+	done; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign  src/plugins/Makefile'; \
+	cd $(top_srcdir) && \
+	  $(AUTOMAKE) --foreign  src/plugins/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+	@case '$?' in \
+	  *config.status*) \
+	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+	  *) \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+	esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure:  $(am__configure_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4):  $(am__aclocal_m4_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+mostlyclean-libtool:
+	-rm -f *.lo
+
+clean-libtool:
+	-rm -rf .libs _libs
+
+# This directory's subdirectories are mostly independent; you can cd
+# into them and run `make' without going through this Makefile.
+# To change the values of `make' variables: instead of editing Makefiles,
+# (1) if the variable is set in `config.status', edit `config.status'
+#     (which will cause the Makefiles to be regenerated when you run `make');
+# (2) otherwise, pass the desired values on the `make' command line.
+$(RECURSIVE_TARGETS):
+	@failcom='exit 1'; \
+	for f in x $$MAKEFLAGS; do \
+	  case $$f in \
+	    *=* | --[!k]*);; \
+	    *k*) failcom='fail=yes';; \
+	  esac; \
+	done; \
+	dot_seen=no; \
+	target=`echo $@ | sed s/-recursive//`; \
+	list='$(SUBDIRS)'; for subdir in $$list; do \
+	  echo "Making $$target in $$subdir"; \
+	  if test "$$subdir" = "."; then \
+	    dot_seen=yes; \
+	    local_target="$$target-am"; \
+	  else \
+	    local_target="$$target"; \
+	  fi; \
+	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
+	  || eval $$failcom; \
+	done; \
+	if test "$$dot_seen" = "no"; then \
+	  $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \
+	fi; test -z "$$fail"
+
+$(RECURSIVE_CLEAN_TARGETS):
+	@failcom='exit 1'; \
+	for f in x $$MAKEFLAGS; do \
+	  case $$f in \
+	    *=* | --[!k]*);; \
+	    *k*) failcom='fail=yes';; \
+	  esac; \
+	done; \
+	dot_seen=no; \
+	case "$@" in \
+	  distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
+	  *) list='$(SUBDIRS)' ;; \
+	esac; \
+	rev=''; for subdir in $$list; do \
+	  if test "$$subdir" = "."; then :; else \
+	    rev="$$subdir $$rev"; \
+	  fi; \
+	done; \
+	rev="$$rev ."; \
+	target=`echo $@ | sed s/-recursive//`; \
+	for subdir in $$rev; do \
+	  echo "Making $$target in $$subdir"; \
+	  if test "$$subdir" = "."; then \
+	    local_target="$$target-am"; \
+	  else \
+	    local_target="$$target"; \
+	  fi; \
+	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
+	  || eval $$failcom; \
+	done && test -z "$$fail"
+tags-recursive:
+	list='$(SUBDIRS)'; for subdir in $$list; do \
+	  test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \
+	done
+ctags-recursive:
+	list='$(SUBDIRS)'; for subdir in $$list; do \
+	  test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \
+	done
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '    { files[$$0] = 1; } \
+	       END { for (i in files) print i; }'`; \
+	mkid -fID $$unique
+tags: TAGS
+
+TAGS: tags-recursive $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
+		$(TAGS_FILES) $(LISP)
+	tags=; \
+	here=`pwd`; \
+	if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \
+	  include_option=--etags-include; \
+	  empty_fix=.; \
+	else \
+	  include_option=--include; \
+	  empty_fix=; \
+	fi; \
+	list='$(SUBDIRS)'; for subdir in $$list; do \
+	  if test "$$subdir" = .; then :; else \
+	    test ! -f $$subdir/TAGS || \
+	      tags="$$tags $$include_option=$$here/$$subdir/TAGS"; \
+	  fi; \
+	done; \
+	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '    { files[$$0] = 1; } \
+	       END { for (i in files) print i; }'`; \
+	if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+	  test -n "$$unique" || unique=$$empty_fix; \
+	  $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	    $$tags $$unique; \
+	fi
+ctags: CTAGS
+CTAGS: ctags-recursive $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
+		$(TAGS_FILES) $(LISP)
+	tags=; \
+	here=`pwd`; \
+	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '    { files[$$0] = 1; } \
+	       END { for (i in files) print i; }'`; \
+	test -z "$(CTAGS_ARGS)$$tags$$unique" \
+	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+	     $$tags $$unique
+
+GTAGS:
+	here=`$(am__cd) $(top_builddir) && pwd` \
+	  && cd $(top_srcdir) \
+	  && gtags -i $(GTAGS_ARGS) $$here
+
+distclean-tags:
+	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	list='$(DISTFILES)'; \
+	  dist_files=`for file in $$list; do echo $$file; done | \
+	  sed -e "s|^$$srcdirstrip/||;t" \
+	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+	case $$dist_files in \
+	  */*) $(MKDIR_P) `echo "$$dist_files" | \
+			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+			   sort -u` ;; \
+	esac; \
+	for file in $$dist_files; do \
+	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+	  if test -d $$d/$$file; then \
+	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+	    fi; \
+	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+	  else \
+	    test -f $(distdir)/$$file \
+	    || cp -p $$d/$$file $(distdir)/$$file \
+	    || exit 1; \
+	  fi; \
+	done
+	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+	  if test "$$subdir" = .; then :; else \
+	    test -d "$(distdir)/$$subdir" \
+	    || $(MKDIR_P) "$(distdir)/$$subdir" \
+	    || exit 1; \
+	    distdir=`$(am__cd) $(distdir) && pwd`; \
+	    top_distdir=`$(am__cd) $(top_distdir) && pwd`; \
+	    (cd $$subdir && \
+	      $(MAKE) $(AM_MAKEFLAGS) \
+	        top_distdir="$$top_distdir" \
+	        distdir="$$distdir/$$subdir" \
+		am__remove_distdir=: \
+		am__skip_length_check=: \
+	        distdir) \
+	      || exit 1; \
+	  fi; \
+	done
+check-am: all-am
+check: check-recursive
+all-am: Makefile
+installdirs: installdirs-recursive
+installdirs-am:
+install: install-recursive
+install-exec: install-exec-recursive
+install-data: install-data-recursive
+uninstall: uninstall-recursive
+
+install-am: all-am
+	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-recursive
+install-strip:
+	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	  `test -z '$(STRIP)' || \
+	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+
+maintainer-clean-generic:
+	@echo "This command is intended for maintainers to use"
+	@echo "it deletes files that may require special tools to rebuild."
+	-test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES)
+clean: clean-recursive
+
+clean-am: clean-generic clean-libtool mostlyclean-am
+
+distclean: distclean-recursive
+	-rm -f Makefile
+distclean-am: clean-am distclean-generic distclean-tags
+
+dvi: dvi-recursive
+
+dvi-am:
+
+html: html-recursive
+
+info: info-recursive
+
+info-am:
+
+install-data-am:
+
+install-dvi: install-dvi-recursive
+
+install-exec-am:
+
+install-html: install-html-recursive
+
+install-info: install-info-recursive
+
+install-man:
+
+install-pdf: install-pdf-recursive
+
+install-ps: install-ps-recursive
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-recursive
+	-rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-recursive
+
+mostlyclean-am: mostlyclean-generic mostlyclean-libtool
+
+pdf: pdf-recursive
+
+pdf-am:
+
+ps: ps-recursive
+
+ps-am:
+
+uninstall-am:
+
+.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) install-am \
+	install-strip
+
+.PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \
+	all all-am check check-am clean clean-generic clean-libtool \
+	ctags ctags-recursive distclean distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-pdf install-pdf-am \
+	install-ps install-ps-am install-strip installcheck \
+	installcheck-am installdirs installdirs-am maintainer-clean \
+	maintainer-clean-generic mostlyclean mostlyclean-generic \
+	mostlyclean-libtool pdf pdf-am ps ps-am tags tags-recursive \
+	uninstall uninstall-am
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/app/openvpn/src/plugins/auth-pam/Makefile.in b/app/openvpn/src/plugins/auth-pam/Makefile.in
new file mode 100644
index 00000000..74c23306
--- /dev/null
+++ b/app/openvpn/src/plugins/auth-pam/Makefile.in
@@ -0,0 +1,570 @@
+# Makefile.in generated by automake 1.10 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+#
+#  OpenVPN (TM) PAM Auth Plugin -- OpenVPN Plugin
+#
+#  Copyright (C) 2012      Alon Bar-Lev <alon.barlev@gmail.com>
+#
+
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+subdir = src/plugins/auth-pam
+DIST_COMMON = $(am__dist_doc_DATA_DIST) $(srcdir)/Makefile.am \
+	$(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/ax_emptyarray.m4 \
+	$(top_srcdir)/m4/ax_socklen_t.m4 \
+	$(top_srcdir)/m4/ax_varargs.m4 $(top_srcdir)/m4/libtool.m4 \
+	$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
+	$(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
+	$(top_srcdir)/m4/pkg.m4 $(top_srcdir)/version.m4 \
+	$(top_srcdir)/compat.m4 $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+	$(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+    $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+    *) f=$$p;; \
+  esac;
+am__strip_dir = `echo $$p | sed -e 's|^.*/||'`;
+am__installdirs = "$(DESTDIR)$(plugindir)" "$(DESTDIR)$(docdir)"
+pluginLTLIBRARIES_INSTALL = $(INSTALL)
+LTLIBRARIES = $(plugin_LTLIBRARIES)
+am__DEPENDENCIES_1 =
+openvpn_plugin_auth_pam_la_DEPENDENCIES = $(am__DEPENDENCIES_1)
+am_openvpn_plugin_auth_pam_la_OBJECTS = auth-pam.lo pamdl.lo
+openvpn_plugin_auth_pam_la_OBJECTS =  \
+	$(am_openvpn_plugin_auth_pam_la_OBJECTS)
+openvpn_plugin_auth_pam_la_LINK = $(LIBTOOL) --tag=CC \
+	$(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
+	$(AM_CFLAGS) $(CFLAGS) $(openvpn_plugin_auth_pam_la_LDFLAGS) \
+	$(LDFLAGS) -o $@
+@ENABLE_PLUGIN_AUTH_PAM_TRUE@am_openvpn_plugin_auth_pam_la_rpath =  \
+@ENABLE_PLUGIN_AUTH_PAM_TRUE@	-rpath $(plugindir)
+DEFAULT_INCLUDES = -I. -I$(top_builddir)@am__isrc@
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__depfiles_maybe = depfiles
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+	--mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+	$(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+	--mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+	$(LDFLAGS) -o $@
+SOURCES = $(openvpn_plugin_auth_pam_la_SOURCES)
+DIST_SOURCES = $(openvpn_plugin_auth_pam_la_SOURCES)
+am__dist_doc_DATA_DIST = README.auth-pam
+dist_docDATA_INSTALL = $(INSTALL_DATA)
+DATA = $(dist_doc_DATA)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+AR = @AR@
+AS = @AS@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DLLTOOL = @DLLTOOL@
+DL_LIBS = @DL_LIBS@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+GIT = @GIT@
+GREP = @GREP@
+IFCONFIG = @IFCONFIG@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+IPROUTE = @IPROUTE@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LIBOBJS = @LIBOBJS@
+LIBPAM_CFLAGS = @LIBPAM_CFLAGS@
+LIBPAM_LIBS = @LIBPAM_LIBS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+LZO_CFLAGS = @LZO_CFLAGS@
+LZO_LIBS = @LZO_LIBS@
+MAKEINFO = @MAKEINFO@
+MAN2HTML = @MAN2HTML@
+MKDIR_P = @MKDIR_P@
+NETSTAT = @NETSTAT@
+NM = @NM@
+NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OPENSSL_CRYPTO_CFLAGS = @OPENSSL_CRYPTO_CFLAGS@
+OPENSSL_CRYPTO_LIBS = @OPENSSL_CRYPTO_LIBS@
+OPENSSL_SSL_CFLAGS = @OPENSSL_SSL_CFLAGS@
+OPENSSL_SSL_LIBS = @OPENSSL_SSL_LIBS@
+OPTIONAL_CRYPTO_CFLAGS = @OPTIONAL_CRYPTO_CFLAGS@
+OPTIONAL_CRYPTO_LIBS = @OPTIONAL_CRYPTO_LIBS@
+OPTIONAL_DL_LIBS = @OPTIONAL_DL_LIBS@
+OPTIONAL_LZO_CFLAGS = @OPTIONAL_LZO_CFLAGS@
+OPTIONAL_LZO_LIBS = @OPTIONAL_LZO_LIBS@
+OPTIONAL_PKCS11_HELPER_CFLAGS = @OPTIONAL_PKCS11_HELPER_CFLAGS@
+OPTIONAL_PKCS11_HELPER_LIBS = @OPTIONAL_PKCS11_HELPER_LIBS@
+OPTIONAL_SELINUX_LIBS = @OPTIONAL_SELINUX_LIBS@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PKCS11_HELPER_CFLAGS = @PKCS11_HELPER_CFLAGS@
+PKCS11_HELPER_LIBS = @PKCS11_HELPER_LIBS@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
+PLUGIN_AUTH_PAM_CFLAGS = @PLUGIN_AUTH_PAM_CFLAGS@
+PLUGIN_AUTH_PAM_LIBS = @PLUGIN_AUTH_PAM_LIBS@
+POLARSSL_CFLAGS = @POLARSSL_CFLAGS@
+POLARSSL_LIBS = @POLARSSL_LIBS@
+RANLIB = @RANLIB@
+RC = @RC@
+ROUTE = @ROUTE@
+SED = @SED@
+SELINUX_LIBS = @SELINUX_LIBS@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+SOCKETS_LIBS = @SOCKETS_LIBS@
+STRIP = @STRIP@
+TAP_CFLAGS = @TAP_CFLAGS@
+TAP_WIN_COMPONENT_ID = @TAP_WIN_COMPONENT_ID@
+TAP_WIN_MIN_MAJOR = @TAP_WIN_MIN_MAJOR@
+TAP_WIN_MIN_MINOR = @TAP_WIN_MIN_MINOR@
+VERSION = @VERSION@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+plugindir = @plugindir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sampledir = @sampledir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+MAINTAINERCLEANFILES = \
+	$(srcdir)/Makefile.in
+
+AM_CFLAGS = \
+	-I$(top_srcdir)/include
+
+@ENABLE_PLUGIN_AUTH_PAM_TRUE@plugin_LTLIBRARIES = openvpn-plugin-auth-pam.la
+@ENABLE_PLUGIN_AUTH_PAM_TRUE@dist_doc_DATA = README.auth-pam
+openvpn_plugin_auth_pam_la_SOURCES = \
+	auth-pam.c \
+	pamdl.c  pamdl.h \
+	auth-pam.exports
+
+openvpn_plugin_auth_pam_la_LIBADD = \
+	$(PLUGIN_AUTH_PAM_LIBS)
+
+openvpn_plugin_auth_pam_la_LDFLAGS = $(AM_LDFLAGS) \
+	-export-symbols "$(srcdir)/auth-pam.exports" \
+	-module -shared -avoid-version -no-undefined
+
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .o .obj
+$(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
+	@for dep in $?; do \
+	  case '$(am__configure_deps)' in \
+	    *$$dep*) \
+	      cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
+		&& exit 0; \
+	      exit 1;; \
+	  esac; \
+	done; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign  src/plugins/auth-pam/Makefile'; \
+	cd $(top_srcdir) && \
+	  $(AUTOMAKE) --foreign  src/plugins/auth-pam/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+	@case '$?' in \
+	  *config.status*) \
+	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+	  *) \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+	esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure:  $(am__configure_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4):  $(am__aclocal_m4_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
+	@$(NORMAL_INSTALL)
+	test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
+	@list='$(plugin_LTLIBRARIES)'; for p in $$list; do \
+	  if test -f $$p; then \
+	    f=$(am__strip_dir) \
+	    echo " $(LIBTOOL) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(plugindir)/$$f'"; \
+	    $(LIBTOOL) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(plugindir)/$$f"; \
+	  else :; fi; \
+	done
+
+uninstall-pluginLTLIBRARIES:
+	@$(NORMAL_UNINSTALL)
+	@list='$(plugin_LTLIBRARIES)'; for p in $$list; do \
+	  p=$(am__strip_dir) \
+	  echo " $(LIBTOOL) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$p'"; \
+	  $(LIBTOOL) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$p"; \
+	done
+
+clean-pluginLTLIBRARIES:
+	-test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES)
+	@list='$(plugin_LTLIBRARIES)'; for p in $$list; do \
+	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+	  test "$$dir" != "$$p" || dir=.; \
+	  echo "rm -f \"$${dir}/so_locations\""; \
+	  rm -f "$${dir}/so_locations"; \
+	done
+openvpn-plugin-auth-pam.la: $(openvpn_plugin_auth_pam_la_OBJECTS) $(openvpn_plugin_auth_pam_la_DEPENDENCIES) 
+	$(openvpn_plugin_auth_pam_la_LINK) $(am_openvpn_plugin_auth_pam_la_rpath) $(openvpn_plugin_auth_pam_la_OBJECTS) $(openvpn_plugin_auth_pam_la_LIBADD) $(LIBS)
+
+mostlyclean-compile:
+	-rm -f *.$(OBJEXT)
+
+distclean-compile:
+	-rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/auth-pam.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pamdl.Plo@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@	$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@	mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(COMPILE) -c $<
+
+.c.obj:
+@am__fastdepCC_TRUE@	$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@	mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+@am__fastdepCC_TRUE@	$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@	mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+	-rm -f *.lo
+
+clean-libtool:
+	-rm -rf .libs _libs
+install-dist_docDATA: $(dist_doc_DATA)
+	@$(NORMAL_INSTALL)
+	test -z "$(docdir)" || $(MKDIR_P) "$(DESTDIR)$(docdir)"
+	@list='$(dist_doc_DATA)'; for p in $$list; do \
+	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+	  f=$(am__strip_dir) \
+	  echo " $(dist_docDATA_INSTALL) '$$d$$p' '$(DESTDIR)$(docdir)/$$f'"; \
+	  $(dist_docDATA_INSTALL) "$$d$$p" "$(DESTDIR)$(docdir)/$$f"; \
+	done
+
+uninstall-dist_docDATA:
+	@$(NORMAL_UNINSTALL)
+	@list='$(dist_doc_DATA)'; for p in $$list; do \
+	  f=$(am__strip_dir) \
+	  echo " rm -f '$(DESTDIR)$(docdir)/$$f'"; \
+	  rm -f "$(DESTDIR)$(docdir)/$$f"; \
+	done
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '    { files[$$0] = 1; } \
+	       END { for (i in files) print i; }'`; \
+	mkid -fID $$unique
+tags: TAGS
+
+TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
+		$(TAGS_FILES) $(LISP)
+	tags=; \
+	here=`pwd`; \
+	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '    { files[$$0] = 1; } \
+	       END { for (i in files) print i; }'`; \
+	if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+	  test -n "$$unique" || unique=$$empty_fix; \
+	  $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	    $$tags $$unique; \
+	fi
+ctags: CTAGS
+CTAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
+		$(TAGS_FILES) $(LISP)
+	tags=; \
+	here=`pwd`; \
+	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '    { files[$$0] = 1; } \
+	       END { for (i in files) print i; }'`; \
+	test -z "$(CTAGS_ARGS)$$tags$$unique" \
+	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+	     $$tags $$unique
+
+GTAGS:
+	here=`$(am__cd) $(top_builddir) && pwd` \
+	  && cd $(top_srcdir) \
+	  && gtags -i $(GTAGS_ARGS) $$here
+
+distclean-tags:
+	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	list='$(DISTFILES)'; \
+	  dist_files=`for file in $$list; do echo $$file; done | \
+	  sed -e "s|^$$srcdirstrip/||;t" \
+	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+	case $$dist_files in \
+	  */*) $(MKDIR_P) `echo "$$dist_files" | \
+			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+			   sort -u` ;; \
+	esac; \
+	for file in $$dist_files; do \
+	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+	  if test -d $$d/$$file; then \
+	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+	    fi; \
+	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+	  else \
+	    test -f $(distdir)/$$file \
+	    || cp -p $$d/$$file $(distdir)/$$file \
+	    || exit 1; \
+	  fi; \
+	done
+check-am: all-am
+check: check-am
+all-am: Makefile $(LTLIBRARIES) $(DATA)
+installdirs:
+	for dir in "$(DESTDIR)$(plugindir)" "$(DESTDIR)$(docdir)"; do \
+	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+	done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	  `test -z '$(STRIP)' || \
+	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+
+maintainer-clean-generic:
+	@echo "This command is intended for maintainers to use"
+	@echo "it deletes files that may require special tools to rebuild."
+	-test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES)
+clean: clean-am
+
+clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
+	mostlyclean-am
+
+distclean: distclean-am
+	-rm -rf ./$(DEPDIR)
+	-rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+	distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+info: info-am
+
+info-am:
+
+install-data-am: install-dist_docDATA install-pluginLTLIBRARIES
+
+install-dvi: install-dvi-am
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-info: install-info-am
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-ps: install-ps-am
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+	-rm -rf ./$(DEPDIR)
+	-rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+	mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-dist_docDATA uninstall-pluginLTLIBRARIES
+
+.MAKE: install-am install-strip
+
+.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
+	clean-libtool clean-pluginLTLIBRARIES ctags distclean \
+	distclean-compile distclean-generic distclean-libtool \
+	distclean-tags distdir dvi dvi-am html html-am info info-am \
+	install install-am install-data install-data-am \
+	install-dist_docDATA install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-pdf install-pdf-am \
+	install-pluginLTLIBRARIES install-ps install-ps-am \
+	install-strip installcheck installcheck-am installdirs \
+	maintainer-clean maintainer-clean-generic mostlyclean \
+	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+	pdf pdf-am ps ps-am tags uninstall uninstall-am \
+	uninstall-dist_docDATA uninstall-pluginLTLIBRARIES
+
+	$(PLUGIN_AUTH_PAM_CFLAGS)
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/app/openvpn/src/plugins/down-root/Makefile.in b/app/openvpn/src/plugins/down-root/Makefile.in
new file mode 100644
index 00000000..fa06a466
--- /dev/null
+++ b/app/openvpn/src/plugins/down-root/Makefile.in
@@ -0,0 +1,563 @@
+# Makefile.in generated by automake 1.10 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+#
+#  OpenVPN (TM) Down Root Plugin -- OpenVPN Plugin
+#
+#  Copyright (C) 2012      Alon Bar-Lev <alon.barlev@gmail.com>
+#
+
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+subdir = src/plugins/down-root
+DIST_COMMON = $(am__dist_doc_DATA_DIST) $(srcdir)/Makefile.am \
+	$(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/ax_emptyarray.m4 \
+	$(top_srcdir)/m4/ax_socklen_t.m4 \
+	$(top_srcdir)/m4/ax_varargs.m4 $(top_srcdir)/m4/libtool.m4 \
+	$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
+	$(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
+	$(top_srcdir)/m4/pkg.m4 $(top_srcdir)/version.m4 \
+	$(top_srcdir)/compat.m4 $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+	$(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+    $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+    *) f=$$p;; \
+  esac;
+am__strip_dir = `echo $$p | sed -e 's|^.*/||'`;
+am__installdirs = "$(DESTDIR)$(plugindir)" "$(DESTDIR)$(docdir)"
+pluginLTLIBRARIES_INSTALL = $(INSTALL)
+LTLIBRARIES = $(plugin_LTLIBRARIES)
+openvpn_plugin_down_root_la_LIBADD =
+am_openvpn_plugin_down_root_la_OBJECTS = down-root.lo
+openvpn_plugin_down_root_la_OBJECTS =  \
+	$(am_openvpn_plugin_down_root_la_OBJECTS)
+openvpn_plugin_down_root_la_LINK = $(LIBTOOL) --tag=CC \
+	$(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
+	$(AM_CFLAGS) $(CFLAGS) $(openvpn_plugin_down_root_la_LDFLAGS) \
+	$(LDFLAGS) -o $@
+@ENABLE_PLUGIN_DOWN_ROOT_TRUE@am_openvpn_plugin_down_root_la_rpath =  \
+@ENABLE_PLUGIN_DOWN_ROOT_TRUE@	-rpath $(plugindir)
+DEFAULT_INCLUDES = -I. -I$(top_builddir)@am__isrc@
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__depfiles_maybe = depfiles
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+	--mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+	$(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+	--mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+	$(LDFLAGS) -o $@
+SOURCES = $(openvpn_plugin_down_root_la_SOURCES)
+DIST_SOURCES = $(openvpn_plugin_down_root_la_SOURCES)
+am__dist_doc_DATA_DIST = README.down-root
+dist_docDATA_INSTALL = $(INSTALL_DATA)
+DATA = $(dist_doc_DATA)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+AR = @AR@
+AS = @AS@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DLLTOOL = @DLLTOOL@
+DL_LIBS = @DL_LIBS@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+GIT = @GIT@
+GREP = @GREP@
+IFCONFIG = @IFCONFIG@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+IPROUTE = @IPROUTE@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LIBOBJS = @LIBOBJS@
+LIBPAM_CFLAGS = @LIBPAM_CFLAGS@
+LIBPAM_LIBS = @LIBPAM_LIBS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+LZO_CFLAGS = @LZO_CFLAGS@
+LZO_LIBS = @LZO_LIBS@
+MAKEINFO = @MAKEINFO@
+MAN2HTML = @MAN2HTML@
+MKDIR_P = @MKDIR_P@
+NETSTAT = @NETSTAT@
+NM = @NM@
+NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OPENSSL_CRYPTO_CFLAGS = @OPENSSL_CRYPTO_CFLAGS@
+OPENSSL_CRYPTO_LIBS = @OPENSSL_CRYPTO_LIBS@
+OPENSSL_SSL_CFLAGS = @OPENSSL_SSL_CFLAGS@
+OPENSSL_SSL_LIBS = @OPENSSL_SSL_LIBS@
+OPTIONAL_CRYPTO_CFLAGS = @OPTIONAL_CRYPTO_CFLAGS@
+OPTIONAL_CRYPTO_LIBS = @OPTIONAL_CRYPTO_LIBS@
+OPTIONAL_DL_LIBS = @OPTIONAL_DL_LIBS@
+OPTIONAL_LZO_CFLAGS = @OPTIONAL_LZO_CFLAGS@
+OPTIONAL_LZO_LIBS = @OPTIONAL_LZO_LIBS@
+OPTIONAL_PKCS11_HELPER_CFLAGS = @OPTIONAL_PKCS11_HELPER_CFLAGS@
+OPTIONAL_PKCS11_HELPER_LIBS = @OPTIONAL_PKCS11_HELPER_LIBS@
+OPTIONAL_SELINUX_LIBS = @OPTIONAL_SELINUX_LIBS@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PKCS11_HELPER_CFLAGS = @PKCS11_HELPER_CFLAGS@
+PKCS11_HELPER_LIBS = @PKCS11_HELPER_LIBS@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
+PLUGIN_AUTH_PAM_CFLAGS = @PLUGIN_AUTH_PAM_CFLAGS@
+PLUGIN_AUTH_PAM_LIBS = @PLUGIN_AUTH_PAM_LIBS@
+POLARSSL_CFLAGS = @POLARSSL_CFLAGS@
+POLARSSL_LIBS = @POLARSSL_LIBS@
+RANLIB = @RANLIB@
+RC = @RC@
+ROUTE = @ROUTE@
+SED = @SED@
+SELINUX_LIBS = @SELINUX_LIBS@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+SOCKETS_LIBS = @SOCKETS_LIBS@
+STRIP = @STRIP@
+TAP_CFLAGS = @TAP_CFLAGS@
+TAP_WIN_COMPONENT_ID = @TAP_WIN_COMPONENT_ID@
+TAP_WIN_MIN_MAJOR = @TAP_WIN_MIN_MAJOR@
+TAP_WIN_MIN_MINOR = @TAP_WIN_MIN_MINOR@
+VERSION = @VERSION@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+plugindir = @plugindir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sampledir = @sampledir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+MAINTAINERCLEANFILES = \
+	$(srcdir)/Makefile.in
+
+AM_CFLAGS = \
+	-I$(top_srcdir)/include
+
+@ENABLE_PLUGIN_DOWN_ROOT_TRUE@plugin_LTLIBRARIES = openvpn-plugin-down-root.la
+@ENABLE_PLUGIN_DOWN_ROOT_TRUE@dist_doc_DATA = README.down-root
+openvpn_plugin_down_root_la_SOURCES = \
+	down-root.c \
+	down-root.exports
+
+openvpn_plugin_down_root_la_LDFLAGS = $(AM_LDFLAGS) \
+	-export-symbols "$(srcdir)/down-root.exports" \
+	-module -shared -avoid-version -no-undefined
+
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .o .obj
+$(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
+	@for dep in $?; do \
+	  case '$(am__configure_deps)' in \
+	    *$$dep*) \
+	      cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
+		&& exit 0; \
+	      exit 1;; \
+	  esac; \
+	done; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign  src/plugins/down-root/Makefile'; \
+	cd $(top_srcdir) && \
+	  $(AUTOMAKE) --foreign  src/plugins/down-root/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+	@case '$?' in \
+	  *config.status*) \
+	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+	  *) \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+	esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure:  $(am__configure_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4):  $(am__aclocal_m4_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
+	@$(NORMAL_INSTALL)
+	test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
+	@list='$(plugin_LTLIBRARIES)'; for p in $$list; do \
+	  if test -f $$p; then \
+	    f=$(am__strip_dir) \
+	    echo " $(LIBTOOL) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(plugindir)/$$f'"; \
+	    $(LIBTOOL) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(plugindir)/$$f"; \
+	  else :; fi; \
+	done
+
+uninstall-pluginLTLIBRARIES:
+	@$(NORMAL_UNINSTALL)
+	@list='$(plugin_LTLIBRARIES)'; for p in $$list; do \
+	  p=$(am__strip_dir) \
+	  echo " $(LIBTOOL) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$p'"; \
+	  $(LIBTOOL) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$p"; \
+	done
+
+clean-pluginLTLIBRARIES:
+	-test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES)
+	@list='$(plugin_LTLIBRARIES)'; for p in $$list; do \
+	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+	  test "$$dir" != "$$p" || dir=.; \
+	  echo "rm -f \"$${dir}/so_locations\""; \
+	  rm -f "$${dir}/so_locations"; \
+	done
+openvpn-plugin-down-root.la: $(openvpn_plugin_down_root_la_OBJECTS) $(openvpn_plugin_down_root_la_DEPENDENCIES) 
+	$(openvpn_plugin_down_root_la_LINK) $(am_openvpn_plugin_down_root_la_rpath) $(openvpn_plugin_down_root_la_OBJECTS) $(openvpn_plugin_down_root_la_LIBADD) $(LIBS)
+
+mostlyclean-compile:
+	-rm -f *.$(OBJEXT)
+
+distclean-compile:
+	-rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/down-root.Plo@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@	$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@	mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(COMPILE) -c $<
+
+.c.obj:
+@am__fastdepCC_TRUE@	$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@	mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+@am__fastdepCC_TRUE@	$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@	mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+	-rm -f *.lo
+
+clean-libtool:
+	-rm -rf .libs _libs
+install-dist_docDATA: $(dist_doc_DATA)
+	@$(NORMAL_INSTALL)
+	test -z "$(docdir)" || $(MKDIR_P) "$(DESTDIR)$(docdir)"
+	@list='$(dist_doc_DATA)'; for p in $$list; do \
+	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+	  f=$(am__strip_dir) \
+	  echo " $(dist_docDATA_INSTALL) '$$d$$p' '$(DESTDIR)$(docdir)/$$f'"; \
+	  $(dist_docDATA_INSTALL) "$$d$$p" "$(DESTDIR)$(docdir)/$$f"; \
+	done
+
+uninstall-dist_docDATA:
+	@$(NORMAL_UNINSTALL)
+	@list='$(dist_doc_DATA)'; for p in $$list; do \
+	  f=$(am__strip_dir) \
+	  echo " rm -f '$(DESTDIR)$(docdir)/$$f'"; \
+	  rm -f "$(DESTDIR)$(docdir)/$$f"; \
+	done
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '    { files[$$0] = 1; } \
+	       END { for (i in files) print i; }'`; \
+	mkid -fID $$unique
+tags: TAGS
+
+TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
+		$(TAGS_FILES) $(LISP)
+	tags=; \
+	here=`pwd`; \
+	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '    { files[$$0] = 1; } \
+	       END { for (i in files) print i; }'`; \
+	if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+	  test -n "$$unique" || unique=$$empty_fix; \
+	  $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	    $$tags $$unique; \
+	fi
+ctags: CTAGS
+CTAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
+		$(TAGS_FILES) $(LISP)
+	tags=; \
+	here=`pwd`; \
+	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '    { files[$$0] = 1; } \
+	       END { for (i in files) print i; }'`; \
+	test -z "$(CTAGS_ARGS)$$tags$$unique" \
+	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+	     $$tags $$unique
+
+GTAGS:
+	here=`$(am__cd) $(top_builddir) && pwd` \
+	  && cd $(top_srcdir) \
+	  && gtags -i $(GTAGS_ARGS) $$here
+
+distclean-tags:
+	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	list='$(DISTFILES)'; \
+	  dist_files=`for file in $$list; do echo $$file; done | \
+	  sed -e "s|^$$srcdirstrip/||;t" \
+	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+	case $$dist_files in \
+	  */*) $(MKDIR_P) `echo "$$dist_files" | \
+			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+			   sort -u` ;; \
+	esac; \
+	for file in $$dist_files; do \
+	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+	  if test -d $$d/$$file; then \
+	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+	    fi; \
+	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+	  else \
+	    test -f $(distdir)/$$file \
+	    || cp -p $$d/$$file $(distdir)/$$file \
+	    || exit 1; \
+	  fi; \
+	done
+check-am: all-am
+check: check-am
+all-am: Makefile $(LTLIBRARIES) $(DATA)
+installdirs:
+	for dir in "$(DESTDIR)$(plugindir)" "$(DESTDIR)$(docdir)"; do \
+	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+	done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	  `test -z '$(STRIP)' || \
+	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+
+maintainer-clean-generic:
+	@echo "This command is intended for maintainers to use"
+	@echo "it deletes files that may require special tools to rebuild."
+	-test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES)
+clean: clean-am
+
+clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
+	mostlyclean-am
+
+distclean: distclean-am
+	-rm -rf ./$(DEPDIR)
+	-rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+	distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+info: info-am
+
+info-am:
+
+install-data-am: install-dist_docDATA install-pluginLTLIBRARIES
+
+install-dvi: install-dvi-am
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-info: install-info-am
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-ps: install-ps-am
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+	-rm -rf ./$(DEPDIR)
+	-rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+	mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-dist_docDATA uninstall-pluginLTLIBRARIES
+
+.MAKE: install-am install-strip
+
+.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
+	clean-libtool clean-pluginLTLIBRARIES ctags distclean \
+	distclean-compile distclean-generic distclean-libtool \
+	distclean-tags distdir dvi dvi-am html html-am info info-am \
+	install install-am install-data install-data-am \
+	install-dist_docDATA install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-pdf install-pdf-am \
+	install-pluginLTLIBRARIES install-ps install-ps-am \
+	install-strip installcheck installcheck-am installdirs \
+	maintainer-clean maintainer-clean-generic mostlyclean \
+	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+	pdf pdf-am ps ps-am tags uninstall uninstall-am \
+	uninstall-dist_docDATA uninstall-pluginLTLIBRARIES
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/app/src/ovpn3/java/de/blinkt/openvpn/core/OpenVPNThreadv3.java b/app/ovpn3/java/de/blinkt/openvpn/core/OpenVPNThreadv3.java
index e595106c..e595106c 100644
--- a/app/src/ovpn3/java/de/blinkt/openvpn/core/OpenVPNThreadv3.java
+++ b/app/ovpn3/java/de/blinkt/openvpn/core/OpenVPNThreadv3.java
diff --git a/app/src/androidTest/java/se/leap/bitmaskclient/test/testDashboard.java b/app/src/androidTest/java/se/leap/bitmaskclient/test/testDashboardIntegration.java
index fdf4f135..94cb67a3 100644
--- a/app/src/androidTest/java/se/leap/bitmaskclient/test/testDashboard.java
+++ b/app/src/androidTest/java/se/leap/bitmaskclient/test/testDashboardIntegration.java
@@ -15,11 +15,11 @@ import se.leap.bitmaskclient.Dashboard;
 import se.leap.bitmaskclient.R;
 import se.leap.bitmaskclient.test.ConnectionManager;
 
-public class testDashboard extends ActivityInstrumentationTestCase2<Dashboard> {
+public class testDashboardIntegration extends ActivityInstrumentationTestCase2<Dashboard> {
 
 	private Solo solo;
 	
-	public testDashboard() {
+	public testDashboardIntegration() {
 		super(Dashboard.class);
 	}
 
@@ -123,4 +123,31 @@ public class testDashboard extends ActivityInstrumentationTestCase2<Dashboard> {
 		solo.waitForActivity(ConfigurationWizard.class);
 		solo.goBack();
 	}
+
+    public void testUpdateExpiredCertificate() {
+        String certificate = "-----BEGIN CERTIFICATE-----" +
+                "MIIEnDCCAoSgAwIBAgIRAOBkcbMKR0Jlw+xNalHn7aIwDQYJKoZIhvcNAQELBQAwdTEYMBYGA1UE" +
+                "CgwPUmlzZXVwIE5ldHdvcmtzMRswGQYDVQQLDBJodHRwczovL3Jpc2V1cC5uZXQxPDA6BgNVBAMM" +
+                "M1Jpc2V1cCBOZXR3b3JrcyBSb290IENBIChjbGllbnQgY2VydGlmaWNhdGVzIG9ubHkhKTAeFw0x" +
+                "NDA5MTkwMDAwMDBaFw0xNDExMTkwMDAwMDBaMC0xKzApBgNVBAMMIlVOTElNSVRFRDcwZWhxZG9l" +
+                "ZXQ2Z243bmc3eWx3ZWNxeGwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDdaKQHSwg2" +
+                "Q2Uz9t5mae9BfV9Jkk+WSU6jXixsTbtLAr8gvuNcVuI0lKm2zXVqoS8aRCSsCt12vhjU/WBTSv0t" +
+                "vwTaT2HQYFQ1GlVUBKssJEUpaVyQKL6LN9BA5ZODBpbhefRIX8z+02afxmNWdnOQfDtLU6nHSQLL" +
+                "IUBSmgu+Y2Q3SdIBojIl9Kj0Zt6uZkhtOXZqkwLBiMr+/ukSidpcmNgbAN0eXSfVouaduzsDPQ6M" +
+                "eCJTz2lhUvC0/57h5mlkNLzEjyb/pAVTtnK4zdiH6XAuCxU/AkF0yzhaiQWMG0RQb4vEx/UHjkDU" +
+                "+K0GDy/qx1BmBB7C4vHLauqSXOs1AgMBAAGjbzBtMB0GA1UdDgQWBBQioBn7DdhjmtBKgQKpx/aW" +
+                "XHYkGjALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwIwCQYDVR0TBAIwADAfBgNVHSME" +
+                "GDAWgBQX9BvV5SoBAU1rol02CikJlmWARjANBgkqhkiG9w0BAQsFAAOCAgEAV7q102FQ62IOX84o" +
+                "pPvUL3hJkGtZ5chgQwZhfl2fGtEdeqpU27Hx1jLP9o3n1z9XYaZg/d8xYhpY6Mm4rFl6hA4gk81Z" +
+                "yg/A3QeUgIjOsA0Xp+RNB5ACaLjCPUtWNk5brfuelDdFHjl1noC2P3vQ9ErhUna6TKVsxxrueimO" +
+                "nc3sV7YMGiVfPC7wEmhERuyhQxftIUHUy2kDCY5QgXtru6IZmc3SP4FcM8LUSC49kqmU9if2GTLo" +
+                "wQZmz6T7+N5PIJWIOiDh9PyoojRo7ep9szeIZpzgxcsoE/9ed84tg36JLOWi0GOyrdzVExv0rQQt" +
+                "q/NpqAe1mX5XQVbY8nwgaJ8eWIWIXIn+5RB7b+fm5ZFeM4eFyWeDk99bvS8jdH6uQP5WusL55+ft" +
+                "ADtESsmBvzUEGqxk5GL4lmmeqE+vsR5TesqGjZ+yH67rR+1+Uy2mhbqJBP0E0LHwWCCPYEVfngHj" +
+                "aZkDF1UVQdfc9Amc5u5J5YliWrEG80BNeJF7740Gwx69DHEIhElN+BBeeqLLYIZTKmt28/9iWbKL" +
+                "vhCrz/29wLYksL1bXmyHzvzyAcDHPpO9sQrKYiP1mGRDmXJmZU3i3cgeqQFZ8+lr55wcYdMGJOcx" +
+                "bz+jL0VkHdnoZdzGzelrAhZtgMtsJ/kgWYRgtFmhpYF1Xtj2MYrpBDxgQck=" +
+                "-----END CERTIFICATE-----";
+
+    }
 }
diff --git a/app/src/androidTest/java/se/leap/bitmaskclient/test/testEIP.java b/app/src/androidTest/java/se/leap/bitmaskclient/test/testEIP.java
new file mode 100644
index 00000000..4e1819d0
--- /dev/null
+++ b/app/src/androidTest/java/se/leap/bitmaskclient/test/testEIP.java
@@ -0,0 +1,32 @@
+package se.leap.bitmaskclient.test;
+
+import android.content.Context;
+import android.content.Intent;
+import android.test.ActivityUnitTestCase;
+import android.test.ServiceTestCase;
+
+import se.leap.bitmaskclient.Dashboard;
+import se.leap.bitmaskclient.eip.EIP;
+
+public class testEIP extends ServiceTestCase<EIP> {
+
+    private Context context;
+    private Intent intent;
+    private EIP activity;
+
+    public testEIP(Class<EIP> activityClass) {
+        super(activityClass);
+    }
+
+    @Override
+    protected void setUp() throws Exception {
+        super.setUp();
+    }
+
+    @Override
+    protected void tearDown() throws Exception {
+        super.tearDown();
+    }
+
+
+}
diff --git a/app/src/androidTest/java/se/leap/bitmaskclient/test/testLeapSRPSession.java b/app/src/androidTest/java/se/leap/bitmaskclient/test/testLeapSRPSession.java
index 2821373a..d7f4bfb3 100644
--- a/app/src/androidTest/java/se/leap/bitmaskclient/test/testLeapSRPSession.java
+++ b/app/src/androidTest/java/se/leap/bitmaskclient/test/testLeapSRPSession.java
@@ -33,7 +33,6 @@ public class testLeapSRPSession extends TestCase {
     public void testExponential() {
 	byte[] expected_A;
 	byte[] a_byte;
-	SRPParameters params;
 	LeapSRPSession client;
 		
 	/* Test 1: abytes = 4 */
@@ -43,8 +42,7 @@ public class testLeapSRPSession extends TestCase {
 	    salt = "64c3289d04a6ecad",
 	    a = "3565fdc2";
 	a_byte = new BigInteger(a, 16).toByteArray();
-	params = new SRPParameters(new BigInteger(ConfigHelper.NG_1024, 16).toByteArray(), new BigInteger("2").toByteArray(), new BigInteger(salt, 16).toByteArray(), "SHA-256");
-	client = new LeapSRPSession(username, password, params, a_byte);
+	client = new LeapSRPSession(username, password, a_byte);
 		
 	byte[] A = client.exponential();
 		
@@ -55,8 +53,7 @@ public class testLeapSRPSession extends TestCase {
 	expected_A = new BigInteger("11acfacc08178d48f95c0e69adb11f6d144dd0980ee6e44b391347592e3bd5e9cb841d243b3d9ac2adb25b367a2558e8829b22dcef96c0934378412383ccf95141c3cb5f17ada20f53a0225f56a07f2b0c0469ed6bbad3646f7b71bdd4bedf5cc6fac244b26d3195d8f55877ff94a925b0c0c8f7273eca733c0355b38360442e", 16).toByteArray();
 
 	a_byte = new BigInteger(a, 16).toByteArray();
-	params = new SRPParameters(new BigInteger(ConfigHelper.NG_1024, 16).toByteArray(), new BigInteger("2").toByteArray(), new BigInteger(salt, 16).toByteArray(), "SHA-256");
-	client = new LeapSRPSession(username, password, params, a_byte);
+	client = new LeapSRPSession(username, password, a_byte);
 		
 	A = client.exponential();
 		
@@ -73,8 +70,7 @@ public class testLeapSRPSession extends TestCase {
 	    salt = "64c3289d04a6ecad",
 	    a = "8c911355";
 	byte[] a_byte = new BigInteger(a, 16).toByteArray();
-	SRPParameters params = new SRPParameters(new BigInteger(ConfigHelper.NG_1024, 16).toByteArray(), new BigInteger("2").toByteArray(), new BigInteger(salt, 16).toByteArray(), "SHA-256");
-	LeapSRPSession client = new LeapSRPSession(username, password, params, a_byte);
+	LeapSRPSession client = new LeapSRPSession(username, password, a_byte);
 		
 	byte[] x = client.calculatePasswordHash(username, password, new BigInteger(salt, 16).toByteArray());
 	assertTrue(Arrays.equals(x, expected_x));
@@ -93,8 +89,7 @@ public class testLeapSRPSession extends TestCase {
 	a = "38d5b211";
 		
 	a_byte = new BigInteger(a, 16).toByteArray();
-	params = new SRPParameters(new BigInteger(ConfigHelper.NG_1024, 16).toByteArray(), new BigInteger("2").toByteArray(), new BigInteger(salt, 16).toByteArray(), "SHA-256");
-	client = new LeapSRPSession(username, password, params, a_byte);
+	client = new LeapSRPSession(username, password, a_byte);
 	x = client.calculatePasswordHash(username, password, new BigInteger(salt, 16).toByteArray());
 	A = client.exponential();
 		
@@ -110,8 +105,7 @@ public class testLeapSRPSession extends TestCase {
 	a = "36ee80ec";
 		
 	a_byte = new BigInteger(a, 16).toByteArray();
-	params = new SRPParameters(new BigInteger(ConfigHelper.NG_1024, 16).toByteArray(), new BigInteger("2").toByteArray(), new BigInteger(salt, 16).toByteArray(), "SHA-256");
-	client = new LeapSRPSession(username, password, params, a_byte);
+	client = new LeapSRPSession(username, password, a_byte);
 	x = client.calculatePasswordHash(username, password, new BigInteger(salt, 16).toByteArray());
 	A = client.exponential();
 		
@@ -321,8 +315,7 @@ public class testLeapSRPSession extends TestCase {
 				salt = "64c3289d04a6ecad",
 				a = "8c911355";
 		byte[] a_byte = new BigInteger(a, 16).toByteArray();
-		SRPParameters params = new SRPParameters(new BigInteger(ConfigHelper.NG_1024, 16).toByteArray(), new BigInteger("2").toByteArray(), new BigInteger(salt, 16).toByteArray(), "SHA-256");
-		LeapSRPSession client = new LeapSRPSession(username, password, params, a_byte);
+		LeapSRPSession client = new LeapSRPSession(username, password, a_byte);
 		
 		byte[] x = client.calculatePasswordHash(username, password, new BigInteger(salt, 16).toByteArray());
 		assertTrue(Arrays.equals(x, expected_x));
@@ -345,8 +338,7 @@ public class testLeapSRPSession extends TestCase {
 		expected_M2 = trim(new BigInteger("517278a03a0320a52dcb391caf5264d76149d7d9b71ed2b65536233344c550cf", 16).toByteArray());
 		
 		a_byte = new BigInteger(a, 16).toByteArray();
-		params = new SRPParameters(new BigInteger(ConfigHelper.NG_1024, 16).toByteArray(), new BigInteger("2").toByteArray(), new BigInteger(salt, 16).toByteArray(), "SHA-256");
-		client = new LeapSRPSession(username, password, params, a_byte);
+		client = new LeapSRPSession(username, password, a_byte);
 		x = client.calculatePasswordHash(username, password, new BigInteger(salt, 16).toByteArray());
 		A = client.exponential();
 		
@@ -365,8 +357,7 @@ public class testLeapSRPSession extends TestCase {
 		expected_M2 = trim(new BigInteger("3bfb91c7d04b6da6381fe3d2648d992cdc6bc67b8ee16d1cfa733f786d492261", 16).toByteArray());
 		
 		a_byte = new BigInteger(a, 16).toByteArray();
-		params = new SRPParameters(new BigInteger(ConfigHelper.NG_1024, 16).toByteArray(), new BigInteger("2").toByteArray(), new BigInteger(salt, 16).toByteArray(), "SHA-256");
-		client = new LeapSRPSession(username, password, params, a_byte);
+		client = new LeapSRPSession(username, password, a_byte);
 		x = client.calculatePasswordHash(username, password, new BigInteger(salt, 16).toByteArray());
 		A = client.exponential();
 		
@@ -390,8 +381,7 @@ public class testLeapSRPSession extends TestCase {
 		expected_M2 = trim(new BigInteger("8f4552b1021a4de621d8f50f0921c4d20651e702d9d71276f8f6c15b838de018", 16).toByteArray());
 
 		a_byte = new BigInteger(a, 16).toByteArray();
-		params = new SRPParameters(new BigInteger(ConfigHelper.NG_1024, 16).toByteArray(), new BigInteger("2").toByteArray(), new BigInteger(salt, 16).toByteArray(), "SHA-256");
-		client = new LeapSRPSession(username, password, params, a_byte);
+		client = new LeapSRPSession(username, password, a_byte);
 		
 		x = client.calculatePasswordHash(username, password, trim(new BigInteger(salt, 16).toByteArray()));
 		assertTrue(Arrays.equals(x, expected_x));
@@ -418,8 +408,7 @@ public class testLeapSRPSession extends TestCase {
 		expected_M2 = trim(new BigInteger("04cf3ab3b75dbc4b116ca2fec949bf3deca1e360e016d7ab2b8a49904c534a27", 16).toByteArray());
 
 		a_byte = new BigInteger(a, 16).toByteArray();
-		params = new SRPParameters(new BigInteger(ConfigHelper.NG_1024, 16).toByteArray(), new BigInteger("2").toByteArray(), new BigInteger(salt, 16).toByteArray(), "SHA-256");
-		client = new LeapSRPSession(username, password, params, a_byte);
+		client = new LeapSRPSession(username, password, a_byte);
 		
 		x = client.calculatePasswordHash(username, password, trim(new BigInteger(salt, 16).toByteArray()));
 		assertTrue(Arrays.equals(x, expected_x));
@@ -448,8 +437,7 @@ public class testLeapSRPSession extends TestCase {
 		expected_M2 = trim(new BigInteger("082cf49ad5a34cc5ca571e3d063aec4bd96e7b96a6d951295180631650a84587", 16).toByteArray());
 
 		a_byte = new BigInteger(a, 16).toByteArray();
-		params = new SRPParameters(new BigInteger(ConfigHelper.NG_1024, 16).toByteArray(), new BigInteger("2").toByteArray(), new BigInteger(salt, 16).toByteArray(), "SHA-256");
-		client = new LeapSRPSession(username, password, params, a_byte);
+		client = new LeapSRPSession(username, password, a_byte);
 		
 		x = client.calculatePasswordHash(username, password, trim(new BigInteger(salt, 16).toByteArray()));
 		assertTrue(Arrays.equals(x, expected_x));
@@ -479,8 +467,7 @@ public class testLeapSRPSession extends TestCase {
 		expected_M2 = trim(new BigInteger("5cc3d7f0077e978c83acdef14a725af01488c1728f0cf32cd7013d24faf5d901", 16).toByteArray());
 
 		a_byte = new BigInteger(a, 16).toByteArray();
-		params = new SRPParameters(new BigInteger(ConfigHelper.NG_1024, 16).toByteArray(), new BigInteger("2").toByteArray(), new BigInteger(salt, 16).toByteArray(), "SHA-256");
-		client = new LeapSRPSession(username, password, params, a_byte);
+		client = new LeapSRPSession(username, password, a_byte);
 		
 		x = client.calculatePasswordHash(username, password, trim(new BigInteger(salt, 16).toByteArray()));
 		assertTrue(Arrays.equals(x, expected_x));
@@ -510,8 +497,7 @@ public class testLeapSRPSession extends TestCase {
 		expected_M2 = trim(new BigInteger("d78da7e0a23c9b87a2f09cdee05c510c105b4a8d471b47402c38f4cdfa49fe6d", 16).toByteArray());
 
 		a_byte = new BigInteger(a, 16).toByteArray();
-		params = new SRPParameters(new BigInteger(ConfigHelper.NG_1024, 16).toByteArray(), new BigInteger("2").toByteArray(), new BigInteger(salt, 16).toByteArray(), "SHA-256");
-		client = new LeapSRPSession(username, password, params, a_byte);
+		client = new LeapSRPSession(username, password, a_byte);
 		
 		x = client.calculatePasswordHash(username, password, trim(new BigInteger(salt, 16).toByteArray()));
 		assertTrue(Arrays.equals(x, expected_x));
@@ -541,8 +527,7 @@ public class testLeapSRPSession extends TestCase {
 		expected_M2 = trim(new BigInteger("a382025452bad8a6ccd0f703253fda90e7ea7bd0c2d466a389455080a4bd015d", 16).toByteArray());
 
 		a_byte = new BigInteger(a, 16).toByteArray();
-		params = new SRPParameters(new BigInteger(ConfigHelper.NG_1024, 16).toByteArray(), new BigInteger("2").toByteArray(), new BigInteger(salt, 16).toByteArray(), "SHA-256");
-		client = new LeapSRPSession(username, password, params, a_byte);
+		client = new LeapSRPSession(username, password, a_byte);
 		
 		x = client.calculatePasswordHash(username, password, trim(new BigInteger(salt, 16).toByteArray()));
 		assertTrue(Arrays.equals(x, expected_x));
@@ -572,8 +557,7 @@ public class testLeapSRPSession extends TestCase {
 		expected_M2 = trim(new BigInteger("9e99f9adfbfaa7add3626ed6e6aea94c9fa60dab6b8d56ad0cc950548f577d32", 16).toByteArray());
 
 		a_byte = new BigInteger(a, 16).toByteArray();
-		params = new SRPParameters(new BigInteger(ConfigHelper.NG_1024, 16).toByteArray(), new BigInteger("2").toByteArray(), new BigInteger(salt, 16).toByteArray(), "SHA-256");
-		client = new LeapSRPSession(username, password, params, a_byte);
+		client = new LeapSRPSession(username, password, a_byte);
 		
 		x = client.calculatePasswordHash(username, password, trim(new BigInteger(salt, 16).toByteArray()));
 		assertTrue(Arrays.equals(x, expected_x));
@@ -603,8 +587,7 @@ public class testLeapSRPSession extends TestCase {
 		expected_M2 = trim(new BigInteger("ffccafa0febc1771a428082b30b7ce409856de4581c7d7d986f5b80015aba0d3", 16).toByteArray());
 
 		a_byte = new BigInteger(a, 16).toByteArray();
-		params = new SRPParameters(new BigInteger(ConfigHelper.NG_1024, 16).toByteArray(), new BigInteger("2").toByteArray(), new BigInteger(salt, 16).toByteArray(), "SHA-256");
-		client = new LeapSRPSession(username, password, params, a_byte);
+		client = new LeapSRPSession(username, password, a_byte);
 		
 		x = client.calculatePasswordHash(username, password, trim(new BigInteger(salt, 16).toByteArray()));
 		assertTrue(Arrays.equals(x, expected_x));
@@ -626,8 +609,7 @@ public class testLeapSRPSession extends TestCase {
 	String password = "holahola2";
 	byte[] salt = new BigInteger("67e8348d1500d26c", 16).toByteArray();
 	
-	SRPParameters params = new SRPParameters(new BigInteger(ConfigHelper.NG_1024, 16).toByteArray(), new BigInteger("2").toByteArray(), salt, "SHA-256");
-	LeapSRPSession client = new LeapSRPSession(username, password, params);
+	LeapSRPSession client = new LeapSRPSession(username, password);
 
 	String expected_v = "12bea84e588ffa2f8fc5ae47cb5e751a8f2d9e8125268ad9ab483eff83f98cb08484350eb478bee582b8b72363ff8e7b12e9f332e86f7a0bd77689927c609d275471c6ad2cff8b1e7bbfc3664169c3b7bccb0b974154c1f1656b64274568015ca1b849c9d9890ae4437ed686341b432340809b81c30727ed2aadea8bdec6d101";
 	
diff --git a/app/src/debug/java/se/leap/bitmaskclient/ConfigurationWizard.java b/app/src/debug/java/se/leap/bitmaskclient/ConfigurationWizard.java
index c405d06f..ac2e00b8 100644
--- a/app/src/debug/java/se/leap/bitmaskclient/ConfigurationWizard.java
+++ b/app/src/debug/java/se/leap/bitmaskclient/ConfigurationWizard.java
@@ -1,523 +1,416 @@
-/**

- * Copyright (c) 2013 LEAP Encryption Access Project and contributers

- * 

- * This program is free software: you can redistribute it and/or modify

- * it under the terms of the GNU General Public License as published by

- * the Free Software Foundation, either version 3 of the License, or

- * (at your option) any later version.

- *

- * This program is distributed in the hope that it will be useful,

- * but WITHOUT ANY WARRANTY; without even the implied warranty of

- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

- * GNU General Public License for more details.

- *

- * You should have received a copy of the GNU General Public License

- * along with this program. If not, see <http://www.gnu.org/licenses/>.

- */

- package se.leap.bitmaskclient;

-

-
-
-
-

-

-import android.app.Activity;

-import android.app.DialogFragment;

-import android.app.Fragment;

-import android.app.FragmentManager;

-import android.app.FragmentTransaction;

-import android.content.BroadcastReceiver;

-import android.content.Context;

-import android.content.Intent;

-import android.content.IntentFilter;

-import android.content.SharedPreferences;

-import android.content.res.AssetManager;

-import android.os.Bundle;

-import android.os.Handler;

-import android.util.Log;

-import android.view.Display;

-import android.view.Menu;

-import android.view.MenuItem;

-import android.view.View.MeasureSpec;

-import android.view.View;

-import android.view.ViewGroup;

-import android.view.WindowManager;

-import android.widget.ListAdapter;

-import android.widget.ListView;

-import android.widget.ProgressBar;

-import android.widget.ProgressBar;

-import android.widget.RelativeLayout;

-import android.widget.TextView;

-import java.io.IOException;

-import java.io.InputStream;
-import java.net.MalformedURLException;
-import java.net.URL;
-import java.util.Iterator;

-import org.json.JSONException;

-import org.json.JSONObject;

+/**
+ * Copyright (c) 2013 LEAP Encryption Access Project and contributors
+ * 
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+package se.leap.bitmaskclient;
+
+import android.app.*;
+import android.content.*;
+import android.os.*;
+import android.view.*;
+import android.widget.*;
+
+import com.pedrogomez.renderers.*;
+
+import java.net.*;
+import java.util.*;
+
+import butterknife.*;
+import org.jetbrains.annotations.NotNull;
+import org.json.JSONException;
+import org.json.JSONObject;
+
+import javax.inject.Inject;
+
 import se.leap.bitmaskclient.DownloadFailedDialog.DownloadFailedDialogInterface;
 import se.leap.bitmaskclient.NewProviderDialog.NewProviderDialogInterface;
 import se.leap.bitmaskclient.ProviderAPIResultReceiver.Receiver;
 import se.leap.bitmaskclient.ProviderDetailFragment.ProviderDetailFragmentInterface;
 import se.leap.bitmaskclient.ProviderListContent.ProviderItem;
-import se.leap.bitmaskclient.R;
-

-/**

- * Activity that builds and shows the list of known available providers.

- * 

- * It also allows the user to enter custom providers with a button.

- * 

- * @author parmegv

- *

- */

-public class ConfigurationWizard extends Activity

-implements ProviderListFragment.Callbacks, NewProviderDialogInterface, ProviderDetailFragmentInterface, DownloadFailedDialogInterface, Receiver {

-

-	private ProgressBar mProgressBar;

-	private TextView progressbar_description;

-	private ProviderListFragment provider_list_fragment;

-	private Intent mConfigState = new Intent();

-	

-	final public static String TAG = "se.leap.bitmaskclient.ConfigurationWizard";

-	final public static String TYPE_OF_CERTIFICATE = "type_of_certificate";

-	final public static String ANON_CERTIFICATE = "anon_certificate";

-        final public static String AUTHED_CERTIFICATE = "authed_certificate";

-

-	final protected static String PROVIDER_SET = "PROVIDER SET";

-	final protected static String SERVICES_RETRIEVED = "SERVICES RETRIEVED";

-    final protected static String ASSETS_URL_FOLDER = "urls";
-    

-    public ProviderAPIResultReceiver providerAPI_result_receiver;

+import se.leap.bitmaskclient.eip.Constants;
+
+/**
+ * Activity that builds and shows the list of known available providers.
+ * 
+ * It also allows the user to enter custom providers with a button.
+ * 
+ * @author parmegv
+ *
+ */
+public class ConfigurationWizard extends Activity
+implements NewProviderDialogInterface, ProviderDetailFragmentInterface, DownloadFailedDialogInterface, Receiver {
+
+    @InjectView(R.id.progressbar_configuration_wizard) ProgressBar mProgressBar;
+    @InjectView(R.id.progressbar_description) TextView progressbar_description;
+
+    @InjectView(R.id.provider_list) ListView provider_list_view;
+    @Inject ProviderListAdapter adapter;
+
+    private ProviderManager provider_manager;
+	private Intent mConfigState = new Intent();
+    private Provider selected_provider;
+	
+	final public static String TAG = ConfigurationWizard.class.getSimpleName();
+	final public static String TYPE_OF_CERTIFICATE = "type_of_certificate";
+	final public static String ANON_CERTIFICATE = "anon_certificate";
+        final public static String AUTHED_CERTIFICATE = "authed_certificate";
+
+	final protected static String PROVIDER_SET = "PROVIDER SET";
+	final protected static String SERVICES_RETRIEVED = "SERVICES RETRIEVED";
+
+    final private static String PROGRESSBAR_TEXT = TAG + "PROGRESSBAR_TEXT";
+    final private static String PROGRESSBAR_NUMBER = TAG + "PROGRESSBAR_NUMBER";
+    
+    public ProviderAPIResultReceiver providerAPI_result_receiver;
     private ProviderAPIBroadcastReceiver_Update providerAPI_broadcast_receiver_update;
 
-    private static SharedPreferences preferences;

+    private static SharedPreferences preferences;
+    FragmentManagerEnhanced fragment_manager;
     private static boolean setting_up_provider = false;
-    

-    @Override

-    protected void onCreate(Bundle savedInstanceState) {

-        super.onCreate(savedInstanceState);

-	preferences = getSharedPreferences(Dashboard.SHARED_PREFERENCES, MODE_PRIVATE);
-        

-        setContentView(R.layout.configuration_wizard_activity);

-	    mProgressBar = (ProgressBar) findViewById(R.id.progressbar_configuration_wizard);

-	    mProgressBar.setVisibility(ProgressBar.INVISIBLE);

-	    progressbar_description = (TextView) findViewById(R.id.progressbar_description);

-	    progressbar_description.setVisibility(TextView.INVISIBLE);

-        providerAPI_result_receiver = new ProviderAPIResultReceiver(new Handler());

-        providerAPI_result_receiver.setReceiver(this);

-	    providerAPI_broadcast_receiver_update = new ProviderAPIBroadcastReceiver_Update();

-	    IntentFilter update_intent_filter = new IntentFilter(ProviderAPI.UPDATE_PROGRESSBAR);

-	    update_intent_filter.addCategory(Intent.CATEGORY_DEFAULT);

-	    registerReceiver(providerAPI_broadcast_receiver_update, update_intent_filter);

-

-	    loadPreseededProviders();

-        

-        // Only create our fragments if we're not restoring a saved instance

-        if ( savedInstanceState == null ){

-        	// TODO Some welcome screen?

-        	// We will need better flow control when we have more Fragments (e.g. user auth)

-        	provider_list_fragment = ProviderListFragment.newInstance();

-    		Bundle arguments = new Bundle();

-    		int configuration_wizard_request_code = getIntent().getIntExtra(Dashboard.REQUEST_CODE, -1);

-    		if(configuration_wizard_request_code == Dashboard.SWITCH_PROVIDER) {

-    			arguments.putBoolean(ProviderListFragment.SHOW_ALL_PROVIDERS, true);

-    		}

-			provider_list_fragment.setArguments(arguments);

-

-    		FragmentManager fragmentManager = getFragmentManager();

-    		fragmentManager.beginTransaction()

-    		.replace(R.id.configuration_wizard_layout, provider_list_fragment, ProviderListFragment.TAG)

-    		.commit();

-        }

-

-        // TODO: If exposing deep links into your app, handle intents here.

-    }

-

-	@Override

-	protected void onDestroy() {

-		super.onDestroy();

-		unregisterReceiver(providerAPI_broadcast_receiver_update);

-	}

-

-    public void refreshProviderList(int top_padding) {

-    	ProviderListFragment new_provider_list_fragment = new ProviderListFragment();

-		Bundle top_padding_bundle = new Bundle();

-		top_padding_bundle.putInt(ProviderListFragment.TOP_PADDING, top_padding);

-		new_provider_list_fragment.setArguments(top_padding_bundle);

-		

-		FragmentManager fragmentManager = getFragmentManager();

-		fragmentManager.beginTransaction()

-		.replace(R.id.configuration_wizard_layout, new_provider_list_fragment, ProviderListFragment.TAG)

-		.commit();

-    }

-    

-	@Override

-	public void onReceiveResult(int resultCode, Bundle resultData) {

-		if(resultCode == ProviderAPI.PROVIDER_OK) {

-				mConfigState.setAction(PROVIDER_SET);

-

-				if (preferences.getBoolean(EIP.ALLOWED_ANON, false)){

-					mConfigState.putExtra(SERVICES_RETRIEVED, true);

-					downloadAnonCert();

-				} else {

-					mProgressBar.incrementProgressBy(1);

-				    mProgressBar.setVisibility(ProgressBar.GONE);

-				    progressbar_description.setVisibility(TextView.GONE);

-					setResult(RESULT_OK);
-					showProviderDetails(getCurrentFocus());

-				}
-		} else if(resultCode == ProviderAPI.PROVIDER_NOK) {

-			//refreshProviderList(0);
-			String reason_to_fail = resultData.getString(ProviderAPI.ERRORS);

-			showDownloadFailedDialog(getCurrentFocus(), reason_to_fail);

-			mProgressBar.setVisibility(ProgressBar.GONE);

-			progressbar_description.setVisibility(TextView.GONE);
-			preferences.edit().remove(Provider.KEY).commit();

-			setting_up_provider = false;
-			setResult(RESULT_CANCELED, mConfigState);

-		}

-		else if(resultCode == ProviderAPI.CORRECTLY_DOWNLOADED_CERTIFICATE) {

-			mProgressBar.incrementProgressBy(1);

-		    mProgressBar.setVisibility(ProgressBar.GONE);

-		    progressbar_description.setVisibility(TextView.GONE);

-		    //refreshProviderList(0);

-		    setResult(RESULT_OK);

-		    showProviderDetails(getCurrentFocus());

-		} else if(resultCode == ProviderAPI.INCORRECTLY_DOWNLOADED_CERTIFICATE) {

-			//refreshProviderList(0);

-			mProgressBar.setVisibility(ProgressBar.GONE);

-		    progressbar_description.setVisibility(TextView.GONE);

-			//Toast.makeText(getApplicationContext(), R.string.incorrectly_downloaded_certificate_message, Toast.LENGTH_LONG).show();

-        	setResult(RESULT_CANCELED, mConfigState);

-		} else if(resultCode == AboutActivity.VIEWED) {
-		    // Do nothing, right now
-		    // I need this for CW to wait for the About activity to end before going back to Dashboard.
-		}
-	}

-

-	/**

-     * Callback method from {@link ProviderListFragment.Callbacks}

-     * indicating that the item with the given ID was selected.

-     */

-    @Override

-    public void onItemSelected(String id) {

-	    //TODO Code 2 pane view

-	//	resetOldConnection();

-	    ProviderItem selected_provider = getProvider(id);

-	    int provider_index = getProviderIndex(id);

-
-
-	    startProgressBar(provider_index+1);
-	    provider_list_fragment.hideAllBut(provider_index);
-
-	    boolean danger_on = true;
-	    if(preferences.contains(ProviderItem.DANGER_ON))
-	    	danger_on = preferences.getBoolean(ProviderItem.DANGER_ON, false);
-	    setUpProvider(selected_provider.providerMainUrl(), danger_on);
-    }

-    

-    @Override

-    public void onBackPressed() {

-    	if(setting_up_provider) {
-    		stopSettingUpProvider();
-    	} else {

-    		usualBackButton();
-    	}
+    private String progressbar_text = "";
+    private String provider_name = "";
+    private int progress = -1;
+
+    private void initProviderList() {
+        List<Renderer<Provider>> prototypes = new ArrayList<Renderer<Provider>>();
+        prototypes.add(new ProviderRenderer(this));
+        ProviderRendererBuilder providerRendererBuilder = new ProviderRendererBuilder(prototypes);
+        adapter = new ProviderListAdapter(getLayoutInflater(), providerRendererBuilder, provider_manager);
+        provider_list_view.setAdapter(adapter);
+    }
+    
+    @Override
+    protected void onSaveInstanceState(@NotNull Bundle outState) {
+        if(mProgressBar != null)
+            outState.putInt(PROGRESSBAR_NUMBER, mProgressBar.getProgress());
+        if(progressbar_description != null)
+            outState.putString(PROGRESSBAR_TEXT, progressbar_description.getText().toString());
+        if(selected_provider != null)
+            outState.putParcelable(Provider.KEY, selected_provider);
+        outState.putParcelable(ProviderAPI.RECEIVER_KEY, providerAPI_result_receiver);
+        super.onSaveInstanceState(outState);
+    }
+
+    @Override
+    protected void onCreate(Bundle savedInstanceState) {
+        super.onCreate(savedInstanceState);
+        preferences = getSharedPreferences(Dashboard.SHARED_PREFERENCES, MODE_PRIVATE);
+        fragment_manager = new FragmentManagerEnhanced(getFragmentManager());
+        provider_manager = ProviderManager.getInstance(getAssets(), getExternalFilesDir(null));
+
+        setUpInitialUI();
+
+        setUpProviderAPIResultReceiver();
+
+        setUpProviderList();
+
+        if(savedInstanceState != null) {
+            restoreState(savedInstanceState);
+        }
+    }
+
+    private void restoreState(Bundle savedInstanceState) {
+        progressbar_text = savedInstanceState.getString(PROGRESSBAR_TEXT, "");
+        provider_name = savedInstanceState.getString(Provider.NAME, "");
+        selected_provider = savedInstanceState.getParcelable(Provider.KEY);
+        progress = savedInstanceState.getInt(PROGRESSBAR_NUMBER, -1);
+        providerAPI_result_receiver = savedInstanceState.getParcelable(ProviderAPI.RECEIVER_KEY);
+        providerAPI_result_receiver.setReceiver(this);
     }
-    

-    private void stopSettingUpProvider() {

-		ProviderAPI.stop();

-		mProgressBar.setVisibility(ProgressBar.GONE);

-		mProgressBar.setProgress(0);

-		progressbar_description.setVisibility(TextView.GONE);

-		preferences.edit().remove(Provider.KEY).commit();

-    	setting_up_provider = false;

-	showAllProviders();
-    }

-    

-    private void usualBackButton() {

-		try {

-			boolean is_provider_set_up = new JSONObject(preferences.getString(Provider.KEY, "no provider")) != null ? true : false;

-			boolean is_provider_set_up_truly = new JSONObject(preferences.getString(Provider.KEY, "no provider")).length() != 0 ? true : false;

-			if(!is_provider_set_up || !is_provider_set_up_truly) {

-				askDashboardToQuitApp();

-			} else {

-				setResult(RESULT_OK);

-			}

-		} catch (JSONException e) {

-			askDashboardToQuitApp();

-			super.onBackPressed();

-			e.printStackTrace();

-		}

-		super.onBackPressed();

-    }

-    private void askDashboardToQuitApp() {

-		Intent ask_quit = new Intent();

-		ask_quit.putExtra(Dashboard.ACTION_QUIT, Dashboard.ACTION_QUIT);

-		setResult(RESULT_CANCELED, ask_quit);

-    }

-

-    private ProviderItem getProvider(String name) {

-	    Iterator<ProviderItem> providers_iterator = ProviderListContent.ITEMS.iterator();

-	    while(providers_iterator.hasNext()) {

-		    ProviderItem provider = providers_iterator.next();

-		    if(provider.name().equalsIgnoreCase(name)) {

-			    return provider;

-		    }

-	    }

-	    return null;

-    }

-    

-    private String getId(String provider_main_url_string) {
-	try {
-	URL provider_url = new URL(provider_main_url_string);
-	URL aux_provider_url;
-	Iterator<ProviderItem> providers_iterator = ProviderListContent.ITEMS.iterator();
-	while(providers_iterator.hasNext()) {
-	    ProviderItem provider = providers_iterator.next();
-	    aux_provider_url = new URL(provider.providerMainUrl());
-	    if(isSameURL(provider_url, aux_provider_url)) {
-		return provider.name();
+
+    @Override
+    protected void onPostResume() {
+        super.onPostResume();
+        if(!progressbar_text.isEmpty() && !provider_name.isEmpty() && progress != -1) {
+            progressbar_description.setText(progressbar_text);
+            //onItemSelectedUi(getProvider(provider_name));
+            mProgressBar.setProgress(progress);
+
+            progressbar_text = "";
+            provider_name = "";
+            progress = -1;
+        }
+    }
+
+    private void setUpInitialUI() {
+        setContentView(R.layout.configuration_wizard_activity);
+        ButterKnife.inject(this);
+
+        hideProgressBar();
+    }
+    
+    private void hideProgressBar() {	
+	mProgressBar.setVisibility(ProgressBar.INVISIBLE);
+	progressbar_description.setVisibility(TextView.INVISIBLE);
+    }
+
+    private void setUpProviderList() {
+        initProviderList();
+    }
+
+    @Override
+    protected void onDestroy() {
+	super.onDestroy();
+	if(providerAPI_broadcast_receiver_update != null)
+	    unregisterReceiver(providerAPI_broadcast_receiver_update);
+    }
+
+    private void setUpProviderAPIResultReceiver() {
+        providerAPI_result_receiver = new ProviderAPIResultReceiver(new Handler());
+        providerAPI_result_receiver.setReceiver(this);
+	providerAPI_broadcast_receiver_update = new ProviderAPIBroadcastReceiver_Update();
+	
+	IntentFilter update_intent_filter = new IntentFilter(ProviderAPI.UPDATE_PROGRESSBAR);
+	update_intent_filter.addCategory(Intent.CATEGORY_DEFAULT);
+	registerReceiver(providerAPI_broadcast_receiver_update, update_intent_filter);
+    }
+
+    @Override
+    public void onReceiveResult(int resultCode, Bundle resultData) {
+	if(resultCode == ProviderAPI.PROVIDER_OK) {
+	    mConfigState.setAction(PROVIDER_SET);
+
+            try {
+                String provider_json_string = preferences.getString(Provider.KEY, "");
+                if(!provider_json_string.isEmpty())
+		    selected_provider.define(new JSONObject(provider_json_string));
+            } catch (JSONException e) {
+                e.printStackTrace();
+            }
+
+	    if (preferences.getBoolean(Constants.ALLOWED_ANON, false)){
+		mConfigState.putExtra(SERVICES_RETRIEVED, true);
+		
+		downloadAnonCert();
+	    } else {
+		mProgressBar.incrementProgressBy(1);
+		hideProgressBar();
+		
+		setResult(RESULT_OK);
+
+		showProviderDetails();
 	    }
+	} else if(resultCode == ProviderAPI.PROVIDER_NOK) {
+	    hideProgressBar();
+	    preferences.edit().remove(Provider.KEY).apply();
+	    setting_up_provider = false;
+	    
+	    setResult(RESULT_CANCELED, mConfigState);
+	    
+	    String reason_to_fail = resultData.getString(ProviderAPI.ERRORS);
+	    showDownloadFailedDialog(reason_to_fail);
 	}
-	} catch (MalformedURLException e) {
-	    e.printStackTrace();
-	}
-	return "";
-    }

-
-    /**
-     * Checks, whether 2 urls are pointing to the same location.
-     *
-     * @param url a url
-     * @param baseUrl an other url, that should be compared.
-     * @return true, if the urls point to the same host and port and use the 
-     *         same protocol, false otherwise.
-     */
-    private boolean isSameURL(final URL url, final URL baseUrl) {
-	if (!url.getProtocol().equals(baseUrl.getProtocol())) {
-	    return false;
+	else if(resultCode == ProviderAPI.CORRECTLY_DOWNLOADED_CERTIFICATE) {
+	    mProgressBar.incrementProgressBy(1);
+	    hideProgressBar();
+
+	    showProviderDetails();
+
+	    setResult(RESULT_OK);
+	} else if(resultCode == ProviderAPI.INCORRECTLY_DOWNLOADED_CERTIFICATE) {
+	    hideProgressBar();
+	    
+	    setResult(RESULT_CANCELED, mConfigState);
+	} else if(resultCode == AboutActivity.VIEWED) {
+	    // Do nothing, right now
+	    // I need this for CW to wait for the About activity to end before going back to Dashboard.
 	}
-	if (!url.getHost().equals(baseUrl.getHost())) {
-	    return false;
+    }
+    
+    @OnItemClick(R.id.provider_list)
+    void onItemSelected(int position) {
+        //TODO Code 2 pane view
+        selected_provider = adapter.getItem(position);
+        onItemSelectedLogic(selected_provider);
+        onItemSelectedUi(selected_provider);
+    }
+
+    private void onItemSelectedLogic(Provider selected_provider) {
+        boolean danger_on = true;
+        if(preferences.contains(ProviderItem.DANGER_ON))
+            danger_on = preferences.getBoolean(ProviderItem.DANGER_ON, false);
+        setUpProvider(selected_provider.mainUrl(), danger_on);
+    }
+
+    private void onItemSelectedUi(Provider provider) {
+        startProgressBar();
+        adapter.hideAllBut(adapter.indexOf(provider));
+    }
+    
+    
+    
+    @Override
+    public void onBackPressed() {
+    	if(setting_up_provider) {
+	    stopSettingUpProvider();
+    	} else {
+	    askDashboardToQuitApp();
+	    super.onBackPressed();
+    	}
+    }
+    
+    private void stopSettingUpProvider() {
+	ProviderAPI.stop();
+	mProgressBar.setVisibility(ProgressBar.GONE);
+	mProgressBar.setProgress(0);
+	progressbar_description.setVisibility(TextView.GONE);
+
+	cancelSettingUpProvider();
+    }
+
+    public void cancelSettingUpProvider() {
+        showAllProviders();
+        setting_up_provider = false;
+        preferences.edit().remove(Provider.KEY).remove(ProviderItem.DANGER_ON).remove(Constants.ALLOWED_ANON).remove(Constants.KEY).commit();
+    }
+    
+    private void askDashboardToQuitApp() {
+		Intent ask_quit = new Intent();
+		ask_quit.putExtra(Dashboard.ACTION_QUIT, Dashboard.ACTION_QUIT);
+		setResult(RESULT_CANCELED, ask_quit);
+    }
+
+    private void startProgressBar() {
+        mProgressBar.setVisibility(ProgressBar.VISIBLE);
+        progressbar_description.setVisibility(TextView.VISIBLE);
+        mProgressBar.setProgress(0);
+        mProgressBar.setMax(3);
+
+	int measured_height = listItemHeight();
+	mProgressBar.setTranslationY(measured_height);
+	progressbar_description.setTranslationY(measured_height + mProgressBar.getHeight());
+    }
+    
+    private int listItemHeight() {
+        View listItem = adapter.getView(0, null, provider_list_view);
+        listItem.setLayoutParams(new RelativeLayout.LayoutParams(
+                    RelativeLayout.LayoutParams.WRAP_CONTENT,
+                    RelativeLayout.LayoutParams.WRAP_CONTENT));
+        WindowManager wm = (WindowManager) getApplicationContext()
+                    .getSystemService(Context.WINDOW_SERVICE);
+        Display display = wm.getDefaultDisplay();
+        int screenWidth = display.getWidth(); // deprecated
+
+        int listViewWidth = screenWidth - 10 - 10;
+        int widthSpec = View.MeasureSpec.makeMeasureSpec(listViewWidth,
+                    View.MeasureSpec.AT_MOST);
+        listItem.measure(widthSpec, 0);
+
+        return listItem.getMeasuredHeight();
+}
+    
+	/**
+	 * Asks ProviderAPI to download an anonymous (anon) VPN certificate.
+	 */
+	private void downloadAnonCert() {
+		Intent provider_API_command = new Intent(this, ProviderAPI.class);
+
+		Bundle parameters = new Bundle();
+
+		parameters.putString(TYPE_OF_CERTIFICATE, ANON_CERTIFICATE);
+
+		provider_API_command.setAction(ProviderAPI.DOWNLOAD_CERTIFICATE);
+		provider_API_command.putExtra(ProviderAPI.PARAMETERS, parameters);
+		provider_API_command.putExtra(ProviderAPI.RECEIVER_KEY, providerAPI_result_receiver);
+
+		startService(provider_API_command);
 	}
-	if (url.getPort() != baseUrl.getPort()) {
-	    return false;
+	
+	/**
+	 * Open the new provider dialog
+	 */
+	public void addAndSelectNewProvider() {
+	    FragmentTransaction fragment_transaction = fragment_manager.removePreviousFragment(NewProviderDialog.TAG);
+        new NewProviderDialog().show(fragment_transaction, NewProviderDialog.TAG);
 	}
-	return true;
-    }
-	

-	private void startProgressBar() {

-	    mProgressBar.setVisibility(ProgressBar.VISIBLE);

-	    mProgressBar.setProgress(0);

-	    mProgressBar.setMax(3);

-	}

-	

-	private void startProgressBar(int list_item_index) {

-	    mProgressBar.setVisibility(ProgressBar.VISIBLE);

-	    progressbar_description.setVisibility(TextView.VISIBLE);

-	    mProgressBar.setProgress(0);

-	    mProgressBar.setMax(3);

-	    int measured_height = listItemHeight(list_item_index);

-	    mProgressBar.setTranslationY(measured_height);

-	    progressbar_description.setTranslationY(measured_height + mProgressBar.getHeight());

-	}

-

-    private int getProviderIndex(String id) {

-    	int index = 0;

-	    Iterator<ProviderItem> providers_iterator = ProviderListContent.ITEMS.iterator();

-	    while(providers_iterator.hasNext()) {

-		    ProviderItem provider = providers_iterator.next();

-		    if(provider.name().equalsIgnoreCase(id)) {

-			    break;

-		    } else index++;
-	    }

-	    return index;

-    }

-    

-    private int listItemHeight(int list_item_index) {

-        ListView provider_list_view = (ListView)findViewById(android.R.id.list);

-        ListAdapter provider_list_adapter = provider_list_view.getAdapter();

-        View listItem = provider_list_adapter.getView(0, null, provider_list_view);

-        listItem.setLayoutParams(new RelativeLayout.LayoutParams(

-                    RelativeLayout.LayoutParams.WRAP_CONTENT,

-                    RelativeLayout.LayoutParams.WRAP_CONTENT));

-        WindowManager wm = (WindowManager) getApplicationContext()

-                    .getSystemService(Context.WINDOW_SERVICE);

-        Display display = wm.getDefaultDisplay();

-        int screenWidth = display.getWidth(); // deprecated

-

-        int listViewWidth = screenWidth - 10 - 10;

-        int widthSpec = MeasureSpec.makeMeasureSpec(listViewWidth,

-                    MeasureSpec.AT_MOST);

-        listItem.measure(widthSpec, 0);

-

-        return listItem.getMeasuredHeight();

-}

-	

-    /**
-     * Loads providers data from url files contained in the assets folder
-     * @return true if the files were correctly read
-     */
-    private boolean loadPreseededProviders() {
-    	boolean loaded_preseeded_providers = false;
-        String[] urls_filepaths = null;
-	try {
-	    //TODO Put that folder in a better place (also inside the "for")
-	    urls_filepaths = getAssets().list(ASSETS_URL_FOLDER); 
-	    String provider_name = "";
-	    for(String url_filepath : urls_filepaths) {
-		provider_name = url_filepath.subSequence(0, url_filepath.lastIndexOf(".")).toString();
-		String provider_main_url = extractProviderMainUrlFromAssetsFile(ASSETS_URL_FOLDER + "/" + url_filepath);
-		if(getId(provider_main_url).isEmpty())
-		    ProviderListContent.addItem(new ProviderItem(provider_name, provider_main_url));
-		loaded_preseeded_providers = true;

-	    }
-	} catch (IOException e) {
-	    loaded_preseeded_providers = false;
+	
+	/**
+	 * Open the new provider dialog with data
+	 */
+	public void addAndSelectNewProvider(String main_url, boolean danger_on) {
+	    FragmentTransaction fragment_transaction = fragment_manager.removePreviousFragment(NewProviderDialog.TAG);
+	    
+	    DialogFragment newFragment = new NewProviderDialog();
+	    Bundle data = new Bundle();
+	    data.putString(Provider.MAIN_URL, main_url);
+	    data.putBoolean(ProviderItem.DANGER_ON, danger_on);
+	    newFragment.setArguments(data);
+	    newFragment.show(fragment_transaction, NewProviderDialog.TAG);
 	}
 	
-	return loaded_preseeded_providers;
-    }
+	/**
+	 * Once selected a provider, this fragment offers the user to log in, 
+	 * use it anonymously (if possible) 
+	 * or cancel his/her election pressing the back button.
+	 * @param reason_to_fail
+	 */
+	public void showDownloadFailedDialog(String reason_to_fail) {
+	    FragmentTransaction fragment_transaction = fragment_manager.removePreviousFragment(DownloadFailedDialog.TAG);
+		
+	    DialogFragment newFragment = DownloadFailedDialog.newInstance(reason_to_fail);
+	    newFragment.show(fragment_transaction, DownloadFailedDialog.TAG);
+	}
+
+	/**
+	 * Once selected a provider, this fragment offers the user to log in, 
+	 * use it anonymously (if possible) 
+	 * or cancel his/her election pressing the back button.
+	 */
+	private void showProviderDetails() {
+		if(setting_up_provider) {
+		    FragmentTransaction fragment_transaction = fragment_manager.removePreviousFragment(ProviderDetailFragment.TAG);
 
-    private String extractProviderMainUrlFromAssetsFile(String filepath) {
-	String provider_main_url = "";
-	try {	    
-	    InputStream input_stream_file_contents = getAssets().open(filepath);
-	    byte[] urls_file_bytes = new byte[input_stream_file_contents.available()];
-	    input_stream_file_contents.read(urls_file_bytes);
-	    String urls_file_content = new String(urls_file_bytes);
-	    JSONObject file_contents = new JSONObject(urls_file_content);
-	    provider_main_url = file_contents.getString(Provider.MAIN_URL);
-	} catch (JSONException e) {
-	} catch (IOException e) {
+		    DialogFragment newFragment = ProviderDetailFragment.newInstance();
+		    newFragment.show(fragment_transaction, ProviderDetailFragment.TAG);
+		}
 	}
-	return provider_main_url;
+
+    public void showAndSelectProvider(String provider_main_url, boolean danger_on) {
+        try {
+            selected_provider = new Provider(new URL((provider_main_url)));
+            adapter.add(selected_provider);
+            adapter.saveProviders();
+            autoSelectProvider(selected_provider, danger_on);
+        } catch (MalformedURLException e) {
+            e.printStackTrace();
+        }
     }
-    
-	/**

-	 * Asks ProviderAPI to download an anonymous (anon) VPN certificate.

-	 */

-	private void downloadAnonCert() {

-		Intent provider_API_command = new Intent(this, ProviderAPI.class);

-

-		Bundle parameters = new Bundle();

-

-		parameters.putString(TYPE_OF_CERTIFICATE, ANON_CERTIFICATE);

-

-		provider_API_command.setAction(ProviderAPI.DOWNLOAD_CERTIFICATE);

-		provider_API_command.putExtra(ProviderAPI.PARAMETERS, parameters);

-		provider_API_command.putExtra(ProviderAPI.RECEIVER_KEY, providerAPI_result_receiver);

-

-		startService(provider_API_command);

-	}

-	

-	/**

-	 * Open the new provider dialog

-	 */

-	public void addAndSelectNewProvider() {

-		FragmentTransaction fragment_transaction = getFragmentManager().beginTransaction();

-		Fragment previous_new_provider_dialog = getFragmentManager().findFragmentByTag(NewProviderDialog.TAG);

-		if (previous_new_provider_dialog != null) {

-			fragment_transaction.remove(previous_new_provider_dialog);

-		}

-		fragment_transaction.addToBackStack(null);

-		

-		DialogFragment newFragment = NewProviderDialog.newInstance();

-		newFragment.show(fragment_transaction, NewProviderDialog.TAG);

-	}

-	

-	/**

-	 * Open the new provider dialog with data

-	 */

-	public void addAndSelectNewProvider(String main_url, boolean danger_on) {

-		FragmentTransaction fragment_transaction = getFragmentManager().beginTransaction();

-		Fragment previous_new_provider_dialog = getFragmentManager().findFragmentByTag(NewProviderDialog.TAG);

-		if (previous_new_provider_dialog != null) {

-			fragment_transaction.remove(previous_new_provider_dialog);

-		}

-		

-		DialogFragment newFragment = NewProviderDialog.newInstance();

-		Bundle data = new Bundle();

-		data.putString(Provider.MAIN_URL, main_url);

-		data.putBoolean(ProviderItem.DANGER_ON, danger_on);

-		newFragment.setArguments(data);

-		newFragment.show(fragment_transaction, NewProviderDialog.TAG);

-	}

-	

-	/**

-	 * Once selected a provider, this fragment offers the user to log in, 

-	 * use it anonymously (if possible) 

-	 * or cancel his/her election pressing the back button.

-	 * @param view

-	 * @param reason_to_fail 

-	 */

-	public void showDownloadFailedDialog(View view, String reason_to_fail) {

-		FragmentTransaction fragment_transaction = getFragmentManager().beginTransaction();

-		Fragment previous_provider_details_dialog = getFragmentManager().findFragmentByTag(DownloadFailedDialog.TAG);

-		if (previous_provider_details_dialog != null) {

-			fragment_transaction.remove(previous_provider_details_dialog);

-		}

-		fragment_transaction.addToBackStack(null);

-		

-		DialogFragment newFragment = DownloadFailedDialog.newInstance(reason_to_fail);

-		newFragment.show(fragment_transaction, DownloadFailedDialog.TAG);

-	}

-	

-	/**

-	 * Once selected a provider, this fragment offers the user to log in, 

-	 * use it anonymously (if possible) 

-	 * or cancel his/her election pressing the back button.

-	 * @param view

-	 */

-	public void showProviderDetails(View view) {

-		if(setting_up_provider) {

-			FragmentTransaction fragment_transaction = getFragmentManager().beginTransaction();

-			Fragment previous_provider_details_dialog = getFragmentManager().findFragmentByTag(ProviderDetailFragment.TAG);

-			if (previous_provider_details_dialog != null) {

-				fragment_transaction.remove(previous_provider_details_dialog);

-			}

-			fragment_transaction.addToBackStack(null);

-

-			DialogFragment newFragment = ProviderDetailFragment.newInstance();

-			newFragment.show(fragment_transaction, ProviderDetailFragment.TAG);

-		}

-	}

-

-	public void showAndSelectProvider(String provider_main_url, boolean danger_on) {

-	    if(getId(provider_main_url).isEmpty())
-		showProvider(provider_main_url, danger_on);

-	    autoSelectProvider(provider_main_url, danger_on);
-	}

-	

-	private void showProvider(final String provider_main_url, final boolean danger_on) {

-		String provider_name = provider_main_url.replaceFirst("http[s]?://", "").replaceFirst("\\/", "_");

-		ProviderItem added_provider = new ProviderItem(provider_name, provider_main_url);

-		provider_list_fragment.addItem(added_provider);

-	}

-	

-	private void autoSelectProvider(String provider_main_url, boolean danger_on) {

-		preferences.edit().putBoolean(ProviderItem.DANGER_ON, danger_on).commit();

-		onItemSelected(getId(provider_main_url));

-	}

-	

-	/**

-	 * Asks ProviderAPI to download a new provider.json file

-	 * @param provider_name

-	 * @param provider_main_url

-	 * @param danger_on tells if HTTPS client should bypass certificate errors

-	 */

-	public void setUpProvider(String provider_main_url, boolean danger_on) {

-		Intent provider_API_command = new Intent(this, ProviderAPI.class);

-		Bundle parameters = new Bundle();

-		parameters.putString(Provider.MAIN_URL, provider_main_url);

-		parameters.putBoolean(ProviderItem.DANGER_ON, danger_on);

-

-		provider_API_command.setAction(ProviderAPI.SET_UP_PROVIDER);

-		provider_API_command.putExtra(ProviderAPI.PARAMETERS, parameters);

+
+    private void autoSelectProvider(Provider provider, boolean danger_on) {
+	preferences.edit().putBoolean(ProviderItem.DANGER_ON, danger_on).apply();
+        selected_provider = provider;
+        onItemSelectedLogic(selected_provider);
+        onItemSelectedUi(selected_provider);
+    }
+	
+	/**
+	 * Asks ProviderAPI to download a new provider.json file
+n	 * @param provider_main_url
+	 * @param danger_on tells if HTTPS client should bypass certificate errors
+	 */
+	public void setUpProvider(URL provider_main_url, boolean danger_on) {
+		Intent provider_API_command = new Intent(this, ProviderAPI.class);
+		Bundle parameters = new Bundle();
+		parameters.putString(Provider.MAIN_URL, provider_main_url.toString());
+		parameters.putBoolean(ProviderItem.DANGER_ON, danger_on);
+
+		provider_API_command.setAction(ProviderAPI.SET_UP_PROVIDER);
+		provider_API_command.putExtra(ProviderAPI.PARAMETERS, parameters);
 		provider_API_command.putExtra(ProviderAPI.RECEIVER_KEY, providerAPI_result_receiver);
 
-		startService(provider_API_command);

+		startService(provider_API_command);
 		setting_up_provider = true;
 	}
 
@@ -534,62 +427,55 @@ implements ProviderListFragment.Callbacks, NewProviderDialogInterface, ProviderD
 			startService(provider_API_command);
 		}
 	}
-	@Override

-	public boolean onCreateOptionsMenu(Menu menu) {

-		getMenuInflater().inflate(R.menu.configuration_wizard_activity, menu);

-		return true;

-	}

-	

-	@Override

-	public boolean onOptionsItemSelected(MenuItem item){

-		switch (item.getItemId()){

+	@Override
+	public boolean onCreateOptionsMenu(Menu menu) {
+		getMenuInflater().inflate(R.menu.configuration_wizard_activity, menu);
+		return true;
+	}
+	
+	@Override
+	public boolean onOptionsItemSelected(MenuItem item){
+		switch (item.getItemId()){
 		case R.id.about_leap:
 		    startActivityForResult(new Intent(this, AboutActivity.class), 0);
 			return true;
-		case R.id.new_provider:

-			addAndSelectNewProvider();

-			return true;

-		default:

-			return super.onOptionsItemSelected(item);

-		}

-	}

-		

-	public void showAllProviders() {

-		provider_list_fragment = (ProviderListFragment) getFragmentManager().findFragmentByTag(ProviderListFragment.TAG);

-		if(provider_list_fragment != null)

-			provider_list_fragment.unhideAll();

-	}

-	

-	public void cancelSettingUpProvider() {

-		provider_list_fragment = (ProviderListFragment) getFragmentManager().findFragmentByTag(ProviderListFragment.TAG);

-		if(provider_list_fragment != null && preferences.contains(ProviderItem.DANGER_ON)) {

-			provider_list_fragment.removeLastItem();

-		}

-		preferences.edit().remove(Provider.KEY).remove(ProviderItem.DANGER_ON).remove(EIP.ALLOWED_ANON).remove(EIP.KEY).commit();

-	}

-

-	@Override

-	public void login() {

-		Intent ask_login = new Intent();

-		ask_login.putExtra(LogInDialog.VERB, LogInDialog.VERB);

-		setResult(RESULT_OK, ask_login);

-		setting_up_provider = false;

-		finish();

-	}

-

-	@Override

-	public void use_anonymously() {

-		setResult(RESULT_OK);

-		setting_up_provider = false;

-		finish();

-	}

-

-	public class ProviderAPIBroadcastReceiver_Update extends BroadcastReceiver {

-

-		@Override

-		public void onReceive(Context context, Intent intent) {

-			int update = intent.getIntExtra(ProviderAPI.CURRENT_PROGRESS, 0);

-			mProgressBar.setProgress(update);

-		}

-	}

-}

+		case R.id.new_provider:
+			addAndSelectNewProvider();
+			return true;
+		default:
+			return super.onOptionsItemSelected(item);
+		}
+	}
+		
+	public void showAllProviders() {
+        adapter.showAllProviders();
+	}
+
+	@Override
+	public void login() {
+		Intent ask_login = new Intent();
+		ask_login.putExtra(SessionDialog.TAG, SessionDialog.TAG);
+        ask_login.putExtra(Provider.KEY, selected_provider);
+		setResult(RESULT_OK, ask_login);
+		setting_up_provider = false;
+		finish();
+	}
+
+	@Override
+	public void use_anonymously() {
+        Intent pass_provider = new Intent();
+        pass_provider.putExtra(Provider.KEY, selected_provider);
+		setResult(RESULT_OK, pass_provider);
+		setting_up_provider = false;
+		finish();
+	}
+
+	public class ProviderAPIBroadcastReceiver_Update extends BroadcastReceiver {
+
+		@Override
+		public void onReceive(Context context, Intent intent) {
+			int update = intent.getIntExtra(ProviderAPI.CURRENT_PROGRESS, 0);
+			mProgressBar.setProgress(update);
+		}
+	}
+}
diff --git a/app/src/debug/java/se/leap/bitmaskclient/NewProviderDialog.java b/app/src/debug/java/se/leap/bitmaskclient/NewProviderDialog.java
index cf09c64b..8fe1c3eb 100644
--- a/app/src/debug/java/se/leap/bitmaskclient/NewProviderDialog.java
+++ b/app/src/debug/java/se/leap/bitmaskclient/NewProviderDialog.java
@@ -16,14 +16,14 @@
  */
  package se.leap.bitmaskclient;
 
+import butterknife.ButterKnife;
+import butterknife.InjectView;
 import se.leap.bitmaskclient.ProviderListContent.ProviderItem;
-import se.leap.bitmaskclient.R;
 import android.app.Activity;
 import android.app.AlertDialog;
 import android.app.Dialog;
 import android.app.DialogFragment;
 import android.content.DialogInterface;
-import android.content.Intent;
 import android.os.Bundle;
 import android.view.LayoutInflater;
 import android.view.View;
@@ -40,20 +40,17 @@ import android.widget.Toast;
 public class NewProviderDialog extends DialogFragment {
 
     final public static String TAG = "newProviderDialog";
-        
+
+    @InjectView(R.id.new_provider_url)
+    EditText url_input_field;
+    @InjectView(R.id.danger_checkbox)
+    CheckBox danger_checkbox;
+
 	public interface NewProviderDialogInterface {
         public void showAndSelectProvider(String url_provider, boolean danger_on);
     }
 
 	NewProviderDialogInterface interface_with_ConfigurationWizard;
-
-	/**
-	 * @return a new instance of this DialogFragment.
-	 */
-	public static DialogFragment newInstance() {
-		NewProviderDialog dialog_fragment = new NewProviderDialog();
-		return dialog_fragment;
-	}
 	
     @Override
     public void onAttach(Activity activity) {
@@ -70,36 +67,19 @@ public class NewProviderDialog extends DialogFragment {
 	public Dialog onCreateDialog(Bundle savedInstanceState) {
 		AlertDialog.Builder builder = new AlertDialog.Builder(getActivity());
 		LayoutInflater inflater = getActivity().getLayoutInflater();
-		View new_provider_dialog_view = inflater.inflate(R.layout.new_provider_dialog, null);
-		final EditText url_input_field = (EditText)new_provider_dialog_view.findViewById(R.id.new_provider_url);
-		if(getArguments() != null && getArguments().containsKey(Provider.MAIN_URL)) {
-			url_input_field.setText(getArguments().getString(Provider.MAIN_URL));
-		}
-		final CheckBox danger_checkbox = (CheckBox)new_provider_dialog_view.findViewById(R.id.danger_checkbox);
-		if(getArguments() != null && getArguments().containsKey(ProviderItem.DANGER_ON)) {
-			danger_checkbox.setActivated(getArguments().getBoolean(ProviderItem.DANGER_ON));
-		}
+		View view = inflater.inflate(R.layout.new_provider_dialog, null);
+        ButterKnife.inject(this, view);
+        Bundle arguments = getArguments();
+		if(arguments != null) {
+            url_input_field.setText(arguments.getString(Provider.MAIN_URL, ""));
+            danger_checkbox.setActivated(arguments.getBoolean(ProviderItem.DANGER_ON, false));
+        }
 		
-		builder.setView(new_provider_dialog_view)
+		builder.setView(view)
 			.setMessage(R.string.introduce_new_provider)
 			.setPositiveButton(R.string.save, new DialogInterface.OnClickListener() {
 				public void onClick(DialogInterface dialog, int id) {
-					String entered_url = url_input_field.getText().toString().trim();
-					if(!entered_url.startsWith("https://")) {
-						if (entered_url.startsWith("http://")){
-							entered_url = entered_url.substring("http://".length());
-						}
-						entered_url = "https://".concat(entered_url);
-					}
-					boolean danger_on = danger_checkbox.isChecked();
-					if(validURL(entered_url)) {
-						interface_with_ConfigurationWizard.showAndSelectProvider(entered_url, danger_on);
-						Toast.makeText(getActivity().getApplicationContext(), R.string.valid_url_entered, Toast.LENGTH_LONG).show();
-					} else {
-						url_input_field.setText("");
-						danger_checkbox.setChecked(false);
-						Toast.makeText(getActivity().getApplicationContext(), R.string.not_valid_url_entered, Toast.LENGTH_LONG).show();;
-					}
+                    saveProvider();
 				}
 			})
 			.setNegativeButton(R.string.cancel, new DialogInterface.OnClickListener() {
@@ -111,6 +91,25 @@ public class NewProviderDialog extends DialogFragment {
 		return builder.create();
 	}
 
+    private void saveProvider() {
+        String entered_url = url_input_field.getText().toString().trim();
+        if(!entered_url.startsWith("https://")) {
+            if (entered_url.startsWith("http://")){
+                entered_url = entered_url.substring("http://".length());
+            }
+            entered_url = "https://".concat(entered_url);
+        }
+        boolean danger_on = danger_checkbox.isChecked();
+        if(validURL(entered_url)) {
+            interface_with_ConfigurationWizard.showAndSelectProvider(entered_url, danger_on);
+            Toast.makeText(getActivity().getApplicationContext(), R.string.valid_url_entered, Toast.LENGTH_LONG).show();
+        } else {
+            url_input_field.setText("");
+            danger_checkbox.setChecked(false);
+            Toast.makeText(getActivity().getApplicationContext(), R.string.not_valid_url_entered, Toast.LENGTH_LONG).show();;
+        }
+    }
+
     /**
      * Checks if the entered url is valid or not.
      * @param entered_url
diff --git a/app/src/debug/java/se/leap/bitmaskclient/ProviderAPI.java b/app/src/debug/java/se/leap/bitmaskclient/ProviderAPI.java
index b83f33a1..f47510bc 100644
--- a/app/src/debug/java/se/leap/bitmaskclient/ProviderAPI.java
+++ b/app/src/debug/java/se/leap/bitmaskclient/ProviderAPI.java
@@ -17,60 +17,22 @@
 package se.leap.bitmaskclient;
 
 import android.app.IntentService;
-import android.content.Intent;
-import android.content.SharedPreferences;
-import android.os.Bundle;
-import android.os.ResultReceiver;
-import android.util.Base64;
-import android.util.Log;
-import java.io.DataOutputStream;
-import java.io.FileNotFoundException;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.UnsupportedEncodingException;
+import android.content.*;
+import android.os.*;
+import android.util.*;
+import java.io.*;
 import java.math.BigInteger;
-import java.net.ConnectException;
-import java.net.CookieHandler;
-import java.net.CookieManager;
-import java.net.CookiePolicy;
-import java.net.MalformedURLException;
-import java.net.SocketTimeoutException;
-import java.net.URISyntaxException;
-import java.net.URL;
-import java.net.URLConnection;
-import java.net.URLEncoder;
-import java.net.UnknownHostException;
-import java.security.KeyManagementException;
-import java.security.KeyStore;
-import java.security.KeyStoreException;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-import java.security.SecureRandom;
-import java.security.cert.CertificateEncodingException;
-import java.security.cert.CertificateException;
-import java.security.cert.X509Certificate;
+import java.net.*;
+import java.security.*;
+import java.security.cert.*;
 import java.security.interfaces.RSAPrivateKey;
-import java.util.Calendar;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.Map;
-import java.util.Scanner;
-import java.util.NoSuchElementException;
-import javax.net.ssl.HostnameVerifier;
-import javax.net.ssl.HttpsURLConnection;
-import javax.net.ssl.KeyManager;
-import javax.net.ssl.SSLContext;
-import javax.net.ssl.SSLHandshakeException;
-import javax.net.ssl.SSLSession;
-import javax.net.ssl.TrustManager;
-import javax.net.ssl.TrustManagerFactory;
-import javax.net.ssl.X509TrustManager;
+import java.util.*;
+import javax.net.ssl.*;
 import org.apache.http.client.ClientProtocolException;
-import org.json.JSONException;
-import org.json.JSONObject;
-import se.leap.bitmaskclient.ProviderListContent.ProviderItem;
-import se.leap.bitmaskclient.R;
+import org.json.*;
 
+import se.leap.bitmaskclient.ProviderListContent.ProviderItem;
+import se.leap.bitmaskclient.eip.*;
 
 /**
  * Implements HTTP api methods used to manage communications with the provider server.
@@ -93,28 +55,23 @@ public class ProviderAPI extends IntentService {
     PARAMETERS = "parameters",
     RESULT_KEY = "result",
     RECEIVER_KEY = "receiver",
-    SESSION_ID_COOKIE_KEY = "session_id_cookie_key",
-    SESSION_ID_KEY = "session_id",
     ERRORS = "errors",
     UPDATE_PROGRESSBAR = "update_progressbar",
     CURRENT_PROGRESS = "current_progress",
-    TAG = "provider_api_tag"
+	TAG = ProviderAPI.class.getSimpleName()
     ;
 
     final public static int
-    CUSTOM_PROVIDER_ADDED = 0,
-    SRP_AUTHENTICATION_SUCCESSFUL = 3,
-    SRP_AUTHENTICATION_FAILED = 4,
-    SRP_REGISTRATION_SUCCESSFUL = 5,
-    SRP_REGISTRATION_FAILED = 6,
-    LOGOUT_SUCCESSFUL = 7,
+            SUCCESSFUL_LOGIN = 3,
+    FAILED_LOGIN = 4,
+    SUCCESSFUL_SIGNUP = 5,
+    FAILED_SIGNUP = 6,
+    SUCCESSFUL_LOGOUT = 7,
     LOGOUT_FAILED = 8,
     CORRECTLY_DOWNLOADED_CERTIFICATE = 9,
     INCORRECTLY_DOWNLOADED_CERTIFICATE = 10,
     PROVIDER_OK = 11,
-    PROVIDER_NOK = 12,
-    CORRECTLY_DOWNLOADED_ANON_CERTIFICATE = 13,
-    INCORRECTLY_DOWNLOADED_ANON_CERTIFICATE = 14
+    PROVIDER_NOK = 12
     ;
 
     private static boolean 
@@ -127,6 +84,7 @@ public class ProviderAPI extends IntentService {
     private static boolean last_danger_on = false;
     private static boolean setting_up_provider = true;
     private static SharedPreferences preferences;
+    private static String provider_api_url;
     
     public static void stop() {
     	setting_up_provider = false;
@@ -162,7 +120,15 @@ public class ProviderAPI extends IntentService {
 		final ResultReceiver receiver = command.getParcelableExtra(RECEIVER_KEY);
 		String action = command.getAction();
 		Bundle parameters = command.getBundleExtra(PARAMETERS);
-		setting_up_provider = true;
+        if(provider_api_url == null) {
+            try {
+                JSONObject provider_json = new JSONObject(preferences.getString(Provider.KEY, "no provider"));
+                provider_api_url = provider_json.getString(Provider.API_URL) + "/" + provider_json.getString(Provider.API_VERSION);
+                setting_up_provider = true;
+            } catch (JSONException e) {
+                setting_up_provider = false;
+            }
+        }
 		
 		if(action.equalsIgnoreCase(SET_UP_PROVIDER)) {
 			Bundle result = setUpProvider(parameters);
@@ -174,22 +140,22 @@ public class ProviderAPI extends IntentService {
 				}
 			}
 		} else if (action.equalsIgnoreCase(SRP_REGISTER)) {
-		    Bundle session_id_bundle = tryToRegisterWithSRP(parameters);
+		    Bundle session_id_bundle = tryToRegister(parameters);
 		    if(session_id_bundle.getBoolean(RESULT_KEY)) {
-			receiver.send(SRP_REGISTRATION_SUCCESSFUL, session_id_bundle);
+			receiver.send(SUCCESSFUL_SIGNUP, session_id_bundle);
 		    } else {
-			receiver.send(SRP_REGISTRATION_FAILED, session_id_bundle);
+			receiver.send(FAILED_SIGNUP, session_id_bundle);
 		    }
 		} else if (action.equalsIgnoreCase(SRP_AUTH)) {
-			Bundle session_id_bundle = tryToAuthenticateBySRP(parameters);
+			Bundle session_id_bundle = tryToAuthenticate(parameters);
 				if(session_id_bundle.getBoolean(RESULT_KEY)) {
-					receiver.send(SRP_AUTHENTICATION_SUCCESSFUL, session_id_bundle);
+					receiver.send(SUCCESSFUL_LOGIN, session_id_bundle);
 				} else {
-					receiver.send(SRP_AUTHENTICATION_FAILED, session_id_bundle);
+					receiver.send(FAILED_LOGIN, session_id_bundle);
 				}
 		} else if (action.equalsIgnoreCase(LOG_OUT)) {
-				if(logOut(parameters)) {
-					receiver.send(LOGOUT_SUCCESSFUL, Bundle.EMPTY);
+				if(logOut()) {
+					receiver.send(SUCCESSFUL_LOGOUT, Bundle.EMPTY);
 				} else {
 					receiver.send(LOGOUT_FAILED, Bundle.EMPTY);
 				}
@@ -202,44 +168,45 @@ public class ProviderAPI extends IntentService {
 		}
 	}
 
-    private Bundle tryToRegisterWithSRP(Bundle task) {
+    private Bundle tryToRegister(Bundle task) {
 	Bundle session_id_bundle = new Bundle();
 	int progress = 0;
 		
-	String username = (String) task.get(LogInDialog.USERNAME);
-	String password = (String) task.get(LogInDialog.PASSWORD);
-	String authentication_server = (String) task.get(Provider.API_URL);
+	String username = (String) task.get(SessionDialog.USERNAME);
+	String password = (String) task.get(SessionDialog.PASSWORD);
+	
 	if(validUserLoginData(username, password)) {
-	    session_id_bundle = registerWithSRP(username, password, authentication_server);
+	    session_id_bundle = register(username, password);
 	    broadcast_progress(progress++);
 	} else {
 	    if(!wellFormedPassword(password)) {
 		session_id_bundle.putBoolean(RESULT_KEY, false);
-		session_id_bundle.putString(LogInDialog.USERNAME, username);
-		session_id_bundle.putBoolean(LogInDialog.PASSWORD_INVALID_LENGTH, true);
+		session_id_bundle.putString(SessionDialog.USERNAME, username);
+		session_id_bundle.putBoolean(SessionDialog.PASSWORD_INVALID_LENGTH, true);
 	    }
 	    if(username.isEmpty()) {
 		session_id_bundle.putBoolean(RESULT_KEY, false);
-		session_id_bundle.putBoolean(LogInDialog.USERNAME_MISSING, true);
+		session_id_bundle.putBoolean(SessionDialog.USERNAME_MISSING, true);
 	    }
 	}
 		
 	return session_id_bundle;
     }
 
-    private Bundle registerWithSRP(String username, String password, String server) {	
+    private Bundle register(String username, String password) {	
 	LeapSRPSession client = new LeapSRPSession(username, password);
 	byte[] salt = client.calculateNewSalt();
 	
 	BigInteger password_verifier = client.calculateV(username, password, salt);
-	JSONObject api_result = sendNewUserDataToSRPServer(server, username, new BigInteger(1, salt).toString(16), password_verifier.toString(16));
+	
+	JSONObject api_result = sendNewUserDataToSRPServer(provider_api_url, username, new BigInteger(1, salt).toString(16), password_verifier.toString(16));
 	
 	Bundle result = new Bundle();
 	if(api_result.has(ERRORS))
 	    result = authFailedNotification(api_result, username);
 	else {
-	    result.putString(LogInDialog.USERNAME, username);
-	    result.putString(LogInDialog.PASSWORD, password);
+	    result.putString(SessionDialog.USERNAME, username);
+	    result.putString(SessionDialog.PASSWORD, password);
 	    result.putBoolean(RESULT_KEY, true);
 	}
 
@@ -251,26 +218,24 @@ public class ProviderAPI extends IntentService {
 	 * @param task containing: username, password and api url. 
 	 * @return a bundle with a boolean value mapped to a key named RESULT_KEY, and which is true if authentication was successful. 
 	 */
-	private Bundle tryToAuthenticateBySRP(Bundle task) {
+	private Bundle tryToAuthenticate(Bundle task) {
 	    Bundle result = new Bundle();
 	    int progress = 0;
 		
-	    String username = (String) task.get(LogInDialog.USERNAME);
-	    String password = (String) task.get(LogInDialog.PASSWORD);
-	    if(validUserLoginData(username, password)) {
-		String server = (String) task.get(Provider.API_URL);
-
-		authenticate(username, password, server);
+	    String username = (String) task.get(SessionDialog.USERNAME);
+	    String password = (String) task.get(SessionDialog.PASSWORD);
+	    if(validUserLoginData(username, password)) {		
+		result = authenticate(username, password);
 		broadcast_progress(progress++);
 	    } else {
 		if(!wellFormedPassword(password)) {
 		    result.putBoolean(RESULT_KEY, false);
-		    result.putString(LogInDialog.USERNAME, username);
-		    result.putBoolean(LogInDialog.PASSWORD_INVALID_LENGTH, true);
+		    result.putString(SessionDialog.USERNAME, username);
+		    result.putBoolean(SessionDialog.PASSWORD_INVALID_LENGTH, true);
 		}
 		if(username.isEmpty()) {
 		    result.putBoolean(RESULT_KEY, false);
-		    result.putBoolean(LogInDialog.USERNAME_MISSING, true);
+		    result.putBoolean(SessionDialog.USERNAME_MISSING, true);
 		}
 	    }
 		
@@ -278,19 +243,19 @@ public class ProviderAPI extends IntentService {
 	}
 
 
-    private Bundle authenticate(String username, String password, String server) {
+    private Bundle authenticate(String username, String password) {
 	Bundle result = new Bundle();
 	
 	LeapSRPSession client = new LeapSRPSession(username, password);
 	byte[] A = client.exponential();
-	
-	JSONObject step_result = sendAToSRPServer(server, username, new BigInteger(1, A).toString(16));
+
+	JSONObject step_result = sendAToSRPServer(provider_api_url, username, new BigInteger(1, A).toString(16));
 	try {
 	    String salt = step_result.getString(LeapSRPSession.SALT);
 	    byte[] Bbytes = new BigInteger(step_result.getString("B"), 16).toByteArray();
 	    byte[] M1 = client.response(new BigInteger(salt, 16).toByteArray(), Bbytes);
 	    if(M1 != null) {
-		step_result = sendM1ToSRPServer(server, username, M1);
+		step_result = sendM1ToSRPServer(provider_api_url, username, M1);
 		setTokenIfAvailable(step_result);
 		byte[] M2 = new BigInteger(step_result.getString(LeapSRPSession.M2), 16).toByteArray();
 		if(client.verify(M2)) {
@@ -300,7 +265,7 @@ public class ProviderAPI extends IntentService {
 		}
 	    } else {
 		result.putBoolean(RESULT_KEY, false);
-		result.putString(LogInDialog.USERNAME, username);
+		result.putString(SessionDialog.USERNAME, username);
 		result.putString(getResources().getString(R.string.user_message), getResources().getString(R.string.error_srp_math_error_user_message));
 	    }
 	} catch (JSONException e) {
@@ -331,7 +296,7 @@ public class ProviderAPI extends IntentService {
 	} catch(JSONException e) {}
 	
 	if(!username.isEmpty())
-	    user_notification_bundle.putString(LogInDialog.USERNAME, username);
+	    user_notification_bundle.putString(SessionDialog.USERNAME, username);
 	user_notification_bundle.putBoolean(RESULT_KEY, false);
 
 	return user_notification_bundle;
@@ -401,7 +366,7 @@ public class ProviderAPI extends IntentService {
 	 * Sends an HTTP POST request to the api server to register a new user.
 	 * @param server_url
 	 * @param username
-	 * @param salted_password
+	 * @param salt
 	 * @param password_verifier   
 	 * @return response from authentication server
 	 */
@@ -522,6 +487,7 @@ public class ProviderAPI extends IntentService {
 			last_danger_on = task.getBoolean(ProviderItem.DANGER_ON);
 			last_provider_main_url = task.getString(Provider.MAIN_URL);
 			CA_CERT_DOWNLOADED = PROVIDER_JSON_DOWNLOADED = EIP_SERVICE_JSON_DOWNLOADED = false;
+            setting_up_provider = true;
 		}
 
 			if(!PROVIDER_JSON_DOWNLOADED)
@@ -569,7 +535,6 @@ public class ProviderAPI extends IntentService {
 		return result;
 	}
 	
-
 	public static boolean caCertDownloaded() {
 		return CA_CERT_DOWNLOADED;
 	}
@@ -619,12 +584,13 @@ public class ProviderAPI extends IntentService {
 
 			try {
 				JSONObject provider_json = new JSONObject(provider_dot_json_string);
+				provider_api_url = provider_json.getString(Provider.API_URL) + "/" + provider_json.getString(Provider.API_VERSION);
 				String name = provider_json.getString(Provider.NAME);
 				//TODO setProviderName(name);
 
 				preferences.edit().putString(Provider.KEY, provider_json.toString()).commit();
-				preferences.edit().putBoolean(EIP.ALLOWED_ANON, provider_json.getJSONObject(Provider.SERVICE).getBoolean(EIP.ALLOWED_ANON)).commit();
-				preferences.edit().putBoolean(EIP.ALLOWED_REGISTERED, provider_json.getJSONObject(Provider.SERVICE).getBoolean(EIP.ALLOWED_REGISTERED)).commit();
+				preferences.edit().putBoolean(Constants.ALLOWED_ANON, provider_json.getJSONObject(Provider.SERVICE).getBoolean(Constants.ALLOWED_ANON)).commit();
+				preferences.edit().putBoolean(Constants.ALLOWED_REGISTERED, provider_json.getJSONObject(Provider.SERVICE).getBoolean(Constants.ALLOWED_REGISTERED)).commit();
 
 				result.putBoolean(RESULT_KEY, true);
 			} catch (JSONException e) {
@@ -637,12 +603,6 @@ public class ProviderAPI extends IntentService {
 		return result;
 	}
 
-
-	
-	public static boolean providerJsonDownloaded() {
-		return PROVIDER_JSON_DOWNLOADED;
-	}
-
 	private Bundle getAndSetEipServiceJson() {
 		Bundle result = new Bundle();
 		String eip_service_json_string = "";
@@ -654,7 +614,7 @@ public class ProviderAPI extends IntentService {
 				JSONObject eip_service_json = new JSONObject(eip_service_json_string);
 				eip_service_json.getInt(Provider.API_RETURN_SERIAL);
 
-				preferences.edit().putString(EIP.KEY, eip_service_json.toString()).commit();
+				preferences.edit().putString(Constants.KEY, eip_service_json.toString()).commit();
 
 				result.putBoolean(RESULT_KEY, true);
 			} catch (JSONException e) {
@@ -665,10 +625,6 @@ public class ProviderAPI extends IntentService {
 		}
 		return result;
 	}
-
-	public static boolean eipServiceDownloaded() {
-		return EIP_SERVICE_JSON_DOWNLOADED;
-	}
 	
 	/**
 	 * Interprets the error message as a JSON object and extract the "errors" keyword pair.
@@ -735,7 +691,7 @@ public class ProviderAPI extends IntentService {
 
 	/**
 	 * Tries to download the contents of the provided url using not commercially validated CA certificate from chosen provider. 
-	 * @param url as a string
+	 * @param url_string as a string
 	 * @param danger_on true to download CA certificate in case it has not been downloaded.
 	 * @return an empty string if it fails, the url content if not. 
 	 */
@@ -755,6 +711,7 @@ public class ProviderAPI extends IntentService {
 			// TODO Auto-generated catch block
 			e.printStackTrace();
 		} catch (UnknownHostException e) {
+		    e.printStackTrace();
 			json_file_content = formatErrorMessage(R.string.server_unreachable_message);
 		} catch (IOException e) {
 			// The downloaded certificate doesn't validate our https connection.
@@ -773,6 +730,7 @@ public class ProviderAPI extends IntentService {
 			// TODO Auto-generated catch block
 			e.printStackTrace();
 		} catch (NoSuchElementException e) {
+		    e.printStackTrace();
 		    json_file_content = formatErrorMessage(R.string.server_unreachable_message);
 		}
 		return json_file_content;
@@ -857,58 +815,46 @@ public class ProviderAPI extends IntentService {
 	
 	/**
 	 * Logs out from the api url retrieved from the task.
-	 * @param task containing api url from which the user will log out
 	 * @return true if there were no exceptions
 	 */
-	private boolean logOut(Bundle task) {
-		try {
-			String delete_url = task.getString(Provider.API_URL) + "/logout";
-			int progress = 0;
+    private boolean logOut() {
+	try {
+	    String delete_url = provider_api_url + "/logout";
+	    int progress = 0;
 
-			HttpsURLConnection urlConnection = (HttpsURLConnection)new URL(delete_url).openConnection();
-			urlConnection.setRequestMethod("DELETE");
-			urlConnection.setSSLSocketFactory(getProviderSSLSocketFactory());
+	    HttpsURLConnection urlConnection = (HttpsURLConnection)new URL(delete_url).openConnection();
+	    urlConnection.setRequestMethod("DELETE");
+	    urlConnection.setSSLSocketFactory(getProviderSSLSocketFactory());
 
-			int responseCode = urlConnection.getResponseCode();
-			broadcast_progress(progress++);
-			LeapSRPSession.setToken("");
-			Log.d(TAG, Integer.toString(responseCode));
-		} catch (ClientProtocolException e) {
-			// TODO Auto-generated catch block
-			e.printStackTrace();
-			return false;
-		} catch (IndexOutOfBoundsException e) {
-			// TODO Auto-generated catch block
-			e.printStackTrace();
-			return false;
-		} catch (IOException e) {
-			// TODO Auto-generated catch block
-			e.printStackTrace();
-			return false;
-		} catch (KeyManagementException e) {
-			// TODO Auto-generated catch block
-			e.printStackTrace();
-		} catch (KeyStoreException e) {
-			// TODO Auto-generated catch block
-			e.printStackTrace();
-		} catch (NoSuchAlgorithmException e) {
-			// TODO Auto-generated catch block
-			e.printStackTrace();
-		} catch (CertificateException e) {
-			// TODO Auto-generated catch block
-			e.printStackTrace();
-		}
-		return true;
+	    int responseCode = urlConnection.getResponseCode();
+	    broadcast_progress(progress++);
+	    LeapSRPSession.setToken("");
+	    Log.d(TAG, Integer.toString(responseCode));
+	} catch (ClientProtocolException e) {
+	    // TODO Auto-generated catch block
+	    e.printStackTrace();
+	    return false;
+	} catch (IndexOutOfBoundsException e) {
+	    // TODO Auto-generated catch block
+	    e.printStackTrace();
+	    return false;
+	} catch (IOException e) {
+	    // TODO Auto-generated catch block
+	    e.printStackTrace();
+	    return false;
+	} catch (KeyManagementException e) {
+	    // TODO Auto-generated catch block
+	    e.printStackTrace();
+	} catch (KeyStoreException e) {
+	    // TODO Auto-generated catch block
+	    e.printStackTrace();
+	} catch (NoSuchAlgorithmException e) {
+	    // TODO Auto-generated catch block
+	    e.printStackTrace();
+	} catch (CertificateException e) {
+	    // TODO Auto-generated catch block
+	    e.printStackTrace();
 	}
-
-    private boolean updateVpnCertificate() {
-	getNewCert();
-
-	preferences.edit().putInt(EIP.PARSED_SERIAL, 0).commit();
-	Intent updateEIP = new Intent(getApplicationContext(), EIP.class);
-	updateEIP.setAction(EIP.ACTION_UPDATE_EIP_SERVICE);
-	startService(updateEIP);
-
 	return true;
     }
     
@@ -917,15 +863,16 @@ public class ProviderAPI extends IntentService {
      * 
      * @return true if certificate was downloaded correctly, false if provider.json or danger_on flag are not present in SharedPreferences, or if the certificate url could not be parsed as a URI, or if there was an SSL error. 
      */
-    private boolean getNewCert() {
+    private boolean updateVpnCertificate() {
 	try {
 	    JSONObject provider_json = new JSONObject(preferences.getString(Provider.KEY, ""));
 			
 	    String provider_main_url = provider_json.getString(Provider.API_URL);
-	    URL new_cert_string_url = new URL(provider_main_url + "/" + provider_json.getString(Provider.API_VERSION) + "/" + EIP.CERTIFICATE);
+	    URL new_cert_string_url = new URL(provider_main_url + "/" + provider_json.getString(Provider.API_VERSION) + "/" + Constants.CERTIFICATE);
 
 	    boolean danger_on = preferences.getBoolean(ProviderItem.DANGER_ON, false);
 
+
 	    String cert_string = downloadWithProviderCA(new_cert_string_url.toString(), danger_on);
 
 	    if(cert_string.isEmpty() || ConfigHelper.checkErroneousDownload(cert_string))
@@ -942,7 +889,7 @@ public class ProviderAPI extends IntentService {
 	    return false;
 	} 
     }
-	
+
     private boolean loadCertificate(String cert_string) {
 	try {
 	    // API returns concatenated cert & key.  Split them for OpenVPN options
@@ -958,12 +905,12 @@ public class ProviderAPI extends IntentService {
 	    }
 	    RSAPrivateKey keyCert = ConfigHelper.parseRsaKeyFromString(keyString);
 	    keyString = Base64.encodeToString( keyCert.getEncoded(), Base64.DEFAULT );
-	    preferences.edit().putString(EIP.PRIVATE_KEY, "-----BEGIN RSA PRIVATE KEY-----\n"+keyString+"-----END RSA PRIVATE KEY-----").commit();
+	    preferences.edit().putString(Constants.PRIVATE_KEY, "-----BEGIN RSA PRIVATE KEY-----\n"+keyString+"-----END RSA PRIVATE KEY-----").commit();
 
 	    X509Certificate certCert = ConfigHelper.parseX509CertificateFromString(certificateString);
 	    certificateString = Base64.encodeToString( certCert.getEncoded(), Base64.DEFAULT);
-	    preferences.edit().putString(EIP.CERTIFICATE, "-----BEGIN CERTIFICATE-----\n"+certificateString+"-----END CERTIFICATE-----").commit();
-	    preferences.edit().putString(EIP.DATE_FROM_CERTIFICATE, EIP.certificate_date_format.format(Calendar.getInstance().getTime())).commit();
+
+	    preferences.edit().putString(Constants.CERTIFICATE, "-----BEGIN CERTIFICATE-----\n"+certificateString+"-----END CERTIFICATE-----").commit();
 						
 	    return true;
 	} catch (CertificateException e) {
diff --git a/app/src/debug/java/se/leap/bitmaskclient/ProviderDetailFragment.java b/app/src/debug/java/se/leap/bitmaskclient/ProviderDetailFragment.java
index 3ca003a0..d6f482ca 100644
--- a/app/src/debug/java/se/leap/bitmaskclient/ProviderDetailFragment.java
+++ b/app/src/debug/java/se/leap/bitmaskclient/ProviderDetailFragment.java
@@ -1,22 +1,17 @@
-package se.leap.bitmaskclient;

-

-import org.json.JSONException;

-import org.json.JSONObject;

-

-import se.leap.bitmaskclient.R;

-import se.leap.bitmaskclient.ProviderListContent.ProviderItem;

-

-import android.app.Activity;

-import android.app.AlertDialog;

-import android.app.Dialog;

-import android.app.DialogFragment;

-import android.content.DialogInterface;

-import android.content.SharedPreferences;

-import android.os.Bundle;

-import android.view.LayoutInflater;

-import android.view.View;

-import android.widget.TextView;

-

+package se.leap.bitmaskclient;
+
+import org.json.*;
+
+import se.leap.bitmaskclient.R;
+import se.leap.bitmaskclient.eip.Constants;
+import se.leap.bitmaskclient.ProviderListContent.ProviderItem;
+
+import android.app.*;
+import android.content.*;
+import android.os.Bundle;
+import android.view.*;
+import android.widget.TextView;
+
 public class ProviderDetailFragment extends DialogFragment {

 

     final public static String TAG = "providerDetailFragment";

@@ -66,7 +61,7 @@ public class ProviderDetailFragment extends DialogFragment {
 	private boolean anon_allowed(JSONObject provider_json) {

 		try {

 			JSONObject service_description = provider_json.getJSONObject(Provider.SERVICE);

-			return service_description.has(EIP.ALLOWED_ANON) && service_description.getBoolean(EIP.ALLOWED_ANON);

+			return service_description.has(Constants.ALLOWED_ANON) && service_description.getBoolean(Constants.ALLOWED_ANON);
 		} catch (JSONException e) {

 			return false;

 		}

@@ -85,7 +80,7 @@ public class ProviderDetailFragment extends DialogFragment {
 	public void onCancel(DialogInterface dialog) {

 		super.onCancel(dialog);

 		SharedPreferences.Editor editor = getActivity().getSharedPreferences(Dashboard.SHARED_PREFERENCES, Activity.MODE_PRIVATE).edit();

-		editor.remove(Provider.KEY).remove(ProviderItem.DANGER_ON).remove(EIP.ALLOWED_ANON).remove(EIP.KEY).commit();
+		editor.remove(Provider.KEY).remove(ProviderItem.DANGER_ON).remove(Constants.ALLOWED_ANON).remove(Constants.KEY).commit();
 		interface_with_configuration_wizard.showAllProviders();
 	}

 

diff --git a/app/src/main/AndroidManifest.xml b/app/src/main/AndroidManifest.xml
index 68a99560..6b548dbb 100644
--- a/app/src/main/AndroidManifest.xml
+++ b/app/src/main/AndroidManifest.xml
@@ -17,8 +17,8 @@
 
 <manifest xmlns:android="http://schemas.android.com/apk/res/android"
     package="se.leap.bitmaskclient"
-    android:versionCode="93"
-    android:versionName="0.7.0" >
+    android:versionCode="102"
+    android:versionName="0.8.0" >
 
     <uses-permission android:name="android.permission.INTERNET" />
     <uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
@@ -27,16 +27,17 @@
 
     <uses-sdk
         android:minSdkVersion="14"
-        android:targetSdkVersion="18" />
+        android:targetSdkVersion="21"/>
 
     <application
         android:allowBackup="true"
         android:icon="@drawable/icon"
         android:logo="@drawable/icon"
-        android:label="@string/app" >
+        android:label="@string/app"
+        android:theme="@style/appstyle">
 
         <service
-            android:name="se.leap.bitmaskclient.VoidVpnService"
+            android:name="se.leap.bitmaskclient.eip.VoidVpnService"
             android:permission="android.permission.BIND_VPN_SERVICE">
             <intent-filter>
                 <action android:name="android.net.VpnService" />
@@ -62,9 +63,10 @@
         </receiver>
 
 	<activity
-	    android:name="se.leap.bitmaskclient.VoidVpnLauncher" />
+	    android:name="se.leap.bitmaskclient.eip.VoidVpnLauncher"
+	    android:theme="@android:style/Theme.NoDisplay" />
+	
         <activity
-                android:theme="@android:style/Theme.DeviceDefault.Light.Dialog"
                 android:name="de.blinkt.openvpn.activities.DisconnectVPN" />
 	
         <activity
@@ -99,11 +101,11 @@
             android:label="@string/title_about_activity" >
         </activity>
         
-        <service android:name="se.leap.bitmaskclient.EIP" android:exported="false">
+        <service android:name="se.leap.bitmaskclient.eip.EIP" android:exported="false">
             <intent-filter>
-                <action android:name="se.leap.bitmaskclient.UPDATE_EIP_SERVICE"/>
-                <action android:name="se.leap.bitmaskclient.START_EIP"/>
-                <action android:name="se.leap.bitmaskclient.STOP_EIP"/>
+                <action android:name="se.leap.bitmaskclient.eip.UPDATE_EIP_SERVICE"/>
+                <action android:name="se.leap.bitmaskclient.eip.START_EIP"/>
+                <action android:name="se.leap.bitmaskclient.eip.STOP_EIP"/>
             </intent-filter>
         </service>
     </application>
diff --git a/app/src/main/java/de/blinkt/openvpn/LaunchVPN.java b/app/src/main/java/de/blinkt/openvpn/LaunchVPN.java
index a424a489..d7f3e110 100644
--- a/app/src/main/java/de/blinkt/openvpn/LaunchVPN.java
+++ b/app/src/main/java/de/blinkt/openvpn/LaunchVPN.java
@@ -1,3 +1,8 @@
+/*
+ * Copyright (c) 2012-2014 Arne Schwabe
+ * Distributed under the GNU GPL v2. For full terms see the file doc/LICENSE.txt
+ */
+
 package de.blinkt.openvpn;
 
 import se.leap.bitmaskclient.R;
@@ -113,27 +118,25 @@ public class LaunchVPN extends Activity {
 		}
 	}
 
-
 	@Override
 	protected void onActivityResult (int requestCode, int resultCode, Intent data) {
-		super.onActivityResult(requestCode, resultCode, data);
-
-		if(requestCode==START_VPN_PROFILE) {
-		    SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(this);        
-		    boolean showlogwindow = prefs.getBoolean("showlogwindow", true);
-		    
-		    if(!mhideLog && showlogwindow)
-			showLogWindow();
-		    new startOpenVpnThread().start();
-		} else if (resultCode == Activity.RESULT_CANCELED) {
-		    // User does not want us to start, so we just vanish
-		    VpnStatus.updateStateString("USER_VPN_PERMISSION_CANCELLED", "", R.string.state_user_vpn_permission_cancelled,
-						ConnectionStatus.LEVEL_NOTCONNECTED);
-
-		    finish();
-		}
+	    super.onActivityResult(requestCode, resultCode, data);
+
+	    if(requestCode==START_VPN_PROFILE) {
+		SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(this);
+		boolean showLogWindow = prefs.getBoolean("showlogwindow", true);
+
+		if(!mhideLog && showLogWindow)
+		    showLogWindow();
+		new startOpenVpnThread().start();
+	    } else if (resultCode == Activity.RESULT_CANCELED) {
+		// User does not want us to start, so we just vanish
+		VpnStatus.updateStateString("USER_VPN_PERMISSION_CANCELLED", "", R.string.state_user_vpn_permission_cancelled,
+					    ConnectionStatus.LEVEL_NOTCONNECTED);
+
+		finish();
+	    }
 	}
-
 	void showLogWindow() {
 
 		Intent startLW = new Intent(getBaseContext(),LogWindow.class);
diff --git a/app/src/main/java/de/blinkt/openvpn/VpnProfile.java b/app/src/main/java/de/blinkt/openvpn/VpnProfile.java
index 6fec5f46..fb2ba90d 100644
--- a/app/src/main/java/de/blinkt/openvpn/VpnProfile.java
+++ b/app/src/main/java/de/blinkt/openvpn/VpnProfile.java
@@ -1,3 +1,8 @@
+/*
+ * Copyright (c) 2012-2014 Arne Schwabe
+ * Distributed under the GNU GPL v2. For full terms see the file doc/LICENSE.txt
+ */
+
 package de.blinkt.openvpn;
 
 import se.leap.bitmaskclient.R;
@@ -48,6 +53,7 @@ import javax.crypto.NoSuchPaddingException;
 
 import de.blinkt.openvpn.core.NativeUtils;
 import de.blinkt.openvpn.core.OpenVPNService;
+import de.blinkt.openvpn.core.VPNLaunchHelper;
 import de.blinkt.openvpn.core.VpnStatus;
 import de.blinkt.openvpn.core.X509Utils;
 
@@ -62,11 +68,8 @@ public class VpnProfile implements Serializable {
     public static final String EXTRA_PROFILEUUID = "de.blinkt.openvpn.profileUUID";
     public static final String INLINE_TAG = "[[INLINE]]";
     public static final String DISPLAYNAME_TAG = "[[NAME]]";
-    private static final String MININONPIEVPN = "nopievpn";
-    private static final String MINIPIEVPN = "pievpn";
 
     private static final long serialVersionUID = 7085688938959334563L;
-    private static final String OVPNCONFIGFILE = "android.conf";
     public static final int MAXLOGLEVEL = 4;
     public static final int CURRENT_PROFILE_VERSION = 2;
     public static final int DEFAULT_MSSFIX_SIZE = 1450;
@@ -158,14 +161,6 @@ public class VpnProfile implements Serializable {
         mProfileVersion = CURRENT_PROFILE_VERSION;
     }
 
-    public static String getMiniVPNExecutableName()
-    {
-        if (Build.VERSION.SDK_INT  >= Build.VERSION_CODES.JELLY_BEAN)
-            return VpnProfile.MINIPIEVPN;
-        else
-            return VpnProfile.MININONPIEVPN;
-    }
-
     public static String openVpnEscape(String unescaped) {
         if (unescaped == null)
             return null;
@@ -174,7 +169,8 @@ public class VpnProfile implements Serializable {
         escapedString = escapedString.replace("\n", "\\n");
 
         if (escapedString.equals(unescaped) && !escapedString.contains(" ") &&
-                !escapedString.contains("#") && !escapedString.contains(";"))
+                !escapedString.contains("#") && !escapedString.contains(";")
+                && !escapedString.equals(""))
             return unescaped;
         else
             return '"' + escapedString + '"';
@@ -563,40 +559,21 @@ public class VpnProfile implements Serializable {
         return parts[0] + "  " + netmask;
     }
 
-    private String[] buildOpenvpnArgv(File cacheDir) {
-        Vector<String> args = new Vector<String>();
-
-        // Add fixed paramenters
-        //args.add("/data/data/de.blinkt.openvpn/lib/openvpn");
-        args.add(cacheDir.getAbsolutePath() + "/" + getMiniVPNExecutableName());
-
-        args.add("--config");
-        args.add(cacheDir.getAbsolutePath() + "/" + OVPNCONFIGFILE);
-
-
-        return args.toArray(new String[args.size()]);
-    }
 
 
 
-    public Intent prepareIntent(Context context) {
-        String prefix = context.getPackageName();
+    public Intent prepareStartService(Context context) {
+        Intent intent = getStartServiceIntent(context);
 
-        Intent intent = new Intent(context, OpenVPNService.class);
 
         if (mAuthenticationType == VpnProfile.TYPE_KEYSTORE || mAuthenticationType == VpnProfile.TYPE_USERPASS_KEYSTORE) {
             if (getKeyStoreCertificates(context) == null)
                 return null;
         }
 
-        intent.putExtra(prefix + ".ARGV", buildOpenvpnArgv(context.getCacheDir()));
-        intent.putExtra(prefix + ".profileUUID", mUuid.toString());
-
-        ApplicationInfo info = context.getApplicationInfo();
-        intent.putExtra(prefix + ".nativelib", info.nativeLibraryDir);
 
         try {
-            FileWriter cfg = new FileWriter(context.getCacheDir().getAbsolutePath() + "/" + OVPNCONFIGFILE);
+            FileWriter cfg = new FileWriter(VPNLaunchHelper.getConfigFilePath(context));
             cfg.write(getConfigFile(context, false));
             cfg.flush();
             cfg.close();
@@ -607,6 +584,18 @@ public class VpnProfile implements Serializable {
         return intent;
     }
 
+    public Intent getStartServiceIntent(Context context) {
+        String prefix = context.getPackageName();
+
+        Intent intent = new Intent(context, OpenVPNService.class);
+        intent.putExtra(prefix + ".ARGV", VPNLaunchHelper.buildOpenvpnArgv(context));
+        intent.putExtra(prefix + ".profileUUID", mUuid.toString());
+
+        ApplicationInfo info = context.getApplicationInfo();
+        intent.putExtra(prefix + ".nativelib", info.nativeLibraryDir);
+        return intent;
+    }
+
     public String[] getKeyStoreCertificates(Context context) {
         return getKeyStoreCertificates(context, 5);
     }
@@ -629,12 +618,27 @@ public class VpnProfile implements Serializable {
     public static boolean isEmbedded(String data) {
         if (data==null)
             return false;
-        if(data.startsWith(INLINE_TAG) || data.startsWith(DISPLAYNAME_TAG))
+        if (data.startsWith(INLINE_TAG) || data.startsWith(DISPLAYNAME_TAG))
             return true;
         else
             return false;
     }
 
+    public void checkForRestart(final Context context) {
+        /* This method is called when OpenVPNService is restarted */
+
+        if ((mAuthenticationType == VpnProfile.TYPE_KEYSTORE || mAuthenticationType == VpnProfile.TYPE_USERPASS_KEYSTORE)
+                && mPrivateKey==null) {
+            new Thread( new Runnable() {
+                @Override
+                public void run() {
+                    getKeyStoreCertificates(context);
+
+                }
+            }).start();
+        }
+    }
+
 
     class NoCertReturnedException extends Exception {
         public NoCertReturnedException (String msg) {
@@ -841,21 +845,23 @@ public class VpnProfile implements Serializable {
             return false;
     }
 
-    public int needUserPWInput() {
+    public int needUserPWInput(boolean ignoreTransient) {
         if ((mAuthenticationType == TYPE_PKCS12 || mAuthenticationType == TYPE_USERPASS_PKCS12) &&
                 (mPKCS12Password == null || mPKCS12Password.equals(""))) {
-            if (mTransientPCKS12PW == null)
+            if (ignoreTransient || mTransientPCKS12PW == null)
                 return R.string.pkcs12_file_encryption_key;
         }
 
         if (mAuthenticationType == TYPE_CERTIFICATES || mAuthenticationType == TYPE_USERPASS_CERTIFICATES) {
             if (requireTLSKeyPassword() && TextUtils.isEmpty(mKeyPassword))
-                if (mTransientPCKS12PW == null) {
+                if (ignoreTransient || mTransientPCKS12PW == null) {
                     return R.string.private_key_password;
                 }
         }
 
-        if (isUserPWAuth() && !(!TextUtils.isEmpty(mUsername) && (!TextUtils.isEmpty(mPassword) || mTransientPW != null))) {
+        if (isUserPWAuth() &&
+                (TextUtils.isEmpty(mUsername) ||
+                (TextUtils.isEmpty(mPassword) && (mTransientPW == null  || ignoreTransient)))) {
             return R.string.password;
         }
         return 0;
diff --git a/app/src/main/java/de/blinkt/openvpn/activities/DisconnectVPN.java b/app/src/main/java/de/blinkt/openvpn/activities/DisconnectVPN.java
index 5910173a..4940d5d6 100644
--- a/app/src/main/java/de/blinkt/openvpn/activities/DisconnectVPN.java
+++ b/app/src/main/java/de/blinkt/openvpn/activities/DisconnectVPN.java
@@ -1,3 +1,8 @@
+/*
+ * Copyright (c) 2012-2014 Arne Schwabe
+ * Distributed under the GNU GPL v2. For full terms see the file doc/LICENSE.txt
+ */
+
 package de.blinkt.openvpn.activities;
 
 import android.app.Activity;
@@ -12,7 +17,7 @@ import de.blinkt.openvpn.core.ProfileManager;
 /**
  * Created by arne on 13.10.13.
  */
-public class DisconnectVPN extends Activity implements DialogInterface.OnClickListener{
+public class DisconnectVPN extends Activity implements DialogInterface.OnClickListener, DialogInterface.OnCancelListener {
     protected OpenVPNService mService;
 
     private ServiceConnection mConnection = new ServiceConnection() {
@@ -66,6 +71,7 @@ public class DisconnectVPN extends Activity implements DialogInterface.OnClickLi
         builder.setMessage(R.string.cancel_connection_query);
         builder.setNegativeButton(android.R.string.no, this);
         builder.setPositiveButton(android.R.string.yes,this);
+        builder.setOnCancelListener(this);
 
         builder.show();
     }
@@ -79,4 +85,9 @@ public class DisconnectVPN extends Activity implements DialogInterface.OnClickLi
         }
         finish();
     }
+
+    @Override
+    public void onCancel(DialogInterface dialog) {
+        finish();
+    }
 }
diff --git a/app/src/main/java/de/blinkt/openvpn/activities/LogWindow.java b/app/src/main/java/de/blinkt/openvpn/activities/LogWindow.java
index 7ed09dd2..5e4f9517 100644
--- a/app/src/main/java/de/blinkt/openvpn/activities/LogWindow.java
+++ b/app/src/main/java/de/blinkt/openvpn/activities/LogWindow.java
@@ -1,3 +1,8 @@
+/*
+ * Copyright (c) 2012-2014 Arne Schwabe
+ * Distributed under the GNU GPL v2. For full terms see the file doc/LICENSE.txt
+ */
+
 package de.blinkt.openvpn.activities;
 
 import android.app.Activity;
diff --git a/app/src/main/java/de/blinkt/openvpn/core/CIDRIP.java b/app/src/main/java/de/blinkt/openvpn/core/CIDRIP.java
index 960e7d11..ac9a8ccb 100644
--- a/app/src/main/java/de/blinkt/openvpn/core/CIDRIP.java
+++ b/app/src/main/java/de/blinkt/openvpn/core/CIDRIP.java
@@ -1,3 +1,8 @@
+/*
+ * Copyright (c) 2012-2014 Arne Schwabe
+ * Distributed under the GNU GPL v2. For full terms see the file doc/LICENSE.txt
+ */
+
 package de.blinkt.openvpn.core;
 
 import java.util.Locale;
diff --git a/app/src/main/java/de/blinkt/openvpn/core/ConfigParser.java b/app/src/main/java/de/blinkt/openvpn/core/ConfigParser.java
index 9c3621e0..0d8230b7 100644
--- a/app/src/main/java/de/blinkt/openvpn/core/ConfigParser.java
+++ b/app/src/main/java/de/blinkt/openvpn/core/ConfigParser.java
@@ -1,3 +1,8 @@
+/*
+ * Copyright (c) 2012-2014 Arne Schwabe
+ * Distributed under the GNU GPL v2. For full terms see the file doc/LICENSE.txt
+ */
+
 package de.blinkt.openvpn.core;
 
 import java.io.BufferedReader;
@@ -553,8 +558,13 @@ public class ConfigParser {
 			noauthtypeset=false;
 		}
 
+        Vector<String> cryptoapicert = getOption("cryptoapicert",1,1);
+        if(cryptoapicert!=null) {
+            np.mAuthenticationType = VpnProfile.TYPE_KEYSTORE;
+            noauthtypeset=false;
+        }
 
-		Vector<String> compatnames = getOption("compat-names",1,2);
+        Vector<String> compatnames = getOption("compat-names",1,2);
 		Vector<String> nonameremapping = getOption("no-name-remapping",1,1);
 		Vector<String> tlsremote = getOption("tls-remote",1,1);
 		if(tlsremote!=null){
diff --git a/app/src/main/java/de/blinkt/openvpn/core/DeviceStateReceiver.java b/app/src/main/java/de/blinkt/openvpn/core/DeviceStateReceiver.java
index 0126d08e..0d75ae51 100644
--- a/app/src/main/java/de/blinkt/openvpn/core/DeviceStateReceiver.java
+++ b/app/src/main/java/de/blinkt/openvpn/core/DeviceStateReceiver.java
@@ -1,3 +1,8 @@
+/*
+ * Copyright (c) 2012-2014 Arne Schwabe
+ * Distributed under the GNU GPL v2. For full terms see the file doc/LICENSE.txt
+ */
+
 package de.blinkt.openvpn.core;
 
 import android.content.BroadcastReceiver;
diff --git a/app/src/main/java/de/blinkt/openvpn/core/GetRestrictionReceiver.java b/app/src/main/java/de/blinkt/openvpn/core/GetRestrictionReceiver.java
new file mode 100644
index 00000000..5b1dda58
--- /dev/null
+++ b/app/src/main/java/de/blinkt/openvpn/core/GetRestrictionReceiver.java
@@ -0,0 +1,47 @@
+package de.blinkt.openvpn.core;
+
+import android.annotation.TargetApi;
+import android.app.Activity;
+import android.content.BroadcastReceiver;
+import android.content.Context;
+import android.content.Intent;
+import android.content.RestrictionEntry;
+import android.os.Build;
+import android.os.Bundle;
+
+import java.util.ArrayList;
+
+import se.leap.bitmaskclient.R;
+
+/**
+ * Created by arne on 25.07.13.
+ */
+@TargetApi(Build.VERSION_CODES.JELLY_BEAN_MR2)
+public class GetRestrictionReceiver extends BroadcastReceiver {
+    @Override
+    public void onReceive(final Context context, Intent intent) {
+        final PendingResult result = goAsync();
+
+        new Thread() {
+            @Override
+            public void run() {
+                final Bundle extras = new Bundle();
+
+                ArrayList<RestrictionEntry> restrictionEntries = initRestrictions(context);
+
+                extras.putParcelableArrayList(Intent.EXTRA_RESTRICTIONS_LIST, restrictionEntries);
+                result.setResult(Activity.RESULT_OK,null,extras);
+                result.finish();
+            }
+        }.run();
+    }
+
+    private ArrayList<RestrictionEntry> initRestrictions(Context context) {
+        ArrayList<RestrictionEntry> restrictions = new ArrayList<RestrictionEntry>();
+        RestrictionEntry allowChanges = new RestrictionEntry("allow_changes",false);
+        allowChanges.setTitle(context.getString(R.string.allow_vpn_changes));
+        restrictions.add(allowChanges);
+
+        return restrictions;
+    }
+}
diff --git a/app/src/main/java/de/blinkt/openvpn/core/ICSOpenVPNApplication.java b/app/src/main/java/de/blinkt/openvpn/core/ICSOpenVPNApplication.java
index 485e5369..83e760ca 100644
--- a/app/src/main/java/de/blinkt/openvpn/core/ICSOpenVPNApplication.java
+++ b/app/src/main/java/de/blinkt/openvpn/core/ICSOpenVPNApplication.java
@@ -1,3 +1,8 @@
+/*
+ * Copyright (c) 2012-2014 Arne Schwabe
+ * Distributed under the GNU GPL v2. For full terms see the file doc/LICENSE.txt
+ */
+
 package de.blinkt.openvpn.core;
 import android.app.Application;
 
diff --git a/app/src/main/java/de/blinkt/openvpn/core/NativeUtils.java b/app/src/main/java/de/blinkt/openvpn/core/NativeUtils.java
index a2c4796d..6d7ffdf2 100644
--- a/app/src/main/java/de/blinkt/openvpn/core/NativeUtils.java
+++ b/app/src/main/java/de/blinkt/openvpn/core/NativeUtils.java
@@ -1,3 +1,8 @@
+/*
+ * Copyright (c) 2012-2014 Arne Schwabe
+ * Distributed under the GNU GPL v2. For full terms see the file doc/LICENSE.txt
+ */
+
 package de.blinkt.openvpn.core;
 
 import java.security.InvalidKeyException;
diff --git a/app/src/main/java/de/blinkt/openvpn/core/NetworkSpace.java b/app/src/main/java/de/blinkt/openvpn/core/NetworkSpace.java
index 8c6cb1f5..35f46513 100644
--- a/app/src/main/java/de/blinkt/openvpn/core/NetworkSpace.java
+++ b/app/src/main/java/de/blinkt/openvpn/core/NetworkSpace.java
@@ -1,3 +1,8 @@
+/*
+ * Copyright (c) 2012-2014 Arne Schwabe
+ * Distributed under the GNU GPL v2. For full terms see the file doc/LICENSE.txt
+ */
+
 package de.blinkt.openvpn.core;
 
 import android.os.Build;
diff --git a/app/src/main/java/de/blinkt/openvpn/core/OpenVPNManagement.java b/app/src/main/java/de/blinkt/openvpn/core/OpenVPNManagement.java
index a5a3e9f4..e90c16d1 100644
--- a/app/src/main/java/de/blinkt/openvpn/core/OpenVPNManagement.java
+++ b/app/src/main/java/de/blinkt/openvpn/core/OpenVPNManagement.java
@@ -1,3 +1,8 @@
+/*
+ * Copyright (c) 2012-2014 Arne Schwabe
+ * Distributed under the GNU GPL v2. For full terms see the file doc/LICENSE.txt
+ */
+
 package de.blinkt.openvpn.core;
 
 public interface OpenVPNManagement {
diff --git a/app/src/main/java/de/blinkt/openvpn/core/OpenVPNService.java b/app/src/main/java/de/blinkt/openvpn/core/OpenVPNService.java
index 743e7cc5..d9830955 100644
--- a/app/src/main/java/de/blinkt/openvpn/core/OpenVPNService.java
+++ b/app/src/main/java/de/blinkt/openvpn/core/OpenVPNService.java
@@ -1,3 +1,8 @@
+/*
+ * Copyright (c) 2012-2014 Arne Schwabe
+ * Distributed under the GNU GPL v2. For full terms see the file doc/LICENSE.txt
+ */
+
 package de.blinkt.openvpn.core;
 
 import android.Manifest.permission;
@@ -19,6 +24,7 @@ import android.os.Message;
 import android.os.ParcelFileDescriptor;
 import android.preference.PreferenceManager;
 import android.text.TextUtils;
+import android.util.Log;
 
 import java.lang.reflect.InvocationTargetException;
 import java.lang.reflect.Method;
@@ -309,26 +315,32 @@ public class OpenVPNService extends VpnService implements StateListener, Callbac
             return START_REDELIVER_INTENT;
         }
 
-	String UUID = "UUID";
+        /* The intent is null when the service has been restarted */
         if (intent == null) {
-	    SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(this);
-	    android.util.Log.d("bitmaskclient", "UUID is " + prefs.getString(UUID, ""));
-	    mProfile = ProfileManager.get(this, prefs.getString(UUID, ""));
-	    android.util.Log.d("bitmaskclient", "mProfile is null? " + (mProfile == null));
-	    if(mProfile != null)
-		intent = mProfile.prepareIntent(getBaseContext());
-	    else
+            mProfile = ProfileManager.getLastConnectedProfile(this, false);
+
+            /* Got no profile, just stop */
+            if (mProfile==null) {
+                Log.d("OpenVPN", "Got no last connected profile on null intent. Stopping");
+                stopSelf(startId);
                 return START_NOT_STICKY;
-	}
-	if(mProfile != null)
-	    android.util.Log.d("bitmaskclient", "mProfile != null");
+            }
+            /* Do the asynchronous keychain certificate stuff */
+            mProfile.checkForRestart(this);
+
+            /* Recreate the intent */
+            intent = mProfile.getStartServiceIntent(this);
+
+        } else {
+            String profileUUID = intent.getStringExtra(getPackageName() + ".profileUUID");
+            mProfile = ProfileManager.get(this, profileUUID);
+        }
+
+
         // Extract information from the intent.
         String prefix = getPackageName();
         String[] argv = intent.getStringArrayExtra(prefix + ".ARGV");
-        String nativelibdir = intent.getStringExtra(prefix + ".nativelib");
-        String profileUUID = intent.getStringExtra(prefix + ".profileUUID");	
-
-        mProfile = ProfileManager.get(this, profileUUID);
+        String nativeLibraryDirectory = intent.getStringExtra(prefix + ".nativelib");
 
         String startTitle = getString(R.string.start_vpn_title, mProfile.mName);
         String startTicker = getString(R.string.start_vpn_ticker, mProfile.mName);
@@ -361,13 +373,12 @@ public class OpenVPNService extends VpnService implements StateListener, Callbac
 
         // Start a new session by creating a new thread.
         SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(this);
-	
+
         mOvpn3 = prefs.getBoolean("ovpn3", false);
         if (!"ovpn3".equals(BuildConfig.FLAVOR))
             mOvpn3 = false;
 
 
-	prefs.edit().putString(UUID, profileUUID).commit();
         // Open the Management Interface
         if (!mOvpn3) {
 
@@ -395,7 +406,7 @@ public class OpenVPNService extends VpnService implements StateListener, Callbac
 
         } else {
             HashMap<String, String> env = new HashMap<String, String>();
-            processThread = new OpenVPNThread(this, argv, env, nativelibdir);
+            processThread = new OpenVPNThread(this, argv, env, nativeLibraryDirectory);
         }
 
         synchronized (mProcessLock) {
@@ -409,11 +420,12 @@ public class OpenVPNService extends VpnService implements StateListener, Callbac
 
 
         ProfileManager.setConnectedVpnProfile(this, mProfile);
+        /* TODO: At the moment we have no way to handle asynchronous PW input
+         * Fixing will also allow to handle challenge/responsee authentication */
+        if (mProfile.needUserPWInput(true) != 0)
+            return START_NOT_STICKY;
 
-        if (mProfile.mPersistTun)
-            return START_STICKY;
-	else
-	    return START_NOT_STICKY;
+        return START_STICKY;
     }
 
     private OpenVPNManagement instantiateOpenVPN3Core() {
@@ -517,7 +529,7 @@ public class OpenVPNService extends VpnService implements StateListener, Callbac
         if ((Build.VERSION.SDK_INT == Build.VERSION_CODES.KITKAT && !release.startsWith("4.4.3")
                 &&  !release.startsWith("4.4.4") &&  !release.startsWith("4.4.5") && !release.startsWith("4.4.6"))
                 && mMtu < 1280) {
-            VpnStatus.logInfo(String.format("Forcing MTU to 1280 instead of %d to workaround Android Bug #70916", mMtu));
+            VpnStatus.logInfo(String.format(Locale.US, "Forcing MTU to 1280 instead of %d to workaround Android Bug #70916", mMtu));
             builder.setMtu(1280);
         } else {
             builder.setMtu(mMtu);
@@ -690,7 +702,7 @@ public class OpenVPNService extends VpnService implements StateListener, Callbac
                     VpnStatus.logWarning(R.string.ip_not_cidr, local, netmask, mode);
             }
         }
-        if (("p2p".equals(mode))  && mLocalIP.len < 32 || "net30".equals("net30") && mLocalIP.len < 30) {
+        if (("p2p".equals(mode)  && mLocalIP.len < 32) || ("net30".equals(mode) && mLocalIP.len < 30)) {
             VpnStatus.logWarning(R.string.ip_looks_like_subnet, local, netmask, mode);
         }
 
@@ -707,6 +719,7 @@ public class OpenVPNService extends VpnService implements StateListener, Callbac
     public void updateState(String state, String logmessage, int resid, ConnectionStatus level) {
         // If the process is not running, ignore any state,
         // Notification should be invisible in this state
+
         doSendBroadcast(state, level);
         if (mProcessThread == null && !mNotificationAlwaysVisible)
             return;
@@ -738,7 +751,7 @@ public class OpenVPNService extends VpnService implements StateListener, Callbac
 		String ticker = msg;
 		showNotification(msg, ticker, lowpriority , 0, level);
 		return;
-	    } else {
+            } else {
                 mDisplayBytecount = false;
             }
 
diff --git a/app/src/main/java/de/blinkt/openvpn/core/OpenVPNThread.java b/app/src/main/java/de/blinkt/openvpn/core/OpenVPNThread.java
index 5fa2ab9e..e36a5b8a 100644
--- a/app/src/main/java/de/blinkt/openvpn/core/OpenVPNThread.java
+++ b/app/src/main/java/de/blinkt/openvpn/core/OpenVPNThread.java
@@ -1,5 +1,11 @@
+/*
+ * Copyright (c) 2012-2014 Arne Schwabe
+ * Distributed under the GNU GPL v2. For full terms see the file doc/LICENSE.txt
+ */
+
 package de.blinkt.openvpn.core;
 
+import android.annotation.SuppressLint;
 import android.util.Log;
 
 import java.io.BufferedReader;
@@ -25,6 +31,8 @@ import de.blinkt.openvpn.core.VpnStatus.LogItem;
 
 public class OpenVPNThread implements Runnable {
     private static final String DUMP_PATH_STRING = "Dump path: ";
+    @SuppressLint("SdCardPath")
+    private static final String BROKEN_PIE_SUPPORT = "/data/data/de.blinkt.openvpn/cache/pievpn[1]: syntax error:";
 	private static final String TAG = "OpenVPN";
     public static final int M_FATAL = (1 << 4);
     public static final int M_NONFATAL = (1 << 5);
@@ -36,8 +44,9 @@ public class OpenVPNThread implements Runnable {
 	private OpenVPNService mService;
 	private String mDumpPath;
 	private Map<String, String> mProcessEnv;
+    private boolean mBrokenPie=false;
 
-	public OpenVPNThread(OpenVPNService service,String[] argv, Map<String,String> processEnv, String nativelibdir)
+    public OpenVPNThread(OpenVPNService service,String[] argv, Map<String,String> processEnv, String nativelibdir)
 	{
 		mArgv = argv;
 		mNativeDir = nativelibdir;
@@ -68,8 +77,23 @@ public class OpenVPNThread implements Runnable {
 			} catch (InterruptedException ie) {
 				VpnStatus.logError("InterruptedException: " + ie.getLocalizedMessage());
 			}
-			if( exitvalue != 0)
-				VpnStatus.logError("Process exited with exit value " + exitvalue);
+			if( exitvalue != 0) {
+                VpnStatus.logError("Process exited with exit value " + exitvalue);
+                if (mBrokenPie) {
+                    /* This will probably fail since the NoPIE binary is probably not written */
+                    String[] noPieArgv = VPNLaunchHelper.replacePieWithNoPie(mArgv);
+
+                    // We are already noPIE, nothing to gain
+                    if (!noPieArgv.equals(mArgv)) {
+                        mArgv = noPieArgv;
+                        VpnStatus.logInfo("PIE Version could not be executed. Trying no PIE version");
+                        run();
+                        return;
+                    }
+
+                }
+
+            }
 			
 			VpnStatus.updateStateString("NOPROCESS", "No process running.", R.string.state_noprocess, ConnectionStatus.LEVEL_NOTCONNECTED);
 			if(mDumpPath!=null) {
@@ -123,6 +147,9 @@ public class OpenVPNThread implements Runnable {
 
 				if (logline.startsWith(DUMP_PATH_STRING))
 					mDumpPath = logline.substring(DUMP_PATH_STRING.length());
+
+                if (logline.startsWith(BROKEN_PIE_SUPPORT))
+                    mBrokenPie = true;
 					
 
                 // 1380308330.240114 18000002 Send to HTTP proxy: 'X-Online-Host: bla.blabla.com'
@@ -166,7 +193,7 @@ public class OpenVPNThread implements Runnable {
 
 	private String genLibraryPath(String[] argv, ProcessBuilder pb) {
 		// Hack until I find a good way to get the real library path
-		String applibpath = argv[0].replace("/cache/" + VpnProfile.getMiniVPNExecutableName() , "/lib");
+		String applibpath = argv[0].replaceFirst("/cache/.*$"  , "/lib");
 		
 		String lbpath = pb.environment().get("LD_LIBRARY_PATH");
 		if(lbpath==null) 
diff --git a/app/src/main/java/de/blinkt/openvpn/core/OpenVpnManagementThread.java b/app/src/main/java/de/blinkt/openvpn/core/OpenVpnManagementThread.java
index e200f210..37094a1b 100644
--- a/app/src/main/java/de/blinkt/openvpn/core/OpenVpnManagementThread.java
+++ b/app/src/main/java/de/blinkt/openvpn/core/OpenVpnManagementThread.java
@@ -1,3 +1,8 @@
+/*
+ * Copyright (c) 2012-2014 Arne Schwabe
+ * Distributed under the GNU GPL v2. For full terms see the file doc/LICENSE.txt
+ */
+
 package de.blinkt.openvpn.core;
 
 import android.content.Context;
diff --git a/app/src/main/java/de/blinkt/openvpn/core/PRNGFixes.java b/app/src/main/java/de/blinkt/openvpn/core/PRNGFixes.java
index dd420371..bca0a4ab 100644
--- a/app/src/main/java/de/blinkt/openvpn/core/PRNGFixes.java
+++ b/app/src/main/java/de/blinkt/openvpn/core/PRNGFixes.java
@@ -1,3 +1,8 @@
+/*
+ * Copyright (c) 2012-2014 Arne Schwabe
+ * Distributed under the GNU GPL v2. For full terms see the file doc/LICENSE.txt
+ */
+
 package de.blinkt.openvpn.core;/*
  * This software is provided 'as-is', without any express or implied
  * warranty.  In no event will Google be held liable for any damages
diff --git a/app/src/main/java/de/blinkt/openvpn/core/ProfileManager.java b/app/src/main/java/de/blinkt/openvpn/core/ProfileManager.java
index 4cfbcc8e..2a26152e 100644
--- a/app/src/main/java/de/blinkt/openvpn/core/ProfileManager.java
+++ b/app/src/main/java/de/blinkt/openvpn/core/ProfileManager.java
@@ -1,3 +1,8 @@
+/*
+ * Copyright (c) 2012-2014 Arne Schwabe
+ * Distributed under the GNU GPL v2. For full terms see the file doc/LICENSE.txt
+ */
+
 package de.blinkt.openvpn.core;
 
 import java.io.FileNotFoundException;
@@ -23,7 +28,7 @@ public class ProfileManager {
 
 
 
-	private static final String ONBOOTPROFILE = "onBootProfile";
+	private static final String LAST_CONNECTED_PROFILE = "lastConnectedProfile";
 
 
 
@@ -65,7 +70,7 @@ public class ProfileManager {
 	public static void setConntectedVpnProfileDisconnected(Context c) {
 		SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(c);
 		Editor prefsedit = prefs.edit();
-		prefsedit.putString(ONBOOTPROFILE, null);
+		prefsedit.putString(LAST_CONNECTED_PROFILE, null);
 		prefsedit.apply();
 		
 	}
@@ -74,21 +79,23 @@ public class ProfileManager {
 		SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(c);
 		Editor prefsedit = prefs.edit();
 		
-		prefsedit.putString(ONBOOTPROFILE, connectedrofile.getUUIDString());
+		prefsedit.putString(LAST_CONNECTED_PROFILE, connectedrofile.getUUIDString());
 		prefsedit.apply();
 		mLastConnectedVpn=connectedrofile;
 		
 	}
 	
-	public static VpnProfile getOnBootProfile(Context c) {
+	public static VpnProfile getLastConnectedProfile(Context c, boolean onBoot) {
 		SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(c);
 
 		boolean useStartOnBoot = prefs.getBoolean("restartvpnonboot", false);
 
+        if (onBoot && !useStartOnBoot)
+            return null;
 		
-		String mBootProfileUUID = prefs.getString(ONBOOTPROFILE,null);
-		if(useStartOnBoot && mBootProfileUUID!=null)
-			return get(c, mBootProfileUUID);
+		String lastConnectedProfile = prefs.getString(LAST_CONNECTED_PROFILE, null);
+		if(lastConnectedProfile!=null)
+			return get(c, lastConnectedProfile);
 		else 
 			return null;
 	}
diff --git a/app/src/main/java/de/blinkt/openvpn/core/ProxyDetection.java b/app/src/main/java/de/blinkt/openvpn/core/ProxyDetection.java
index 47d88279..cf953863 100644
--- a/app/src/main/java/de/blinkt/openvpn/core/ProxyDetection.java
+++ b/app/src/main/java/de/blinkt/openvpn/core/ProxyDetection.java
@@ -1,3 +1,8 @@
+/*
+ * Copyright (c) 2012-2014 Arne Schwabe
+ * Distributed under the GNU GPL v2. For full terms see the file doc/LICENSE.txt
+ */
+
 package de.blinkt.openvpn.core;
 
 import java.net.InetSocketAddress;
diff --git a/app/src/main/java/de/blinkt/openvpn/core/VPNLaunchHelper.java b/app/src/main/java/de/blinkt/openvpn/core/VPNLaunchHelper.java
index 57a94ee7..208aa359 100644
--- a/app/src/main/java/de/blinkt/openvpn/core/VPNLaunchHelper.java
+++ b/app/src/main/java/de/blinkt/openvpn/core/VPNLaunchHelper.java
@@ -1,78 +1,140 @@
+/*
+ * Copyright (c) 2012-2014 Arne Schwabe
+ * Distributed under the GNU GPL v2. For full terms see the file doc/LICENSE.txt
+ */
+
 package de.blinkt.openvpn.core;
 
+import android.annotation.TargetApi;
 import android.content.Context;
 import android.content.Intent;
+import android.content.pm.ApplicationInfo;
 import android.os.Build;
 
 import java.io.File;
 import java.io.FileOutputStream;
 import java.io.IOException;
 import java.io.InputStream;
+import java.util.Vector;
 
 import se.leap.bitmaskclient.R;
 import de.blinkt.openvpn.VpnProfile;
 
 public class VPNLaunchHelper {
-	static private boolean writeMiniVPN(Context context) {
-		File mvpnout = new File(context.getCacheDir(),VpnProfile.getMiniVPNExecutableName());
-		if (mvpnout.exists() && mvpnout.canExecute())
-			return true;
-
-		IOException e2 = null;
-
-		try {
-			InputStream mvpn;
-			
-			try {
-				mvpn = context.getAssets().open(VpnProfile.getMiniVPNExecutableName() + "." + Build.CPU_ABI);
-			}
-			catch (IOException errabi) {
-				VpnStatus.logInfo("Failed getting assets for archicture " + Build.CPU_ABI);
-				e2=errabi;
-				mvpn = context.getAssets().open(VpnProfile.getMiniVPNExecutableName() + "." + Build.CPU_ABI2);
-				
-			}
-
-
-			FileOutputStream fout = new FileOutputStream(mvpnout);
-
-			byte buf[]= new byte[4096];
-
-			int lenread = mvpn.read(buf);
-			while(lenread> 0) {
-				fout.write(buf, 0, lenread);
-				lenread = mvpn.read(buf);
-			}
-			fout.close();
-
-			if(!mvpnout.setExecutable(true)) {
-				VpnStatus.logError("Failed to make OpenVPN executable");
-				return false;
-			}
-				
-			
-			return true;
-		} catch (IOException e) {
-			if(e2!=null)
-				VpnStatus.logException(e2);
-			VpnStatus.logException(e);
-
-			return false;
-		}
+    private static final String MININONPIEVPN = "nopievpn";
+    private static final String MINIPIEVPN = "pievpn";
+    private static final String OVPNCONFIGFILE = "android.conf";
+
+
+
+    static private String writeMiniVPN(Context context) {
+        String[] abis;
+        if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.LOLLIPOP)
+            abis = getSupportedAbisLollipop();
+        else
+            abis = new String[]{Build.CPU_ABI, Build.CPU_ABI2};
+
+        for (String abi: abis) {
+
+            File mvpnout = new File(context.getCacheDir(), getMiniVPNExecutableName() + "." + abi);
+            if ((mvpnout.exists() && mvpnout.canExecute()) || writeMiniVPNBinary(context, abi, mvpnout)) {
+                return mvpnout.getPath();
+            }
+        }
+
+        return null;
 	}
+
+    @TargetApi(Build.VERSION_CODES.LOLLIPOP)
+    private static String[] getSupportedAbisLollipop() {
+        return Build.SUPPORTED_ABIS;
+    }
+
+    private static String getMiniVPNExecutableName()
+    {
+        if (Build.VERSION.SDK_INT  >= Build.VERSION_CODES.JELLY_BEAN)
+            return MINIPIEVPN;
+        else
+            return MININONPIEVPN;
+    }
+
+
+    public static String[] replacePieWithNoPie(String[] mArgv)
+    {
+        mArgv[0] = mArgv[0].replace(MINIPIEVPN, MININONPIEVPN);
+        return mArgv;
+    }
+
+
+    public static String[] buildOpenvpnArgv(Context c) {
+        Vector<String> args = new Vector<String>();
+
+        // Add fixed paramenters
+        //args.add("/data/data/de.blinkt.openvpn/lib/openvpn");
+        args.add(writeMiniVPN(c));
+
+        args.add("--config");
+        args.add(c.getCacheDir().getAbsolutePath() + "/" + OVPNCONFIGFILE);
+
+
+        return args.toArray(new String[args.size()]);
+    }
+
+    private static boolean writeMiniVPNBinary(Context context, String abi, File mvpnout) {
+        try {
+            InputStream mvpn;
+
+            try {
+                mvpn = context.getAssets().open(getMiniVPNExecutableName() + "." + abi);
+            }
+            catch (IOException errabi) {
+                VpnStatus.logInfo("Failed getting assets for archicture " + abi);
+                return false;
+            }
+
+
+            FileOutputStream fout = new FileOutputStream(mvpnout);
+
+            byte buf[]= new byte[4096];
+
+            int lenread = mvpn.read(buf);
+            while(lenread> 0) {
+                fout.write(buf, 0, lenread);
+                lenread = mvpn.read(buf);
+            }
+            fout.close();
+
+            if(!mvpnout.setExecutable(true)) {
+                VpnStatus.logError("Failed to make OpenVPN executable");
+                return false;
+            }
+
+
+            return true;
+        } catch (IOException e) {
+            VpnStatus.logException(e);
+            return false;
+        }
+
+    }
 	
 
 	public static void startOpenVpn(VpnProfile startprofile, Context context) {
-		if(!writeMiniVPN(context)) {
+		if(writeMiniVPN(context)==null) {
 			VpnStatus.logError("Error writing minivpn binary");
 			return;
 		}
 
 		VpnStatus.logInfo(R.string.building_configration);
 
-		Intent startVPN = startprofile.prepareIntent(context);
+		Intent startVPN = startprofile.prepareStartService(context);
 		if(startVPN!=null)
 			context.startService(startVPN);
 
 	}
+
+    public static String getConfigFilePath(Context context) {
+        return context.getCacheDir().getAbsolutePath() + "/" + OVPNCONFIGFILE;
+    }
+
 }
diff --git a/app/src/main/java/de/blinkt/openvpn/core/VpnStatus.java b/app/src/main/java/de/blinkt/openvpn/core/VpnStatus.java
index c19daeb0..25558f13 100644
--- a/app/src/main/java/de/blinkt/openvpn/core/VpnStatus.java
+++ b/app/src/main/java/de/blinkt/openvpn/core/VpnStatus.java
@@ -1,3 +1,8 @@
+/*
+ * Copyright (c) 2012-2014 Arne Schwabe
+ * Distributed under the GNU GPL v2. For full terms see the file doc/LICENSE.txt
+ */
+
 package de.blinkt.openvpn.core;
 
 import android.annotation.SuppressLint;
diff --git a/app/src/main/java/de/blinkt/openvpn/core/X509Utils.java b/app/src/main/java/de/blinkt/openvpn/core/X509Utils.java
index 35e53c08..ff383e0f 100644
--- a/app/src/main/java/de/blinkt/openvpn/core/X509Utils.java
+++ b/app/src/main/java/de/blinkt/openvpn/core/X509Utils.java
@@ -1,3 +1,8 @@
+/*
+ * Copyright (c) 2012-2014 Arne Schwabe
+ * Distributed under the GNU GPL v2. For full terms see the file doc/LICENSE.txt
+ */
+
 package de.blinkt.openvpn.core;
 
 import android.content.Context;
diff --git a/app/src/main/java/de/blinkt/openvpn/fragments/LogFragment.java b/app/src/main/java/de/blinkt/openvpn/fragments/LogFragment.java
index ca850533..77fc21e6 100644
--- a/app/src/main/java/de/blinkt/openvpn/fragments/LogFragment.java
+++ b/app/src/main/java/de/blinkt/openvpn/fragments/LogFragment.java
@@ -1,3 +1,8 @@
+/*
+ * Copyright (c) 2012-2014 Arne Schwabe
+ * Distributed under the GNU GPL v2. For full terms see the file doc/LICENSE.txt
+ */
+
 package de.blinkt.openvpn.fragments;
 
 import se.leap.bitmaskclient.R;
diff --git a/app/src/main/java/de/blinkt/openvpn/views/SeekBarTicks.java b/app/src/main/java/de/blinkt/openvpn/views/SeekBarTicks.java
index 88e8e164..e25c2859 100644
--- a/app/src/main/java/de/blinkt/openvpn/views/SeekBarTicks.java
+++ b/app/src/main/java/de/blinkt/openvpn/views/SeekBarTicks.java
@@ -1,3 +1,8 @@
+/*
+ * Copyright (c) 2012-2014 Arne Schwabe
+ * Distributed under the GNU GPL v2. For full terms see the file doc/LICENSE.txt
+ */
+
 package de.blinkt.openvpn.views;
 
 import android.content.Context;
diff --git a/app/src/main/java/se/leap/bitmaskclient/AboutActivity.java b/app/src/main/java/se/leap/bitmaskclient/AboutActivity.java
index 6d025422..6c4e517b 100644
--- a/app/src/main/java/se/leap/bitmaskclient/AboutActivity.java
+++ b/app/src/main/java/se/leap/bitmaskclient/AboutActivity.java
@@ -1,15 +1,10 @@
 package se.leap.bitmaskclient;
 
 import android.app.Activity;
-import android.app.Fragment;
 import android.content.pm.PackageInfo;
 import android.content.pm.PackageManager.NameNotFoundException;
 import android.os.Bundle;
-import android.view.LayoutInflater;
-import android.view.View;
-import android.view.ViewGroup;
 import android.widget.TextView;
-import se.leap.bitmaskclient.R;
 
 public class AboutActivity extends Activity  {
 	
diff --git a/app/src/main/java/se/leap/bitmaskclient/ConfigHelper.java b/app/src/main/java/se/leap/bitmaskclient/ConfigHelper.java
index c95d0c8b..c0f0b0c3 100644
--- a/app/src/main/java/se/leap/bitmaskclient/ConfigHelper.java
+++ b/app/src/main/java/se/leap/bitmaskclient/ConfigHelper.java
@@ -16,11 +16,15 @@
  */
 package se.leap.bitmaskclient;
 
+import android.util.Base64;
+
+import org.json.JSONException;
+import org.json.JSONObject;
+
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.io.InputStream;
 import java.math.BigInteger;
-import java.lang.IllegalArgumentException;
 import java.security.KeyFactory;
 import java.security.KeyStore;
 import java.security.KeyStoreException;
@@ -33,13 +37,6 @@ import java.security.interfaces.RSAPrivateKey;
 import java.security.spec.InvalidKeySpecException;
 import java.security.spec.PKCS8EncodedKeySpec;
 
-import org.json.JSONException;
-import org.json.JSONObject;
-
-import android.content.Context;
-import android.content.SharedPreferences;
-import android.util.Base64;
-
 /**
  * Stores constants, and implements auxiliary methods used across all LEAP Android classes.
  * 
diff --git a/app/src/main/java/se/leap/bitmaskclient/Dashboard.java b/app/src/main/java/se/leap/bitmaskclient/Dashboard.java
index 761afc0a..862086eb 100644
--- a/app/src/main/java/se/leap/bitmaskclient/Dashboard.java
+++ b/app/src/main/java/se/leap/bitmaskclient/Dashboard.java
@@ -14,20 +14,12 @@
  * You should have received a copy of the GNU General Public License
  * along with this program. If not, see <http://www.gnu.org/licenses/>.
  */
- package se.leap.bitmaskclient;
+package se.leap.bitmaskclient;
 
-import org.json.JSONException;
-import org.json.JSONObject;
-
-import se.leap.bitmaskclient.R;
-import se.leap.bitmaskclient.ProviderAPIResultReceiver.Receiver;
-import se.leap.bitmaskclient.SignUpDialog;
-import de.blinkt.openvpn.activities.LogWindow;
+import android.annotation.SuppressLint;
 import android.app.Activity;
 import android.app.AlertDialog;
 import android.app.DialogFragment;
-import android.app.Fragment;
-import android.app.FragmentManager;
 import android.app.FragmentTransaction;
 import android.content.Context;
 import android.content.DialogInterface;
@@ -40,24 +32,36 @@ import android.os.ResultReceiver;
 import android.util.Log;
 import android.view.Menu;
 import android.view.MenuItem;
-import android.view.View;
-import android.view.ViewGroup;
 import android.widget.ProgressBar;
 import android.widget.TextView;
-import android.widget.Toast;
+
+import org.jetbrains.annotations.NotNull;
+import org.json.JSONException;
+import org.json.JSONObject;
+
+import java.net.MalformedURLException;
+import java.net.URL;
+
+import butterknife.ButterKnife;
+import butterknife.InjectView;
+import de.blinkt.openvpn.activities.LogWindow;
+import se.leap.bitmaskclient.eip.Constants;
+import se.leap.bitmaskclient.eip.EIP;
+import se.leap.bitmaskclient.eip.EipStatus;
 
 /**
- * The main user facing Activity of LEAP Android, consisting of status, controls,
+ * The main user facing Activity of Bitmask Android, consisting of status, controls,
  * and access to preferences.
  * 
  * @author Sean Leonard <meanderingcode@aetherislands.net>
  * @author parmegv
  */
-public class Dashboard extends Activity implements LogInDialog.LogInDialogInterface, SignUpDialog.SignUpDialogInterface, Receiver {
+public class Dashboard extends Activity implements SessionDialog.SessionDialogInterface, ProviderAPIResultReceiver.Receiver {
 
 	protected static final int CONFIGURE_LEAP = 0;
 	protected static final int SWITCH_PROVIDER = 1;
 
+    final public static String TAG = Dashboard.class.getSimpleName();
     final public static String SHARED_PREFERENCES = "LEAPPreferences";
     final public static String ACTION_QUIT = "quit";
     public static final String REQUEST_CODE = "request_code";
@@ -66,92 +70,118 @@ public class Dashboard extends Activity implements LogInDialog.LogInDialogInterf
     final public static String ON_BOOT = "dashboard on boot";
     public static final String APP_VERSION = "bitmask version";
 
+    private static Context app;
+    protected static SharedPreferences preferences;
+    private FragmentManagerEnhanced fragment_manager;
 
-    private EipServiceFragment eipFragment;
-	private ProgressBar mProgressBar;
-	private TextView eipStatus;
-	private static Context app;
-	protected static SharedPreferences preferences;
-	private static Provider provider;
-
-	private TextView providerNameTV;
-
-	private boolean authed_eip = false;
+    @InjectView(R.id.providerName)
+    TextView provider_name;
 
+    EipServiceFragment eip_fragment;
+    private Provider provider;
+    private static boolean authed_eip;
     public ProviderAPIResultReceiver providerAPI_result_receiver;
 
-	@Override
+    @Override
+    protected void onSaveInstanceState(@NotNull Bundle outState) {
+        if(provider != null)
+            outState.putParcelable(Provider.KEY, provider);
+        super.onSaveInstanceState(outState);
+    }
+
+    @Override
 	protected void onCreate(Bundle savedInstanceState) {
 		super.onCreate(savedInstanceState);
 		
 		app = this;		
 		
 		PRNGFixes.apply();
-
-	    mProgressBar = (ProgressBar) findViewById(R.id.eipProgress);
 	    
 	    preferences = getSharedPreferences(SHARED_PREFERENCES, MODE_PRIVATE);
+	    fragment_manager = new FragmentManagerEnhanced(getFragmentManager());
 	    handleVersion();
-	    
-	    authed_eip = preferences.getBoolean(EIP.AUTHED_EIP, false);
-		if (preferences.getString(Provider.KEY, "").isEmpty())
-			startActivityForResult(new Intent(this,ConfigurationWizard.class),CONFIGURE_LEAP);
-		else
-		    buildDashboard(getIntent().getBooleanExtra(ON_BOOT, false));
+
+        provider = getSavedProvider(savedInstanceState);
+        if (provider == null || provider.getName().isEmpty())
+		startActivityForResult(new Intent(this,ConfigurationWizard.class),CONFIGURE_LEAP);
+	    else
+		buildDashboard(getIntent().getBooleanExtra(ON_BOOT, false));
 	}
 
+    private Provider getSavedProvider(Bundle savedInstanceState) {
+        Provider provider = null;
+        if(savedInstanceState != null)
+            provider = savedInstanceState.getParcelable(Provider.KEY);
+        else if(preferences.getBoolean(Constants.PROVIDER_CONFIGURED, false))
+            provider = getSavedProviderFromSharedPreferences();
+
+        return provider;
+    }
+
+    private Provider getSavedProviderFromSharedPreferences() {
+        Provider provider = null;
+        try {
+            provider = new Provider(new URL(preferences.getString(Provider.MAIN_URL, "")));
+            provider.define(new JSONObject(preferences.getString(Provider.KEY, "")));
+        } catch (MalformedURLException | JSONException e) {
+            e.printStackTrace();
+        }
+
+        return provider;
+    }
+
+
     private void handleVersion() {
 	try {
 	    int versionCode = getPackageManager().getPackageInfo(getPackageName(), 0).versionCode;
 	    int lastDetectedVersion = preferences.getInt(APP_VERSION, 0);
-	    preferences.edit().putInt(APP_VERSION, versionCode);
+	    preferences.edit().putInt(APP_VERSION, versionCode).apply();
 	    Log.d("Dashboard", "detected version code: " + versionCode);
 	    Log.d("Dashboard", "last detected version code: " + lastDetectedVersion);
 
 	    switch(versionCode) {
 	    case 91: // 0.6.0 without Bug #5999
-		if(!preferences.getString(EIP.KEY, "").isEmpty()) {
+	    case 101: // 0.8.0
+		if(!preferences.getString(Constants.KEY, "").isEmpty()) {
 		    Intent rebuildVpnProfiles = new Intent(getApplicationContext(), EIP.class);
-		    rebuildVpnProfiles.setAction(EIP.ACTION_REBUILD_PROFILES);
+		    rebuildVpnProfiles.setAction(Constants.ACTION_UPDATE_EIP_SERVICE);
 		    startService(rebuildVpnProfiles);
 		}
+		break;
 	    }
 	} catch (NameNotFoundException e) {
+        Log.d(TAG, "Handle version didn't find any " + getPackageName() + " package");
 	}
     }
-
-	@Override
-	protected void onDestroy() {
-	    
-		super.onDestroy();
-	}
-
-    protected void onPause() {
-	super.onPause();
-    }
     
-	@Override
-	protected void onActivityResult(int requestCode, int resultCode, Intent data){
-		if ( requestCode == CONFIGURE_LEAP || requestCode == SWITCH_PROVIDER) {
-		// It should be equivalent: if ( (requestCode == CONFIGURE_LEAP) || (data!= null && data.hasExtra(STOP_FIRST))) {
-			if ( resultCode == RESULT_OK ){
-				preferences.edit().putInt(EIP.PARSED_SERIAL, 0).commit();
-				preferences.edit().putBoolean(EIP.AUTHED_EIP, authed_eip).commit();
-				Intent updateEIP = new Intent(getApplicationContext(), EIP.class);
-				updateEIP.setAction(EIP.ACTION_UPDATE_EIP_SERVICE);
-				startService(updateEIP);
-				buildDashboard(false);
-				invalidateOptionsMenu();
-				if(data != null && data.hasExtra(LogInDialog.VERB)) {
-					View view = ((ViewGroup)findViewById(android.R.id.content)).getChildAt(0);
-					logInDialog(Bundle.EMPTY);
-				}
-			} else if(resultCode == RESULT_CANCELED && (data == null || data.hasExtra(ACTION_QUIT))) {
-				finish();
-			} else
-				configErrorDialog();
-		}
+    @SuppressLint("CommitPrefEdits")
+    @Override
+    protected void onActivityResult(int requestCode, int resultCode, Intent data){
+	Log.d(TAG, "onActivityResult: requestCode = " + requestCode);
+	if ( requestCode == CONFIGURE_LEAP || requestCode == SWITCH_PROVIDER) {
+	    if ( resultCode == RESULT_OK ) {
+            preferences.edit().putBoolean(Constants.AUTHED_EIP, authed_eip).apply();
+            updateEipService();
+
+            if (data.hasExtra(Provider.KEY)) {
+                provider = data.getParcelableExtra(Provider.KEY);
+                preferences.edit().putBoolean(Constants.PROVIDER_CONFIGURED, true).commit();
+                preferences.edit().putString(Provider.MAIN_URL, provider.mainUrl().toString()).apply();
+                preferences.edit().putString(Provider.KEY, provider.definition().toString()).apply();
+            }
+            buildDashboard(false);
+            invalidateOptionsMenu();
+            if (data.hasExtra(SessionDialog.TAG)) {
+                logInDialog(Bundle.EMPTY);
+            }
+        } else if (resultCode == RESULT_CANCELED && data.hasExtra(ACTION_QUIT)) {
+                finish();
+        } else
+		configErrorDialog();
+	} else if(requestCode == EIP.DISCONNECT) {
+	    EipStatus.getInstance().setConnectedOrDisconnected();
 	}
+    }
 
 	/**
 	 * Dialog shown when encountering a configuration error.  Such errors require
@@ -172,7 +202,7 @@ public class Dashboard extends Activity implements LogInDialog.LogInDialogInterf
 			.setNegativeButton(getResources().getString(R.string.setup_error_close_button), new DialogInterface.OnClickListener() {
 				@Override
 				public void onClick(DialogInterface dialog, int which) {
-				    preferences.edit().remove(Provider.KEY).commit();
+				    preferences.edit().remove(Provider.KEY).remove(Constants.PROVIDER_CONFIGURED).apply();
 					finish();
 				}
 			})
@@ -184,59 +214,59 @@ public class Dashboard extends Activity implements LogInDialog.LogInDialogInterf
 	 * service dependent UI elements to include.
 	 */
 	private void buildDashboard(boolean hide_and_turn_on_eip) {
-		provider = Provider.getInstance();
-		provider.init( this );
-
-		setContentView(R.layout.client_dashboard);
-	    
-		providerNameTV = (TextView) findViewById(R.id.providerName);
-		providerNameTV.setText(provider.getDomain());
-		providerNameTV.setTextSize(28);
-		
-	    mProgressBar = (ProgressBar) findViewById(R.id.eipProgress);
+		setContentView(R.layout.dashboard);
+        ButterKnife.inject(this);
 
-		FragmentManager fragMan = getFragmentManager();
+		provider_name.setText(provider.getDomain());
 		if ( provider.hasEIP()){
-			eipFragment = new EipServiceFragment();
-			if (hide_and_turn_on_eip) {
-			    preferences.edit().remove(Dashboard.START_ON_BOOT).commit();
-			    Bundle arguments = new Bundle();
-			    arguments.putBoolean(EipServiceFragment.START_ON_BOOT, true);
-			    eipFragment.setArguments(arguments);
-			}
-			fragMan.beginTransaction().replace(R.id.servicesCollection, eipFragment, EipServiceFragment.TAG).commit();
 
-			if (hide_and_turn_on_eip) {
-			    onBackPressed();
-			}
+            fragment_manager.removePreviousFragment(EipServiceFragment.TAG);
+            eip_fragment = new EipServiceFragment();
+
+		    if (hide_and_turn_on_eip) {
+			preferences.edit().remove(Dashboard.START_ON_BOOT).apply();
+			Bundle arguments = new Bundle();
+			arguments.putBoolean(EipServiceFragment.START_ON_BOOT, true);
+                if(eip_fragment != null) eip_fragment.setArguments(arguments);
+		    }
+
+            fragment_manager.replace(R.id.servicesCollection, eip_fragment, EipServiceFragment.TAG);
+
+		    if (hide_and_turn_on_eip) {
+			onBackPressed();
+		    }
 		}
 	}
 
-	@Override
-	public boolean onPrepareOptionsMenu(Menu menu) {
-		JSONObject provider_json;
-		try {
-			provider_json = new JSONObject(preferences.getString(Provider.KEY, ""));
-			JSONObject service_description = provider_json.getJSONObject(Provider.SERVICE);
-			boolean authed_eip = preferences.getBoolean(EIP.AUTHED_EIP, false);
-			boolean allow_registered_eip = service_description.getBoolean(Provider.ALLOW_REGISTRATION);
-			preferences.edit().putBoolean(EIP.ALLOWED_REGISTERED, allow_registered_eip);
-			if(allow_registered_eip) {
-				if(authed_eip) {
-					menu.findItem(R.id.login_button).setVisible(false);
-					menu.findItem(R.id.logout_button).setVisible(true);
-				} else {
-					menu.findItem(R.id.login_button).setVisible(true);
-					menu.findItem(R.id.logout_button).setVisible(false);
-				}
-				menu.findItem(R.id.signup_button).setVisible(true);
-			}
-		} catch (JSONException e) {
-			// TODO Auto-generated catch block
-			e.printStackTrace();
-		} 
-		return true;
+    @Override
+    public boolean onPrepareOptionsMenu(Menu menu) {
+	JSONObject provider_json;
+	try {
+	    String provider_json_string = preferences.getString(Provider.KEY, "");
+	    if(!provider_json_string.isEmpty()) {
+		provider_json = new JSONObject(provider_json_string);
+		JSONObject service_description = provider_json.getJSONObject(Provider.SERVICE);
+		boolean authed_eip = !LeapSRPSession.getToken().isEmpty();
+		boolean allow_registered_eip = service_description.getBoolean(Provider.ALLOW_REGISTRATION);
+		preferences.edit().putBoolean(Constants.ALLOWED_REGISTERED, allow_registered_eip).apply();
+		
+		if(allow_registered_eip) {
+		    if(authed_eip) {
+			menu.findItem(R.id.login_button).setVisible(false);
+			menu.findItem(R.id.logout_button).setVisible(true);
+		    } else {
+			menu.findItem(R.id.login_button).setVisible(true);
+			menu.findItem(R.id.logout_button).setVisible(false);
+		    }
+		    menu.findItem(R.id.signup_button).setVisible(true);
+		}
+	    }
+	} catch (JSONException e) {
+	    // TODO Auto-generated catch block
+	    e.printStackTrace();
 	}
+	return true;
+    }
 	
 	@Override
 	public boolean onCreateOptionsMenu(Menu menu) {
@@ -258,24 +288,23 @@ public class Dashboard extends Activity implements LogInDialog.LogInDialogInterf
 		    startActivity(startLW);
 		    return true;
 		case R.id.switch_provider:
-			if (Provider.getInstance().hasEIP()){
-				if (preferences.getBoolean(EIP.AUTHED_EIP, false)){
-					logOut();
-				}				
-				eipStop();
+			if (provider.hasEIP()){
+				if (preferences.getBoolean(Constants.AUTHED_EIP, false)) {
+                    logOut();
+                }
+                eip_fragment.stopEIP();
 			}
-			preferences.edit().clear().commit();
+			preferences.edit().clear().apply();
 			startActivityForResult(new Intent(this,ConfigurationWizard.class), SWITCH_PROVIDER);
 			return true;
 		case R.id.login_button:
-			View view = ((ViewGroup)findViewById(android.R.id.content)).getChildAt(0);
 			logInDialog(Bundle.EMPTY);
 			return true;
 		case R.id.logout_button:
 			logOut();
 			return true;
 		case R.id.signup_button:
-			signUpDialog(((ViewGroup)findViewById(android.R.id.content)).getChildAt(0), Bundle.EMPTY);
+			signUpDialog(Bundle.EMPTY);
 			return true;
 		default:
 				return super.onOptionsItemSelected(item);
@@ -283,164 +312,100 @@ public class Dashboard extends Activity implements LogInDialog.LogInDialogInterf
 		
 	}
 
-	@Override
-	public void authenticate(String username, String password) {
-	    mProgressBar = (ProgressBar) findViewById(R.id.eipProgress);
-		eipStatus = (TextView) findViewById(R.id.eipStatus);
+    private Intent prepareProviderAPICommand() {
+	providerAPI_result_receiver = new ProviderAPIResultReceiver(new Handler());
+	providerAPI_result_receiver.setReceiver(this);
 		
-		providerAPI_result_receiver = new ProviderAPIResultReceiver(new Handler());
-		providerAPI_result_receiver.setReceiver(this);
-		
-		Intent provider_API_command = new Intent(this, ProviderAPI.class);
+	Intent command = new Intent(this, ProviderAPI.class);
 
-		Bundle parameters = new Bundle();
-		parameters.putString(LogInDialog.USERNAME, username);
-		parameters.putString(LogInDialog.PASSWORD, password);
-
-		JSONObject provider_json;
-		try {
-			provider_json = new JSONObject(preferences.getString(Provider.KEY, ""));
-			parameters.putString(Provider.API_URL, provider_json.getString(Provider.API_URL) + "/" + provider_json.getString(Provider.API_VERSION));
-		} catch (JSONException e) {
-			// TODO Auto-generated catch block
-			e.printStackTrace();
-		}
-
-		provider_API_command.setAction(ProviderAPI.SRP_AUTH);
-		provider_API_command.putExtra(ProviderAPI.PARAMETERS, parameters);
-		provider_API_command.putExtra(ProviderAPI.RECEIVER_KEY, providerAPI_result_receiver);
-		
-		mProgressBar.setVisibility(ProgressBar.VISIBLE);
-		eipStatus.setText(R.string.authenticating_message);
-		//mProgressBar.setMax(4);
-		startService(provider_API_command);
-	}
+	command.putExtra(ProviderAPI.RECEIVER_KEY, providerAPI_result_receiver);
+	return command;
+    }
+    
+    /**
+     * Shows the log in dialog.
+     */
+    public void logInDialog(Bundle resultData) {
+	FragmentTransaction transaction = fragment_manager.removePreviousFragment(SessionDialog.TAG);
+
+	DialogFragment newFragment = SessionDialog.newInstance();
+	if(resultData != null && !resultData.isEmpty())
+	    newFragment.setArguments(resultData);
+	newFragment.show(transaction, SessionDialog.TAG);
+    }
 
-    public void cancelAuthedEipOn() {
-	EipServiceFragment eipFragment = (EipServiceFragment) getFragmentManager().findFragmentByTag(EipServiceFragment.TAG);
-	eipFragment.checkEipSwitch(false);
+    @Override
+    public void logIn(String username, String password) {
+	Intent provider_API_command = prepareProviderAPICommand();
+	Bundle parameters = provider_API_command.getExtras().getBundle(ProviderAPI.PARAMETERS);
+	if(parameters == null)
+	    parameters = new Bundle();
+	    
+	parameters.putString(SessionDialog.USERNAME, username);
+	parameters.putString(SessionDialog.PASSWORD, password);
+
+        if(eip_fragment != null) {
+            eip_fragment.progress_bar.setVisibility(ProgressBar.VISIBLE);
+            eip_fragment.status_message.setText(R.string.authenticating_message);
+        }
+	provider_API_command.putExtra(ProviderAPI.PARAMETERS, parameters);
+	provider_API_command.setAction(ProviderAPI.SRP_AUTH);
+	startService(provider_API_command);
     }
 
     public void cancelLoginOrSignup() {
-	if(mProgressBar == null) mProgressBar = (ProgressBar) findViewById(R.id.eipProgress);
-	if(mProgressBar != null) {
-	    mProgressBar.setVisibility(ProgressBar.GONE);
-	    if(eipStatus == null) eipStatus = (TextView) findViewById(R.id.eipStatus);
-	    if(eipStatus != null) eipStatus.setText("");
-	}
-	cancelAuthedEipOn();
+      EipStatus.getInstance().setConnectedOrDisconnected();
     }
 	
-	/**
-	 * Asks ProviderAPI to log out.
-	 */
-	public void logOut() {
-		providerAPI_result_receiver = new ProviderAPIResultReceiver(new Handler());
-		providerAPI_result_receiver.setReceiver(this);
-		Intent provider_API_command = new Intent(this, ProviderAPI.class);
-
-		Bundle parameters = new Bundle();
-
-		JSONObject provider_json;
-		try {
-			provider_json = new JSONObject(preferences.getString(Provider.KEY, ""));
-			parameters.putString(Provider.API_URL, provider_json.getString(Provider.API_URL) + "/" + provider_json.getString(Provider.API_VERSION));
-		} catch (JSONException e) {
-			// TODO Auto-generated catch block
-			e.printStackTrace();
-		}
-
-		provider_API_command.setAction(ProviderAPI.LOG_OUT);
-		provider_API_command.putExtra(ProviderAPI.PARAMETERS, parameters);
-		provider_API_command.putExtra(ProviderAPI.RECEIVER_KEY, providerAPI_result_receiver);
-		
-		if(mProgressBar == null) mProgressBar = (ProgressBar) findViewById(R.id.eipProgress);
-		mProgressBar.setVisibility(ProgressBar.VISIBLE);
-		if(eipStatus == null) eipStatus = (TextView) findViewById(R.id.eipStatus);
-		eipStatus.setText(R.string.logout_message);
-	//	eipStatus.setText("Starting to logout");
-		
-		startService(provider_API_command);
-		//mProgressBar.setMax(1);
-
-	}
-	
-	/**
-	 * Shows the log in dialog.
-	 */
-	public void logInDialog(Bundle resultData) {
-	    Log.d("Dashboard", "Log In Dialog");
-		FragmentTransaction fragment_transaction = getFragmentManager().beginTransaction();
-	    Fragment previous_log_in_dialog = getFragmentManager().findFragmentByTag(LogInDialog.TAG);
-	    if (previous_log_in_dialog != null) {
-	        fragment_transaction.remove(previous_log_in_dialog);
-	    }
-	    fragment_transaction.addToBackStack(null);
-
-	    DialogFragment newFragment = LogInDialog.newInstance();
-	    if(resultData != null && !resultData.isEmpty()) {
-	    	newFragment.setArguments(resultData);
-	    }
-	    newFragment.show(fragment_transaction, LogInDialog.TAG);
-	}
-
-    	@Override
-	public void signUp(String username, String password) {
-	    mProgressBar = (ProgressBar) findViewById(R.id.eipProgress);
-	    eipStatus = (TextView) findViewById(R.id.eipStatus);
-		
-	    providerAPI_result_receiver = new ProviderAPIResultReceiver(new Handler());
-	    providerAPI_result_receiver.setReceiver(this);
-		
-	    Intent provider_API_command = new Intent(this, ProviderAPI.class);
-
-	    Bundle parameters = new Bundle();
-	    parameters.putString(SignUpDialog.USERNAME, username);
-	    parameters.putString(SignUpDialog.PASSWORD, password);
-
-	    JSONObject provider_json;
-	    try {
-		provider_json = new JSONObject(preferences.getString(Provider.KEY, ""));
-		parameters.putString(Provider.API_URL, provider_json.getString(Provider.API_URL) + "/" + provider_json.getString(Provider.API_VERSION));
-	    } catch (JSONException e) {
-		// TODO Auto-generated catch block
-		e.printStackTrace();
-	    }
-
-	    provider_API_command.setAction(ProviderAPI.SRP_REGISTER);
-	    provider_API_command.putExtra(ProviderAPI.PARAMETERS, parameters);
-	    provider_API_command.putExtra(ProviderAPI.RECEIVER_KEY, providerAPI_result_receiver);
-		
-	    mProgressBar.setVisibility(ProgressBar.VISIBLE);
-	    eipStatus.setText(R.string.signingup_message);
-	    //mProgressBar.setMax(4);
-	    startService(provider_API_command);
-	}
+    /**
+     * Asks ProviderAPI to log out.
+     */
+    public void logOut() {
+	Intent provider_API_command = prepareProviderAPICommand();
+        if(eip_fragment != null) {
+
+            eip_fragment.progress_bar.setVisibility(ProgressBar.VISIBLE);
+            eip_fragment.status_message.setText(R.string.logout_message);
+        }
+	provider_API_command.setAction(ProviderAPI.LOG_OUT);
+	startService(provider_API_command);
+    }
     
-	/**
-	 * Shows the sign up dialog.
-	 * @param view from which the dialog is created.
-	 */
-	public void signUpDialog(View view, Bundle resultData) {
-	    FragmentTransaction fragment_transaction = getFragmentManager().beginTransaction();
-	    Fragment previous_sign_up_dialog = getFragmentManager().findFragmentByTag(SignUpDialog.TAG);
-	    if (previous_sign_up_dialog != null) {
-	        fragment_transaction.remove(previous_sign_up_dialog);
-	    }
-	    fragment_transaction.addToBackStack(null);
-
-	    DialogFragment newFragment = SignUpDialog.newInstance();
-	    if(resultData != null && !resultData.isEmpty()) {
-	    	newFragment.setArguments(resultData);
-	    }
-	    newFragment.show(fragment_transaction, SignUpDialog.TAG);
+    /**
+     * Shows the sign up dialog.
+     */
+    public void signUpDialog(Bundle resultData) {
+	FragmentTransaction transaction = fragment_manager.removePreviousFragment(SessionDialog.TAG);
+
+	DialogFragment newFragment = SessionDialog.newInstance();
+	if(resultData != null && !resultData.isEmpty()) {
+	    newFragment.setArguments(resultData);
 	}
+	newFragment.show(transaction, SessionDialog.TAG);
+    }
+
+    @Override
+    public void signUp(String username, String password) {
+	Intent provider_API_command = prepareProviderAPICommand();
+	Bundle parameters = provider_API_command.getExtras().getBundle(ProviderAPI.PARAMETERS);
+	if(parameters == null)
+	    parameters = new Bundle();
+	    
+	parameters.putString(SessionDialog.USERNAME, username);
+	parameters.putString(SessionDialog.PASSWORD, password);
+        if(eip_fragment != null) {
+            eip_fragment.progress_bar.setVisibility(ProgressBar.VISIBLE);
+            eip_fragment.status_message.setText(R.string.signingup_message);
+        }
+	provider_API_command.putExtra(ProviderAPI.PARAMETERS, parameters);
+	provider_API_command.setAction(ProviderAPI.SRP_REGISTER);
+	startService(provider_API_command);
+    }
 
 	/**
 	 * Asks ProviderAPI to download an authenticated OpenVPN certificate.
-	 * @param session_id cookie for the server to allow us to download the certificate.
 	 */
-	private void downloadAuthedUserCertificate(/*Cookie session_id*/) {
+	private void downloadAuthedUserCertificate() {
 		providerAPI_result_receiver = new ProviderAPIResultReceiver(new Handler());
 		providerAPI_result_receiver.setReceiver(this);
 		
@@ -448,8 +413,6 @@ public class Dashboard extends Activity implements LogInDialog.LogInDialogInterf
 
 		Bundle parameters = new Bundle();
 		parameters.putString(ConfigurationWizard.TYPE_OF_CERTIFICATE, ConfigurationWizard.AUTHED_CERTIFICATE);
-		/*parameters.putString(ConfigHelper.SESSION_ID_COOKIE_KEY, session_id.getName());
-		parameters.putString(ConfigHelper.SESSION_ID_KEY, session_id.getValue());*/
 
 		provider_API_command.setAction(ProviderAPI.DOWNLOAD_CERTIFICATE);
 		provider_API_command.putExtra(ProviderAPI.PARAMETERS, parameters);
@@ -460,71 +423,92 @@ public class Dashboard extends Activity implements LogInDialog.LogInDialogInterf
 
 	@Override
 	public void onReceiveResult(int resultCode, Bundle resultData) {
-	    if(resultCode == ProviderAPI.SRP_REGISTRATION_SUCCESSFUL){
-		authenticate(resultData.getString(LogInDialog.USERNAME), resultData.getString(LogInDialog.PASSWORD));
-	    } else if(resultCode == ProviderAPI.SRP_REGISTRATION_FAILED){
-		signUpDialog(((ViewGroup)findViewById(android.R.id.content)).getChildAt(0), resultData);
-	    } else if(resultCode == ProviderAPI.SRP_AUTHENTICATION_SUCCESSFUL){
-			String session_id_cookie_key = resultData.getString(ProviderAPI.SESSION_ID_COOKIE_KEY);
-			String session_id_string = resultData.getString(ProviderAPI.SESSION_ID_KEY);
-			setResult(RESULT_OK);
-
-			authed_eip = true;
-			preferences.edit().putBoolean(EIP.AUTHED_EIP, authed_eip).commit();
-
-			invalidateOptionsMenu();
-        	mProgressBar.setVisibility(ProgressBar.GONE);
-    		changeStatusMessage(resultCode);
+	    Log.d(TAG, "onReceiveResult");
+	    if(resultCode == ProviderAPI.SUCCESSFUL_SIGNUP) {
+		String username = resultData.getString(SessionDialog.USERNAME);
+		String password = resultData.getString(SessionDialog.PASSWORD);
+		logIn(username, password);
+	    } else if(resultCode == ProviderAPI.FAILED_SIGNUP) {
+		changeStatusMessage(resultCode);
+		hideProgressBar();
+		
+		signUpDialog(resultData);
+	    } else if(resultCode == ProviderAPI.SUCCESSFUL_LOGIN) {
+		changeStatusMessage(resultCode);
+		hideProgressBar();
+		
+		invalidateOptionsMenu();
+		
+		authed_eip = true;
+		preferences.edit().putBoolean(Constants.AUTHED_EIP, authed_eip).apply();
+
+        	downloadAuthedUserCertificate();
+	    } else if(resultCode == ProviderAPI.FAILED_LOGIN) {
+		changeStatusMessage(resultCode);
+		hideProgressBar();
+		
+		logInDialog(resultData);
+	    } else if(resultCode == ProviderAPI.SUCCESSFUL_LOGOUT) {
+		changeStatusMessage(resultCode);
+		hideProgressBar();
+		
+		invalidateOptionsMenu();
+		
+		authed_eip = false;
+		preferences.edit().putBoolean(Constants.AUTHED_EIP, authed_eip).apply();
 
-        	//Cookie session_id = new BasicClientCookie(session_id_cookie_key, session_id_string);
-        	downloadAuthedUserCertificate(/*session_id*/);
-		} else if(resultCode == ProviderAPI.SRP_AUTHENTICATION_FAILED) {
-		    logInDialog(resultData);
-		} else if(resultCode == ProviderAPI.LOGOUT_SUCCESSFUL) {
-			authed_eip = false;
-			preferences.edit().putBoolean(EIP.AUTHED_EIP, authed_eip).commit();
-			mProgressBar.setVisibility(ProgressBar.GONE);
-			mProgressBar.setProgress(0);
-			invalidateOptionsMenu();
-			setResult(RESULT_OK);
-			changeStatusMessage(resultCode);
-
-		} else if(resultCode == ProviderAPI.LOGOUT_FAILED) {
-			setResult(RESULT_CANCELED);
-			changeStatusMessage(resultCode);
-        	mProgressBar.setVisibility(ProgressBar.GONE);		    
-		} else if(resultCode == ProviderAPI.CORRECTLY_DOWNLOADED_CERTIFICATE) {
+	    } else if(resultCode == ProviderAPI.LOGOUT_FAILED) {
+		changeStatusMessage(resultCode);
+		hideProgressBar();
+		
+		setResult(RESULT_CANCELED);
+	    } else if(resultCode == ProviderAPI.CORRECTLY_DOWNLOADED_CERTIFICATE) {
+    		changeStatusMessage(resultCode);
+		hideProgressBar();
+		
         	setResult(RESULT_OK);
+		
+		updateEipService();
+	    } else if(resultCode == ProviderAPI.INCORRECTLY_DOWNLOADED_CERTIFICATE) {
     		changeStatusMessage(resultCode);
-		if(mProgressBar != null)
-		    mProgressBar.setVisibility(ProgressBar.GONE);
-		if(EipServiceFragment.isEipSwitchChecked())
-		    eipStart();
-		else
-		    eipStatus.setText(R.string.eip_state_not_connected);
-		} else if(resultCode == ProviderAPI.INCORRECTLY_DOWNLOADED_CERTIFICATE) {
+		hideProgressBar();
         	setResult(RESULT_CANCELED);
-    		changeStatusMessage(resultCode);
-        	mProgressBar.setVisibility(ProgressBar.GONE);
- 		}
+	    }
 	}
 
+    private void updateEipService() {
+	Intent updateEIP = new Intent(getApplicationContext(), EIP.class);
+	updateEIP.setAction(Constants.ACTION_UPDATE_EIP_SERVICE);
+	ResultReceiver receiver = new ResultReceiver(new Handler()) {
+		protected void onReceiveResult(int resultCode, Bundle resultData) {
+		    String request = resultData.getString(Constants.REQUEST_TAG);
+		    if(request.equalsIgnoreCase(Constants.ACTION_UPDATE_EIP_SERVICE)) {
+			if(resultCode == Activity.RESULT_OK) {
+			    if(authed_eip && eip_fragment != null) eip_fragment.startEipFromScratch();
+			}
+		    }
+		}
+	    };
+	//updateEIP.putExtra(Constants.RECEIVER_TAG, receiver);
+	startService(updateEIP);
+    }
+
 	private void changeStatusMessage(final int previous_result_code) {
 		// TODO Auto-generated method stub
 		ResultReceiver eip_status_receiver = new ResultReceiver(new Handler()){
 			protected void onReceiveResult(int resultCode, Bundle resultData){
 				super.onReceiveResult(resultCode, resultData);
-				String request = resultData.getString(EIP.REQUEST_TAG);
-				if (request.equalsIgnoreCase(EIP.ACTION_IS_EIP_RUNNING)){					
+				String request = resultData.getString(Constants.REQUEST_TAG);
+				if (request.equalsIgnoreCase(Constants.ACTION_IS_EIP_RUNNING)){
 					if (resultCode == Activity.RESULT_OK){
 
 						switch(previous_result_code){
-						case ProviderAPI.SRP_AUTHENTICATION_SUCCESSFUL: eipStatus.setText(R.string.succesful_authentication_message); break;
-						case ProviderAPI.SRP_AUTHENTICATION_FAILED: eipStatus.setText(R.string.authentication_failed_message); break;
-						case ProviderAPI.CORRECTLY_DOWNLOADED_CERTIFICATE: eipStatus.setText(R.string.authed_secured_status); break;
-						case ProviderAPI.INCORRECTLY_DOWNLOADED_CERTIFICATE: eipStatus.setText(R.string.incorrectly_downloaded_certificate_message); break;
-						case ProviderAPI.LOGOUT_SUCCESSFUL: eipStatus.setText(R.string.logged_out_message); break;
-						case ProviderAPI.LOGOUT_FAILED: eipStatus.setText(R.string.log_out_failed_message); break;
+						case ProviderAPI.SUCCESSFUL_LOGIN: eip_fragment.status_message.setText(R.string.succesful_authentication_message); break;
+						case ProviderAPI.FAILED_LOGIN: eip_fragment.status_message.setText(R.string.authentication_failed_message); break;
+						case ProviderAPI.CORRECTLY_DOWNLOADED_CERTIFICATE: eip_fragment.status_message.setText(R.string.authed_secured_status); break;
+						case ProviderAPI.INCORRECTLY_DOWNLOADED_CERTIFICATE: eip_fragment.status_message.setText(R.string.incorrectly_downloaded_certificate_message); break;
+						case ProviderAPI.SUCCESSFUL_LOGOUT: eip_fragment.status_message.setText(R.string.logged_out_message); break;
+						case ProviderAPI.LOGOUT_FAILED: eip_fragment.status_message.setText(R.string.log_out_failed_message); break;
 						
 						}	
 					}
@@ -532,12 +516,13 @@ public class Dashboard extends Activity implements LogInDialog.LogInDialogInterf
 
 						switch(previous_result_code){
 
-						case ProviderAPI.SRP_AUTHENTICATION_SUCCESSFUL: eipStatus.setText(R.string.succesful_authentication_message); break;
-						case ProviderAPI.SRP_AUTHENTICATION_FAILED: eipStatus.setText(R.string.authentication_failed_message); break;
+						case ProviderAPI.SUCCESSFUL_LOGIN: eip_fragment.status_message.setText(R.string.succesful_authentication_message); break;
+						case ProviderAPI.FAILED_LOGIN: eip_fragment.status_message.setText(R.string.authentication_failed_message); break;
+						case ProviderAPI.FAILED_SIGNUP: eip_fragment.status_message.setText(R.string.registration_failed_message); break;
 						case ProviderAPI.CORRECTLY_DOWNLOADED_CERTIFICATE: break;
-						case ProviderAPI.INCORRECTLY_DOWNLOADED_CERTIFICATE: eipStatus.setText(R.string.incorrectly_downloaded_certificate_message); break;
-						case ProviderAPI.LOGOUT_SUCCESSFUL: eipStatus.setText(R.string.logged_out_message); break;
-						case ProviderAPI.LOGOUT_FAILED: eipStatus.setText(R.string.log_out_failed_message); break;			
+						case ProviderAPI.INCORRECTLY_DOWNLOADED_CERTIFICATE: eip_fragment.status_message.setText(R.string.incorrectly_downloaded_certificate_message); break;
+						case ProviderAPI.SUCCESSFUL_LOGOUT: eip_fragment.status_message.setText(R.string.logged_out_message); break;
+						case ProviderAPI.LOGOUT_FAILED: eip_fragment.status_message.setText(R.string.log_out_failed_message); break;			
 						}
 					}
 				}
@@ -547,6 +532,13 @@ public class Dashboard extends Activity implements LogInDialog.LogInDialogInterf
 		eipIsRunning(eip_status_receiver);		
 	}
 
+    private void hideProgressBar() {
+        if(eip_fragment != null) {
+            eip_fragment.progress_bar.setProgress(0);
+            eip_fragment.progress_bar.setVisibility(ProgressBar.GONE);
+        }
+    }
+
 	/**
 	 * For retrieving the base application Context in classes that don't extend
 	 * Android's Activity class
@@ -558,49 +550,17 @@ public class Dashboard extends Activity implements LogInDialog.LogInDialogInterf
 	}
 
 	
-	@Override
+    @Override
     public void startActivityForResult(Intent intent, int requestCode) {
         intent.putExtra(Dashboard.REQUEST_CODE, requestCode);
         super.startActivityForResult(intent, requestCode);
     }
-	/**
-	 * Send a command to EIP
-	 * 
-	 * @param action	A valid String constant from EIP class representing an Intent
-	 * 					filter for the EIP class 
-	 */
+
 	private void eipIsRunning(ResultReceiver eip_receiver){
 		// TODO validate "action"...how do we get the list of intent-filters for a class via Android API?
 		Intent eip_intent = new Intent(this, EIP.class);
-		eip_intent.setAction(EIP.ACTION_IS_EIP_RUNNING);
-		eip_intent.putExtra(EIP.RECEIVER_TAG, eip_receiver);
-		startService(eip_intent);
-	}
-	
-	/**
-	 * Send a command to EIP
-	 * 	
-	 */
-	private void eipStop(){
-		// TODO validate "action"...how do we get the list of intent-filters for a class via Android API?
-		Intent eip_intent = new Intent(this, EIP.class);
-		eip_intent.setAction(EIP.ACTION_STOP_EIP);
-	//	eip_intent.putExtra(EIP.RECEIVER_TAG, eip_receiver);fi
+		eip_intent.setAction(Constants.ACTION_IS_EIP_RUNNING);
+		eip_intent.putExtra(Constants.RECEIVER_TAG, eip_receiver);
 		startService(eip_intent);
-		
 	}
-
-    private void eipStart(){
-	Intent eip_intent = new Intent(this, EIP.class);
-	eip_intent.setAction(EIP.ACTION_START_EIP);
-	eip_intent.putExtra(EIP.RECEIVER_TAG, EipServiceFragment.getReceiver());
-	startService(eip_intent);
-
-    }
-
-    protected void setProgressBarVisibility(int visibility) {
-	if(mProgressBar == null)
-	    mProgressBar = (ProgressBar) findViewById(R.id.eipProgress);	    
-	mProgressBar.setVisibility(visibility);
-    }
 }
diff --git a/app/src/main/java/se/leap/bitmaskclient/DownloadFailedDialog.java b/app/src/main/java/se/leap/bitmaskclient/DownloadFailedDialog.java
index f78002b0..a44253c6 100644
--- a/app/src/main/java/se/leap/bitmaskclient/DownloadFailedDialog.java
+++ b/app/src/main/java/se/leap/bitmaskclient/DownloadFailedDialog.java
@@ -16,9 +16,6 @@
  */
 package se.leap.bitmaskclient;
 
-import se.leap.bitmaskclient.R;
-import se.leap.bitmaskclient.NewProviderDialog.NewProviderDialogInterface;
-import se.leap.bitmaskclient.ProviderListContent.ProviderItem;
 import android.app.Activity;
 import android.app.AlertDialog;
 import android.app.Dialog;
diff --git a/app/src/main/java/se/leap/bitmaskclient/EIP.java b/app/src/main/java/se/leap/bitmaskclient/EIP.java
deleted file mode 100644
index 4a8bae46..00000000
--- a/app/src/main/java/se/leap/bitmaskclient/EIP.java
+++ /dev/null
@@ -1,631 +0,0 @@
-/**
- * Copyright (c) 2013 LEAP Encryption Access Project and contributers
- * 
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>.
- */
-package se.leap.bitmaskclient;
-
-import android.app.Activity;
-import android.app.IntentService;
-import android.content.Context;
-import android.content.Intent;
-import android.content.SharedPreferences;
-import android.os.Bundle;
-import android.os.ResultReceiver;
-import android.util.Log;
-import de.blinkt.openvpn.LaunchVPN;
-import de.blinkt.openvpn.VpnProfile;
-import de.blinkt.openvpn.activities.DisconnectVPN;
-import de.blinkt.openvpn.core.ConfigParser;
-import de.blinkt.openvpn.core.ConfigParser.ConfigParseError;
-import de.blinkt.openvpn.core.ProfileManager;
-import de.blinkt.openvpn.core.VpnStatus.ConnectionStatus;
-import java.io.IOException;
-import java.io.StringReader;
-import java.security.cert.CertificateExpiredException;
-import java.security.cert.CertificateNotYetValidException;
-import java.security.cert.X509Certificate;
-import java.text.ParseException;
-import java.text.SimpleDateFormat;
-import java.util.Date;
-import java.util.Calendar;
-import java.util.Collection;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.Locale;
-import java.util.NoSuchElementException;
-import java.util.Set;
-import java.util.TreeMap;
-import java.util.Vector;
-import org.json.JSONArray;
-import org.json.JSONException;
-import org.json.JSONObject;
-import se.leap.bitmaskclient.Dashboard;
-import se.leap.bitmaskclient.Provider;
-import se.leap.bitmaskclient.R;
-
-/**
- * EIP is the abstract base class for interacting with and managing the Encrypted
- * Internet Proxy connection.  Connections are started, stopped, and queried through
- * this IntentService.
- * Contains logic for parsing eip-service.json from the provider, configuring and selecting
- * gateways, and controlling {@link de.blinkt.openvpn.core.OpenVPNService} connections.
- * 
- * @author Sean Leonard <meanderingcode@aetherislands.net>
- * @author Parménides GV <parmegv@sdf.org>
- */
-public final class EIP extends IntentService {
-	
-	public final static String AUTHED_EIP = "authed eip";
-	public final static String ACTION_CHECK_CERT_VALIDITY = "se.leap.bitmaskclient.CHECK_CERT_VALIDITY";
-	public final static String ACTION_START_EIP = "se.leap.bitmaskclient.START_EIP";
-	public final static String ACTION_STOP_EIP = "se.leap.bitmaskclient.STOP_EIP";
-	public final static String ACTION_UPDATE_EIP_SERVICE = "se.leap.bitmaskclient.UPDATE_EIP_SERVICE";
-	public final static String ACTION_IS_EIP_RUNNING = "se.leap.bitmaskclient.IS_RUNNING";
-	public final static String ACTION_REBUILD_PROFILES = "se.leap.bitmaskclient.REBUILD_PROFILES";
-	public final static String EIP_NOTIFICATION = "EIP_NOTIFICATION";
-    	public final static String STATUS = "eip status";
-    	public final static String DATE_FROM_CERTIFICATE = "date from certificate";
-	public final static String ALLOWED_ANON = "allow_anonymous";
-	public final static String ALLOWED_REGISTERED = "allow_registration";
-	public final static String CERTIFICATE = "cert";
-	public final static String PRIVATE_KEY = "private_key";
-	public final static String KEY = "eip";
-	public final static String PARSED_SERIAL = "eip_parsed_serial";
-	public final static String SERVICE_API_PATH = "config/eip-service.json";
-	public final static String RECEIVER_TAG = "receiverTag";
-	public final static String REQUEST_TAG = "requestTag";
-	public final static String TAG = "se.leap.bitmaskclient.EIP";
-
-    public final static SimpleDateFormat certificate_date_format = new SimpleDateFormat("yyyy-MM-dd HH:mm", Locale.US);
-    
-	private static Context context;
-	private static ResultReceiver mReceiver;
-	private static boolean mBound = false;
-	
-	private static int parsedEipSerial;
-	private static JSONObject eipDefinition = null;
-	
-	private static OVPNGateway activeGateway = null;
-    
-    protected static ConnectionStatus lastConnectionStatusLevel;
-    protected static boolean mIsDisconnecting = false;
-    protected static boolean mIsStarting = false;
-
-	public EIP(){
-		super("LEAPEIP");
-	}
-	
-	@Override
-	public void onCreate() {
-		super.onCreate();
-		
-		context = getApplicationContext();
-		
-		updateEIPService();
-	}
-	
-	@Override
-	public void onDestroy() {
-
-	    mBound = false;
-	    
-	    super.onDestroy();
-	}
-
-	
-    @Override
-    protected void onHandleIntent(Intent intent) {
-	String action = intent.getAction();
-	mReceiver = intent.getParcelableExtra(RECEIVER_TAG);
-		
-	if ( action == ACTION_START_EIP )
-	    startEIP();
-	else if ( action == ACTION_STOP_EIP )
-	    stopEIP();
-	else if ( action == ACTION_IS_EIP_RUNNING )
-	    isRunning();
-	else if ( action == ACTION_UPDATE_EIP_SERVICE )
-	    updateEIPService();
-	else if ( action == ACTION_CHECK_CERT_VALIDITY )
-	    checkCertValidity();
-	else if ( action == ACTION_REBUILD_PROFILES )
-	    updateGateways();
-    }
-	
-    /**
-     * Initiates an EIP connection by selecting a gateway and preparing and sending an
-     * Intent to {@link se.leap.openvpn.LaunchVPN}.
-     * It also sets up early routes.
-     */
-    private void startEIP() {
-	earlyRoutes();
-	activeGateway = selectGateway();
-	    
-	if(activeGateway != null && activeGateway.mVpnProfile != null) {
-	    launchActiveGateway();
-	}
-    }
-
-    /**
-     * Early routes are routes that block traffic until a new
-     * VpnService is started properly.
-     */
-    private void earlyRoutes() {
-	Intent void_vpn_launcher = new Intent(context, VoidVpnLauncher.class);
-	void_vpn_launcher.addFlags(Intent.FLAG_ACTIVITY_NEW_TASK);
-	startActivity(void_vpn_launcher);
-    }
-    
-    /**
-     * Choose a gateway to connect to based on timezone from system locale data
-     * 
-     * @return The gateway to connect to
-     */
-    private OVPNGateway selectGateway() {
-	String closest_location = closestGateway();
-	String chosen_host = chooseHost(closest_location);
-
-	return new OVPNGateway(chosen_host);
-    }
-
-    private String closestGateway() {
-	TreeMap<Integer, Set<String>> offsets = calculateOffsets();
-	return offsets.isEmpty() ? "" : offsets.firstEntry().getValue().iterator().next();
-    }
-
-    private TreeMap<Integer, Set<String>> calculateOffsets() {
-	TreeMap<Integer, Set<String>> offsets = new TreeMap<Integer, Set<String>>();
-	
-	int localOffset = Calendar.getInstance().get(Calendar.ZONE_OFFSET) / 3600000;
-	
-	JSONObject locations = availableLocations();
-	Iterator<String> locations_names = locations.keys();
-	while(locations_names.hasNext()) {
-	    try {
-		String location_name = locations_names.next();
-		JSONObject location = locations.getJSONObject(location_name);
-
-		int dist = timezoneDistance(localOffset, location.optInt("timezone"));
-
-		Set<String> set = (offsets.get(dist) != null) ?
-		    offsets.get(dist) : new HashSet<String>();
-		
-		set.add(location_name);
-		offsets.put(dist, set);
-	    } catch (JSONException e) {
-		// TODO Auto-generated catch block
-		e.printStackTrace();
-	    }	    
-	}
-	
-	return offsets;
-    }
-
-    private JSONObject availableLocations() {
-	JSONObject locations = null;
-	try {
-	    if(eipDefinition == null) updateEIPService();
-	    locations = eipDefinition.getJSONObject("locations");
-	} catch (JSONException e1) {
-	    // TODO Auto-generated catch block
-	    e1.printStackTrace();
-	}
-
-	return locations;
-    }
-
-    private int timezoneDistance(int local_timezone, int remote_timezone) {
-	// Distance along the numberline of Prime Meridian centric, assumes UTC-11 through UTC+12
-	int dist = Math.abs(local_timezone - remote_timezone);
-	
-	// Farther than 12 timezones and it's shorter around the "back"
-	if (dist > 12)
-	    dist = 12 - (dist -12);  // Well i'll be.  Absolute values make equations do funny things.
-	
-	return dist;
-    }
-
-    private String chooseHost(String location) {
-	String chosen_host = "";
-	try {
-	    JSONArray gateways = eipDefinition.getJSONArray("gateways");
-	    for (int i = 0; i < gateways.length(); i++) {
-		JSONObject gw = gateways.getJSONObject(i);
-		if ( gw.getString("location").equalsIgnoreCase(location) || location.isEmpty()){
-		    chosen_host = eipDefinition.getJSONObject("locations").getJSONObject(gw.getString("location")).getString("name");
-		    break;
-		}
-	    }
-	} catch (JSONException e) {
-	    // TODO Auto-generated catch block
-	    e.printStackTrace();
-	}
-	return chosen_host;
-    }
-    
-    private void launchActiveGateway() {
-	Intent intent = new Intent(this,LaunchVPN.class);
-	intent.setAction(Intent.ACTION_MAIN);
-	intent.addFlags(Intent.FLAG_ACTIVITY_NEW_TASK);
-	intent.putExtra(LaunchVPN.EXTRA_KEY, activeGateway.mVpnProfile.getUUID().toString() );
-	intent.putExtra(LaunchVPN.EXTRA_NAME, activeGateway.mVpnProfile.getName() );
-	intent.putExtra(LaunchVPN.EXTRA_HIDELOG, true);
-	intent.putExtra(RECEIVER_TAG, mReceiver);
-	startActivity(intent);
-    }
-    
-    /**
-     * Disconnects the EIP connection gracefully through the bound service or forcefully
-     * if there is no bound service.  Sends a message to the requesting ResultReceiver.
-     */
-    private void stopEIP() {
-	if(isConnected()) {
-	    Intent disconnect_vpn = new Intent(this, DisconnectVPN.class);
-	    disconnect_vpn.addFlags(Intent.FLAG_ACTIVITY_NEW_TASK);
-	    startActivity(disconnect_vpn);
-	    mIsDisconnecting = true;
-	    lastConnectionStatusLevel = ConnectionStatus.UNKNOWN_LEVEL; // Wait for the decision of the user
-	    Log.d(TAG, "mIsDisconnecting = true");
-	}
-
-	tellToReceiver(ACTION_STOP_EIP, Activity.RESULT_OK);
-    }
-    
-    private void tellToReceiver(String action, int resultCode) {	
-	if (mReceiver != null){
-	    Bundle resultData = new Bundle();
-	    resultData.putString(REQUEST_TAG, action);
-	    mReceiver.send(resultCode, resultData);
-	}
-    }
-	
-    /**
-     * Checks the last stored status notified by ics-openvpn
-     * Sends <code>Activity.RESULT_CANCELED</code> to the ResultReceiver that made the
-     * request if it's not connected, <code>Activity.RESULT_OK</code> otherwise.
-     */
-	
-    private void isRunning() {
-	int resultCode = Activity.RESULT_CANCELED;
-	boolean is_connected = isConnected();
-
-	resultCode = (is_connected) ? Activity.RESULT_OK : Activity.RESULT_CANCELED;
-
-	tellToReceiver(ACTION_IS_EIP_RUNNING, resultCode);
-    }
-    
-    protected static boolean isConnected() {	
-	return lastConnectionStatusLevel != null && lastConnectionStatusLevel.equals(ConnectionStatus.LEVEL_CONNECTED) && !mIsDisconnecting;
-    }
-
-	/**
-	 * Loads eip-service.json from SharedPreferences and calls {@link updateGateways()}
-	 * to parse gateway definitions.
-	 * TODO Implement API call to refresh eip-service.json from the provider
-	 */
-	private void updateEIPService() {
-		try {
-			eipDefinition = new JSONObject(getSharedPreferences(Dashboard.SHARED_PREFERENCES, MODE_PRIVATE).getString(KEY, ""));
-			parsedEipSerial = getSharedPreferences(Dashboard.SHARED_PREFERENCES, MODE_PRIVATE).getInt(PARSED_SERIAL, 0);
-		} catch (JSONException e) {
-			// TODO Auto-generated catch block
-			e.printStackTrace();
-		}
-		if(parsedEipSerial == 0) {
-		    deleteAllVpnProfiles();
-		}
-		if (eipDefinition != null && eipDefinition.optInt("serial") > parsedEipSerial)
-			updateGateways();
-	}
-
-    private void deleteAllVpnProfiles() {
-	ProfileManager vpl = ProfileManager.getInstance(context);
-	VpnProfile[] profiles = (VpnProfile[]) vpl.getProfiles().toArray(new VpnProfile[vpl.getProfiles().size()]);
-	for (int current_profile = 0; current_profile < profiles.length; current_profile++){
-	    vpl.removeProfile(context, profiles[current_profile]);
-	}
-    }
-	
-	/**
-	 * Walk the list of gateways defined in eip-service.json and parse them into
-	 * OVPNGateway objects.
-	 * TODO Store the OVPNGateways (as Serializable) in SharedPreferences
-	 */
-	private void updateGateways(){
-		JSONArray gatewaysDefined = null;
-		
-		try {
-			gatewaysDefined = eipDefinition.getJSONArray("gateways");		
-			for ( int i=0 ; i < gatewaysDefined.length(); i++ ){			
-			    JSONObject gw = null;			
-			    gw = gatewaysDefined.getJSONObject(i);
-			
-			    if ( gw.getJSONObject("capabilities").getJSONArray("transport").toString().contains("openvpn") )
-				new OVPNGateway(gw);
-			}
-		} catch (JSONException e) {
-		    // TODO Auto-generated catch block
-		    e.printStackTrace();
-		}
-		
-		getSharedPreferences(Dashboard.SHARED_PREFERENCES, MODE_PRIVATE).edit().putInt(PARSED_SERIAL, eipDefinition.optInt(Provider.API_RETURN_SERIAL)).commit();
-	}
-
-    private void checkCertValidity() {
-	String certificate_string = getSharedPreferences(Dashboard.SHARED_PREFERENCES, MODE_PRIVATE).getString(CERTIFICATE, "");
-	if(!certificate_string.isEmpty()) {
-	    String date_from_certificate_string = getSharedPreferences(Dashboard.SHARED_PREFERENCES, MODE_PRIVATE).getString(DATE_FROM_CERTIFICATE, certificate_date_format.format(Calendar.getInstance().getTime()).toString());
-	    X509Certificate certificate_x509 = ConfigHelper.parseX509CertificateFromString(certificate_string);
-
-	    Calendar offset_date = Calendar.getInstance();
-	    try {
-		Date date_from_certificate = certificate_date_format.parse(date_from_certificate_string);
-		long difference = Math.abs(date_from_certificate.getTime() - certificate_x509.getNotAfter().getTime())/2;
-		long current_date_millis = offset_date.getTimeInMillis();
-		offset_date.setTimeInMillis(current_date_millis + difference);
-		Log.d(TAG, "certificate not after = " + certificate_x509.getNotAfter());
-	    } catch(ParseException e) {
-		e.printStackTrace();
-	    }
-	
-	    Bundle result_data = new Bundle();
-	    result_data.putString(REQUEST_TAG, ACTION_CHECK_CERT_VALIDITY);
-	    try {
-		Log.d(TAG, "offset_date = " + offset_date.getTime().toString());
-		certificate_x509.checkValidity(offset_date.getTime());
-		mReceiver.send(Activity.RESULT_OK, result_data);
-		Log.d(TAG, "Valid certificate");
-	    } catch(CertificateExpiredException e) {
-		mReceiver.send(Activity.RESULT_CANCELED, result_data);
-		Log.d(TAG, "Updating certificate");
-	    } catch(CertificateNotYetValidException e) {
-		mReceiver.send(Activity.RESULT_CANCELED, result_data);
-	    }
-	}
-    }
-
-	/**
-	 * OVPNGateway provides objects defining gateways and their options and metadata.
-	 * Each instance contains a VpnProfile for OpenVPN specific data and member
-	 * variables describing capabilities and location
-	 * 
-	 * @author Sean Leonard <meanderingcode@aetherislands.net>
-	 */
-	private class OVPNGateway {
-		
-		private String TAG = "OVPNGateway";
-		
-		private String mName;
-		private VpnProfile mVpnProfile;
-		private JSONObject mGateway;
-		private HashMap<String,Vector<Vector<String>>> options = new HashMap<String, Vector<Vector<String>>>();
-
-		
-		/**
-		 * Attempts to retrieve a VpnProfile by name and build an OVPNGateway around it.
-		 * FIXME This needs to become a findGatewayByName() method
-		 * 
-		 * @param name The hostname of the gateway to inflate
-		 */
-		private OVPNGateway(String name){
-			mName = name;
-			
-			this.loadVpnProfile();
-		}
-		
-		private void loadVpnProfile() {
-			ProfileManager vpl = ProfileManager.getInstance(context);
-			try {
-				if ( mName == null )
-					mVpnProfile = vpl.getProfiles().iterator().next();
-				else
-					mVpnProfile = vpl.getProfileByName(mName);
-			} catch (NoSuchElementException e) {
-				updateEIPService();
-				this.loadVpnProfile();	// FIXME catch infinite loops
-			} catch (Exception e) {
-				// TODO Auto-generated catch block
-				e.printStackTrace();
-			}
-		}
-		
-		/**
-		 * Build a gateway object from a JSON OpenVPN gateway definition in eip-service.json
-		 * and create a VpnProfile belonging to it.
-		 * 
-		 * @param gateway The JSON OpenVPN gateway definition to parse
-		 */
-		protected OVPNGateway(JSONObject gateway){
-
-			mGateway = gateway;
-			
-			// Currently deletes VpnProfile for host, if there already is one, and builds new
-			ProfileManager vpl = ProfileManager.getInstance(context);
-			Collection<VpnProfile> profiles = vpl.getProfiles();
-			for (Iterator<VpnProfile> it = profiles.iterator(); it.hasNext(); ){
-				VpnProfile p = it.next();
-				
-				if ( p.mName.equalsIgnoreCase( mName ) ) {
-				    it.remove();
-				    vpl.removeProfile(context, p);
-				}
-			}
-			
-			this.createVPNProfile();
-			
-			vpl.addProfile(mVpnProfile);
-			vpl.saveProfile(context, mVpnProfile);
-			vpl.saveProfileList(context);
-		}
-	    
-		/**
-		 * Create and attach the VpnProfile to our gateway object
-		 */
-		protected void createVPNProfile(){
-			try {
-				ConfigParser cp = new ConfigParser();
-				cp.parseConfig(new StringReader(configFromEipServiceDotJson()));
-				cp.parseConfig(new StringReader(caSecretFromSharedPreferences()));
-				cp.parseConfig(new StringReader(keySecretFromSharedPreferences()));
-				cp.parseConfig(new StringReader(certSecretFromSharedPreferences()));
-				cp.parseConfig(new StringReader("remote-cert-tls server"));
-				cp.parseConfig(new StringReader("persist-tun"));
-				VpnProfile vp = cp.convertProfile();
-				//vp.mAuthenticationType=VpnProfile.TYPE_STATICKEYS;
-				mVpnProfile = vp;
-				mVpnProfile.mName = mName = locationAsName();
-				Log.v(TAG,"Created VPNProfile");
-			} catch (ConfigParseError e) {
-				// FIXME We didn't get a VpnProfile!  Error handling! and log level
-				Log.v(TAG,"Error creating VPNProfile");
-				e.printStackTrace();
-			} catch (IOException e) {
-				// FIXME We didn't get a VpnProfile!  Error handling! and log level
-				Log.v(TAG,"Error creating VPNProfile");
-				e.printStackTrace();
-			}
-		}
-
-	    /**
-	     * Parses data from eip-service.json to a section of the openvpn config file
-	     */
-	    private String configFromEipServiceDotJson() {
-		String parsed_configuration = "";
-		
-		String location_key = "location";
-		String locations = "locations";
-
-		parsed_configuration += extractCommonOptionsFromEipServiceDotJson();
-		parsed_configuration += extractRemotesFromEipServiceDotJson();
-
-		return parsed_configuration;
-	    }
-
-	    private String extractCommonOptionsFromEipServiceDotJson() {
-		String common_options = "";
-		try {
-		    String common_options_key = "openvpn_configuration";
-		    JSONObject openvpn_configuration = eipDefinition.getJSONObject(common_options_key);
-		    Iterator keys = openvpn_configuration.keys();
-		    Vector<Vector<String>> value = new Vector<Vector<String>>();
-		    while ( keys.hasNext() ){
-			String key = keys.next().toString();
-					
-			common_options += key + " ";
-			for ( String word : openvpn_configuration.getString(key).split(" ") )
-			    common_options += word + " ";
-			common_options += System.getProperty("line.separator");
-			
-		    }
-		} catch (JSONException e) {
-		    // TODO Auto-generated catch block
-		    e.printStackTrace();
-		}
-
-		common_options += "client" + System.getProperty("line.separator");
-
-		return common_options;
-	    }
-		
-	    
-	    private String extractRemotesFromEipServiceDotJson() {
-		String remotes = "";
-		
-		String remote = "ip_address";
-		String remote_openvpn_keyword = "remote";
-		String ports = "ports";
-		String protos = "protocols";
-		String capabilities = "capabilities";
-		String udp = "udp";
-		
-		try {
-		    JSONArray protocolsJSON = mGateway.getJSONObject(capabilities).getJSONArray(protos);
-		    for ( int i=0; i<protocolsJSON.length(); i++ ) {
-			String remote_line = remote_openvpn_keyword;
-			remote_line += " " + mGateway.getString(remote);
-			remote_line += " " + mGateway.getJSONObject(capabilities).getJSONArray(ports).optString(0);
-			remote_line += " " + protocolsJSON.optString(i);
-			if(remote_line.endsWith(udp))
-			    remotes = remotes.replaceFirst(remote_openvpn_keyword, remote_line + System.getProperty("line.separator") + remote_openvpn_keyword);
-			else
-			    remotes += remote_line;
-			remotes += System.getProperty("line.separator");
-		    }
-		} catch (JSONException e) {
-		    // TODO Auto-generated catch block
-		    e.printStackTrace();
-		}
-		
-		Log.d(TAG, "remotes = " + remotes);
-		return remotes;
-	    }
-
-	    private String caSecretFromSharedPreferences() {
-		String secret_lines = "";
-		SharedPreferences preferences = context.getSharedPreferences(Dashboard.SHARED_PREFERENCES, context.MODE_PRIVATE);
-		
-		System.getProperty("line.separator");
-		secret_lines += "<ca>";
-		secret_lines += System.getProperty("line.separator");
-		secret_lines += preferences.getString(Provider.CA_CERT, "");
-		secret_lines += System.getProperty("line.separator");
-		secret_lines += "</ca>";
-		
-		return secret_lines;
-	    }
-
-	    private String keySecretFromSharedPreferences() {
-		String secret_lines = "";
-		SharedPreferences preferences = context.getSharedPreferences(Dashboard.SHARED_PREFERENCES, context.MODE_PRIVATE);
-	
-		secret_lines += System.getProperty("line.separator");
-		secret_lines +="<key>";
-		secret_lines += System.getProperty("line.separator");
-		secret_lines += preferences.getString(EIP.PRIVATE_KEY, "");
-		secret_lines += System.getProperty("line.separator");
-		secret_lines += "</key>";
-		secret_lines += System.getProperty("line.separator");
-
-		return secret_lines;
-	    }
-
-	    private String certSecretFromSharedPreferences() {
-		String secret_lines = "";
-		SharedPreferences preferences = context.getSharedPreferences(Dashboard.SHARED_PREFERENCES, context.MODE_PRIVATE);	
-		
-		secret_lines += System.getProperty("line.separator");
-		secret_lines +="<cert>";
-		secret_lines += System.getProperty("line.separator");
-		secret_lines += preferences.getString(EIP.CERTIFICATE, "");
-		secret_lines += System.getProperty("line.separator");
-		secret_lines += "</cert>";
-		secret_lines += System.getProperty("line.separator");
-
-		return secret_lines;
-	    }
-
-	    
-	    public String locationAsName() {
-		try {
-		    return eipDefinition.getJSONObject("locations").getJSONObject(mGateway.getString("location")).getString("name");
-		} catch (JSONException e) {
-		    Log.v(TAG,"Couldn't read gateway name for profile creation! Returning original name = " + mName);
-		    e.printStackTrace();
-		    return (mName != null) ? mName : "";
-		}
-	    }
-	}
-}
diff --git a/app/src/main/java/se/leap/bitmaskclient/EipServiceFragment.java b/app/src/main/java/se/leap/bitmaskclient/EipServiceFragment.java
index 18ee0262..1b40c94c 100644
--- a/app/src/main/java/se/leap/bitmaskclient/EipServiceFragment.java
+++ b/app/src/main/java/se/leap/bitmaskclient/EipServiceFragment.java
@@ -1,14 +1,5 @@
 package se.leap.bitmaskclient;
 
-import se.leap.bitmaskclient.R;
-import se.leap.bitmaskclient.ProviderAPIResultReceiver;
-import se.leap.bitmaskclient.ProviderAPIResultReceiver.Receiver;
-import se.leap.bitmaskclient.Dashboard;
-
-import de.blinkt.openvpn.activities.LogWindow;
-import de.blinkt.openvpn.core.VpnStatus;
-import de.blinkt.openvpn.core.VpnStatus.ConnectionStatus;
-import de.blinkt.openvpn.core.VpnStatus.StateListener;
 import android.app.Activity;
 import android.app.AlertDialog;
 import android.app.Fragment;
@@ -19,107 +10,113 @@ import android.os.Handler;
 import android.os.ResultReceiver;
 import android.util.Log;
 import android.view.LayoutInflater;
-import android.view.MotionEvent;
 import android.view.View;
-import android.view.View.OnClickListener;
 import android.view.ViewGroup;
-import android.widget.CompoundButton.OnCheckedChangeListener;
-import android.widget.CompoundButton;
 import android.widget.ProgressBar;
-import android.widget.RelativeLayout;
 import android.widget.Switch;
 import android.widget.TextView;
 
-public class EipServiceFragment extends Fragment implements StateListener, OnCheckedChangeListener {
+import java.util.Observable;
+import java.util.Observer;
+
+import butterknife.ButterKnife;
+import butterknife.InjectView;
+import butterknife.OnCheckedChanged;
+import de.blinkt.openvpn.activities.DisconnectVPN;
+import se.leap.bitmaskclient.eip.Constants;
+import se.leap.bitmaskclient.eip.EIP;
+import se.leap.bitmaskclient.eip.EipStatus;
+
+public class EipServiceFragment extends Fragment implements Observer {
 	
-	protected static final String IS_EIP_PENDING = "is_eip_pending";
+    public static String TAG = "se.leap.bitmask.EipServiceFragment";
+
+    protected static final String IS_PENDING = TAG + ".is_pending";
+    protected static final String IS_CONNECTED = TAG + ".is_connected";
+    protected static final String STATUS_MESSAGE = TAG + ".status_message";
     public static final String START_ON_BOOT = "start on boot";
-	
-	private View eipFragment;
-	private static Switch eipSwitch;
-	private View eipDetail;
-	private TextView eipStatus;
 
+    private View view;
+    @InjectView(R.id.eipSwitch)
+    Switch eip_switch;
+    @InjectView(R.id.status_message)
+    TextView status_message;
+    @InjectView(R.id.eipProgress)
+    ProgressBar progress_bar;
+
+    private static Activity parent_activity;
     private static EIPReceiver mEIPReceiver;
+    private static EipStatus eip_status;
+    private boolean is_starting_to_connect;
 
+    @Override
+    public void onAttach(Activity activity) {
+	super.onAttach(activity);
+	parent_activity = activity;
+    }
     
-    public static String TAG = "se.leap.bitmask.EipServiceFragment";
+    @Override
+    public void onCreate(Bundle savedInstanceState) {
+	super.onCreate(savedInstanceState);
+	eip_status = EipStatus.getInstance();
+	eip_status.addObserver(this);
+	mEIPReceiver = new EIPReceiver(new Handler());
+    }
 
-	@Override
-	public View onCreateView(LayoutInflater inflater, ViewGroup container,
-			Bundle savedInstanceState) {
-		
-		eipFragment = inflater.inflate(R.layout.eip_service_fragment, container, false);		
-		eipDetail = ((RelativeLayout) eipFragment.findViewById(R.id.eipDetail));
-		eipDetail.setVisibility(View.VISIBLE);
-
-		View eipSettings = eipFragment.findViewById(R.id.eipSettings);
-		eipSettings.setVisibility(View.GONE); // FIXME too!
-
-		if (EIP.mIsStarting)
-		    eipFragment.findViewById(R.id.eipProgress).setVisibility(View.VISIBLE);
-		
-		eipStatus = (TextView) eipFragment.findViewById(R.id.eipStatus);
-
-		eipSwitch = (Switch) eipFragment.findViewById(R.id.eipSwitch);
-		eipSwitch.setOnCheckedChangeListener(this);
-		
-		if(getArguments() != null && getArguments().containsKey(START_ON_BOOT) && getArguments().getBoolean(START_ON_BOOT))
-		    startEipFromScratch();
-		
-		return eipFragment;
-	}
+    @Override
+    public View onCreateView(LayoutInflater inflater, ViewGroup container, Bundle savedInstanceState) {
+	view = inflater.inflate(R.layout.eip_service_fragment, container, false);
+        ButterKnife.inject(this, view);
 
-	@Override
-	public void onCreate(Bundle savedInstanceState) {
-		super.onCreate(savedInstanceState);
-		
-		mEIPReceiver = new EIPReceiver(new Handler());
+	if (eip_status.isConnecting())
+	    eip_switch.setVisibility(View.VISIBLE);
 
-		if (savedInstanceState != null)
-			EIP.mIsStarting = savedInstanceState.getBoolean(IS_EIP_PENDING);
-	}
+	Log.d(TAG, "onCreateView, eip_switch is checked? " + eip_switch.isChecked());
 
-	@Override
-	public void onResume() {
-		super.onResume();
+        Bundle arguments = getArguments();
+	if(arguments != null && arguments.containsKey(START_ON_BOOT) && arguments.getBoolean(START_ON_BOOT))
+	    startEipFromScratch();
 
-		VpnStatus.addStateListener(this);
-		
-		eipCommand(EIP.ACTION_CHECK_CERT_VALIDITY);
-	}
-    
-	@Override
-	public void onPause() {
-		super.onPause();
+        if (savedInstanceState != null) {
+            status_message.setText(savedInstanceState.getString(STATUS_MESSAGE));
+            if(savedInstanceState.getBoolean(IS_PENDING))
+                eip_status.setConnecting();
+            else if(savedInstanceState.getBoolean(IS_CONNECTED)) {
+                eip_status.setConnectedOrDisconnected();
+            }
+        }
+	return view;
+    }
 
-		VpnStatus.removeStateListener(this);
-	}
+    @Override
+    public void onResume() {
+	super.onResume();
+	eipCommand(Constants.ACTION_CHECK_CERT_VALIDITY);
+	handleNewState(eip_status);
+    }
     
-	@Override
-	public void onSaveInstanceState(Bundle outState) {
-		super.onSaveInstanceState(outState);
-		outState.putBoolean(IS_EIP_PENDING, EIP.mIsStarting);
-	}
+    @Override
+    public void onSaveInstanceState(Bundle outState) {
+	outState.putBoolean(IS_PENDING, eip_status.isConnecting());
+	outState.putBoolean(IS_CONNECTED, eip_status.isConnected());
+	Log.d(TAG, "status message onSaveInstanceState = " + status_message.getText().toString());
+	outState.putString(STATUS_MESSAGE, status_message.getText().toString());
+	super.onSaveInstanceState(outState);
+    }
 
     protected void saveEipStatus() {
 	boolean eip_is_on = false;
-	Log.d("bitmask", "saveEipStatus");
-	if(eipSwitch.isChecked()) {
+	Log.d(TAG, "saveEipStatus");
+	if(eip_switch.isChecked()) {
 	    eip_is_on = true;
 	}
 
-	if(getActivity() != null)
+	if(parent_activity != null)
 	    Dashboard.preferences.edit().putBoolean(Dashboard.START_ON_BOOT, eip_is_on).commit();
     }
-    @Override
-    public void onCheckedChanged(CompoundButton buttonView, boolean isChecked) {
-	if (buttonView.equals(eipSwitch)){
-	    handleSwitch(isChecked);
-	}
-    }
-    
-    private void handleSwitch(boolean isChecked) {
+
+    @OnCheckedChanged(R.id.eipSwitch)
+    void handleSwitch(boolean isChecked) {
 	if(isChecked)
 	    handleSwitchOn();
 	else
@@ -133,284 +130,226 @@ public class EipServiceFragment extends Fragment implements StateListener, OnChe
 	    startEipFromScratch();
 	else if(canLogInToStartEIP()) {
 	    Log.d(TAG, "Can Log In to start EIP");
-	    Dashboard dashboard = (Dashboard) getActivity();
-	    dashboard.logInDialog(Bundle.EMPTY);
+	    Dashboard dashboard = (Dashboard) parent_activity;
+        Bundle bundle = new Bundle();
+        bundle.putBoolean(IS_PENDING, true);
+	    dashboard.logInDialog(bundle);
 	}	    
     }
     
     private boolean canStartEIP() {
-	boolean certificateExists = !Dashboard.preferences.getString(EIP.CERTIFICATE, "").isEmpty();
-	boolean isAllowedAnon = Dashboard.preferences.getBoolean(EIP.ALLOWED_ANON, false);
-	return (isAllowedAnon || certificateExists) && !EIP.mIsStarting && !EIP.isConnected();
+	boolean certificateExists = !Dashboard.preferences.getString(Constants.CERTIFICATE, "").isEmpty();
+	boolean isAllowedAnon = Dashboard.preferences.getBoolean(Constants.ALLOWED_ANON, false);
+	return (isAllowedAnon || certificateExists) && !eip_status.isConnected() && !eip_status.isConnecting();
     }
     
     private boolean canLogInToStartEIP() {
-	boolean isAllowedRegistered = Dashboard.preferences.getBoolean(EIP.ALLOWED_REGISTERED, false);
-	boolean isLoggedIn = Dashboard.preferences.getBoolean(EIP.AUTHED_EIP, false);
+	boolean isAllowedRegistered = Dashboard.preferences.getBoolean(Constants.ALLOWED_REGISTERED, false);
+	boolean isLoggedIn = !LeapSRPSession.getToken().isEmpty();
 	Log.d(TAG, "Allow registered? " + isAllowedRegistered);
 	Log.d(TAG, "Is logged in? " + isLoggedIn);
-	return isAllowedRegistered && !isLoggedIn && !EIP.mIsStarting && !EIP.isConnected();
+	return isAllowedRegistered && !isLoggedIn && !eip_status.isConnecting() && !eip_status.isConnected();
     }
 
     private void handleSwitchOff() {
-	if(EIP.mIsStarting) {
+	if(eip_status.isConnecting()) {
 	    askPendingStartCancellation();
-	} else if(EIP.isConnected()) {
-	    Log.d(TAG, "Stopping EIP");
+	} else if(eip_status.isConnected()) {
 	    stopEIP();
 	}
     }
 
     private void askPendingStartCancellation() {	
-	AlertDialog.Builder alertBuilder = new AlertDialog.Builder(getActivity());
-	alertBuilder.setTitle(getResources().getString(R.string.eip_cancel_connect_title))
-	    .setMessage(getResources().getString(R.string.eip_cancel_connect_text))
+	AlertDialog.Builder alertBuilder = new AlertDialog.Builder(parent_activity);
+	alertBuilder.setTitle(parent_activity.getString(R.string.eip_cancel_connect_title))
+	    .setMessage(parent_activity.getString(R.string.eip_cancel_connect_text))
 	    .setPositiveButton((R.string.yes), new DialogInterface.OnClickListener() {
 		    @Override
 		    public void onClick(DialogInterface dialog, int which) {
 			stopEIP();
 		    }
 		})
-	    .setNegativeButton(getResources().getString(R.string.no), new DialogInterface.OnClickListener() {
+	    .setNegativeButton(parent_activity.getString(R.string.no), new DialogInterface.OnClickListener() {
 		    @Override
 		    public void onClick(DialogInterface dialog, int which) {
-			Log.d(TAG, "askPendingStartCancellation checks the switch to true");
-			eipSwitch.setChecked(true);
+			eip_switch.setChecked(true);
 		    }
 		})
 	    .show();
     }
 
     public void startEipFromScratch() {
-	EIP.mIsStarting = true;
-	eipFragment.findViewById(R.id.eipProgress).setVisibility(View.VISIBLE);
-	String status = getResources().getString(R.string.eip_status_start_pending);
-	setEipStatus(status);
+        is_starting_to_connect = true;
+        progress_bar.setVisibility(View.VISIBLE);
+	eip_switch.setVisibility(View.VISIBLE);
+	String status = parent_activity.getString(R.string.eip_status_start_pending);
+	status_message.setText(status);
 	
-	if(!eipSwitch.isChecked()) {
-	    Log.d(TAG, "startEipFromScratch checks the switch to true");
-	    eipSwitch.setChecked(true);
+	if(!eip_switch.isChecked()) {
+	    eip_switch.setChecked(true);
 	    saveEipStatus();
 	}
-	eipCommand(EIP.ACTION_START_EIP);
+	eipCommand(Constants.ACTION_START_EIP);
     }
 
-    private void stopEIP() {
-	EIP.mIsStarting = false;
-	View eipProgressBar = getActivity().findViewById(R.id.eipProgress);
-	if(eipProgressBar != null)
-	    eipProgressBar.setVisibility(View.GONE);
-	
-	String status = getResources().getString(R.string.eip_state_not_connected);
-	setEipStatus(status);
-	eipCommand(EIP.ACTION_STOP_EIP);
+    protected void stopEIP() {
+        hideProgressBar();
+
+	String status = parent_activity.getString(R.string.eip_state_not_connected);
+	status_message.setText(status);
+	eipCommand(Constants.ACTION_STOP_EIP);
     }
 	
-	/**
-	 * Send a command to EIP
-	 * 
-	 * @param action	A valid String constant from EIP class representing an Intent
-	 * 					filter for the EIP class 
-	 */
-	private void eipCommand(String action){
-		// TODO validate "action"...how do we get the list of intent-filters for a class via Android API?
-	    Intent vpn_intent = new Intent(getActivity().getApplicationContext(), EIP.class);
-	    vpn_intent.setAction(action);
-	    vpn_intent.putExtra(EIP.RECEIVER_TAG, mEIPReceiver);
-	    getActivity().startService(vpn_intent);
-	}
+    /**
+     * Send a command to EIP
+     * 
+     * @param action	A valid String constant from EIP class representing an Intent
+     * 					filter for the EIP class 
+     */
+    private void eipCommand(String action){
+	// TODO validate "action"...how do we get the list of intent-filters for a class via Android API?
+	Intent vpn_intent = new Intent(parent_activity.getApplicationContext(), EIP.class);
+	vpn_intent.setAction(action);
+	vpn_intent.putExtra(Constants.RECEIVER_TAG, mEIPReceiver);
+	parent_activity.startService(vpn_intent);
+    }
 	
     @Override
-    public void updateState(final String state, final String logmessage, final int localizedResId, final ConnectionStatus level) {
-	boolean isNewLevel = EIP.lastConnectionStatusLevel != level;
-	boolean justDecidedOnDisconnect = EIP.lastConnectionStatusLevel == ConnectionStatus.UNKNOWN_LEVEL;
-	Log.d(TAG, "update state with level " + level);
-	if(!justDecidedOnDisconnect && (isNewLevel || level == ConnectionStatus.LEVEL_CONNECTED)) {
-	    getActivity().runOnUiThread(new Runnable() {
-		    @Override
-		    public void run() {
-			EIP.lastConnectionStatusLevel = level;
-			handleNewState(state, logmessage, localizedResId, level);
+    public void update (Observable observable, Object data) {
+	if(observable instanceof EipStatus) {
+	    eip_status = (EipStatus) observable;
+	    final EipStatus eip_status = (EipStatus) observable;
+	    parent_activity.runOnUiThread(new Runnable() {
+	    	    @Override
+	    	    public void run() {
+			handleNewState(eip_status);
 		    }
 		});
-	} else if(justDecidedOnDisconnect && level == ConnectionStatus.LEVEL_CONNECTED) {
-	    EIP.lastConnectionStatusLevel = ConnectionStatus.LEVEL_NOTCONNECTED;
-	    updateState(state, logmessage, localizedResId, level);
 	}
     }
 
-    private void handleNewState(final String state, final String logmessage, final int localizedResId, final ConnectionStatus level) {
-	if (level == ConnectionStatus.LEVEL_CONNECTED)
+    private void handleNewState(EipStatus eip_status) {
+	Log.d(TAG, "handleNewState: " + eip_status.toString());
+	if(eip_status.wantsToDisconnect())
+	    setDisconnectedUI();
+    else if(eip_status.isConnecting() || is_starting_to_connect)
+        setInProgressUI(eip_status);
+	else if (eip_status.isConnected())
 	    setConnectedUI();
-	else if (isDisconnectedLevel(level) && !EIP.mIsStarting)
+	else if (eip_status.isDisconnected() && !eip_status.isConnecting())
 	    setDisconnectedUI();
-	else if (level == ConnectionStatus.LEVEL_CONNECTING_NO_SERVER_REPLY_YET)
-	    setNoServerReplyUI(localizedResId, logmessage);
-	else if (level == ConnectionStatus.LEVEL_CONNECTING_SERVER_REPLIED)
-	    setServerReplyUI(state, localizedResId, logmessage);
-    }
-
-    private boolean isDisconnectedLevel(final ConnectionStatus level) {
-	return level == ConnectionStatus.LEVEL_NOTCONNECTED || level == ConnectionStatus.LEVEL_AUTH_FAILED;
     }
 
     private void setConnectedUI() {
 	hideProgressBar();
-	Log.d(TAG, "mIsDisconnecting = false in setConnectedUI");
-	EIP.mIsStarting = false; //TODO This should be done in the onReceiveResult from START_EIP command, but right now LaunchVPN isn't notifying anybody the resultcode of the request so we need to listen the states with this listener.
-	EIP.mIsDisconnecting = false; //TODO See comment above
-	String status = getString(R.string.eip_state_connected);
-	setEipStatus(status);
+	Log.d(TAG, "setConnectedUi? " + eip_status.isConnected());
 	adjustSwitch();
+    is_starting_to_connect = false;
+	status_message.setText(parent_activity.getString(R.string.eip_state_connected));
     }
 
     private void setDisconnectedUI(){
 	hideProgressBar();
-	EIP.mIsStarting = false; //TODO See comment in setConnectedUI()
-	Log.d(TAG, "mIsDisconnecting = false in setDisconnectedUI");
-	EIP.mIsDisconnecting = false; //TODO See comment in setConnectedUI()
-
-	String status = getString(R.string.eip_state_not_connected);
-	setEipStatus(status);
 	adjustSwitch();
+	status_message.setText(parent_activity.getString(R.string.eip_state_not_connected));
     }
 
-    private void adjustSwitch() {	
-	if(EIP.isConnected()) {
-	    if(!eipSwitch.isChecked()) {
-		eipSwitch.setChecked(true);
+    private void adjustSwitch() {
+	if(eip_status.isConnected() || eip_status.isConnecting() || is_starting_to_connect) {
+	    Log.d(TAG, "adjustSwitch, isConnected || isConnecting, is checked");
+	    if(!eip_switch.isChecked()) {
+		eip_switch.setChecked(true);
 	    }
 	} else {
-	    if(eipSwitch.isChecked()) {
-		eipSwitch.setChecked(false);
-	    }
-	}
-    }
+	    Log.d(TAG, "adjustSwitch, !isConnected && !isConnecting? " + eip_status.toString());
 
-    private void setNoServerReplyUI(int localizedResId, String logmessage) {
-	if(eipStatus != null) {
-	    String prefix = getString(localizedResId);
-	    setEipStatus(prefix + " " + logmessage);
+	    if(eip_switch.isChecked()) {
+		eip_switch.setChecked(false);
+	    }
 	}
     }
 
-    private void setServerReplyUI(String state, int localizedResId, String logmessage) {
-	if(eipStatus != null)
-	    if(state.equals("AUTH") || state.equals("GET_CONFIG")) {		
-		String prefix = getString(localizedResId);
-		setEipStatus(prefix + " " + logmessage);
-	    }
-    }
+    private void setInProgressUI(EipStatus eip_status) {
+	int localizedResId = eip_status.getLocalizedResId();
+	String logmessage = eip_status.getLogMessage();
+	String prefix = parent_activity.getString(localizedResId);
 
-    protected void setEipStatus(String status) {
-	if(eipStatus == null)
-	    eipStatus = (TextView) getActivity().findViewById(R.id.eipStatus);
-	eipStatus.setText(status);
+	status_message.setText(prefix + " " + logmessage);
+        is_starting_to_connect = false;
+	adjustSwitch();
     }
 
     private void hideProgressBar() {
-	if(getActivity() != null && getActivity().findViewById(R.id.eipProgress) != null)
-	    getActivity().findViewById(R.id.eipProgress).setVisibility(View.GONE);
+	if(progress_bar != null)
+	    progress_bar.setVisibility(View.GONE);
     }
 
-	/**
-	 * Inner class for handling messages related to EIP status and control requests
-	 * 
-	 * @author Sean Leonard <meanderingcode@aetherislands.net>
-	 */
-	protected class EIPReceiver extends ResultReceiver {
-		
-		protected EIPReceiver(Handler handler){
-			super(handler);
-		}
+    protected class EIPReceiver extends ResultReceiver {
+
+	protected EIPReceiver(Handler handler){
+	    super(handler);
+	}
+
+	@Override
+	protected void onReceiveResult(int resultCode, Bundle resultData) {
+	    super.onReceiveResult(resultCode, resultData);
 
-		@Override
-		protected void onReceiveResult(int resultCode, Bundle resultData) {
-			super.onReceiveResult(resultCode, resultData);
-		
-			String request = resultData.getString(EIP.REQUEST_TAG);
-			boolean checked = false;
-			
-			if (request == EIP.ACTION_IS_EIP_RUNNING) {
-				switch (resultCode){
-				case Activity.RESULT_OK:
-					checked = true;
-					break;
-				case Activity.RESULT_CANCELED:
-					checked = false;
-					break;
-				}
-			} else if (request == EIP.ACTION_START_EIP) {
-				switch (resultCode){
-				case Activity.RESULT_OK:
-				    Log.d(TAG, "Action start eip = Result OK");
-					checked = true;
-					eipFragment.findViewById(R.id.eipProgress).setVisibility(View.VISIBLE);
-					EIP.mIsStarting = false;
-					break;
-				case Activity.RESULT_CANCELED:
-					checked = false;
-					eipFragment.findViewById(R.id.eipProgress).setVisibility(View.GONE);
-					break;
-				}
-			} else if (request == EIP.ACTION_STOP_EIP) {
-				switch (resultCode){
-				case Activity.RESULT_OK:
-					checked = false;
-					break;
-				case Activity.RESULT_CANCELED:
-					checked = true;
-					break;
-				}
-			} else if (request == EIP.EIP_NOTIFICATION) {
-				switch  (resultCode){
-				case Activity.RESULT_OK:
-					checked = true;
-					break;
-				case Activity.RESULT_CANCELED:
-					checked = false;
-					break;
-				}
-			} else if (request == EIP.ACTION_CHECK_CERT_VALIDITY) {
-			    checked = eipSwitch.isChecked();
-			    
-			    switch (resultCode) {
-			    case Activity.RESULT_OK:
-				break;
-			    case Activity.RESULT_CANCELED:
-				Dashboard dashboard = (Dashboard) getActivity();
-
-				dashboard.setProgressBarVisibility(ProgressBar.VISIBLE);
-				String status = getResources().getString(R.string.updating_certificate_message);
-				setEipStatus(status);
-				
-				Intent provider_API_command = new Intent(getActivity(), ProviderAPI.class);
-				if(dashboard.providerAPI_result_receiver == null) {
-				    dashboard.providerAPI_result_receiver = new ProviderAPIResultReceiver(new Handler());
-				    dashboard.providerAPI_result_receiver.setReceiver(dashboard);
-				}
-				
-				provider_API_command.setAction(ProviderAPI.DOWNLOAD_CERTIFICATE);
-				provider_API_command.putExtra(ProviderAPI.RECEIVER_KEY, dashboard.providerAPI_result_receiver);
-				getActivity().startService(provider_API_command);
-				break;
-			    }
+	    String request = resultData.getString(Constants.REQUEST_TAG);
+
+	    if (request.equals(Constants.ACTION_START_EIP)) {
+		switch (resultCode){
+		case Activity.RESULT_OK:
+		    break;
+		case Activity.RESULT_CANCELED:
+		    break;
+		}
+	    } else if (request.equals(Constants.ACTION_STOP_EIP)) {
+		switch (resultCode){
+		case Activity.RESULT_OK:
+		    Intent disconnect_vpn = new Intent(parent_activity, DisconnectVPN.class);
+		    parent_activity.startActivityForResult(disconnect_vpn, EIP.DISCONNECT);
+		    eip_status.setDisconnecting();
+		    break;
+		case Activity.RESULT_CANCELED:
+		    break;
+		}
+	    } else if (request.equals(Constants.EIP_NOTIFICATION)) {
+		switch  (resultCode){
+		case Activity.RESULT_OK:
+		    break;
+		case Activity.RESULT_CANCELED:
+		    break;
+		}
+	    } else if (request.equals(Constants.ACTION_CHECK_CERT_VALIDITY)) {
+		switch (resultCode) {
+		case Activity.RESULT_OK:
+		    break;
+		case Activity.RESULT_CANCELED:
+		    Dashboard dashboard = (Dashboard) parent_activity;
+
+		    progress_bar.setVisibility(View.VISIBLE);
+		    status_message.setText(getString(R.string.updating_certificate_message));
+		    if(LeapSRPSession.getToken().isEmpty() && !Dashboard.preferences.getBoolean(Constants.ALLOWED_ANON, false)) {
+			dashboard.logInDialog(Bundle.EMPTY);
+		    } else {
+			Intent provider_API_command = new Intent(parent_activity, ProviderAPI.class);
+			if(dashboard.providerAPI_result_receiver == null) {
+			    dashboard.providerAPI_result_receiver = new ProviderAPIResultReceiver(new Handler());
+			    dashboard.providerAPI_result_receiver.setReceiver(dashboard);
 			}
+
+			provider_API_command.setAction(ProviderAPI.DOWNLOAD_CERTIFICATE);
+			provider_API_command.putExtra(ProviderAPI.RECEIVER_KEY, dashboard.providerAPI_result_receiver);
+			parent_activity.startService(provider_API_command);
+		    }
+		    break;
 		}
+	    }
 	}
-    
-
-    public static EIPReceiver getReceiver() {
-	return mEIPReceiver;
     }
 
-    public static boolean isEipSwitchChecked() {
-	return eipSwitch.isChecked();
-    }
 
-    public void checkEipSwitch(boolean checked) {
-	eipSwitch.setChecked(checked);
-	// Log.d(TAG, "checkEipSwitch");
-	// onCheckedChanged(eipSwitch, checked);
+    public static EIPReceiver getReceiver() {
+	return mEIPReceiver;
     }
 }
diff --git a/app/src/main/java/se/leap/bitmaskclient/FragmentManagerEnhanced.java b/app/src/main/java/se/leap/bitmaskclient/FragmentManagerEnhanced.java
new file mode 100644
index 00000000..49af9274
--- /dev/null
+++ b/app/src/main/java/se/leap/bitmaskclient/FragmentManagerEnhanced.java
@@ -0,0 +1,55 @@
+/**
+ * Copyright (c) 2013 LEAP Encryption Access Project and contributers
+ * 
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+package se.leap.bitmaskclient;
+
+import android.app.Fragment;
+import android.app.FragmentManager;
+import android.app.FragmentTransaction;
+
+public class FragmentManagerEnhanced {
+
+    private FragmentManager generic_fragment_manager;
+    
+    public FragmentManagerEnhanced(FragmentManager generic_fragment_manager) {
+	this.generic_fragment_manager = generic_fragment_manager;
+    }
+    
+    public FragmentTransaction removePreviousFragment(String tag) {
+	FragmentTransaction transaction = generic_fragment_manager.beginTransaction();
+	Fragment previous_fragment = generic_fragment_manager.findFragmentByTag(tag);
+	if (previous_fragment != null) {
+	    transaction.remove(previous_fragment);
+	}
+	transaction.addToBackStack(null);
+
+	return transaction;
+    }
+
+    public void replace(int containerViewId, Fragment fragment, String tag) {
+	FragmentTransaction transaction = generic_fragment_manager.beginTransaction();
+	
+	transaction.replace(containerViewId, fragment, tag).commit();
+    }
+
+    public FragmentTransaction beginTransaction() {
+        return generic_fragment_manager.beginTransaction();
+    }
+
+    public Fragment findFragmentByTag(String tag) {
+	return generic_fragment_manager.findFragmentByTag(tag);
+    }
+}
diff --git a/app/src/main/java/se/leap/bitmaskclient/LeapSRPSession.java b/app/src/main/java/se/leap/bitmaskclient/LeapSRPSession.java
index a953a710..989dc395 100644
--- a/app/src/main/java/se/leap/bitmaskclient/LeapSRPSession.java
+++ b/app/src/main/java/se/leap/bitmaskclient/LeapSRPSession.java
@@ -17,13 +17,14 @@
  package se.leap.bitmaskclient;
 
 
+import org.jboss.security.srp.SRPParameters;
+
 import java.io.UnsupportedEncodingException;
 import java.math.BigInteger;
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
 import java.security.SecureRandom;
 import java.util.Arrays;
-import org.jboss.security.srp.SRPParameters;
 
 /**
  * Implements all SRP algorithm logic.
diff --git a/app/src/main/java/se/leap/bitmaskclient/OnBootReceiver.java b/app/src/main/java/se/leap/bitmaskclient/OnBootReceiver.java
index eb196d46..07ed6c8f 100644
--- a/app/src/main/java/se/leap/bitmaskclient/OnBootReceiver.java
+++ b/app/src/main/java/se/leap/bitmaskclient/OnBootReceiver.java
@@ -3,8 +3,8 @@ package se.leap.bitmaskclient;
 import android.content.BroadcastReceiver;
 import android.content.Context;
 import android.content.Intent;
-import android.util.Log;
 
+import se.leap.bitmaskclient.eip.Constants;
 
 public class OnBootReceiver extends BroadcastReceiver {
 
@@ -14,7 +14,7 @@ public class OnBootReceiver extends BroadcastReceiver {
 	    if (Intent.ACTION_BOOT_COMPLETED.equals(intent.getAction())) {
 		if (!context.getSharedPreferences(Dashboard.SHARED_PREFERENCES, Context.MODE_PRIVATE).getString(Provider.KEY, "").isEmpty() && context.getSharedPreferences(Dashboard.SHARED_PREFERENCES, Context.MODE_PRIVATE).getBoolean(Dashboard.START_ON_BOOT, false)) {
 		    Intent dashboard_intent = new Intent(context, Dashboard.class);
-		    dashboard_intent.setAction(EIP.ACTION_START_EIP);
+		    dashboard_intent.setAction(Constants.ACTION_START_EIP);
 		    dashboard_intent.putExtra(Dashboard.ON_BOOT, true);
 		    dashboard_intent.addFlags(Intent.FLAG_ACTIVITY_NEW_TASK);
 		    context.startActivity(dashboard_intent);
diff --git a/app/src/main/java/se/leap/bitmaskclient/Provider.java b/app/src/main/java/se/leap/bitmaskclient/Provider.java
index 8d6385e0..f22a4bfb 100644
--- a/app/src/main/java/se/leap/bitmaskclient/Provider.java
+++ b/app/src/main/java/se/leap/bitmaskclient/Provider.java
@@ -16,32 +16,31 @@
  */
 package se.leap.bitmaskclient;
 
-import java.io.Serializable;
-import java.util.Arrays;
-import java.util.Locale;
+import android.app.Activity;
+import android.content.Context;
+import android.content.SharedPreferences;
+import android.os.Parcel;
+import android.os.Parcelable;
 
 import org.json.JSONArray;
 import org.json.JSONException;
 import org.json.JSONObject;
 
-import android.content.Context;
-import android.app.Activity;
-import android.content.SharedPreferences;
+import java.io.File;
+import java.io.Serializable;
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.util.Arrays;
+import java.util.Locale;
 
 /**
  * @author Sean Leonard <meanderingcode@aetherislands.net>
  *
  */
-public final class Provider implements Serializable {
+public final class Provider implements Parcelable {
 
-	private static final long serialVersionUID = 6003835972151761353L;
-	
-	private static Provider instance = null;
-	
-	// We'll access our preferences here
-	private static SharedPreferences preferences = null;
-	// Represents our Provider's provider.json
-	private static JSONObject definition = null;
+	private JSONObject definition; // Represents our Provider's provider.json
+    private URL main_url;
 
     final public static String
     API_URL = "api_uri",
@@ -69,71 +68,64 @@ public final class Provider implements Serializable {
 	private static final String API_TERM_DEFAULT_LANGUAGE = "default_language";
 	protected static final String[] API_EIP_TYPES = {"openvpn"};
 
-	private static final String PREFS_EIP_NAME = null;
+	public Provider(URL main_url) {
+        this.main_url = main_url;
+    }
 
+    public Provider(File provider_file) {
 
-	
-	// What, no individual fields?!  We're going to gamble on org.json.JSONObject and JSONArray
-	// Supporting multiple API versions will probably break this paradigm,
-	// Forcing me to write a real constructor and rewrite getters/setters
-	// Also will refactor if i'm instantiating the same local variables all the time
-	
-	/**
-	 * 
-	 */
-	private Provider() {}
-
-	protected static Provider getInstance(){
-		if(instance==null){
-			instance = new Provider();
-		}
-		return instance;
-	}
+    }
+    public static final Parcelable.Creator<Provider> CREATOR
+            = new Parcelable.Creator<Provider>() {
+        public Provider createFromParcel(Parcel in) {
+            return new Provider(in);
+        }
 
-	protected void init(Activity activity) {
-		
-		// Load our preferences from SharedPreferences
-		//   If there's nothing there, we will end up returning a rather empty object
-		//   to whoever called getInstance() and they can run the First Run Wizard
-		//preferences = context.getgetPreferences(0); // 0 == MODE_PRIVATE, but we don't extend Android's classes...
-		
-		// Load SharedPreferences
-		preferences = activity.getSharedPreferences(Dashboard.SHARED_PREFERENCES,Context.MODE_PRIVATE);
-		// Inflate our provider.json data
-		try {
-			definition = new JSONObject( preferences.getString(Provider.KEY, "") );
-		} catch (JSONException e) {
-			// TODO: handle exception
-			
-			// FIXME!!  We want "real" data!!
-		}
-	}
+        public Provider[] newArray(int size) {
+            return new Provider[size];
+        }
+    };
+
+    private Provider(Parcel in) {
+        try {
+            main_url = new URL(in.readString());
+            String definition_string = in.readString();
+            if(definition_string != null)
+                definition = new JSONObject((definition_string));
+        } catch (MalformedURLException e) {
+            e.printStackTrace();
+        } catch (JSONException e) {
+            e.printStackTrace();
+        }
+    }
+
+    protected void define(JSONObject provider_json) {
+        definition = provider_json;
+    }
+
+    protected JSONObject definition() { return definition; }
 
 	protected String getDomain(){
-		String domain = "Null";
-		try {
-			domain = definition.getString(API_TERM_DOMAIN);
-		} catch (JSONException e) {
-			domain = "Null";
-			e.printStackTrace();
-		}
-		return domain;
+		return main_url.getHost();
 	}
+
+    protected URL mainUrl() {
+        return main_url;
+    }
 	
 	protected String getName(){
 		// Should we pass the locale in, or query the system here?
 		String lang = Locale.getDefault().getLanguage();
-		String name = "Null"; // Should it actually /be/ null, for error conditions?
+		String name = "";
 		try {
-			name = definition.getJSONObject(API_TERM_NAME).getString(lang);
+            if(definition != null)
+			    name = definition.getJSONObject(API_TERM_NAME).getString(lang);
+            else throw new JSONException("Provider not defined");
 		} catch (JSONException e) {
-			// TODO: Nesting try/catch blocks?  Crazy
-			//  Maybe you should actually handle exception?
-			try {
-				name = definition.getJSONObject(API_TERM_NAME).getString( definition.getString(API_TERM_DEFAULT_LANGUAGE) );
-			} catch (JSONException e2) {
-				// TODO: Will you handle the exception already?
-			}
+            if(main_url != null) {
+                String host = main_url.getHost();
+                name = host.substring(0, host.indexOf("."));
+            }
 		}
 		
 		return name;
@@ -157,58 +149,60 @@ public final class Provider implements Serializable {
 	}
 
 	protected boolean hasEIP() {
-		JSONArray services = null;
 		try {
-			services = definition.getJSONArray(API_TERM_SERVICES); // returns ["openvpn"]
+            JSONArray services = definition.getJSONArray(API_TERM_SERVICES); // returns ["openvpn"]
+            for (int i=0;i<API_EIP_TYPES.length+1;i++){
+                try {
+                    // Walk the EIP types array looking for matches in provider's service definitions
+                    if ( Arrays.asList(API_EIP_TYPES).contains( services.getString(i) ) )
+                        return true;
+                } catch (NullPointerException e){
+                    e.printStackTrace();
+                    return false;
+                } catch (JSONException e) {
+                    // TODO Auto-generated catch block
+                    e.printStackTrace();
+                    return false;
+                }
+            }
 		} catch (Exception e) {
 			// TODO: handle exception
 		}
-		for (int i=0;i<API_EIP_TYPES.length+1;i++){
-			try {
-				// Walk the EIP types array looking for matches in provider's service definitions
-				if ( Arrays.asList(API_EIP_TYPES).contains( services.getString(i) ) )
-					return true;
-			} catch (NullPointerException e){
-				e.printStackTrace();
-				return false;
-			} catch (JSONException e) {
-				// TODO Auto-generated catch block
-				e.printStackTrace();
-				return false;
-			}
-		}
 		return false;
 	}
-	
-	protected String getEIPType() {
-		// FIXME!!!!!  We won't always be providing /only/ OpenVPN, will we?
-		// This will have to hook into some saved choice of EIP transport
-		if ( instance.hasEIP() )
-			return "OpenVPN";
-		else
-			return null;
-	}
-	
-	protected JSONObject getEIP() {
-		// FIXME!!!!!  We won't always be providing /only/ OpenVPN, will we?
-		// This will have to hook into some saved choice of EIP transport, cluster, gateway
-		//   with possible "choose at random" preference
-		if ( instance.hasEIP() ){
-			// TODO Might need an EIP class, but we've only got OpenVPN type right now,
-			// and only one gateway for our only provider...
-			// TODO We'll try to load from preferences, have to call ProviderAPI if we've got nothin...
-			JSONObject eipObject = null;
-			try {
-				eipObject = new JSONObject( preferences.getString(PREFS_EIP_NAME, "") );
-			} catch (JSONException e) {
-				// TODO ConfigHelper.rescueJSON()
-				// Still nothing?
-				// TODO ProviderAPI.getEIP()
-				e.printStackTrace();
-			}
-			
-			return eipObject;
-		} else
-			return null;
-	}
+
+    @Override
+    public int describeContents() {
+        return 0;
+    }
+
+    @Override
+    public void writeToParcel(Parcel parcel, int i) {
+        parcel.writeString(main_url.toString());
+        if(definition != null)
+            parcel.writeString(definition.toString());
+    }
+
+    @Override
+    public boolean equals(Object o) {
+        if(o instanceof Provider) {
+            Provider p = (Provider) o;
+            return p.mainUrl().equals(mainUrl());
+        } else return false;
+    }
+
+    public JSONObject toJson() {
+        JSONObject json = new JSONObject();
+        try {
+            json.put(Provider.MAIN_URL, main_url);
+        } catch (JSONException e) {
+            e.printStackTrace();
+        }
+        return json;
+    }
+
+    @Override
+    public int hashCode() {
+        return main_url.hashCode();
+    }
 }
diff --git a/app/src/main/java/se/leap/bitmaskclient/ProviderAPIResultReceiver.java b/app/src/main/java/se/leap/bitmaskclient/ProviderAPIResultReceiver.java
index 7b256124..7e4e95d3 100644
--- a/app/src/main/java/se/leap/bitmaskclient/ProviderAPIResultReceiver.java
+++ b/app/src/main/java/se/leap/bitmaskclient/ProviderAPIResultReceiver.java
@@ -14,7 +14,7 @@
  * You should have received a copy of the GNU General Public License

  * along with this program. If not, see <http://www.gnu.org/licenses/>.

  */

- package se.leap.bitmaskclient;

+package se.leap.bitmaskclient;

 

 import android.os.Bundle;

 import android.os.Handler;

diff --git a/app/src/main/java/se/leap/bitmaskclient/ProviderListAdapter.java b/app/src/main/java/se/leap/bitmaskclient/ProviderListAdapter.java
index 43bba085..c63e2edb 100644
--- a/app/src/main/java/se/leap/bitmaskclient/ProviderListAdapter.java
+++ b/app/src/main/java/se/leap/bitmaskclient/ProviderListAdapter.java
@@ -1,7 +1,5 @@
 package se.leap.bitmaskclient;
 
-import java.util.List;
-
 import android.content.Context;
 import android.view.LayoutInflater;
 import android.view.View;
@@ -9,7 +7,15 @@ import android.view.ViewGroup;
 import android.widget.ArrayAdapter;
 import android.widget.TwoLineListItem;
 
-public class ProviderListAdapter<T> extends ArrayAdapter<T> {
+import com.pedrogomez.renderers.AdapteeCollection;
+import com.pedrogomez.renderers.RendererAdapter;
+import com.pedrogomez.renderers.RendererBuilder;
+
+import java.util.Collection;
+import java.util.List;
+import java.util.Set;
+
+public class ProviderListAdapter extends RendererAdapter<Provider> {
 	private static boolean[] hidden = null;
 	
 	public void hide(int position) {
@@ -23,10 +29,23 @@ public class ProviderListAdapter<T> extends ArrayAdapter<T> {
 		notifyDataSetChanged();
 		notifyDataSetInvalidated();
 	}
+
+    public void showAllProviders() {
+        for(int i = 0; i < hidden.length; i++)
+            hidden[i] = false;
+        notifyDataSetChanged();
+        notifyDataSetInvalidated();
+    }
     
-    public void unHideAll() {
-    	for (int provider_index = 0; provider_index < hidden.length; provider_index++)
-    		hidden[provider_index] = false;
+    public void hideAllBut(int position) {
+    	for (int i = 0; i < hidden.length; i++) {
+            if (i != position)
+                hidden[i] = true;
+            else
+                hidden[i] = false;
+        }
+        notifyDataSetChanged();
+        notifyDataSetInvalidated();
     }
 	
 	private int getRealPosition(int position) {
@@ -60,55 +79,52 @@ public class ProviderListAdapter<T> extends ArrayAdapter<T> {
 		return (hidden.length - getHiddenCount());
 	}
 
-	public ProviderListAdapter(Context mContext, int layout, List<T> objects) {
-		super(mContext, layout, objects);
-		if(hidden == null) {
-			hidden = new boolean[objects.size()];
-			for (int i = 0; i < objects.size(); i++)
-				hidden[i] = false;
-		}
-	}
-
-	public ProviderListAdapter(Context mContext, int layout, List<T> objects, boolean show_all_providers) {
-		super(mContext, layout, objects);
-		if(show_all_providers) {
-			hidden = new boolean[objects.size()];
-			for (int i = 0; i < objects.size(); i++)
-				hidden[i] = false;
-		}
-	}
+    public ProviderListAdapter(LayoutInflater layoutInflater, RendererBuilder rendererBuilder,
+                               AdapteeCollection<Provider> collection) {
+	super(layoutInflater, rendererBuilder, collection);
+	hidden = new boolean[collection.size()];
+	for (int i = 0; i < collection.size(); i++)
+	    hidden[i] = false;
+    }
 	
 	@Override
-	public void add(T item) {
+	public void add(Provider item) {
 		super.add(item);
-		boolean[] new_hidden = new boolean[hidden.length+1];
-		System.arraycopy(hidden, 0, new_hidden, 0, hidden.length);
-		new_hidden[hidden.length] = false;
-		hidden = new_hidden;
+        if(getCollection().size() >  hidden.length) {
+            boolean[] new_hidden = new boolean[hidden.length + 1];
+            System.arraycopy(hidden, 0, new_hidden, 0, hidden.length);
+            new_hidden[hidden.length] = false;
+            hidden = new_hidden;
+        }
 	}
 	
 	@Override
-	public void remove(T item) {
+	public void remove(Provider item) {
 		super.remove(item);
 		boolean[] new_hidden = new boolean[hidden.length-1];
 		System.arraycopy(hidden, 0, new_hidden, 0, hidden.length-1);
 		hidden = new_hidden;
 	}
 
-	@Override
-	public View getView(int index, View convertView, ViewGroup parent) {
-		TwoLineListItem row;
-		int position = getRealPosition(index);
-		if (convertView == null) {
-			LayoutInflater inflater = (LayoutInflater) getContext().getSystemService(Context.LAYOUT_INFLATER_SERVICE);
-			row = (TwoLineListItem)inflater.inflate(R.layout.provider_list_item, null);                    
-		} else {
-			row = (TwoLineListItem)convertView;
-		}
-		ProviderListContent.ProviderItem data = ProviderListContent.ITEMS.get(position);
-		row.getText1().setText(data.domain());
-		row.getText2().setText(data.name());
+    protected int indexOf(Provider item) {
+        int index = 0;
+        ProviderManager provider_manager = (ProviderManager) getCollection();
+        Set<Provider> providers = provider_manager.providers();
+        for (Provider provider : providers) {
+            if (provider.equals(item)) {
+                break;
+            } else index++;
+        }
+        return index;
+    }
 
-		return row;
-	}
+    @Override
+    public View getView(int position, View convertView, ViewGroup parent) {
+        return super.getView(getRealPosition(position), convertView, parent);
+    }
+
+    public void saveProviders() {
+        ProviderManager provider_manager = (ProviderManager) getCollection();
+        provider_manager.saveCustomProvidersToFile();
+    }
 }
diff --git a/app/src/main/java/se/leap/bitmaskclient/ProviderListFragment.java b/app/src/main/java/se/leap/bitmaskclient/ProviderListFragment.java
deleted file mode 100644
index db414d87..00000000
--- a/app/src/main/java/se/leap/bitmaskclient/ProviderListFragment.java
+++ /dev/null
@@ -1,234 +0,0 @@
-/**

- * Copyright (c) 2013 LEAP Encryption Access Project and contributers

- * 

- * This program is free software: you can redistribute it and/or modify

- * it under the terms of the GNU General Public License as published by

- * the Free Software Foundation, either version 3 of the License, or

- * (at your option) any later version.

- *

- * This program is distributed in the hope that it will be useful,

- * but WITHOUT ANY WARRANTY; without even the implied warranty of

- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

- * GNU General Public License for more details.

- *

- * You should have received a copy of the GNU General Public License

- * along with this program. If not, see <http://www.gnu.org/licenses/>.

- */

- package se.leap.bitmaskclient;

-

-import se.leap.bitmaskclient.R;

-import se.leap.bitmaskclient.ProviderListContent.ProviderItem;

-import android.app.Activity;

-import android.app.ListFragment;

-import android.os.Bundle;

-import android.view.LayoutInflater;

-import android.view.View;

-import android.view.ViewGroup;

-import android.widget.ListView;

-

-/**

- * A list fragment representing a list of Providers. This fragment

- * also supports tablet devices by allowing list items to be given an

- * 'activated' state upon selection. This helps indicate which item is

- * currently being viewed in a {@link DashboardFragment}.

- * <p>

- * Activities containing this fragment MUST implement the {@link Callbacks}

- * interface.

- */

-public class ProviderListFragment extends ListFragment {

-

-	public static String TAG = "provider_list_fragment";

-	public static String SHOW_ALL_PROVIDERS = "show_all_providers";

-	public static String TOP_PADDING = "top padding from providerlistfragment";

-	private ProviderListAdapter<ProviderItem> content_adapter;

-	

-    /**

-     * The serialization (saved instance state) Bundle key representing the

-     * activated item position. Only used on tablets.

-     */

-    private static final String STATE_ACTIVATED_POSITION = "activated_position";

-

-    /**

-     * The fragment's current callback object, which is notified of list item

-     * clicks.

-     */

-    private Callbacks mCallbacks = sDummyCallbacks;

-

-    /**

-     * The current activated item position. Only used on tablets.

-     */

-    private int mActivatedPosition = ListView.INVALID_POSITION;

-

-    /**

-     * A callback interface that all activities containing this fragment must

-     * implement. This mechanism allows activities to be notified of item

-     * selections.

-     */

-    public interface Callbacks {

-        /**

-         * Callback for when an item has been selected.

-         */

-        public void onItemSelected(String id);

-    }

-

-    /**

-     * A dummy implementation of the {@link Callbacks} interface that does

-     * nothing. Used only when this fragment is not attached to an activity.

-     */

-    private static Callbacks sDummyCallbacks = new Callbacks() {

-        @Override

-        public void onItemSelected(String id) {

-        }

-    };

-

-    /**

-     * Mandatory empty constructor for the fragment manager to instantiate the

-     * fragment (e.g. upon screen orientation changes).

-     */

-    public ProviderListFragment() {

-    }

-    

-    @Override

-    public void onCreate(Bundle savedInstanceState) {

-    	super.onCreate(savedInstanceState);

-    	if(getArguments().containsKey(SHOW_ALL_PROVIDERS))

-    		content_adapter = new ProviderListAdapter<ProviderListContent.ProviderItem>(

-    				getActivity(),

-    				R.layout.provider_list_item,

-    				ProviderListContent.ITEMS, getArguments().getBoolean(SHOW_ALL_PROVIDERS));

-    	else

-    		content_adapter = new ProviderListAdapter<ProviderListContent.ProviderItem>(

-    				getActivity(),

-    				R.layout.provider_list_item,

-    				ProviderListContent.ITEMS);

-    		

-			

-        setListAdapter(content_adapter);

-    }

-

-    @Override

-    public View onCreateView(LayoutInflater inflater, ViewGroup container, Bundle bundle) {

-    	return inflater.inflate(R.layout.provider_list_fragment, container, false);

-    }

-    

-    @Override

-    public void onViewCreated(View view, Bundle savedInstanceState) {

-        super.onViewCreated(view, savedInstanceState);

-

-        // Restore the previously serialized activated item position.

-        if (savedInstanceState != null

-                && savedInstanceState.containsKey(STATE_ACTIVATED_POSITION)) {

-            setActivatedPosition(savedInstanceState.getInt(STATE_ACTIVATED_POSITION));

-        }

-    	if(getArguments() != null && getArguments().containsKey(TOP_PADDING)) {

-    		int topPadding = getArguments().getInt(TOP_PADDING);

-    		View current_view = getView();

-    		getView().setPadding(current_view.getPaddingLeft(), topPadding, current_view.getPaddingRight(), current_view.getPaddingBottom());

-    	}

-    }

-

-    @Override

-    public void onAttach(Activity activity) {

-        super.onAttach(activity);

-

-        // Activities containing this fragment must implement its callbacks.

-        if (!(activity instanceof Callbacks)) {

-            throw new IllegalStateException("Activity must implement fragment's callbacks.");

-        }

-

-        mCallbacks = (Callbacks) activity;

-    }

-

-    @Override

-    public void onDetach() {

-        super.onDetach();

-

-        // Reset the active callbacks interface to the dummy implementation.

-        mCallbacks = sDummyCallbacks;

-    }

-

-    @Override

-    public void onListItemClick(ListView listView, View view, int position, long id) {

-        super.onListItemClick(listView, view, position, id);

-

-        // Notify the active callbacks interface (the activity, if the

-        // fragment is attached to one) that an item has been selected.

-        mCallbacks.onItemSelected(ProviderListContent.ITEMS.get(position).name());

-

-        for(int item_position = 0; item_position < listView.getCount(); item_position++) {

-        	if(item_position != position)

-        		content_adapter.hide(item_position);

-        }

-    }

-

-    @Override

-    public void onSaveInstanceState(Bundle outState) {

-        super.onSaveInstanceState(outState);

-        if (mActivatedPosition != ListView.INVALID_POSITION) {

-            // Serialize and persist the activated item position.

-            outState.putInt(STATE_ACTIVATED_POSITION, mActivatedPosition);

-        }

-    }

-

-    public void notifyAdapter() {

-    	content_adapter.notifyDataSetChanged();

-    }

-    /**

-     * Turns on activate-on-click mode. When this mode is on, list items will be

-     * given the 'activated' state when touched.

-     */

-    public void setActivateOnItemClick(boolean activateOnItemClick) {

-        // When setting CHOICE_MODE_SINGLE, ListView will automatically

-        // give items the 'activated' state when touched.

-        getListView().setChoiceMode(activateOnItemClick

-                ? ListView.CHOICE_MODE_SINGLE

-                : ListView.CHOICE_MODE_NONE);

-    }

-

-    private void setActivatedPosition(int position) {

-        if (position == ListView.INVALID_POSITION) {

-            getListView().setItemChecked(mActivatedPosition, false);

-        } else {

-            getListView().setItemChecked(position, true);

-        }

-

-        mActivatedPosition = position;

-    }

-    

-    public void removeLastItem() {

-    	unhideAll();

-    	content_adapter.remove(content_adapter.getItem(content_adapter.getCount()-1));

-    	content_adapter.notifyDataSetChanged();

-    }

-    

-    public void addItem(ProviderItem provider) {

-    	content_adapter.add(provider);

-    	content_adapter.notifyDataSetChanged();

-    }

-    

-    public void hideAllBut(int position) {

-    	int real_count = content_adapter.getCount();

-    	for(int i = 0; i < real_count;)

-    		if(i != position) {

-    			content_adapter.hide(i);

-    			position--;

-    			real_count--;

-    		} else {

-    			i++;

-    		}
-    }

-    

-    public void unhideAll() {

-    	if(content_adapter != null) {

-    		content_adapter.unHideAll();

-    		content_adapter.notifyDataSetChanged();

-    	}

-    }

-

-	/**

-	 * @return a new instance of this ListFragment.

-	 */

-	public static ProviderListFragment newInstance() {

-		return new ProviderListFragment();

-	}

-}

diff --git a/app/src/main/java/se/leap/bitmaskclient/ProviderManager.java b/app/src/main/java/se/leap/bitmaskclient/ProviderManager.java
new file mode 100644
index 00000000..911144f7
--- /dev/null
+++ b/app/src/main/java/se/leap/bitmaskclient/ProviderManager.java
@@ -0,0 +1,178 @@
+package se.leap.bitmaskclient;
+
+import android.content.res.AssetManager;
+
+import com.pedrogomez.renderers.AdapteeCollection;
+
+import org.json.JSONException;
+import org.json.JSONObject;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.FileReader;
+import java.io.FileWriter;
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.util.Collection;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Set;
+
+/**
+ * Created by parmegv on 4/12/14.
+ */
+public class ProviderManager implements AdapteeCollection<Provider> {
+
+    private AssetManager assets_manager;
+    private File external_files_dir;
+    private Set<Provider> default_providers;
+    private Set<Provider> custom_providers;
+
+    private static ProviderManager instance;
+
+    final protected static String URLS = "urls";
+
+    public static ProviderManager getInstance(AssetManager assets_manager, File external_files_dir) {
+        if(instance == null)
+            instance = new ProviderManager(assets_manager);
+
+        instance.addCustomProviders(external_files_dir);
+        return instance;
+    }
+
+    public ProviderManager(AssetManager assets_manager) {
+        this.assets_manager = assets_manager;
+        addDefaultProviders(assets_manager);
+    }
+
+    private void addDefaultProviders(AssetManager assets_manager) {
+        try {
+            default_providers = providersFromAssets(URLS, assets_manager.list(URLS));
+        } catch (IOException e) {
+            e.printStackTrace();
+        }
+    }
+
+    private Set<Provider> providersFromAssets(String directory, String[] relative_file_paths) {
+        Set<Provider> providers = new HashSet<Provider>();
+        try {
+        for(String file : relative_file_paths) {
+            String main_url = extractMainUrlFromInputStream(assets_manager.open(directory + "/" + file));
+                providers.add(new Provider(new URL(main_url)));
+        }
+        } catch (MalformedURLException e) {
+            e.printStackTrace();
+        } catch (IOException e) {
+            e.printStackTrace();
+        }
+        return providers;
+    }
+
+
+    private void addCustomProviders(File external_files_dir) {
+        this.external_files_dir = external_files_dir;
+        custom_providers = external_files_dir.isDirectory() ?
+                providersFromFiles(external_files_dir.list()) :
+                new HashSet<Provider>();
+    }
+
+    private Set<Provider> providersFromFiles(String[] files) {
+        Set<Provider> providers = new HashSet<Provider>();
+        try {
+            for(String file : files) {
+                String main_url = extractMainUrlFromInputStream(new FileInputStream(external_files_dir.getAbsolutePath() + "/" + file));
+                providers.add(new Provider(new URL(main_url)));
+            }
+        } catch (MalformedURLException e) {
+            e.printStackTrace();
+        } catch (FileNotFoundException e) {
+            e.printStackTrace();
+        }
+
+        return providers;
+    }
+
+    private String extractMainUrlFromInputStream(InputStream input_stream_file_contents) {
+        String main_url = "";
+        byte[] bytes = new byte[0];
+        try {
+            bytes = new byte[input_stream_file_contents.available()];
+            if(input_stream_file_contents.read(bytes) > 0) {
+                JSONObject file_contents = new JSONObject(new String(bytes));
+                main_url = file_contents.getString(Provider.MAIN_URL);
+            }
+        } catch (IOException e) {
+            e.printStackTrace();
+        } catch (JSONException e) {
+            e.printStackTrace();
+        }
+        return main_url;
+    }
+
+    public Set<Provider> providers() {
+        Set<Provider> all_providers = new HashSet<Provider>();
+        all_providers.addAll(default_providers);
+        all_providers.addAll(custom_providers);
+        return all_providers;
+    }
+
+    @Override
+    public int size() {
+        return providers().size();
+    }
+
+    @Override
+    public Provider get(int index) {
+        Iterator<Provider> iterator = providers().iterator();
+        while(iterator.hasNext() && index > 0) {
+            iterator.next();
+            index--;
+        }
+        return iterator.next();
+    }
+
+    @Override
+    public void add(Provider element) {
+        custom_providers.add(element);
+    }
+
+    @Override
+    public void remove(Provider element) {
+        custom_providers.remove(element);
+    }
+
+    @Override
+    public void addAll(Collection<Provider> elements) {
+        custom_providers.addAll(elements);
+    }
+
+    @Override
+    public void removeAll(Collection<Provider> elements) {
+        custom_providers.removeAll(elements);
+        default_providers.removeAll(elements);
+    }
+
+    @Override
+    public void clear() {
+        default_providers.clear();
+        custom_providers.clear();
+    }
+
+    protected void saveCustomProvidersToFile() {
+	try {
+	    for (Provider provider : custom_providers) {
+                File provider_file = new File(external_files_dir, provider.getName() + ".json");
+            if(!provider_file.exists()) {
+                FileWriter writer = new FileWriter(provider_file);
+                writer.write(provider.toJson().toString());
+                writer.close();
+            }
+	    }
+	} catch (IOException e) {
+	    e.printStackTrace();
+	}
+    }
+}
diff --git a/app/src/main/java/se/leap/bitmaskclient/ProviderRenderer.java b/app/src/main/java/se/leap/bitmaskclient/ProviderRenderer.java
new file mode 100644
index 00000000..6e194e84
--- /dev/null
+++ b/app/src/main/java/se/leap/bitmaskclient/ProviderRenderer.java
@@ -0,0 +1,57 @@
+package se.leap.bitmaskclient;
+
+import android.content.Context;
+import android.view.LayoutInflater;
+import android.view.View;
+import android.view.ViewGroup;
+import android.widget.ImageView;
+import android.widget.TextView;
+
+import com.pedrogomez.renderers.Renderer;
+
+import butterknife.ButterKnife;
+import butterknife.InjectView;
+import butterknife.OnItemClick;
+import butterknife.OnItemSelected;
+
+/**
+ * Created by parmegv on 4/12/14.
+ */
+public class ProviderRenderer extends Renderer<Provider> {
+    private final Context context;
+
+    @InjectView(R.id.provider_name)
+    TextView name;
+    @InjectView(R.id.provider_domain)
+    TextView domain;
+
+    public ProviderRenderer(Context context) {
+        this.context = context;
+    }
+
+    @Override
+    protected View inflate(LayoutInflater inflater, ViewGroup parent) {
+        View view = inflater.inflate(R.layout.provider_list_item, parent, false);
+        ButterKnife.inject(this, view);
+        return view;
+    }
+
+    @Override
+    protected void setUpView(View rootView) {
+        /*
+         * Empty implementation substituted with the usage of ButterKnife library by Jake Wharton.
+         */
+    }
+
+    @Override
+    protected void hookListeners(View rootView) {
+        //Empty
+    }
+
+    @Override
+    public void render() {
+        Provider provider = getContent();
+        name.setText(provider.getName());
+        domain.setText(provider.getDomain());
+    }
+}
diff --git a/app/src/main/java/se/leap/bitmaskclient/ProviderRendererBuilder.java b/app/src/main/java/se/leap/bitmaskclient/ProviderRendererBuilder.java
new file mode 100644
index 00000000..7366e68e
--- /dev/null
+++ b/app/src/main/java/se/leap/bitmaskclient/ProviderRendererBuilder.java
@@ -0,0 +1,25 @@
+package se.leap.bitmaskclient;
+
+import android.content.Context;
+
+import com.pedrogomez.renderers.Renderer;
+import com.pedrogomez.renderers.RendererBuilder;
+
+import java.util.Collection;
+import java.util.LinkedList;
+import java.util.List;
+
+import javax.inject.Inject;
+
+/**
+ * Created by parmegv on 4/12/14.
+ */
+    public class ProviderRendererBuilder extends RendererBuilder<Provider> {
+        public ProviderRendererBuilder(Collection<Renderer<Provider>> prototypes) {
+            super(prototypes);
+        }
+        @Override
+        protected Class getPrototypeClass(Provider content) {
+            return ProviderRenderer.class;
+    }
+}
diff --git a/app/src/main/java/se/leap/bitmaskclient/LogInDialog.java b/app/src/main/java/se/leap/bitmaskclient/SessionDialog.java
index 45d3a373..60382cf0 100644
--- a/app/src/main/java/se/leap/bitmaskclient/LogInDialog.java
+++ b/app/src/main/java/se/leap/bitmaskclient/SessionDialog.java
@@ -16,22 +16,19 @@
  */
  package se.leap.bitmaskclient;
 
-import se.leap.bitmaskclient.R;
-import android.R.color;
 import android.app.Activity;
 import android.app.AlertDialog;
 import android.app.DialogFragment;
 import android.content.DialogInterface;
-import android.content.res.ColorStateList;
 import android.os.Bundle;
-import android.provider.CalendarContract.Colors;
 import android.view.LayoutInflater;
 import android.view.View;
-import android.view.animation.AlphaAnimation;
-import android.view.animation.BounceInterpolator;
 import android.widget.EditText;
 import android.widget.TextView;
 
+import butterknife.ButterKnife;
+import butterknife.InjectView;
+
 /**
  * Implements the log in dialog, currently without progress dialog.
  * 
@@ -42,58 +39,62 @@ import android.widget.TextView;
  * @author parmegv
  *
  */
-public class LogInDialog extends DialogFragment {
+public class SessionDialog extends DialogFragment{
 
      
-	final public static String TAG = "logInDialog";
-	final public static String VERB = "log in";
-	final public static String USERNAME = "username";
-	final public static String PASSWORD = "password";
-	final public static String USERNAME_MISSING = "username missing";
-	final public static String PASSWORD_INVALID_LENGTH = "password_invalid_length";
+    final public static String TAG = SessionDialog.class.getSimpleName();
+
+    final public static String USERNAME = "username";
+    final public static String PASSWORD = "password";
+    final public static String USERNAME_MISSING = "username missing";
+    final public static String PASSWORD_INVALID_LENGTH = "password_invalid_length";
+
+    @InjectView(R.id.user_message)
+    TextView user_message;
+    @InjectView(R.id.username_entered)
+    EditText username_field;
+    @InjectView(R.id.password_entered)
+    EditText password_field;
+
+    private static SessionDialog dialog;
 
     private static boolean is_eip_pending = false;
     
 	public AlertDialog onCreateDialog(Bundle savedInstanceState) {
 		AlertDialog.Builder builder = new AlertDialog.Builder(getActivity());
 		LayoutInflater inflater = getActivity().getLayoutInflater();
-		View log_in_dialog_view = inflater.inflate(R.layout.log_in_dialog, null);
+		View view = inflater.inflate(R.layout.session_dialog, null);
+		ButterKnife.inject(this, view);
 
-		final TextView user_message = (TextView)log_in_dialog_view.findViewById(R.id.user_message);
-		if(getArguments() != null && getArguments().containsKey(getResources().getString(R.string.user_message))) {
-			user_message.setText(getArguments().getString(getResources().getString(R.string.user_message)));
-		} else {
-			user_message.setVisibility(View.GONE);
-		}
-		
-		final EditText username_field = (EditText)log_in_dialog_view.findViewById(R.id.username_entered);
-		if(getArguments() != null && getArguments().containsKey(USERNAME)) {
-			String username = getArguments().getString(USERNAME);
-			username_field.setText(username);
-		}
-		if (getArguments() != null && getArguments().containsKey(USERNAME_MISSING)) {
-			username_field.setError(getResources().getString(R.string.username_ask));
-    	}
-		
-		final EditText password_field = (EditText)log_in_dialog_view.findViewById(R.id.password_entered);
 		if(!username_field.getText().toString().isEmpty() && password_field.isFocusable()) {
 			password_field.requestFocus();
 		}
-		if (getArguments() != null && getArguments().containsKey(PASSWORD_INVALID_LENGTH)) {
-		    password_field.setError(getResources().getString(R.string.error_not_valid_password_user_message));
-		}
-		if(getArguments() != null && getArguments().getBoolean(EipServiceFragment.IS_EIP_PENDING, false)) {
-			is_eip_pending = true;
+		
+		Bundle arguments = getArguments();
+		if (arguments != null) {
+		    is_eip_pending = arguments.getBoolean(EipServiceFragment.IS_PENDING, false);
+		    if (arguments.containsKey(PASSWORD_INVALID_LENGTH))
+			password_field.setError(getString(R.string.error_not_valid_password_user_message));
+		    if (arguments.containsKey(USERNAME)) {
+			String username = arguments.getString(USERNAME);
+			username_field.setText(username);
 		    }
-
+		    if (arguments.containsKey(USERNAME_MISSING)) {
+			username_field.setError(getString(R.string.username_ask));
+		    }
+		    if(arguments.containsKey(getString(R.string.user_message)))
+			user_message.setText(arguments.getString(getString(R.string.user_message)));
+		    else
+			user_message.setVisibility(View.GONE);
+		}
 		
-		builder.setView(log_in_dialog_view)
+		builder.setView(view)
 			.setPositiveButton(R.string.login_button, new DialogInterface.OnClickListener() {
 				public void onClick(DialogInterface dialog, int id) {
 					String username = username_field.getText().toString();
 					String password = password_field.getText().toString();
 					dialog.dismiss();
-					interface_with_Dashboard.authenticate(username, password);
+					interface_with_Dashboard.logIn(username, password);
 				}
 			})
 			.setNegativeButton(R.string.cancel, new DialogInterface.OnClickListener() {
@@ -112,35 +113,37 @@ public class LogInDialog extends DialogFragment {
 		
 		return builder.create();
 	}
+
 	
 	/**
-	 * Interface used to communicate LogInDialog with Dashboard.
+	 * Interface used to communicate SessionDialog with Dashboard.
 	 * 
 	 * @author parmegv
 	 *
 	 */
-	public interface LogInDialogInterface {
-	    public void authenticate(String username, String password);
-	    public void cancelAuthedEipOn();
+	public interface SessionDialogInterface {
+	    public void logIn(String username, String password);
 	    public void signUp(String username, String password);
 	    public void cancelLoginOrSignup();
     }
 
-	LogInDialogInterface interface_with_Dashboard;
+	SessionDialogInterface interface_with_Dashboard;
 
 	/**
 	 * @return a new instance of this DialogFragment.
 	 */
 	public static DialogFragment newInstance() {
-		LogInDialog dialog_fragment = new LogInDialog();
-		return dialog_fragment;
+        if(dialog == null)
+            dialog = new SessionDialog();
+
+        return dialog;
 	}
 	
     @Override
     public void onAttach(Activity activity) {
         super.onAttach(activity);
         try {
-        	interface_with_Dashboard = (LogInDialogInterface) activity;
+        	interface_with_Dashboard = (SessionDialogInterface) activity;
         } catch (ClassCastException e) {
             throw new ClassCastException(activity.toString()
                     + " must implement LogInDialogListener");
@@ -149,8 +152,8 @@ public class LogInDialog extends DialogFragment {
 
     @Override
     public void onCancel(DialogInterface dialog) {
+	super.onCancel(dialog);
 	if(is_eip_pending)
-	    interface_with_Dashboard.cancelAuthedEipOn();
-	super.onCancel(dialog);	    
+	    interface_with_Dashboard.cancelLoginOrSignup();
     }
 }
diff --git a/app/src/main/java/se/leap/bitmaskclient/SignUpDialog.java b/app/src/main/java/se/leap/bitmaskclient/SignUpDialog.java
deleted file mode 100644
index 120d4eec..00000000
--- a/app/src/main/java/se/leap/bitmaskclient/SignUpDialog.java
+++ /dev/null
@@ -1,147 +0,0 @@
-/**
- * Copyright (c) 2013 LEAP Encryption Access Project and contributers
- * 
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>.
- */
- package se.leap.bitmaskclient;
-
-import se.leap.bitmaskclient.R;
-import android.R.color;
-import android.app.Activity;
-import android.app.AlertDialog;
-import android.app.DialogFragment;
-import android.content.DialogInterface;
-import android.content.res.ColorStateList;
-import android.os.Bundle;
-import android.provider.CalendarContract.Colors;
-import android.view.LayoutInflater;
-import android.view.View;
-import android.view.animation.AlphaAnimation;
-import android.view.animation.BounceInterpolator;
-import android.widget.EditText;
-import android.widget.TextView;
-
-/**
- * Implements the sign up dialog, currently without progress dialog.
- * 
- * It returns to the previous fragment when finished, and sends username and password to the registration method.
- * 
- * It also notifies the user if the password is not valid. 
- * 
- * @author parmegv
- *
- */
-public class SignUpDialog extends DialogFragment {
-     
-	final public static String TAG = "signUpDialog";
-	final public static String VERB = "log in";
-	final public static String USERNAME = "username";
-	final public static String PASSWORD = "password";
-	final public static String USERNAME_MISSING = "username missing";
-	final public static String PASSWORD_INVALID_LENGTH = "password_invalid_length";
-
-    private static boolean is_eip_pending = false;
-    
-	public AlertDialog onCreateDialog(Bundle savedInstanceState) {
-		AlertDialog.Builder builder = new AlertDialog.Builder(getActivity());
-		LayoutInflater inflater = getActivity().getLayoutInflater();
-		View log_in_dialog_view = inflater.inflate(R.layout.log_in_dialog, null);
-
-		final TextView user_message = (TextView)log_in_dialog_view.findViewById(R.id.user_message);
-		if(getArguments() != null && getArguments().containsKey(getResources().getString(R.string.user_message))) {
-			user_message.setText(getArguments().getString(getResources().getString(R.string.user_message)));
-		} else {
-			user_message.setVisibility(View.GONE);
-		}
-		
-		final EditText username_field = (EditText)log_in_dialog_view.findViewById(R.id.username_entered);
-		if(getArguments() != null && getArguments().containsKey(USERNAME)) {
-			String username = getArguments().getString(USERNAME);
-			username_field.setText(username);
-		}
-		if (getArguments() != null && getArguments().containsKey(USERNAME_MISSING)) {
-			username_field.setError(getResources().getString(R.string.username_ask));
-    	}
-		
-		final EditText password_field = (EditText)log_in_dialog_view.findViewById(R.id.password_entered);
-		if(!username_field.getText().toString().isEmpty() && password_field.isFocusable()) {
-			password_field.requestFocus();
-		}
-		if (getArguments() != null && getArguments().containsKey(PASSWORD_INVALID_LENGTH)) {
-		    password_field.setError(getResources().getString(R.string.error_not_valid_password_user_message));
-		}
-		if(getArguments() != null && getArguments().getBoolean(EipServiceFragment.IS_EIP_PENDING, false)) {
-			is_eip_pending = true;
-		    }
-
-		
-		builder.setView(log_in_dialog_view)
-			.setPositiveButton(R.string.signup_button, new DialogInterface.OnClickListener() {
-				public void onClick(DialogInterface dialog, int id) {
-					String username = username_field.getText().toString();
-					String password = password_field.getText().toString();
-					dialog.dismiss();
-					interface_with_Dashboard.signUp(username, password);
-				}
-			})
-			.setNegativeButton(R.string.cancel, new DialogInterface.OnClickListener() {
-				public void onClick(DialogInterface dialog, int id) {
-					dialog.cancel();
-					interface_with_Dashboard.cancelLoginOrSignup();
-				}
-			});
-		
-		return builder.create();
-	}
-	
-	/**
-	 * Interface used to communicate SignUpDialog with Dashboard.
-	 * 
-	 * @author parmegv
-	 *
-	 */
-	public interface SignUpDialogInterface {
-	    public void signUp(String username, String password);
-	    public void cancelAuthedEipOn();
-	    public void cancelLoginOrSignup();
-    }
-
-	SignUpDialogInterface interface_with_Dashboard;
-
-	/**
-	 * @return a new instance of this DialogFragment.
-	 */
-	public static DialogFragment newInstance() {
-		SignUpDialog dialog_fragment = new SignUpDialog();
-		return dialog_fragment;
-	}
-	
-    @Override
-    public void onAttach(Activity activity) {
-        super.onAttach(activity);
-        try {
-        	interface_with_Dashboard = (SignUpDialogInterface) activity;
-        } catch (ClassCastException e) {
-            throw new ClassCastException(activity.toString()
-                    + " must implement SignUpDialogListener");
-        }
-    }
-
-    @Override
-    public void onCancel(DialogInterface dialog) {
-	if(is_eip_pending)
-	    interface_with_Dashboard.cancelAuthedEipOn();
-	super.onCancel(dialog);	    
-    }
-}
diff --git a/app/src/main/java/se/leap/bitmaskclient/VoidVpnService.java b/app/src/main/java/se/leap/bitmaskclient/VoidVpnService.java
deleted file mode 100644
index b7289c23..00000000
--- a/app/src/main/java/se/leap/bitmaskclient/VoidVpnService.java
+++ /dev/null
@@ -1,42 +0,0 @@
-package se.leap.bitmaskclient;
-
-import android.content.Intent;
-import android.net.VpnService;
-import android.util.Log;
-
-public class VoidVpnService extends VpnService {
-
-    static final String START_BLOCKING_VPN_PROFILE = "se.leap.bitmaskclient.START_BLOCKING_VPN_PROFILE";
-    static final String TAG = VoidVpnService.class.getSimpleName();
-
-    @Override
-    public int onStartCommand(Intent intent, int flags, int startId) {
-	String action = intent.getAction();
-	if (action == START_BLOCKING_VPN_PROFILE) {
-	    new Thread(new Runnable() {
-		    public void run() {
-			blockConnections();
-		    }
-		}).run();
-	}
-	return 0;
-    }
-        
-    public void blockConnections() {
-	Builder builder = new Builder();
-	builder.setSession("Blocking until running");
-	builder.addAddress("10.42.0.8",16);
-	builder.addRoute("0.0.0.0", 1);
-	builder.addRoute("128.0.0.0", 1);
-	builder.addRoute("192.168.1.0", 24);
-	builder.addDnsServer("10.42.0.1");
-	builder.establish();
-	android.util.Log.d(TAG, "VoidVpnService set up");
-	try {
-	    new java.net.Socket("sdf.org", 80);
-	    Log.d(TAG, "VoidVpnService doesn's stop traffic");
-	} catch (Exception e) {
-	    e.printStackTrace();
-	}
-    }
-}
diff --git a/app/src/main/java/se/leap/bitmaskclient/eip/Constants.java b/app/src/main/java/se/leap/bitmaskclient/eip/Constants.java
new file mode 100644
index 00000000..12c2e015
--- /dev/null
+++ b/app/src/main/java/se/leap/bitmaskclient/eip/Constants.java
@@ -0,0 +1,47 @@
+/**
+ * Copyright (c) 2013 LEAP Encryption Access Project and contributers
+ * 
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+package se.leap.bitmaskclient.eip;
+
+/**
+ *
+ * Constants for intent passing, shared preferences
+ *
+ * @author Parménides GV <parmegv@sdf.org>
+ *
+ */
+public interface Constants {
+
+    public final static String TAG = Constants.class.getSimpleName();
+    
+    public final static String AUTHED_EIP = TAG + ".AUTHED_EIP";
+    public final static String ACTION_CHECK_CERT_VALIDITY = TAG + ".CHECK_CERT_VALIDITY";
+    public final static String ACTION_START_EIP = TAG + ".START_EIP";
+    public final static String ACTION_STOP_EIP = TAG + ".STOP_EIP";
+    public final static String ACTION_UPDATE_EIP_SERVICE = TAG + ".UPDATE_EIP_SERVICE";
+    public final static String ACTION_IS_EIP_RUNNING = TAG + ".IS_RUNNING";
+    public final static String EIP_NOTIFICATION = TAG + ".EIP_NOTIFICATION";
+    public final static String ALLOWED_ANON = "allow_anonymous";
+    public final static String ALLOWED_REGISTERED = "allow_registration";
+    public final static String CERTIFICATE = "cert";
+    public final static String PRIVATE_KEY = TAG + ".PRIVATE_KEY";
+    public final static String KEY = TAG + ".KEY";
+    public final static String RECEIVER_TAG = TAG + ".RECEIVER_TAG";
+    public final static String REQUEST_TAG = TAG + ".REQUEST_TAG";
+    public final static String START_BLOCKING_VPN_PROFILE = TAG + ".START_BLOCKING_VPN_PROFILE";
+    public final static String PROVIDER_CONFIGURED = TAG + ".PROVIDER_CONFIGURED";
+
+}
diff --git a/app/src/main/java/se/leap/bitmaskclient/eip/EIP.java b/app/src/main/java/se/leap/bitmaskclient/eip/EIP.java
new file mode 100644
index 00000000..0713e521
--- /dev/null
+++ b/app/src/main/java/se/leap/bitmaskclient/eip/EIP.java
@@ -0,0 +1,251 @@
+/**
+ * Copyright (c) 2013 LEAP Encryption Access Project and contributers
+ * 
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+package se.leap.bitmaskclient.eip;
+
+import android.app.Activity;
+import android.app.IntentService;
+import android.content.Context;
+import android.content.Intent;
+import android.content.SharedPreferences;
+import android.os.Bundle;
+import android.os.Handler;
+import android.os.ResultReceiver;
+import android.util.Log;
+
+import org.json.JSONArray;
+import org.json.JSONException;
+import org.json.JSONObject;
+
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.List;
+
+import de.blinkt.openvpn.LaunchVPN;
+import de.blinkt.openvpn.VpnProfile;
+import de.blinkt.openvpn.core.ProfileManager;
+import se.leap.bitmaskclient.Dashboard;
+import se.leap.bitmaskclient.EipServiceFragment;
+
+import static se.leap.bitmaskclient.eip.Constants.ACTION_CHECK_CERT_VALIDITY;
+import static se.leap.bitmaskclient.eip.Constants.ACTION_IS_EIP_RUNNING;
+import static se.leap.bitmaskclient.eip.Constants.ACTION_START_EIP;
+import static se.leap.bitmaskclient.eip.Constants.ACTION_STOP_EIP;
+import static se.leap.bitmaskclient.eip.Constants.ACTION_UPDATE_EIP_SERVICE;
+import static se.leap.bitmaskclient.eip.Constants.CERTIFICATE;
+import static se.leap.bitmaskclient.eip.Constants.KEY;
+import static se.leap.bitmaskclient.eip.Constants.RECEIVER_TAG;
+import static se.leap.bitmaskclient.eip.Constants.REQUEST_TAG;
+
+/**
+ * EIP is the abstract base class for interacting with and managing the Encrypted
+ * Internet Proxy connection.  Connections are started, stopped, and queried through
+ * this IntentService.
+ * Contains logic for parsing eip-service.json from the provider, configuring and selecting
+ * gateways, and controlling {@link de.blinkt.openvpn.core.OpenVPNService} connections.
+ * 
+ * @author Sean Leonard <meanderingcode@aetherislands.net>
+ * @author Parménides GV <parmegv@sdf.org>
+ */
+public final class EIP extends IntentService {
+
+    public final static String TAG = EIP.class.getSimpleName();
+    public final static String SERVICE_API_PATH = "config/eip-service.json";
+
+    public static final int DISCONNECT = 15;
+    
+    private static Context context;
+    private static ResultReceiver mReceiver;
+    private static SharedPreferences preferences;
+	
+    private static JSONObject eip_definition;
+    private static List<Gateway> gateways = new ArrayList<Gateway>();
+    private static ProfileManager profile_manager;
+    private static Gateway gateway;
+    
+	public EIP(){
+		super(TAG);
+	}
+	
+	@Override
+	public void onCreate() {
+		super.onCreate();
+		
+		context = getApplicationContext();
+		profile_manager = ProfileManager.getInstance(context);
+
+		preferences = getSharedPreferences(Dashboard.SHARED_PREFERENCES, MODE_PRIVATE);
+		refreshEipDefinition();
+	}
+	
+    @Override
+    protected void onHandleIntent(Intent intent) {
+	String action = intent.getAction();
+	mReceiver = intent.getParcelableExtra(RECEIVER_TAG);
+	
+	if ( action.equals(ACTION_START_EIP))
+	    startEIP();
+	else if (action.equals(ACTION_STOP_EIP))
+	    stopEIP();
+	else if (action.equals(ACTION_IS_EIP_RUNNING))
+	    isRunning();
+	else if (action.equals(ACTION_UPDATE_EIP_SERVICE))
+	    updateEIPService();
+	else if (action.equals(ACTION_CHECK_CERT_VALIDITY))
+	    checkCertValidity();
+    }
+	
+    /**
+     * Initiates an EIP connection by selecting a gateway and preparing and sending an
+     * Intent to {@link de.blinkt.openvpn.LaunchVPN}.
+     * It also sets up early routes.
+     */
+    private void startEIP() {
+	if(gateways.isEmpty())
+	    updateEIPService();
+        earlyRoutes();
+
+        GatewaySelector gateway_selector = new GatewaySelector(gateways);
+	gateway = gateway_selector.select();
+	if(gateway != null && gateway.getProfile() != null) {
+	    mReceiver = EipServiceFragment.getReceiver();
+	    launchActiveGateway();
+	}
+	tellToReceiver(ACTION_START_EIP, Activity.RESULT_OK);
+    }
+
+    /**
+     * Early routes are routes that block traffic until a new
+     * VpnService is started properly.
+     */
+    private void earlyRoutes() {
+	Intent void_vpn_launcher = new Intent(context, VoidVpnLauncher.class);
+	void_vpn_launcher.addFlags(Intent.FLAG_ACTIVITY_NEW_TASK);
+	startActivity(void_vpn_launcher);
+    }
+    
+    private void launchActiveGateway() {
+	Intent intent = new Intent(this,LaunchVPN.class);
+	intent.setAction(Intent.ACTION_MAIN);
+	intent.addFlags(Intent.FLAG_ACTIVITY_NEW_TASK);
+	intent.putExtra(LaunchVPN.EXTRA_NAME, gateway.getProfile().getName());
+	intent.putExtra(LaunchVPN.EXTRA_HIDELOG, true);
+	startActivity(intent);
+    }
+
+    private void stopEIP() {
+	EipStatus eip_status = EipStatus.getInstance();
+	Log.d(TAG, "stopEip(): eip is connected? " + eip_status.isConnected());
+	int result_code = Activity.RESULT_CANCELED;
+	if(eip_status.isConnected())
+	    result_code = Activity.RESULT_OK;
+
+	tellToReceiver(ACTION_STOP_EIP, result_code);
+    }
+	
+    /**
+     * Checks the last stored status notified by ics-openvpn
+     * Sends <code>Activity.RESULT_CANCELED</code> to the ResultReceiver that made the
+     * request if it's not connected, <code>Activity.RESULT_OK</code> otherwise.
+     */
+    private void isRunning() {
+	EipStatus eip_status = EipStatus.getInstance();
+	int resultCode = (eip_status.isConnected()) ?
+	    Activity.RESULT_OK :
+	    Activity.RESULT_CANCELED;
+	tellToReceiver(ACTION_IS_EIP_RUNNING, resultCode);
+    }
+
+    /**
+     * Loads eip-service.json from SharedPreferences, delete previous vpn profiles and add new gateways.
+     * TODO Implement API call to refresh eip-service.json from the provider
+     */
+    private void updateEIPService() {
+	refreshEipDefinition();
+	deleteAllVpnProfiles();
+	updateGateways();
+	tellToReceiver(ACTION_UPDATE_EIP_SERVICE, Activity.RESULT_OK);
+    }
+
+    private void refreshEipDefinition() {
+	try {
+	    String eip_definition_string = preferences.getString(KEY, "");
+	    if(!eip_definition_string.isEmpty()) {
+		eip_definition = new JSONObject(eip_definition_string);
+	    }
+	} catch (JSONException e) {
+	    // TODO Auto-generated catch block
+	    e.printStackTrace();
+	}
+    }
+    
+    private void deleteAllVpnProfiles() {
+	Collection<VpnProfile> profiles = profile_manager.getProfiles();
+	profiles.removeAll(profiles);
+    }
+	
+    /**
+     * Walk the list of gateways defined in eip-service.json and parse them into
+     * Gateway objects.
+     * TODO Store the Gateways (as Serializable) in SharedPreferences
+     */
+    private void updateGateways(){
+	try {
+        if(eip_definition != null) {
+            JSONArray gatewaysDefined = eip_definition.getJSONArray("gateways");
+            for (int i = 0; i < gatewaysDefined.length(); i++) {
+                JSONObject gw = gatewaysDefined.getJSONObject(i);
+                if (isOpenVpnGateway(gw)) {
+                    addGateway(new Gateway(eip_definition, context, gw));
+                }
+            }
+        }
+	} catch (JSONException e) {
+	    // TODO Auto-generated catch block
+	    e.printStackTrace();
+	}
+    }
+
+    private boolean isOpenVpnGateway(JSONObject gateway) {
+	try {
+	    String transport = gateway.getJSONObject("capabilities").getJSONArray("transport").toString();
+	    return transport.contains("openvpn");
+	} catch (JSONException e) {
+	    return false;
+	}
+    }
+
+    private void addGateway(Gateway gateway) {
+	profile_manager.addProfile(gateway.getProfile());
+	gateways.add(gateway);
+    }
+
+    private void checkCertValidity() {
+	VpnCertificateValidator validator = new VpnCertificateValidator();
+	int resultCode = validator.isValid(preferences.getString(CERTIFICATE, "")) ?
+	    Activity.RESULT_OK :
+	    Activity.RESULT_CANCELED;
+	tellToReceiver(ACTION_CHECK_CERT_VALIDITY, resultCode);
+    }
+
+    private void tellToReceiver(String action, int resultCode) {
+        if (mReceiver != null){
+            Bundle resultData = new Bundle();
+            resultData.putString(REQUEST_TAG, action);
+            mReceiver.send(resultCode, resultData);
+        }
+    }
+}
diff --git a/app/src/main/java/se/leap/bitmaskclient/eip/EipStatus.java b/app/src/main/java/se/leap/bitmaskclient/eip/EipStatus.java
new file mode 100644
index 00000000..4ac3bd6a
--- /dev/null
+++ b/app/src/main/java/se/leap/bitmaskclient/eip/EipStatus.java
@@ -0,0 +1,138 @@
+/**
+ * Copyright (c) 2013 LEAP Encryption Access Project and contributers
+ * 
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+package se.leap.bitmaskclient.eip;
+
+import android.util.Log;
+
+import java.util.Observable;
+
+import de.blinkt.openvpn.core.VpnStatus;
+
+public class EipStatus extends Observable implements VpnStatus.StateListener {
+    public static String TAG = EipStatus.class.getSimpleName();
+    private static EipStatus current_status;
+
+    private static VpnStatus.ConnectionStatus level = VpnStatus.ConnectionStatus.LEVEL_NOTCONNECTED;
+    private static boolean wants_to_disconnect = false;
+
+    private String state, log_message;
+    private int localized_res_id;
+
+    public static EipStatus getInstance() {
+	if(current_status == null) {
+	    current_status = new EipStatus();
+	    VpnStatus.addStateListener(current_status);
+	}
+	return current_status;
+    }
+
+    private EipStatus() { }
+
+    @Override
+    public void updateState(final String state, final String logmessage, final int localizedResId, final VpnStatus.ConnectionStatus level) {
+	current_status = getInstance();
+	current_status.setState(state);
+	current_status.setLogMessage(logmessage);
+	current_status.setLocalizedResId(localizedResId);
+	current_status.setLevel(level);
+	current_status.setChanged();
+	if(isConnected() || isDisconnected())
+	    setConnectedOrDisconnected();
+	else if(isConnecting())
+	    setConnecting();
+	Log.d(TAG, "update state with level " + level);
+	current_status.notifyObservers();
+    }
+
+    public boolean wantsToDisconnect() {
+	return wants_to_disconnect;
+    }
+
+    public boolean isConnecting() {
+	return
+	    !isConnected() &&
+	    !isDisconnected() &&
+	    !isPaused();
+    }
+
+    public boolean isConnected() {
+	return level == VpnStatus.ConnectionStatus.LEVEL_CONNECTED;
+    }
+
+    public boolean isDisconnected() {
+	return level == VpnStatus.ConnectionStatus.LEVEL_NOTCONNECTED;
+    }
+
+    public boolean isPaused() {
+	return level == VpnStatus.ConnectionStatus.LEVEL_VPNPAUSED;
+    }
+
+    public void setConnecting() {
+	wants_to_disconnect = false;
+	current_status.setChanged();
+	current_status.notifyObservers();
+    }
+
+    public void setConnectedOrDisconnected() {
+	Log.d(TAG, "setConnectedOrDisconnected()");
+	wants_to_disconnect = false;
+	current_status.setChanged();
+	current_status.notifyObservers();
+    }
+
+    public void setDisconnecting() {
+	wants_to_disconnect = false;
+    }
+
+    public String getState() {
+	return state;
+    }
+
+    public String getLogMessage() {
+	return log_message;
+    }
+
+    public int getLocalizedResId() {
+	return localized_res_id;
+    }
+
+    public VpnStatus.ConnectionStatus getLevel() {
+	return level;
+    }
+
+    private void setState(String state) {
+	this.state = state;
+    }
+
+    private void setLogMessage(String log_message) {
+	this.log_message = log_message;
+    }
+
+    private void setLocalizedResId(int localized_res_id) {
+	this.localized_res_id = localized_res_id;
+    }
+
+    private void setLevel(VpnStatus.ConnectionStatus level) {
+	EipStatus.level = level;
+    }
+
+    @Override
+    public String toString() {
+	return "State: " + state + " Level: " + level.toString();
+    }
+
+}
diff --git a/app/src/main/java/se/leap/bitmaskclient/eip/Gateway.java b/app/src/main/java/se/leap/bitmaskclient/eip/Gateway.java
new file mode 100644
index 00000000..3ee9443c
--- /dev/null
+++ b/app/src/main/java/se/leap/bitmaskclient/eip/Gateway.java
@@ -0,0 +1,156 @@
+/**
+ * Copyright (c) 2013 LEAP Encryption Access Project and contributers
+ * 
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+package se.leap.bitmaskclient.eip;
+
+import android.app.Activity;
+import android.content.Context;
+import android.content.SharedPreferences;
+import android.util.Log;
+
+import org.json.JSONException;
+import org.json.JSONObject;
+
+import java.io.IOException;
+import java.io.StringReader;
+import java.util.Collection;
+import java.util.Iterator;
+
+import de.blinkt.openvpn.VpnProfile;
+import de.blinkt.openvpn.core.ConfigParser;
+import de.blinkt.openvpn.core.ProfileManager;
+import se.leap.bitmaskclient.Dashboard;
+
+/**
+ * Gateway provides objects defining gateways and their metadata.
+ * Each instance contains a VpnProfile for OpenVPN specific data and member
+ * variables describing capabilities and location (name)
+ * 
+ * @author Sean Leonard <meanderingcode@aetherislands.net>
+ * @author Parménides GV <parmegv@sdf.org>
+ */
+public class Gateway {
+		
+    private String TAG = Gateway.class.getSimpleName();
+		
+    private String mName;
+    private int timezone;
+    private JSONObject general_configuration;
+    private Context context;
+    private VpnProfile mVpnProfile;
+    private JSONObject mGateway;
+		
+    /**
+     * Build a gateway object from a JSON OpenVPN gateway definition in eip-service.json
+     * and create a VpnProfile belonging to it.
+     * 
+     * @param gateway The JSON OpenVPN gateway definition to parse
+     */
+    protected Gateway(JSONObject eip_definition, Context context, JSONObject gateway){
+
+	mGateway = gateway;
+	
+	this.context = context;
+	general_configuration = getGeneralConfiguration(eip_definition);
+	timezone = getTimezone(eip_definition);
+	mName = locationAsName(eip_definition);
+
+	// Currently deletes VpnProfile for host, if there already is one, and builds new
+	ProfileManager vpl = ProfileManager.getInstance(context);
+	Collection<VpnProfile> profiles = vpl.getProfiles();
+	for (Iterator<VpnProfile> it = profiles.iterator(); it.hasNext(); ){
+	    VpnProfile p = it.next();
+				
+	    if ( p.mName.equalsIgnoreCase( mName ) ) {
+		it.remove();
+		vpl.removeProfile(context, p);
+	    }
+	}
+
+	mVpnProfile = createVPNProfile();
+	mVpnProfile.mName = mName;
+
+	vpl.addProfile(mVpnProfile);
+	vpl.saveProfile(context, mVpnProfile);
+	vpl.saveProfileList(context);
+    }
+
+    private JSONObject getGeneralConfiguration(JSONObject eip_definition) {
+	try {
+	    return eip_definition.getJSONObject("openvpn_configuration");
+	} catch (JSONException e) {
+	    return new JSONObject();
+	}
+    }
+
+    private int getTimezone(JSONObject eip_definition) {
+	JSONObject location = getLocationInfo(eip_definition);
+	return location.optInt("timezone");
+    }
+
+    private String locationAsName(JSONObject eip_definition) {
+	JSONObject location = getLocationInfo(eip_definition);
+	return location.optString("name");
+    }
+
+    private JSONObject getLocationInfo(JSONObject eip_definition) {
+	try {
+	    JSONObject locations = eip_definition.getJSONObject("locations");
+
+	    return locations.getJSONObject(mGateway.getString("location"));
+	} catch (JSONException e) {
+	    return new JSONObject();
+	}
+    }
+	    
+    /**
+     * Create and attach the VpnProfile to our gateway object
+     */
+    private VpnProfile createVPNProfile(){
+	try {
+	    ConfigParser cp = new ConfigParser();
+
+	    SharedPreferences preferences = context.getSharedPreferences(Dashboard.SHARED_PREFERENCES, Activity.MODE_PRIVATE);
+	    VpnConfigGenerator vpn_configuration_generator = new VpnConfigGenerator(preferences, general_configuration, mGateway);
+	    String configuration = vpn_configuration_generator.generate();
+				
+	    cp.parseConfig(new StringReader(configuration));
+	    return cp.convertProfile();
+	} catch (ConfigParser.ConfigParseError e) {
+	    // FIXME We didn't get a VpnProfile!  Error handling! and log level
+	    Log.v(TAG,"Error creating VPNProfile");
+	    e.printStackTrace();
+	    return null;
+	} catch (IOException e) {
+	    // FIXME We didn't get a VpnProfile!  Error handling! and log level
+	    Log.v(TAG,"Error creating VPNProfile");
+	    e.printStackTrace();
+	    return null;
+	}
+    }
+
+    public String getName() {
+	return mName;
+    }
+
+    public VpnProfile getProfile() {
+	return mVpnProfile;
+    }
+
+    public int getTimezone() {
+	return timezone;
+    }
+}
diff --git a/app/src/main/java/se/leap/bitmaskclient/eip/GatewaySelector.java b/app/src/main/java/se/leap/bitmaskclient/eip/GatewaySelector.java
new file mode 100644
index 00000000..39ae7ca6
--- /dev/null
+++ b/app/src/main/java/se/leap/bitmaskclient/eip/GatewaySelector.java
@@ -0,0 +1,46 @@
+package se.leap.bitmaskclient.eip;
+
+import java.util.Calendar;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
+import java.util.TreeMap;
+
+public class GatewaySelector {
+    List<Gateway> gateways;
+
+    public GatewaySelector(List<Gateway> gateways) {
+	this.gateways = gateways;
+    }
+
+    public Gateway select() {
+	return closestGateway();
+    }
+    
+    private Gateway closestGateway() {
+	TreeMap<Integer, Set<Gateway>> offsets = calculateOffsets();
+	return offsets.isEmpty() ? null : offsets.firstEntry().getValue().iterator().next();
+    }
+    
+    private TreeMap<Integer, Set<Gateway>> calculateOffsets() {
+	TreeMap<Integer, Set<Gateway>> offsets = new TreeMap<Integer, Set<Gateway>>();
+	int localOffset = Calendar.getInstance().get(Calendar.ZONE_OFFSET) / 3600000;
+	for(Gateway gateway : gateways) {
+	    int dist = timezoneDistance(localOffset, gateway.getTimezone());
+	    Set<Gateway> set = (offsets.get(dist) != null) ?
+		offsets.get(dist) : new HashSet<Gateway>();
+	    set.add(gateway);
+	    offsets.put(dist, set);
+	}
+	return offsets;
+    }
+    
+    private int timezoneDistance(int local_timezone, int remote_timezone) {
+	// Distance along the numberline of Prime Meridian centric, assumes UTC-11 through UTC+12
+	int dist = Math.abs(local_timezone - remote_timezone);
+	// Farther than 12 timezones and it's shorter around the "back"
+	if (dist > 12)
+	    dist = 12 - (dist -12); // Well i'll be. Absolute values make equations do funny things.
+	return dist;
+    }
+}
diff --git a/app/src/main/java/se/leap/bitmaskclient/VoidVpnLauncher.java b/app/src/main/java/se/leap/bitmaskclient/eip/VoidVpnLauncher.java
index 3b286fbf..d79d8003 100644
--- a/app/src/main/java/se/leap/bitmaskclient/VoidVpnLauncher.java
+++ b/app/src/main/java/se/leap/bitmaskclient/eip/VoidVpnLauncher.java
@@ -1,4 +1,4 @@
-package se.leap.bitmaskclient;
+package se.leap.bitmaskclient.eip;
 
 import android.app.Activity;
 import android.content.Intent;
@@ -8,7 +8,7 @@ import android.os.Bundle;
 public class VoidVpnLauncher extends Activity {
 
     private static final int VPN_USER_PERMISSION = 71;
-    
+
     @Override
     protected void onCreate(Bundle savedInstanceState) {
 	super.onCreate(savedInstanceState);
@@ -28,7 +28,7 @@ public class VoidVpnLauncher extends Activity {
 	if(requestCode == VPN_USER_PERMISSION) {
 	    if(resultCode == RESULT_OK) {
 		Intent void_vpn_service = new Intent(getApplicationContext(), VoidVpnService.class);
-		void_vpn_service.setAction(VoidVpnService.START_BLOCKING_VPN_PROFILE);
+		void_vpn_service.setAction(Constants.START_BLOCKING_VPN_PROFILE);
 		startService(void_vpn_service);
 	    }
 	}
diff --git a/app/src/main/java/se/leap/bitmaskclient/eip/VoidVpnService.java b/app/src/main/java/se/leap/bitmaskclient/eip/VoidVpnService.java
new file mode 100644
index 00000000..a6f9fe76
--- /dev/null
+++ b/app/src/main/java/se/leap/bitmaskclient/eip/VoidVpnService.java
@@ -0,0 +1,33 @@
+package se.leap.bitmaskclient.eip;
+
+import android.content.Intent;
+import android.net.VpnService;
+
+public class VoidVpnService extends VpnService  {
+
+    static final String TAG = VoidVpnService.class.getSimpleName();
+
+    @Override
+    public int onStartCommand(Intent intent, int flags, int startId) {
+	String action = intent.getAction();
+	if (action == Constants.START_BLOCKING_VPN_PROFILE) {
+	    new Thread(new Runnable() {
+		    public void run() {			
+			Builder builder = new Builder();
+			builder.setSession("Blocking until running");
+			builder.addAddress("10.42.0.8",16);
+			builder.addRoute("0.0.0.0", 1);
+			builder.addRoute("192.168.1.0", 24);
+			builder.addDnsServer("10.42.0.1");
+			try {
+			    builder.establish();
+			} catch (Exception e) {
+			    e.printStackTrace();
+			}
+			android.util.Log.d(TAG, "VoidVpnService set up");
+		    }
+		}).run();
+	}
+	return 0;
+    }
+}
diff --git a/app/src/main/java/se/leap/bitmaskclient/eip/VpnCertificateValidator.java b/app/src/main/java/se/leap/bitmaskclient/eip/VpnCertificateValidator.java
new file mode 100644
index 00000000..6487f6c1
--- /dev/null
+++ b/app/src/main/java/se/leap/bitmaskclient/eip/VpnCertificateValidator.java
@@ -0,0 +1,60 @@
+/**
+ * Copyright (c) 2013 LEAP Encryption Access Project and contributers
+ * 
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+package se.leap.bitmaskclient.eip;
+
+import android.util.Log;
+
+import java.security.cert.CertificateExpiredException;
+import java.security.cert.CertificateNotYetValidException;
+import java.security.cert.X509Certificate;
+import java.util.Calendar;
+
+import se.leap.bitmaskclient.ConfigHelper;
+
+public class VpnCertificateValidator {
+    public final static String TAG = VpnCertificateValidator.class.getSimpleName();
+
+    public boolean isValid(String certificate) {
+	if(!certificate.isEmpty()) {
+	    X509Certificate certificate_x509 = ConfigHelper.parseX509CertificateFromString(certificate);
+	    return isValid(certificate_x509);
+	} else return true;
+    }
+    
+    private boolean isValid(X509Certificate certificate) {
+	Calendar offset_date = calculateOffsetCertificateValidity(certificate);
+	try {
+	    Log.d(TAG, "offset_date = " + offset_date.getTime().toString());
+	    certificate.checkValidity(offset_date.getTime());
+	    return true;
+	} catch(CertificateExpiredException e) {
+	    return false;
+	} catch(CertificateNotYetValidException e) {
+	    return false;
+	}
+    }
+
+    private Calendar calculateOffsetCertificateValidity(X509Certificate certificate) {
+	Log.d(TAG, "certificate not after = " + certificate.getNotAfter());
+	long preventive_time = Math.abs(certificate.getNotBefore().getTime() - certificate.getNotAfter().getTime())/2;
+	long current_date_millis = Calendar.getInstance().getTimeInMillis();
+	    
+	Calendar limit_date = Calendar.getInstance();
+	limit_date.setTimeInMillis(current_date_millis + preventive_time);
+	return limit_date;
+    }
+}
diff --git a/app/src/main/java/se/leap/bitmaskclient/eip/VpnConfigGenerator.java b/app/src/main/java/se/leap/bitmaskclient/eip/VpnConfigGenerator.java
new file mode 100644
index 00000000..0c8e9a04
--- /dev/null
+++ b/app/src/main/java/se/leap/bitmaskclient/eip/VpnConfigGenerator.java
@@ -0,0 +1,145 @@
+/**
+ * Copyright (c) 2013 LEAP Encryption Access Project and contributers
+ * 
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+package se.leap.bitmaskclient.eip;
+
+import android.content.SharedPreferences;
+import android.util.Log;
+
+import org.json.JSONArray;
+import org.json.JSONException;
+import org.json.JSONObject;
+
+import java.util.Iterator;
+
+import se.leap.bitmaskclient.Provider;
+
+public class VpnConfigGenerator {
+
+    private JSONObject general_configuration;
+    private JSONObject gateway;
+    
+    private static SharedPreferences preferences;
+    public final static String TAG = VpnConfigGenerator.class.getSimpleName();
+    private final String new_line = System.getProperty("line.separator"); // Platform new line
+
+    public VpnConfigGenerator(SharedPreferences preferences, JSONObject general_configuration, JSONObject gateway) {
+	this.general_configuration = general_configuration;
+	this.gateway = gateway;
+	VpnConfigGenerator.preferences = preferences;
+    }
+    
+    public String generate() {
+	return
+	    generalConfiguration()
+	    + new_line
+	    + gatewayConfiguration()
+	    + new_line
+	    + secretsConfiguration()
+	    + new_line
+	    + androidCustomizations();
+    }
+
+    private String generalConfiguration() {
+	String common_options = "";
+	try {
+	    Iterator keys = general_configuration.keys();
+	    while ( keys.hasNext() ){
+		String key = keys.next().toString();
+					
+		common_options += key + " ";
+		for ( String word : general_configuration.getString(key).split(" ") )
+		    common_options += word + " ";
+		common_options += new_line;
+			
+	    }
+	} catch (JSONException e) {
+	    // TODO Auto-generated catch block
+	    e.printStackTrace();
+	}
+
+	common_options += "client";
+
+	return common_options;
+    }
+    
+    private String gatewayConfiguration() {
+	String remotes = "";
+		
+	String remote = "ip_address";
+	String remote_openvpn_keyword = "remote";
+	String ports = "ports";
+	String protos = "protocols";
+	String capabilities = "capabilities";
+	String udp = "udp";
+		
+	try {
+	    JSONArray protocolsJSON = gateway.getJSONObject(capabilities).getJSONArray(protos);
+	    for ( int i=0; i<protocolsJSON.length(); i++ ) {
+		String remote_line = remote_openvpn_keyword;
+		remote_line += " " + gateway.getString(remote);
+		remote_line += " " + gateway.getJSONObject(capabilities).getJSONArray(ports).optString(0);
+		remote_line += " " + protocolsJSON.optString(i);
+		if(remote_line.endsWith(udp))
+		    remotes = remotes.replaceFirst(remote_openvpn_keyword, remote_line + new_line + remote_openvpn_keyword);
+		else
+		    remotes += remote_line;
+		remotes += new_line;
+	    }
+	} catch (JSONException e) {
+	    // TODO Auto-generated catch block
+	    e.printStackTrace();
+	}
+		
+	Log.d(TAG, "remotes = " + remotes);
+	return remotes;
+    }
+
+    private String secretsConfiguration() {
+						    
+	String ca = 
+	    "<ca>"
+	    + new_line
+	    + preferences.getString(Provider.CA_CERT, "")
+	    + new_line
+	    + "</ca>";
+		
+	String key =
+	    "<key>"
+	    + new_line
+	    + preferences.getString(Constants.PRIVATE_KEY, "")
+	    + new_line
+	    + "</key>";
+		
+	String openvpn_cert =
+	    "<cert>"
+	    + new_line
+	    + preferences.getString(Constants.CERTIFICATE, "")
+	    + new_line
+	    + "</cert>";
+
+	return ca + new_line + key + new_line + openvpn_cert;
+    }
+
+    private String androidCustomizations() {
+	return
+	    "remote-cert-tls server"
+	    + new_line
+	    + "persist-tun"
+	    + new_line
+	    + "auth-retry nointeract";
+    }
+}
diff --git a/app/src/main/res/drawable-hdpi/ic_close_white_24dp.png b/app/src/main/res/drawable-hdpi/ic_close_white_24dp.png
new file mode 100644
index 00000000..0fd15563
--- /dev/null
+++ b/app/src/main/res/drawable-hdpi/ic_close_white_24dp.png
diff --git a/app/src/main/res/drawable-hdpi/ic_delete_white_24dp.png b/app/src/main/res/drawable-hdpi/ic_delete_white_24dp.png
new file mode 100644
index 00000000..a9eac0ca
--- /dev/null
+++ b/app/src/main/res/drawable-hdpi/ic_delete_white_24dp.png
diff --git a/app/src/main/res/drawable-hdpi/ic_edit_grey600_24dp.png b/app/src/main/res/drawable-hdpi/ic_edit_grey600_24dp.png
new file mode 100644
index 00000000..b5f88c80
--- /dev/null
+++ b/app/src/main/res/drawable-hdpi/ic_edit_grey600_24dp.png
diff --git a/app/src/main/res/drawable-hdpi/ic_edit_white_24dp.png b/app/src/main/res/drawable-hdpi/ic_edit_white_24dp.png
new file mode 100644
index 00000000..730416c9
--- /dev/null
+++ b/app/src/main/res/drawable-hdpi/ic_edit_white_24dp.png
diff --git a/app/src/main/res/drawable-hdpi/ic_filter_list_white_24dp.png b/app/src/main/res/drawable-hdpi/ic_filter_list_white_24dp.png
new file mode 100644
index 00000000..30122adf
--- /dev/null
+++ b/app/src/main/res/drawable-hdpi/ic_filter_list_white_24dp.png
diff --git a/app/src/main/res/drawable-hdpi/ic_share_white_24dp.png b/app/src/main/res/drawable-hdpi/ic_share_white_24dp.png
new file mode 100644
index 00000000..93b3c219
--- /dev/null
+++ b/app/src/main/res/drawable-hdpi/ic_share_white_24dp.png
diff --git a/app/src/main/res/drawable-mdpi/ic_close_white_24dp.png b/app/src/main/res/drawable-mdpi/ic_close_white_24dp.png
new file mode 100644
index 00000000..e80681ae
--- /dev/null
+++ b/app/src/main/res/drawable-mdpi/ic_close_white_24dp.png
diff --git a/app/src/main/res/drawable-mdpi/ic_delete_white_24dp.png b/app/src/main/res/drawable-mdpi/ic_delete_white_24dp.png
new file mode 100644
index 00000000..e4ea52ef
--- /dev/null
+++ b/app/src/main/res/drawable-mdpi/ic_delete_white_24dp.png
diff --git a/app/src/main/res/drawable-mdpi/ic_edit_grey600_24dp.png b/app/src/main/res/drawable-mdpi/ic_edit_grey600_24dp.png
new file mode 100644
index 00000000..bae3480c
--- /dev/null
+++ b/app/src/main/res/drawable-mdpi/ic_edit_grey600_24dp.png
diff --git a/app/src/main/res/drawable-mdpi/ic_edit_white_24dp.png b/app/src/main/res/drawable-mdpi/ic_edit_white_24dp.png
new file mode 100644
index 00000000..85cff0b9
--- /dev/null
+++ b/app/src/main/res/drawable-mdpi/ic_edit_white_24dp.png
diff --git a/app/src/main/res/drawable-mdpi/ic_filter_list_white_24dp.png b/app/src/main/res/drawable-mdpi/ic_filter_list_white_24dp.png
new file mode 100644
index 00000000..49cec669
--- /dev/null
+++ b/app/src/main/res/drawable-mdpi/ic_filter_list_white_24dp.png
diff --git a/app/src/main/res/drawable-mdpi/ic_share_white_24dp.png b/app/src/main/res/drawable-mdpi/ic_share_white_24dp.png
new file mode 100644
index 00000000..4d019722
--- /dev/null
+++ b/app/src/main/res/drawable-mdpi/ic_share_white_24dp.png
diff --git a/app/src/main/res/drawable-xhdpi/ic_close_white_24dp.png b/app/src/main/res/drawable-xhdpi/ic_close_white_24dp.png
new file mode 100644
index 00000000..76e07f09
--- /dev/null
+++ b/app/src/main/res/drawable-xhdpi/ic_close_white_24dp.png
diff --git a/app/src/main/res/drawable-xhdpi/ic_delete_white_24dp.png b/app/src/main/res/drawable-xhdpi/ic_delete_white_24dp.png
new file mode 100644
index 00000000..cdb230c2
--- /dev/null
+++ b/app/src/main/res/drawable-xhdpi/ic_delete_white_24dp.png
diff --git a/app/src/main/res/drawable-xhdpi/ic_edit_grey600_24dp.png b/app/src/main/res/drawable-xhdpi/ic_edit_grey600_24dp.png
new file mode 100644
index 00000000..4c95bd57
--- /dev/null
+++ b/app/src/main/res/drawable-xhdpi/ic_edit_grey600_24dp.png
diff --git a/app/src/main/res/drawable-xhdpi/ic_edit_white_24dp.png b/app/src/main/res/drawable-xhdpi/ic_edit_white_24dp.png
new file mode 100644
index 00000000..7f0ea51b
--- /dev/null
+++ b/app/src/main/res/drawable-xhdpi/ic_edit_white_24dp.png
diff --git a/app/src/main/res/drawable-xhdpi/ic_filter_list_white_24dp.png b/app/src/main/res/drawable-xhdpi/ic_filter_list_white_24dp.png
new file mode 100644
index 00000000..d4ca77bf
--- /dev/null
+++ b/app/src/main/res/drawable-xhdpi/ic_filter_list_white_24dp.png
diff --git a/app/src/main/res/drawable-xhdpi/ic_share_white_24dp.png b/app/src/main/res/drawable-xhdpi/ic_share_white_24dp.png
new file mode 100644
index 00000000..dd536bca
--- /dev/null
+++ b/app/src/main/res/drawable-xhdpi/ic_share_white_24dp.png
diff --git a/app/src/main/res/drawable-xxhdpi/ic_close_white_24dp.png b/app/src/main/res/drawable-xxhdpi/ic_close_white_24dp.png
new file mode 100644
index 00000000..0eb9d8b0
--- /dev/null
+++ b/app/src/main/res/drawable-xxhdpi/ic_close_white_24dp.png
diff --git a/app/src/main/res/drawable-xxhdpi/ic_delete_white_24dp.png b/app/src/main/res/drawable-xxhdpi/ic_delete_white_24dp.png
new file mode 100644
index 00000000..0e95e9b1
--- /dev/null
+++ b/app/src/main/res/drawable-xxhdpi/ic_delete_white_24dp.png
diff --git a/app/src/main/res/drawable-xxhdpi/ic_edit_grey600_24dp.png b/app/src/main/res/drawable-xxhdpi/ic_edit_grey600_24dp.png
new file mode 100644
index 00000000..6ed4351c
--- /dev/null
+++ b/app/src/main/res/drawable-xxhdpi/ic_edit_grey600_24dp.png
diff --git a/app/src/main/res/drawable-xxhdpi/ic_edit_white_24dp.png b/app/src/main/res/drawable-xxhdpi/ic_edit_white_24dp.png
new file mode 100644
index 00000000..34ec7092
--- /dev/null
+++ b/app/src/main/res/drawable-xxhdpi/ic_edit_white_24dp.png
diff --git a/app/src/main/res/drawable-xxhdpi/ic_filter_list_white_24dp.png b/app/src/main/res/drawable-xxhdpi/ic_filter_list_white_24dp.png
new file mode 100644
index 00000000..802b3cd5
--- /dev/null
+++ b/app/src/main/res/drawable-xxhdpi/ic_filter_list_white_24dp.png
diff --git a/app/src/main/res/drawable-xxhdpi/ic_share_white_24dp.png b/app/src/main/res/drawable-xxhdpi/ic_share_white_24dp.png
new file mode 100644
index 00000000..9963c6a0
--- /dev/null
+++ b/app/src/main/res/drawable-xxhdpi/ic_share_white_24dp.png
diff --git a/app/src/main/res/drawable-xxxhdpi/ic_close_white_24dp.png b/app/src/main/res/drawable-xxxhdpi/ic_close_white_24dp.png
new file mode 100644
index 00000000..7b2a480a
--- /dev/null
+++ b/app/src/main/res/drawable-xxxhdpi/ic_close_white_24dp.png
diff --git a/app/src/main/res/drawable-xxxhdpi/ic_delete_white_24dp.png b/app/src/main/res/drawable-xxxhdpi/ic_delete_white_24dp.png
new file mode 100644
index 00000000..ccf8c716
--- /dev/null
+++ b/app/src/main/res/drawable-xxxhdpi/ic_delete_white_24dp.png
diff --git a/app/src/main/res/drawable-xxxhdpi/ic_edit_grey600_24dp.png b/app/src/main/res/drawable-xxxhdpi/ic_edit_grey600_24dp.png
new file mode 100644
index 00000000..0c0fd76f
--- /dev/null
+++ b/app/src/main/res/drawable-xxxhdpi/ic_edit_grey600_24dp.png
diff --git a/app/src/main/res/drawable-xxxhdpi/ic_edit_white_24dp.png b/app/src/main/res/drawable-xxxhdpi/ic_edit_white_24dp.png
new file mode 100644
index 00000000..9380370f
--- /dev/null
+++ b/app/src/main/res/drawable-xxxhdpi/ic_edit_white_24dp.png
diff --git a/app/src/main/res/drawable-xxxhdpi/ic_filter_list_white_24dp.png b/app/src/main/res/drawable-xxxhdpi/ic_filter_list_white_24dp.png
new file mode 100644
index 00000000..511008ce
--- /dev/null
+++ b/app/src/main/res/drawable-xxxhdpi/ic_filter_list_white_24dp.png
diff --git a/app/src/main/res/drawable-xxxhdpi/ic_share_white_24dp.png b/app/src/main/res/drawable-xxxhdpi/ic_share_white_24dp.png
new file mode 100644
index 00000000..bb521c14
--- /dev/null
+++ b/app/src/main/res/drawable-xxxhdpi/ic_share_white_24dp.png
diff --git a/app/src/main/res/layout-sw600dp-port/log_fragment.xml b/app/src/main/res/layout-sw600dp-port/log_fragment.xml
index ddf0506b..2f5c774d 100644
--- a/app/src/main/res/layout-sw600dp-port/log_fragment.xml
+++ b/app/src/main/res/layout-sw600dp-port/log_fragment.xml
@@ -1,4 +1,9 @@
 <?xml version="1.0" encoding="utf-8"?>
+<!--
+  ~ Copyright (c) 2012-2014 Arne Schwabe
+  ~ Distributed under the GNU GPL v2. For full terms see the file doc/LICENSE.txt
+  -->
+
 <LinearLayout xmlns:android="http://schemas.android.com/apk/res/android"
               xmlns:tools="http://schemas.android.com/tools"
               android:layout_width="match_parent"
diff --git a/app/src/main/res/layout-sw600dp/log_fragment.xml b/app/src/main/res/layout-sw600dp/log_fragment.xml
index c4e1355c..b8997982 100644
--- a/app/src/main/res/layout-sw600dp/log_fragment.xml
+++ b/app/src/main/res/layout-sw600dp/log_fragment.xml
@@ -1,4 +1,9 @@
 <?xml version="1.0" encoding="utf-8"?>
+<!--
+  ~ Copyright (c) 2012-2014 Arne Schwabe
+  ~ Distributed under the GNU GPL v2. For full terms see the file doc/LICENSE.txt
+  -->
+
 <LinearLayout xmlns:android="http://schemas.android.com/apk/res/android"
               xmlns:tools="http://schemas.android.com/tools"
               android:layout_width="match_parent"
diff --git a/app/src/main/res/layout-xlarge/client_dashboard.xml b/app/src/main/res/layout-xlarge/dashboard.xml
index bd644e1e..bd644e1e 100644
--- a/app/src/main/res/layout-xlarge/client_dashboard.xml
+++ b/app/src/main/res/layout-xlarge/dashboard.xml
diff --git a/app/src/main/res/layout-xlarge/eip_service_fragment.xml b/app/src/main/res/layout-xlarge/eip_service_fragment.xml
index e5c7f23d..38b6aca3 100644
--- a/app/src/main/res/layout-xlarge/eip_service_fragment.xml
+++ b/app/src/main/res/layout-xlarge/eip_service_fragment.xml
@@ -37,39 +37,20 @@
         android:layout_marginLeft="15dp"
         android:layout_marginRight="15dp" />
 
-    <RelativeLayout
-        android:id="@+id/eipDetail"
-        android:layout_width="match_parent"
+    <TextView
+        android:id="@+id/status_message"
+        android:layout_width="wrap_content"
         android:layout_height="wrap_content"
-        android:layout_alignParentLeft="true"
-        android:layout_alignParentRight="true"
         android:layout_below="@+id/eipLabel"
         android:paddingBottom="10dp"
         android:paddingLeft="10dp"
         android:paddingRight="10dp"
         android:paddingTop="10dp"
-        android:visibility="gone" >
-
-        <ImageView
-            android:id="@+id/eipSettings"
-            android:layout_width="wrap_content"
-            android:layout_height="wrap_content"
-            android:layout_alignParentRight="true"
-            android:layout_alignParentTop="true"
-            android:layout_margin="10dp"
-            android:contentDescription="@string/eip_settings_button_description"
-            android:src="@drawable/ic_sysbar_quicksettings" />
-
-        <TextView
-            android:id="@+id/eipStatus"
-            android:layout_width="wrap_content"
-            android:layout_height="wrap_content"
-            android:layout_alignParentLeft="true"
-            android:layout_centerVertical="true"
-            android:clickable="true"
-            android:text="@string/status_unknown"
-            android:textSize="16sp" />
+        android:layout_alignParentLeft="true"
+        android:layout_centerVertical="true"
+        android:clickable="true"
+        android:text="@string/eip_state_not_connected"
+        android:textSize="16sp" />
 
-    </RelativeLayout>
 
 </RelativeLayout>
diff --git a/app/src/main/res/layout-xlarge/provider_list_fragment.xml b/app/src/main/res/layout-xlarge/provider_list_fragment.xml
deleted file mode 100644
index 59dd37d1..00000000
--- a/app/src/main/res/layout-xlarge/provider_list_fragment.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<LinearLayout xmlns:android="http://schemas.android.com/apk/res/android"

-    android:layout_width="match_parent"

-    android:layout_height="match_parent"

-    android:orientation="vertical"

-    android:paddingLeft="12dp"

-    android:paddingRight="12dp"

-    android:paddingTop="12dp" >

-

-    <ListView

-        android:id="@id/android:list"

-        android:layout_width="match_parent"

-        android:layout_height="0dip"

-        android:layout_weight="1"

-        android:drawSelectorOnTop="false" />

-

-</LinearLayout>
diff --git a/app/src/main/res/layout-xlarge/log_in_dialog.xml b/app/src/main/res/layout-xlarge/session_dialog.xml
index 3a9eebb8..3a9eebb8 100644
--- a/app/src/main/res/layout-xlarge/log_in_dialog.xml
+++ b/app/src/main/res/layout-xlarge/session_dialog.xml
diff --git a/app/src/main/res/layout/about.xml b/app/src/main/res/layout/about.xml
index ccb1ea26..2669caa3 100644
--- a/app/src/main/res/layout/about.xml
+++ b/app/src/main/res/layout/about.xml
@@ -35,6 +35,17 @@
             android:layout_width="match_parent"
             android:layout_height="wrap_content"
             android:autoLink="all"
+            android:text="@string/copyright_blinktgui" />
+
+
+        <Space
+            android:layout_width="match_parent"
+            android:layout_height="10sp" />
+
+        <TextView
+            android:layout_width="match_parent"
+            android:layout_height="wrap_content"
+            android:autoLink="all"
             android:text="@string/repository_url_text" />
 
 	<TextView
diff --git a/app/src/main/res/layout/configuration_wizard_activity.xml b/app/src/main/res/layout/configuration_wizard_activity.xml
index f3d0e48b..a5bca1e9 100644
--- a/app/src/main/res/layout/configuration_wizard_activity.xml
+++ b/app/src/main/res/layout/configuration_wizard_activity.xml
@@ -5,6 +5,12 @@
     android:layout_height="match_parent"
     tools:context=".ConfigurationWizard" >
 
+    <ListView
+        android:id="@+id/provider_list"
+        android:layout_width="match_parent"
+        android:layout_height="match_parent"
+        android:drawSelectorOnTop="false" />
+
     <ProgressBar
         android:id="@+id/progressbar_configuration_wizard"
         style="?android:attr/progressBarStyleHorizontal"
@@ -22,5 +28,4 @@
         android:textAppearance="?android:attr/textAppearanceMedium"
         android:layout_centerHorizontal="true"
         android:textColor="@android:color/holo_blue_bright" />
-
 </RelativeLayout>
\ No newline at end of file
diff --git a/app/src/main/res/layout/client_dashboard.xml b/app/src/main/res/layout/dashboard.xml
index f33ac285..67a1122f 100644
--- a/app/src/main/res/layout/client_dashboard.xml
+++ b/app/src/main/res/layout/dashboard.xml
@@ -25,6 +25,7 @@
           android:id="@+id/providerName"
           android:layout_width="wrap_content"
           android:layout_height="wrap_content"
+          android:textSize="28sp"
 	  android:layout_marginLeft="10dp"
           android:ellipsize="marquee"
           android:fadingEdge="horizontal"
diff --git a/app/src/main/res/layout/eip_service_fragment.xml b/app/src/main/res/layout/eip_service_fragment.xml
index 5992a873..64d22147 100644
--- a/app/src/main/res/layout/eip_service_fragment.xml
+++ b/app/src/main/res/layout/eip_service_fragment.xml
@@ -22,8 +22,8 @@
         android:layout_alignParentRight="true"
         android:layout_alignParentTop="true"
         android:layout_marginRight="10dp" />
-    
-    <ProgressBar 
+
+    <ProgressBar
         android:id="@+id/eipProgress"
         android:layout_width="match_parent"
         android:layout_height="wrap_content"
@@ -34,38 +34,18 @@
         android:layout_marginLeft="15dp"
         android:layout_marginRight="15dp" />
 
-    <RelativeLayout
-        android:id="@+id/eipDetail"
-        android:layout_width="match_parent"
+    <TextView
+        android:id="@+id/status_message"
+        android:layout_width="wrap_content"
         android:layout_height="wrap_content"
         android:layout_alignParentLeft="true"
-        android:layout_alignParentRight="true"
-        android:layout_below="@+id/eipLabel"
+        android:layout_below="@id/eipProgress"
+        android:layout_centerVertical="true"
+        android:paddingTop="5dp"
         android:paddingBottom="10dp"
         android:paddingLeft="10dp"
         android:paddingRight="10dp"
-        android:paddingTop="10dp"
-        android:visibility="gone" >
-
-        <ImageView
-            android:id="@+id/eipSettings"
-            android:layout_width="wrap_content"
-            android:layout_height="wrap_content"
-            android:layout_alignParentRight="true"
-            android:layout_alignParentTop="true"
-            android:layout_margin="10dp"
-            android:contentDescription="@string/eip_settings_button_description"
-            android:src="@drawable/ic_sysbar_quicksettings" />
-
-        <TextView
-            android:id="@+id/eipStatus"
-            android:layout_width="wrap_content"
-            android:layout_height="wrap_content"
-            android:layout_alignParentLeft="true"
-            android:layout_centerVertical="true"
-            android:clickable="true"
-            android:text="@string/status_unknown" />
-
-    </RelativeLayout>
+        android:clickable="true"
+        android:text="@string/eip_state_not_connected" />
 
 </RelativeLayout>
diff --git a/app/src/main/res/layout/log_fragment.xml b/app/src/main/res/layout/log_fragment.xml
index 0b428070..2cc4759e 100644
--- a/app/src/main/res/layout/log_fragment.xml
+++ b/app/src/main/res/layout/log_fragment.xml
@@ -1,4 +1,9 @@
 <?xml version="1.0" encoding="utf-8"?>
+<!--
+  ~ Copyright (c) 2012-2014 Arne Schwabe
+  ~ Distributed under the GNU GPL v2. For full terms see the file doc/LICENSE.txt
+  -->
+
 <LinearLayout xmlns:android="http://schemas.android.com/apk/res/android"
               xmlns:tools="http://schemas.android.com/tools"
               android:layout_width="match_parent"
diff --git a/app/src/main/res/layout/log_silders.xml b/app/src/main/res/layout/log_silders.xml
index 0ecb5daa..3fcbd85a 100644
--- a/app/src/main/res/layout/log_silders.xml
+++ b/app/src/main/res/layout/log_silders.xml
@@ -1,6 +1,11 @@
 <?xml version="1.0" encoding="utf-8"?>
 
 
+<!--
+  ~ Copyright (c) 2012-2014 Arne Schwabe
+  ~ Distributed under the GNU GPL v2. For full terms see the file doc/LICENSE.txt
+  -->
+
 <LinearLayout
         xmlns:tools="http://schemas.android.com/tools"
         xmlns:android="http://schemas.android.com/apk/res/android"
diff --git a/app/src/main/res/layout/log_window.xml b/app/src/main/res/layout/log_window.xml
index 56c3e349..d7576ca3 100644
--- a/app/src/main/res/layout/log_window.xml
+++ b/app/src/main/res/layout/log_window.xml
@@ -1,3 +1,8 @@
+<!--
+  ~ Copyright (c) 2012-2014 Arne Schwabe
+  ~ Distributed under the GNU GPL v2. For full terms see the file doc/LICENSE.txt
+  -->
+
 <FrameLayout xmlns:android="http://schemas.android.com/apk/res/android"
              xmlns:tools="http://schemas.android.com/tools"
              android:id="@+id/container"
diff --git a/app/src/main/res/layout/provider_list_fragment.xml b/app/src/main/res/layout/provider_list_fragment.xml
deleted file mode 100644
index 70dbae0d..00000000
--- a/app/src/main/res/layout/provider_list_fragment.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<LinearLayout xmlns:android="http://schemas.android.com/apk/res/android"

-    android:layout_width="match_parent"

-    android:layout_height="match_parent"

-    android:orientation="vertical"

-    android:paddingLeft="8dp"

-    android:paddingRight="8dp" >

-

-    <ListView

-        android:id="@id/android:list"

-        android:layout_width="match_parent"

-        android:layout_height="0dip"

-        android:layout_weight="1"

-        android:drawSelectorOnTop="false" />

-

-</LinearLayout>
diff --git a/app/src/main/res/layout/provider_list_item.xml b/app/src/main/res/layout/provider_list_item.xml
index 8746f6f8..68ba7e31 100644
--- a/app/src/main/res/layout/provider_list_item.xml
+++ b/app/src/main/res/layout/provider_list_item.xml
@@ -24,7 +24,7 @@
     android:mode="twoLine"
 >
 
-    <TextView android:id="@android:id/text1"
+    <TextView android:id="@+id/provider_domain"
         android:layout_width="match_parent"
         android:layout_height="wrap_content"
         android:layout_marginLeft="?android:attr/listPreferredItemPaddingLeft"
@@ -32,11 +32,11 @@
         android:textAppearance="?android:attr/textAppearanceListItem"
     />
 
-    <TextView android:id="@android:id/text2"
+    <TextView android:id="@+id/provider_name"
         android:layout_width="match_parent"
         android:layout_height="wrap_content"
-        android:layout_below="@android:id/text1"
-        android:layout_alignLeft="@android:id/text1"
+        android:layout_below="@id/provider_domain"
+        android:layout_alignLeft="@id/provider_domain"
         android:textAppearance="?android:attr/textAppearanceSmall"
     />
 
diff --git a/app/src/main/res/layout/log_in_dialog.xml b/app/src/main/res/layout/session_dialog.xml
index c8a2f0a8..62215ae8 100644
--- a/app/src/main/res/layout/log_in_dialog.xml
+++ b/app/src/main/res/layout/session_dialog.xml
@@ -4,13 +4,14 @@
     android:layout_width="wrap_content"
     android:layout_height="wrap_content"
     android:orientation="vertical"
-    tools:context=".LogInDialog" >
+    tools:context=".SessionDialog" >
 
     <TextView
         android:id="@+id/user_message"
         android:layout_width="match_parent"
         android:layout_height="wrap_content"
         android:gravity="center"
+        android:visibility="gone"
         android:textAppearance="?android:attr/textAppearanceMedium" />
 
     <EditText
diff --git a/app/src/main/res/layout/vpnstatus.xml b/app/src/main/res/layout/vpnstatus.xml
index eb7c53ee..2fd65b4c 100644
--- a/app/src/main/res/layout/vpnstatus.xml
+++ b/app/src/main/res/layout/vpnstatus.xml
@@ -1,4 +1,9 @@
 <?xml version="1.0" encoding="utf-8"?>
+<!--
+  ~ Copyright (c) 2012-2014 Arne Schwabe
+  ~ Distributed under the GNU GPL v2. For full terms see the file doc/LICENSE.txt
+  -->
+
 <merge xmlns:tools="http://schemas.android.com/tools"
        xmlns:android="http://schemas.android.com/apk/res/android">
 
diff --git a/app/src/main/res/menu/logmenu.xml b/app/src/main/res/menu/logmenu.xml
index c8c9e815..52ba4b7d 100644
--- a/app/src/main/res/menu/logmenu.xml
+++ b/app/src/main/res/menu/logmenu.xml
@@ -1,37 +1,42 @@
 <?xml version="1.0" encoding="utf-8"?>
+<!--
+  ~ Copyright (c) 2012-2014 Arne Schwabe
+  ~ Distributed under the GNU GPL v2. For full terms see the file doc/LICENSE.txt
+  -->
+
 <menu xmlns:android="http://schemas.android.com/apk/res/android">
 
 
     <item
             android:id="@+id/toggle_time"
             android:alphabeticShortcut="t"
-            android:icon="@android:drawable/ic_menu_view"
+            android:icon="@drawable/ic_menu_view"
             android:showAsAction="withText|ifRoom"
             android:title="@string/logview_options" />
 
     <item
             android:id="@+id/clearlog"
-            android:icon="@android:drawable/ic_menu_delete"
+            android:icon="@drawable/ic_menu_delete"
             android:showAsAction="ifRoom|withText"
             android:title="@string/clear_log"
             android:titleCondensed="@string/clear"/>
     <item
             android:id="@+id/send"
-            android:icon="@android:drawable/ic_menu_share"
+            android:icon="@drawable/ic_menu_share"
             android:showAsAction="ifRoom|withText"
             android:title="@string/send_logfile"
             android:titleCondensed="@string/send"/>
 
     <item
             android:id="@+id/cancel"
-            android:icon="@android:drawable/ic_menu_close_clear_cancel"
+            android:icon="@drawable/ic_menu_close_clear_cancel"
             android:showAsAction="ifRoom|withText"
             android:title="@string/cancel_connection_long"
             android:titleCondensed="@string/cancel_connection"/>
     <item
             android:id="@+id/edit_vpn"
             android:alphabeticShortcut="e"
-            android:icon="@android:drawable/ic_menu_edit"
+            android:icon="@drawable/ic_menu_edit"
             android:showAsAction="withText|ifRoom"
             android:title="@string/edit_vpn"
 	    android:visible="false"/>
diff --git a/app/src/main/res/values-ca/strings-icsopenvpn.xml b/app/src/main/res/values-ca/strings-icsopenvpn.xml
index 7e74c198..b18766ca 100755
--- a/app/src/main/res/values-ca/strings-icsopenvpn.xml
+++ b/app/src/main/res/values-ca/strings-icsopenvpn.xml
@@ -1,5 +1,9 @@
 <?xml version="1.0" encoding="utf-8"?>
 <!--Generated by crowdin.com-->
+<!--
+  ~ Copyright (c) 2012-2014 Arne Schwabe
+  ~ Distributed under the GNU GPL v2. For full terms see the file doc/LICENSE.txt
+  -->
 <!-- Generated by crowdin.net -->
 <resources>
 
diff --git a/app/src/main/res/values-cs/strings-icsopenvpn.xml b/app/src/main/res/values-cs/strings-icsopenvpn.xml
index b13bfcdd..6ae5a3f0 100755
--- a/app/src/main/res/values-cs/strings-icsopenvpn.xml
+++ b/app/src/main/res/values-cs/strings-icsopenvpn.xml
@@ -1,5 +1,9 @@
 <?xml version="1.0" encoding="utf-8"?>
-<!--Generated by crowdin.net-->
+<!--Generated by crowdin.com-->
+<!--
+  ~ Copyright (c) 2012-2014 Arne Schwabe
+  ~ Distributed under the GNU GPL v2. For full terms see the file doc/LICENSE.txt
+  -->
 <!-- Generated by crowdin.net -->
 <resources>
 
@@ -319,4 +323,9 @@
   <string name="files_missing_hint">Některé soubory nemohly být nalezeny. Prosím vyber profil, který chceš importovat:</string>
   <string name="openvpn_is_no_free_vpn">Pro používání této aplikace je potřeba VPN poskytovatel/brána, která podporuje OpenVPN (�asto je to zaměstnavatel). Pro více informací a návod na nastavení OpenVPN serveru navštiv http://community.openvpn.net/</string>
   <string name="import_log">Import logu:</string>
+  <string name="ip_looks_like_subnet">Vpn topologie \"%3$s\" soecifikována, ale ifconfig %1$s %2$s vypadá spíše jako IP adresa se síťovou maskou. Předpokládám \"podsíťovou\" topologii.</string>
+  <string name="mssfix_invalid_value">mssfix hodnota musí být celé �íslo mezi 0 a 9000</string>
+  <string name="mssfix_value_dialog">Oznámit TCP sezením běžícím skrze tunel, že mají limitovat velikost odesílaných paketů tak, aby poté, co je OpenVPN zabalí, byla výsledná velikost UDP paketu, které OpenVPN posílá menší než tento po�et bytů. (výchozí je 1450)</string>
+  <string name="mssfix_checkbox">Přepsat hodnotu MSS pro TCP obsah</string>
+  <string name="mssfix_dialogtitle">Nastavit MSS pro TCP obsah</string>
 </resources>
diff --git a/app/src/main/res/values-de/strings-icsopenvpn.xml b/app/src/main/res/values-de/strings-icsopenvpn.xml
index 5ece9326..cebb9646 100755
--- a/app/src/main/res/values-de/strings-icsopenvpn.xml
+++ b/app/src/main/res/values-de/strings-icsopenvpn.xml
@@ -1,5 +1,9 @@
 <?xml version="1.0" encoding="utf-8"?>
 <!--Generated by crowdin.com-->
+<!--
+  ~ Copyright (c) 2012-2014 Arne Schwabe
+  ~ Distributed under the GNU GPL v2. For full terms see the file doc/LICENSE.txt
+  -->
 <!-- Generated by crowdin.net -->
 <resources>
 
@@ -319,4 +323,9 @@
   <string name="files_missing_hint">Einige Dateien konnten nicht gefunden werden. Bitte wählen Sie diese manuell aus:</string>
   <string name="openvpn_is_no_free_vpn">Um diese Anwendung nutzen zu können brauchen Sie einen OpenVPN fähigen Server. Diese werden häufig von Ihrer Firma oder Universität bereitgestellt. Besuchen Sie http://community.openvpn.net/  um mehr über OpenVPN zu erfahren und wie Sie Ihren eigenen Server aufsetzen können.</string>
   <string name="import_log">Import-Protokoll:</string>
+  <string name="ip_looks_like_subnet">VPN-Topologie \"%3$s\" wurde angegeben, die Interface Konfiguration \'ifconfig %1$s %2$s sieht wie eine IP-Adresse mit einer Netzwerkmaske.  Topologie \"subnet\" wird angenommen.</string>
+  <string name="mssfix_invalid_value">mssfix Wert muss eine Zahl zwischen 0 und 9000 sein</string>
+  <string name="mssfix_value_dialog">Ändere TCP-Verbindungen, die über den Tunnel laufen, so dass die resultierende UDP-Paketgröße nach der Enkapsulierung durch OpenVPN auf diesen Wert beschränkt bleibt. (Standardwert ist 1450)</string>
+  <string name="mssfix_checkbox">Ãœberschreiben des MSS-Wert von TCP-Nutzlast</string>
+  <string name="mssfix_dialogtitle">Setze MSS von TCP-Nutzlast</string>
 </resources>
diff --git a/app/src/main/res/values-es/strings-icsopenvpn.xml b/app/src/main/res/values-es/strings-icsopenvpn.xml
index 399392bf..92995c6f 100755
--- a/app/src/main/res/values-es/strings-icsopenvpn.xml
+++ b/app/src/main/res/values-es/strings-icsopenvpn.xml
@@ -1,5 +1,9 @@
 <?xml version="1.0" encoding="utf-8"?>
 <!--Generated by crowdin.com-->
+<!--
+  ~ Copyright (c) 2012-2014 Arne Schwabe
+  ~ Distributed under the GNU GPL v2. For full terms see the file doc/LICENSE.txt
+  -->
 <!-- Generated by crowdin.net -->
 <resources>
 
@@ -319,4 +323,8 @@
   <string name="files_missing_hint">Algunos archivos no se pudo encontrar. Por favor, seleccione los archivos que desea importar el perfil:</string>
   <string name="openvpn_is_no_free_vpn">Para utilizar esta aplicación usted necesita un proveedor de servicio VPN /  es un apoyo OpenVPN (a menudo proporcionados por su empleador). Echa un vistazo a http://community.openvpn.net/ para más información sobre OpenVPN y cómo configurar su propio servidor OpenVPN.</string>
   <string name="import_log">Importar registros:</string>
+  <string name="ip_looks_like_subnet">Topología de VPN \"%3$s\" especificado pero ifconfig %1$s %2$s se parece más a una dirección IP con una máscara de red. Asumiendo una topología de \"subred\".</string>
+  <string name="mssfix_invalid_value">El valor de mssfix debe ser un número entero entre 0 y 9000</string>
+  <string name="mssfix_checkbox">Reemplazar el valor MSS de la carga TCP</string>
+  <string name="mssfix_dialogtitle">Establecer MSS de la carga TCP</string>
 </resources>
diff --git a/app/src/main/res/values-et/strings-icsopenvpn.xml b/app/src/main/res/values-et/strings-icsopenvpn.xml
index 478483ec..7761726e 100755
--- a/app/src/main/res/values-et/strings-icsopenvpn.xml
+++ b/app/src/main/res/values-et/strings-icsopenvpn.xml
@@ -1,5 +1,9 @@
 <?xml version="1.0" encoding="utf-8"?>
-<!--Generated by crowdin.net-->
+<!--Generated by crowdin.com-->
+<!--
+  ~ Copyright (c) 2012-2014 Arne Schwabe
+  ~ Distributed under the GNU GPL v2. For full terms see the file doc/LICENSE.txt
+  -->
 <!-- Generated by crowdin.net -->
 <resources>
 
@@ -319,4 +323,9 @@
   <string name="files_missing_hint">Mõningaid faile ei leitud. Palun valige importimiseks profiili failid:</string>
   <string name="openvpn_is_no_free_vpn">Selle rakenduse kasutamiseks vajate OpenVPN toega VPN teenusepakkujat/VPN lüüsi (mida sageli pakub teie tööandja). Lisainfo saamiseks OpenVPN kohta ja oma isikliku OpenVPN serveri seadistamise kohta tutvuge veebilehega http://community.openvpn.net/ .</string>
   <string name="import_log">Impordi logi:</string>
+  <string name="ip_looks_like_subnet">Valitud on \"%3$s\" Vpn topoloogia, kuid ifconfig %1$s %2$s sarnaneb rohkem maskiga IP aadressile. Määratakse \"alamvõrgu\" topoloogia.</string>
+  <string name="mssfix_invalid_value">mssfix väärtus peab olema täisarv vahemikus 0 kuni 9000</string>
+  <string name="mssfix_value_dialog">Informeeri tunneldatud TCP sessioone et nad piiraksid saadetavate pakettide suuruse nii, et peale OpenVPN kapseldatud paketi partnerile saatmist ei oleks saadud UDP pakett suurem kui ette antud baitide arv. (vaikeväärtus on 1450)</string>
+  <string name="mssfix_checkbox">Ignoreeri TCP lasti MSS väärtust</string>
+  <string name="mssfix_dialogtitle">Sea TCP lasti MSS väärtus</string>
 </resources>
diff --git a/app/src/main/res/values-fr/strings-icsopenvpn.xml b/app/src/main/res/values-fr/strings-icsopenvpn.xml
index a26ce445..15bc7aa4 100755
--- a/app/src/main/res/values-fr/strings-icsopenvpn.xml
+++ b/app/src/main/res/values-fr/strings-icsopenvpn.xml
@@ -1,5 +1,9 @@
 <?xml version="1.0" encoding="utf-8"?>
 <!--Generated by crowdin.com-->
+<!--
+  ~ Copyright (c) 2012-2014 Arne Schwabe
+  ~ Distributed under the GNU GPL v2. For full terms see the file doc/LICENSE.txt
+  -->
 <!-- Generated by crowdin.net -->
 <resources>
 
@@ -216,7 +220,6 @@ Sur certaines images, cette notification joue un son.\nAndroid à introduit ces
   <string name="vpn_import_hint">"Utilisez l\'icône &lt;img src=\"ic_menu_archive\"/&gt; pour importer un fichier profil (.opvpn ou  .conf) de votre carte SD."</string>
   <string name="faq_hint">"Veillez également à consulter la FAQ. Il s\'y trouve un guide de démarrage rapide."</string>
   <string name="faq_routing_title">"Redirections / Configuration de l\'interface"</string>
-  <string name="faq_routing">The Routing and interface configuration is not done via traditional ifconfig/route commands but by using the VPNService API. This results in a different routing configuration than on other OSes. The configuration for the VPN tunnel consists of the  IP address and the networks that should be routed over this interface. Especially no peer partner address or gateway address is needed. Special routes to reach the VPN Server (for example added when using redirect-gateway) are not needed either. The application will consequently ignore these settings when importing a configuration. The app ensures with the VPNService API that the connection to the server is not routed through the VPN tunnel. Only specifying networks to be routed via tunnel is supported. The app tries to detect networks that should not be routed over tunnel (e.g. route x.x.x.x y.y.y.y net_gateway) and calculates a route set that excludes this routes to emulate the behaviour of other platforms. The log windows shows the configuration of the VPNService upon establishing a connection.</string>
   <string name="persisttun_summary">Ne pas couper la connexion VPN lors de la reconnexion d\'OpenVPN.</string>
   <string name="persistent_tun_title">Persistance de l\'interface TUN</string>
   <string name="openvpn_log">Log OpenVPN</string>
diff --git a/app/src/main/res/values-hu/strings-icsopenvpn.xml b/app/src/main/res/values-hu/strings-icsopenvpn.xml
index 99c5201f..504ab893 100755
--- a/app/src/main/res/values-hu/strings-icsopenvpn.xml
+++ b/app/src/main/res/values-hu/strings-icsopenvpn.xml
@@ -1,5 +1,9 @@
 <?xml version="1.0" encoding="utf-8"?>
-<!--Generated by crowdin.net-->
+<!--Generated by crowdin.com-->
+<!--
+  ~ Copyright (c) 2012-2014 Arne Schwabe
+  ~ Distributed under the GNU GPL v2. For full terms see the file doc/LICENSE.txt
+  -->
 <!-- Generated by crowdin.net -->
 <resources>
 
diff --git a/app/src/main/res/values-in/strings-icsopenvpn.xml b/app/src/main/res/values-in/strings-icsopenvpn.xml
index ccb60754..c111cbb5 100755
--- a/app/src/main/res/values-in/strings-icsopenvpn.xml
+++ b/app/src/main/res/values-in/strings-icsopenvpn.xml
@@ -1,5 +1,9 @@
 <?xml version="1.0" encoding="utf-8"?>
-<!--Generated by crowdin.net-->
+<!--Generated by crowdin.com-->
+<!--
+  ~ Copyright (c) 2012-2014 Arne Schwabe
+  ~ Distributed under the GNU GPL v2. For full terms see the file doc/LICENSE.txt
+  -->
 <!-- Generated by crowdin.net -->
 <resources>
 
@@ -85,6 +89,7 @@
   <string name="use_default_title">Gunakan rute standar</string>
   <string name="custom_route_message">Masukkan rute butan sendiri. Masukkan tujuan dalam format CIDR. \"10.0.0.0/8 2002:: / 16\" akan mengarahkan jaringan 10.0.0.0/8 dan 2002:: / 16 melalui jaringan VPN</string>
   <string name="custom_routes_title">Rute buatan sendiri</string>
+  <string name="custom_routes_title_excluded">Jaringan Dikecualikan</string>
   <string name="log_verbosity_level">Tingkat rincian catatan</string>
   <string name="float_summary">Ijinkan paket terotentifikasi dari semua IP</string>
   <string name="float_title">Ijinkan server mengambang</string>
diff --git a/app/src/main/res/values-it/strings-icsopenvpn.xml b/app/src/main/res/values-it/strings-icsopenvpn.xml
index 61d09818..29d48904 100755
--- a/app/src/main/res/values-it/strings-icsopenvpn.xml
+++ b/app/src/main/res/values-it/strings-icsopenvpn.xml
@@ -1,5 +1,9 @@
 <?xml version="1.0" encoding="utf-8"?>
-<!--Generated by crowdin.net-->
+<!--Generated by crowdin.com-->
+<!--
+  ~ Copyright (c) 2012-2014 Arne Schwabe
+  ~ Distributed under the GNU GPL v2. For full terms see the file doc/LICENSE.txt
+  -->
 <!-- Generated by crowdin.net -->
 <resources>
 
@@ -86,6 +90,7 @@
   <string name="custom_route_message">Inserisci instradamenti personalizzati. Usare il formato CIDR. \"10.0.0.0/8 2002::/16\" reindirizza le reti 10.0.0.0/8 e 2002::/16 sulla VPN.</string>
   <string name="custom_route_message_excluded">Itinerari che dovrebbero non essere instradati su VPN. Utilizzare la stessa sintassi per quanto riguarda le rotte incluse.</string>
   <string name="custom_routes_title">Routing personalizzati</string>
+  <string name="custom_routes_title_excluded">Reti escluse</string>
   <string name="log_verbosity_level">Livello di dettaglio del registro</string>
   <string name="float_summary">Permette pacchetti autenticati da qualsiasi IP (consente che l\'IP del server possa cambiare)</string>
   <string name="float_title">Modalità float</string>
@@ -99,6 +104,9 @@
   <string name="last_openvpn_tun_config">Apertura interfaccia tun in corso:</string>
   <string name="local_ip_info">Indirizzi locali - IPv4: %1$s/%2$d IPv6: %3$s MTU: %4$d</string>
   <string name="dns_server_info">DNS Server: %1$s, Dominio: %2$s</string>
+  <string name="routes_info_incl">Instradamenti: %1$s %2$s</string>
+  <string name="routes_info_excl">Instradamenti esclusi: %1$s %2$s</string>
+  <string name="routes_debug">Instradamenti VpnService installati: %1$s %2$s</string>
   <string name="ip_not_cidr">Ottenute le informazioni sulle interfacce %1$s e %2$s, assumendo che il secondo indirizzo sia il peer remoto. Utilizzata la maschera /32 per l\'IP locale. La modalità impostata da OpenVPN è \"%3$s\".</string>
   <string name="route_not_cidr">Impossibile utilizzare %1$s e %2$s come reindirizzamenti IP con la maschera CIDR, è stata quindi usata la maschera /32.</string>
   <string name="route_not_netip">Instradamento %1$s/%2$s corretto con %3$s/%2$s</string>
@@ -213,6 +221,7 @@ Effettuata la lettura del file di configurazione</string>
   <string name="vpn_import_hint">Usa l\'icona &lt;img src=\"ic_menu_archive\"/&gt; per importare il profilo (.ovpn o .conf) dalla tua scheda SD.</string>
   <string name="faq_hint">Si raccomanda di leggere anche le FAQ. C\'è anche una guida rapida.</string>
   <string name="faq_routing_title">Configurazione dei reindirizzamenti e dell\'interfaccia</string>
+  <string name="faq_routing">Il routing e la configurazione dell\'interfaccia non vengono fatti tramite i comandi ifconfig/route tradizionali ma utilizzando l\'API VPNService. Ciò si traduce in una configurazione di routing diversa rispetto ad altri sistemi operativi. La configurazione del tunnel VPN è composta dall\'indirizzo IP e dalle reti che devono essere instradate su tale interfaccia. Soprattutto non è necessario alcun indirizzo peer o gateway. Percorsi speciali per raggiungere il server VPN (ad esempio aggiunti quando si utilizza redirect-gateway) non sono neanche necessari. L\'applicazione pertanto ignorerà queste impostazioni durante l\'importazione di una configurazione. L\'applicazione garantisce con l\'API VPNService che la connessione al server non venga instradata attraverso il tunnel VPN. E\' supportato solo la specifica delle reti che devono essere instradate tramite il tunnel. L\'applicazione cerca di rilevare le reti che non devono essere instradate sul tunnel (ad esempio, route x.x.x.x y.y.y.y net_gateway) e calcola una serie di itinerari che escludono questi percorsi per emulare il comportamento di altre piattaforme. Le schermate del registro mostrano la configurazione del VPNService finché si stabilisce una connessione.</string>
   <string name="persisttun_summary">Non passa allo stato di \"Nessuna connessione VPN\" quando OpenVPN sta eseguendo un tentativo di riconnessione.</string>
   <string name="persistent_tun_title">tun persistente</string>
   <string name="openvpn_log">Log di OpenVPN</string>
@@ -307,5 +316,13 @@ Effettuata la lettura del file di configurazione</string>
   <string name="logview_options">Visualizza opzioni</string>
   <string name="unhandled_exception">Eccezione non gestita: %1$s\n\n%2$s</string>
   <string name="unhandled_exception_context">%3$s: %1$s\n\n%2$s</string>
+  <string name="faq_system_dialog_xposed">Se il tuo dispositivo Android ha il root allora è possibile installare il &lt;a href=\"http://xposed.info/\"&gt;framework Xposed&lt;/a&gt; e il &lt;a href=\"http://repo.xposed.info/module/de.blinkt.vpndialogxposed\"&gt;modulo di conferma VPN Dialog&lt;/a&gt; a proprio rischio e pericolo\"</string>
   <string name="full_licenses">Licenze complete</string>
+  <string name="blocklocal_summary">Le reti direttamente collegate alle interfacce locali non verranno instradate attraverso la VPN. Deselezionando questa opzione si inoltrerà tutto il traffico dalle reti locali alla VPN.</string>
+  <string name="blocklocal_title">Ignora VPN per le reti locali</string>
+  <string name="userpw_file">File nome utente/password</string>
+  <string name="imported_from_file">[Importato da: %s]</string>
+  <string name="files_missing_hint">Alcuni file non possono essere trovati. Si prega di selezionare i file da importare nel profilo:</string>
+  <string name="openvpn_is_no_free_vpn">Per utilizzare questa applicazione è necessario un provider VPN/gateway VPN che supportino OpenVPN (spesso forniti dal datore di lavoro). Vai a http://community.openvpn.net/ per ulteriori informazioni su OpenVPN e come configurare il proprio server OpenVPN.</string>
+  <string name="import_log">Registro importazione:</string>
 </resources>
diff --git a/app/src/main/res/values-ja/strings-icsopenvpn.xml b/app/src/main/res/values-ja/strings-icsopenvpn.xml
index d537e3d8..79474f2d 100755
--- a/app/src/main/res/values-ja/strings-icsopenvpn.xml
+++ b/app/src/main/res/values-ja/strings-icsopenvpn.xml
@@ -1,5 +1,9 @@
 <?xml version="1.0" encoding="utf-8"?>
 <!--Generated by crowdin.com-->
+<!--
+  ~ Copyright (c) 2012-2014 Arne Schwabe
+  ~ Distributed under the GNU GPL v2. For full terms see the file doc/LICENSE.txt
+  -->
 <!-- Generated by crowdin.net -->
 <resources>
 
@@ -23,7 +27,7 @@
   <string name="vpn_list_title">プロファイル</string>
   <string name="vpn_type">種別</string>
   <string name="pkcs12pwquery">PKCS12�パスワード</string>
-  <string name="file_select">�択</string>
+  <string name="file_select">�択&#8230;</string>
   <string name="file_nothing_selected">ファイルを�択�る必���り��。</string>
   <string name="useTLSAuth">TLS�証を使用���。</string>
   <string name="tls_direction">TLS Direction</string>
@@ -99,7 +103,7 @@
   <string name="dns_server_info">DNSサー�: %1$s, ドメイン: %2$s</string>
   <string name="routes_info_incl">経路: %1$s %2$s</string>
   <string name="routes_info_excl">除外�れ�経路: %1$s %2$s</string>
-  <string name="ip_not_cidr">インターフェース情報���[%1$s]�[%2$s]を�得����。2���アドレス�リモート��ピアアドレス��。32ビットマスクをローカルIP�使用���。 OpenVPN�モード�[%3$s]��。</string>
+  <string name="ip_not_cidr">インターフェース情報��� %1$s � %2$s を�得����。2�目�アドレス�リモート��ピアアドレス��。32ビットマスクをローカルIP�使用���。 OpenVPN�モード� \"%3$s\" ��。</string>
   <string name="route_not_cidr">%1$s�%2$s��CIDR形��IP経路情報����味を����ん。32ビットマスクを使用���。</string>
   <string name="route_not_netip">経路情報%1$s/%2$sを%3$s/%2$s�修正����。</string>
   <string name="keychain_access">Android�証明書管��アクセス����ん。(ファームウェア�更新�アプリケーション�����設定�リストア�よ��発生�る場���り��)。VPN�設定�証明書��択を�度行������。</string>
@@ -107,12 +111,11 @@
   <string name="send_logfile">ログ ファイルを�信���。</string>
   <string name="send">�信</string>
   <string name="ics_openvpn_log_file">ICS OpenVPN ログ ファイル</string>
-  <string name="copied_entry">クリップ ボード�コピー�れ�ログ エントリ</string>
+  <string name="copied_entry">ログ エントリをクリップボード�コピー����</string>
   <string name="tap_mode">TAPモード</string>
   <string name="faq_tap_mode">TAPモード��root化環境��動作���ん。よ����アプリケーション��TAPをサ�ート����ん。</string>
   <string name="tap_faq2">�����？TAPモード�サ�ート�れ����ん��サ�ート�れる����メールを�る���何�役�も立���ん。</string>
-  <string name="tap_faq3">３回目��。本当�����TUN上�動�レイヤ2エミュレータを書���������。(�信時�情報追加��信時�情報削除�)。�����エミュレータ�ARPや��ら��DHCPをも実装���れ��ら����ょ�。誰も�����気�������ん。も�������機能を作る気�������れ�������連絡������。
-</string>
+  <string name="tap_faq3">３回目��。本当�����TUN上�動�レイヤ2エミュレータを書���������。(�信時�情報追加��信時�情報削除�)。�����エミュレータ�ARPや��ら��DHCPをも実装���れ��ら����ょ�。誰も�����気�������ん。も�������機能を作る気�������れ�������連絡������。</string>
   <string name="faq">よ��る質�</string>
   <string name="copying_log_entries">ログ エントリ�コピー</string>
   <string name="faq_copying">1行�ログエントリをコピー�る�����エントリをタッ��続���。コピー��信�る��「ログエントリを�信�を使用���。GUI�表示�れ��場���ードウェア�メニューボタンを使用������。</string>
@@ -138,7 +141,7 @@
   <string name="import_could_not_open">イン�ート�れ�構�ファイル�記載�れ�ファイル %1$s �見��り��ん。</string>
   <string name="importing_config">構�ファイルを%1$s�らイン�ート�����。</string>
   <string name="import_warning_custom_options">ユーザインターフェース�マッピング�れ���������設定項目��り��。�れら�設定�カスタムオプション���追加�れ��。カスタムオプションを以下�表示���。</string>
-  <string name="import_done">構�ファイル�読��り終了。</string>
+  <string name="import_done">構�ファイル�読�込�を完了����。</string>
   <string name="nobind_summary">ローカル アドレス��ート��インドを行���ん。</string>
   <string name="no_bind">ローカル�インド���</string>
   <string name="import_configuration_file">構�ファイル�イン�ート</string>
@@ -200,8 +203,7 @@ Androidã�¯ã�‚ã�ªã�Ÿè‡ªèº«ã�®å®‰å…¨æ€§ã�®ã�Ÿã‚�ã�«ã€�ã�“れらを迂回ã�§ã��ã�ªã
 &lt;p&gt;も�ファイル�足り�����エラー�表示�れ�ら�足り����ファイルをSDカード上�格�������。&lt;/p&gt;
 &lt;p&gt;イン�ート�れ�VPN設定をリスト�追加�る����存アイコンをクリック���。&lt;/p&gt;
 &lt;p&gt;VPNを接続�る���VPN��称をクリック���。&lt;/p&gt;
-&lt;p&gt;も�警告やエラー�ログエントリ�表示�れ�ら��れらを調��解決������。&lt;/p&gt;
-</string>
+&lt;p&gt;も�警告やエラー�ログエントリ�表示�れ�ら��れらを調��解決������。&lt;/p&gt;</string>
   <string name="faq_howto_title">クイックスタート</string>
   <string name="setting_loadtun_summary">接続�試行��TUNデ�イスモジュール(tun.ko)を読�込���。デ�イス�root化�必���。</string>
   <string name="setting_loadtun">TUNモジュールをロード</string>
@@ -217,8 +219,7 @@ Androidã�¯ã�‚ã�ªã�Ÿè‡ªèº«ã�®å®‰å…¨æ€§ã�®ã�Ÿã‚�ã�«ã€�ã�“れらを迂回ã�§ã��ã�ªã
   <string name="restart">�起動</string>
   <string name="restart_vpn_after_change">設定�変更�VPN��起動後��映�れ��。VPNを(�)起動����？</string>
   <string name="configuration_changed">設定�変更�れ���</string>
-  <string name="log_no_last_vpn">編集�れ����最後�接続��プロファイルを確�����ん���
-</string>
+  <string name="log_no_last_vpn">編集�れ����最後�接続��プロファイルを確�����ん���</string>
   <string name="faq_duplicate_notification_title">�複��通知</string>
   <string name="faq_duplicate_notification">も�Android�メモリ�足�陥��場����時点�必���れ��アプリケーションやサービス�アクティブ�メモリ�ら排除�れ��。
 ��処��伴��VPN接続�終了�れ��。
@@ -292,7 +293,7 @@ OpenVPNã�®æŽ¥ç¶šã‚’ä¿�証ã�™ã‚‹ã�Ÿã‚�ã�«ã�¯ã€�アプリケーションを高ã�„å
   <string name="allowed_apps">許�アプリ: %s</string>
   <string name="clearappsdialog">許�アプリ�一覧をクリア����?\n�在�許�アプリ一覧:\n\n%s</string>
   <string name="screenoff_summary">スクリーン�オフ��60秒�64kB以下�データ転���場��VPN通信を中断���。「永続的�TUN�設定�有効�場��VPN接続�中断�れる�通信������り��。「永続的�TUN�を無効��る��VPN�よる接続�護�行�れ���り��。</string>
-  <string name="screenoff_title">画�オフ後�VPN接続を中断�る</string>
+  <string name="screenoff_title">画�オフ後�VPN接続を中断</string>
   <string name="screen_nopersistenttun">警告: ��VPN接続��永続的�TUN�設定�れ����ん。スクリーンオフ後�通信�通常�インター�ット接続を使用���。</string>
   <string name="save_password">パスワードを�存</string>
   <string name="pauseVPN">VPN一時�止</string>
@@ -322,10 +323,10 @@ OpenVPNã�®æŽ¥ç¶šã‚’ä¿�証ã�™ã‚‹ã�Ÿã‚�ã�«ã�¯ã€�アプリケーションを高ã�„å
   <string name="unhandled_exception">未処��例外: %1$s\n\n%2$s</string>
   <string name="unhandled_exception_context">%3$s: %1$s\n\n%2$s</string>
   <string name="faq_system_dialog_xposed">も�����デ�イスをroot化���る���れ�� &lt;a href=\"http://xposed.info/\"&gt;Xposed framework&lt;/a&gt;�&lt;a href=\"http://repo.xposed.info/module/de.blinkt.vpndialogxposed\"&gt;VPN Dialog confirm module&lt;/a&gt; を自己責任����インストール����</string>
-  <string name="full_licenses">フルライセンス</string>
+  <string name="full_licenses">完全�ライセンス告知</string>
   <string name="blocklocal_summary">ローカルインターフェイス�直接接続�れ��る�ットワーク�VPNを経由���ん。
 ��オプションを外��ローカル�ットワーク宛�����通信をVPN�リダイレクト���。</string>
-  <string name="blocklocal_title">ローカル�ットワーク�VPNを経由���</string>
+  <string name="blocklocal_title">ローカル�VPNを経由���</string>
   <string name="userpw_file">ユーザー�/パスワードファイル</string>
   <string name="imported_from_file">[イン�ート元: %s]</string>
   <string name="files_missing_hint">�����ファイル�見��り��ん���。プロファイルをイン�ート�るファイルを�択������：</string>
diff --git a/app/src/main/res/values-ko/strings-icsopenvpn.xml b/app/src/main/res/values-ko/strings-icsopenvpn.xml
index cd8bc176..b05e4f51 100755
--- a/app/src/main/res/values-ko/strings-icsopenvpn.xml
+++ b/app/src/main/res/values-ko/strings-icsopenvpn.xml
@@ -1,5 +1,9 @@
 <?xml version="1.0" encoding="utf-8"?>
-<!--Generated by crowdin.net-->
+<!--Generated by crowdin.com-->
+<!--
+  ~ Copyright (c) 2012-2014 Arne Schwabe
+  ~ Distributed under the GNU GPL v2. For full terms see the file doc/LICENSE.txt
+  -->
 <!-- Generated by crowdin.net -->
 <resources>
 
diff --git a/app/src/main/res/values-nl/strings-icsopenvpn.xml b/app/src/main/res/values-nl/strings-icsopenvpn.xml
index f553449b..2a000195 100755
--- a/app/src/main/res/values-nl/strings-icsopenvpn.xml
+++ b/app/src/main/res/values-nl/strings-icsopenvpn.xml
@@ -1,5 +1,9 @@
 <?xml version="1.0" encoding="utf-8"?>
-<!--Generated by crowdin.net-->
+<!--Generated by crowdin.com-->
+<!--
+  ~ Copyright (c) 2012-2014 Arne Schwabe
+  ~ Distributed under the GNU GPL v2. For full terms see the file doc/LICENSE.txt
+  -->
 <!-- Generated by crowdin.net -->
 <resources>
 
diff --git a/app/src/main/res/values-no/strings-icsopenvpn.xml b/app/src/main/res/values-no/strings-icsopenvpn.xml
index 7a7dd124..66391eb5 100755
--- a/app/src/main/res/values-no/strings-icsopenvpn.xml
+++ b/app/src/main/res/values-no/strings-icsopenvpn.xml
@@ -1,11 +1,16 @@
 <?xml version="1.0" encoding="utf-8"?>
-<!--Generated by crowdin.net-->
+<!--Generated by crowdin.com-->
+<!--
+  ~ Copyright (c) 2012-2014 Arne Schwabe
+  ~ Distributed under the GNU GPL v2. For full terms see the file doc/LICENSE.txt
+  -->
 <!-- Generated by crowdin.net -->
 <resources>
 
   <string name="address">Server adresse:</string>
   <string name="port">Server port:</string>
   <string name="location">Plassering</string>
+  <string name="cant_read_folder">Kan ikke lese katalogen</string>
   <string name="select">velg</string>
   <string name="cancel">Avbryt</string>
   <string name="no_data">Ingen Data</string>
@@ -15,32 +20,54 @@
   <string name="client_key_title">Klientsertifikat nøkkel</string>
   <string name="client_pkcs12_title">PKCS12 fil</string>
   <string name="ca_title">CA-sertifikat</string>
+  <string name="no_certificate">Du må velge et sertifikat</string>
+  <string name="copyright_guicode">Kildekode og problemsøkersporing er tilgjengelig på http://code.google.com/p/ics-openvpn/</string>
+  <string name="copyright_others">Dette programmet bruker følgende komponenter; se kildekoden for detaljer om lisensene</string>
   <string name="about">Om</string>
+  <string name="vpn_list_title">Profiler</string>
   <string name="vpn_type">Type</string>
   <string name="pkcs12pwquery">PKCS12 passord</string>
   <string name="file_select">Velg&#8230;</string>
+  <string name="file_nothing_selected">Du må velge en fil</string>
   <string name="useTLSAuth">Bruke TLS-godkjenning</string>
   <string name="tls_direction">TLS-retning</string>
   <string name="ipv6_dialog_tile">Angi IPv6-adresse/nettmaske i CIDR format (f.eks 2000:dd::23/64)</string>
   <string name="ipv4_dialog_title">Angi IPv6-adresse/nettmaske i CIDR format (f.eks 1.2.3.4/24)</string>
   <string name="ipv4_address">IPv4-adresse</string>
   <string name="ipv6_address">IPv6-adresse</string>
+  <string name="custom_option_warning">Angi egendefinerte OpenVPN-alternativer. Bør brukes med forsiktighet. Vær også oppmerksom på at mange av de tun-relaterte OpenVPN-innstillingene ikke støttes i henhold til utformingen av VPNSettings. Hvis du tror at et viktig alternativ mangler kan du kontakte forfatteren</string>
   <string name="auth_username">Brukernavn</string>
   <string name="auth_pwquery">Passord</string>
+  <string name="static_keys_info">For den statiske konfigurasjonen vil TLS Auth Keys-ene bli brukt som statiske nøkler</string>
   <string name="configure_the_vpn">Konfigurer VPN</string>
   <string name="menu_add_profile">Legge til profil</string>
   <string name="add_profile_name_prompt">Angi et navn som identifiserer den nye profilen</string>
+  <string name="duplicate_profile_name">Skriv inn et unikt profilnavn</string>
   <string name="profilename">Profilnavn</string>
+  <string name="no_keystore_cert_selected">Du må velge et brukersertifikat</string>
   <string name="no_error_found">Ingen feil funnet</string>
   <string name="config_error_found">Feil i konfigurasjonen</string>
+  <string name="ipv4_format_error">Feil ved analyse av IPv4-adressen</string>
+  <string name="custom_route_format_error">Feil ved analyse av egendefinerte ruter</string>
+  <string name="pw_query_hint">(La stå tomt for å søke på forespørsel)</string>
   <string name="vpn_shortcut">OpenVPN snarvei</string>
   <string name="vpn_launch_title">Koble til VPN</string>
+  <string name="shortcut_profile_notfound">Profilen som er angitt i snarveien ble ikke funnet</string>
   <string name="random_host_prefix">Tilfeldig vert prefiks</string>
+  <string name="random_host_summary">Legger til 6 tilfeldige tegn foran vertsnavn</string>
   <string name="custom_config_title">Aktiver egendefinerte valg</string>
+  <string name="custom_config_summary">Angi egendefinerte alternativer. Brukes med forsiktighet!</string>
+  <string name="route_rejected">Route avvist av Android</string>
   <string name="cancel_connection">Koble fra</string>
+  <string name="cancel_connection_long">Koble fra VPN</string>
   <string name="clear_log">Tøm logg</string>
   <string name="title_cancel">Avbryt bekreftelse</string>
+  <string name="cancel_connection_query">Koble fra tilkoblet VPN-forbindelse / avbryt oppkoblingsforsøket ?</string>
   <string name="remove_vpn">Fjern VPN</string>
+  <string name="check_remote_tlscert">Kontrollerer om tjeneren bruker et sertifikat med TLS-servertillegg (--remote-cert-TLS-server)</string>
+  <string name="check_remote_tlscert_title">Forvent TLS-serversertifikat</string>
+  <string name="remote_tlscn_check_summary">Kontrollerer eksternt tjenersertifikatemne DN</string>
+  <string name="remote_tlscn_check_title">Sjekk av vertsnavn i sertifikat</string>
   <string name="tls_auth_file">TLS-Auth-fil</string>
   <string name="dns">DNS</string>
   <string name="dns_override_summary">Bruk din egen DNS-server</string>
diff --git a/app/src/main/res/values-pl/strings-icsopenvpn.xml b/app/src/main/res/values-pl/strings-icsopenvpn.xml
index d628da6c..495eb00e 100755
--- a/app/src/main/res/values-pl/strings-icsopenvpn.xml
+++ b/app/src/main/res/values-pl/strings-icsopenvpn.xml
@@ -1,5 +1,9 @@
 <?xml version="1.0" encoding="utf-8"?>
-<!--Generated by crowdin.net-->
+<!--Generated by crowdin.com-->
+<!--
+  ~ Copyright (c) 2012-2014 Arne Schwabe
+  ~ Distributed under the GNU GPL v2. For full terms see the file doc/LICENSE.txt
+  -->
 <!-- Generated by crowdin.net -->
 <resources>
 
diff --git a/app/src/main/res/values-pt/strings-icsopenvpn.xml b/app/src/main/res/values-pt/strings-icsopenvpn.xml
index 30bf569e..d0058c68 100755
--- a/app/src/main/res/values-pt/strings-icsopenvpn.xml
+++ b/app/src/main/res/values-pt/strings-icsopenvpn.xml
@@ -1,139 +1,255 @@
 <?xml version="1.0" encoding="utf-8"?>
 <!--Generated by crowdin.com-->
+<!--
+  ~ Copyright (c) 2012-2014 Arne Schwabe
+  ~ Distributed under the GNU GPL v2. For full terms see the file doc/LICENSE.txt
+  -->
 <!-- Generated by crowdin.net -->
 <resources>
 
   <string name="address">Endereço do Servidor:</string>
-  <string name="port">Porta:</string>
+  <string name="port">Porta do Servidor:</string>
   <string name="location">Localização</string>
-  <string name="cant_read_folder">Não foi possível ler o diretório</string>
+  <string name="cant_read_folder">Não é possível ler o diretório</string>
   <string name="select">Selecionar</string>
   <string name="cancel">Cancelar</string>
   <string name="no_data">Não há dados</string>
   <string name="useLZO">Compressão LZO</string>
-  <string name="client_no_certificate">Sem Certificado</string>
-  <string name="client_certificate_title">Certificado do Cliente</string>
-  <string name="client_key_title">Chave do Certificado do Cliente</string>
-  <string name="client_pkcs12_title">Arquivo PKCS12</string>
-  <string name="ca_title">Certificado CA</string>
-  <string name="no_certificate">Você deve selecionar um certificado</string>
-  <string name="copyright_guicode">O código fonte e o rastreamento de incidentes estão disponíveis em  http://code.google.com/p/ics-openvpn/</string>
-  <string name="copyright_others">Este programa utiliza os seguintes componentes; veja o código fonte para mais detalhes das licenças</string>
+  <string name="client_no_certificate">Nenhum certificado</string>
+  <string name="client_certificate_title">Certificado de cliente</string>
+  <string name="client_key_title">Chave de certificado de cliente</string>
+  <string name="client_pkcs12_title">Ficheiro PKCS12</string>
+  <string name="ca_title">Certificado de CA</string>
+  <string name="no_certificate">Deve selecionar um certificado</string>
+  <string name="copyright_guicode">Código fonte e controlo de problemas disponível em http://code.google.com/p/ics-openvpn/</string>
+  <string name="copyright_others">Este programa utiliza os seguintes componentes; Para mais detalhes sobre as licenças consultar o código-fonte</string>
   <string name="about">Sobre</string>
   <string name="vpn_list_title">Perfis</string>
   <string name="vpn_type">Tipo</string>
-  <string name="pkcs12pwquery">Senha do PKCS12</string>
+  <string name="pkcs12pwquery">Password PKCS12</string>
   <string name="file_select">Selecionar&#8230;</string>
-  <string name="file_nothing_selected">Você deve selecionar um arquivo</string>
-  <string name="useTLSAuth">Utilizar Autenticação TLS</string>
+  <string name="file_nothing_selected">É necessário selecionar um ficheiro</string>
+  <string name="useTLSAuth">Usar autenticação TLS</string>
   <string name="tls_direction">Direção TLS</string>
-  <string name="ipv6_dialog_tile">Entre o Endereço IPv6/CIDR (ex: 2000:dd::23/64)</string>
-  <string name="ipv4_dialog_title">Entre o endereço IPv4/CIDR (ex: 1.2.3.4/24)</string>
+  <string name="ipv6_dialog_tile">Digite o endereço de IPv6/máscara de rede no formato CIDR (por exemplo, 2000:dd::23 / 64)</string>
+  <string name="ipv4_dialog_title">Digite o endereço de IPv4/máscara de rede no formato CIDR (por exemplo, 1.2.3.4/24)</string>
   <string name="ipv4_address">Endereço IPv4</string>
   <string name="ipv6_address">Endereço IPv6</string>
-  <string name="custom_option_warning">Insira as opções personalizadas para o OpenVPN. Utilize com cuidado. Observe também que muitas das opções relacionadas ao tun do OpenVPN não podem ser suportadas pelo design do VPNSettings. Contate o autor se você acha que uma opção importante está faltando.</string>
-  <string name="auth_username">Usuário</string>
-  <string name="auth_pwquery">Senha</string>
-  <string name="static_keys_info">Para a configuração estática as chaves de autenticação de TLS serão utilizadas como chaves estáticas</string>
-  <string name="configure_the_vpn">Configurar VPN</string>
-  <string name="menu_add_profile">Adicionar Perfil</string>
-  <string name="add_profile_name_prompt">Digite um nome que identifica o novo perfil</string>
-  <string name="duplicate_profile_name">Por favor, digite um nome de perfil único</string>
+  <string name="custom_option_warning">Insira opções personalizadas para a ligação OpenVPN. Este opções devem ser usadas com precaução. Note-se também que muitas das opções para OpenVPN relacionados com tun não não suportadas propositadamente. Se achar que uma opção importante está falta entre em contato com o autor</string>
+  <string name="auth_username">Utilizador</string>
+  <string name="auth_pwquery">Password</string>
+  <string name="static_keys_info">Para a configuração estática as chaves de autenticação TLS serão usadas como chaves estáticas</string>
+  <string name="configure_the_vpn">Configurar a VPN</string>
+  <string name="menu_add_profile">Adicionar perfil</string>
+  <string name="add_profile_name_prompt">Digite um nome que identifique o novo perfil</string>
+  <string name="duplicate_profile_name">Por favor, digite um nome de perfil que não esteja já em uso</string>
   <string name="profilename">Nome do perfil</string>
-  <string name="no_keystore_cert_selected">Você deve selecionar um certificado de usuário</string>
+  <string name="no_keystore_cert_selected">Tem de selecionar um certificado de utilizador</string>
   <string name="no_error_found">Nenhum erro encontrado</string>
   <string name="config_error_found">Erro na configuração</string>
   <string name="ipv4_format_error">Erro ao analisar o endereço IPv4</string>
   <string name="custom_route_format_error">Erro ao analisar as rotas personalizadas</string>
-  <string name="pw_query_hint">(deixe em branco para consulta sob demanda)</string>
+  <string name="pw_query_hint">(deixe em branco para consulta a pedido)</string>
   <string name="vpn_shortcut">Atalho do OpenVPN</string>
-  <string name="vpn_launch_title">Conectar a VPN</string>
-  <string name="shortcut_profile_notfound">O perfil especificado no atalho não foi encontrado</string>
+  <string name="vpn_launch_title">Ligar à VPN</string>
+  <string name="shortcut_profile_notfound">Perfil especificado no atalho não encontrado</string>
   <string name="random_host_prefix">Prefixo de Host aleatório</string>
-  <string name="random_host_summary">Adiciona 6 caracteres aleatórios na frente do hostname</string>
-  <string name="custom_config_title">Habilitar opções personalizadas</string>
-  <string name="custom_config_summary">Opções personalizadas. Use com cuidado!</string>
+  <string name="random_host_summary">Adiciona 6 caracteres aleatórios ao nome do host</string>
+  <string name="custom_config_title">Ativar opções personalizadas</string>
+  <string name="custom_config_summary">Especifique as opções personalizadas. Use com cuidado!</string>
   <string name="route_rejected">Rota rejeitada pelo Android</string>
   <string name="cancel_connection">Desconectar</string>
   <string name="cancel_connection_long">Desconectar VPN</string>
-  <string name="clear_log">limpar log</string>
-  <string name="title_cancel">Cancelar confirmação</string>
-  <string name="cancel_connection_query">Desconectar a VPN conectada/cancelar a tentativa de conexão?</string>
+  <string name="clear_log">Limpar registo</string>
+  <string name="title_cancel">Cancelar Confirmação</string>
   <string name="remove_vpn">Remover VPN</string>
-  <string name="check_remote_tlscert">Verifica se o servidor usa um certificado com as extensões de servidor TLS (- servidor remoto-cert-TLS)</string>
   <string name="check_remote_tlscert_title">Esperar certificado do servidor TLS</string>
-  <string name="remote_tlscn_check_summary">Verifica o DN Subject do certificado do servidor remoto</string>
-  <string name="remote_tlscn_check_title">Verificar o Hostname do Certificado</string>
-  <string name="enter_tlscn_dialog">Especificar a conta usada para verificar o certificado remoto DN (por exemplo, C = DE, L = Paderborn, UO = aviária operadoras IP, CN=openvpn.blinkt.de)\n\Especificar o DN completo ou o RDN (openvpn.blinkt.de no exemplo) ou um prefixo RDN para verification.\n\nWhen usando o prefixo RDN \"Servidor\" corresponde a \"Server-1\" e \"Server-2\" \n\nDeixando vazio, o  campo de texto irá verificar o RDN contra o servidor hostname.\n\nPara mais detalhes consulte a página principal do 2.3.1+ OpenVPN sob — verificar-X509-nome</string>
-  <string name="enter_tlscn_title">Subject do certificado remoto</string>
-  <string name="tls_key_auth">Permite a Autenticação de Chave TLS</string>
-  <string name="tls_auth_file">Arquivo de Auth TLS</string>
-  <string name="pull_on_summary">Solicitações de endereços de IP, rotas e opções de sincronização do servidor.</string>
-  <string name="pull_off_summary">Nenhuma informação é solicitada do servidor. Configurações precisam ser especificadas abaixo.</string>
+  <string name="remote_tlscn_check_title">Verificar nome de host do certificado</string>
+  <string name="enter_tlscn_title">Assunto do certificado remoto</string>
+  <string name="tls_key_auth">Ativa a autenticação de chave TLS</string>
+  <string name="tls_auth_file">Ficheiro de autenticação TLS</string>
+  <string name="pull_on_summary">Solicita endereços IP, rotas e tempo do servidor.</string>
   <string name="use_pull">Obter Configurações</string>
   <string name="dns">DNS</string>
-  <string name="override_dns">Substituir as configurações de DNS pelo servidor</string>
-  <string name="dns_override_summary">Use seus próprios servidores de DNS</string>
+  <string name="override_dns">Substituir configurações de DNS pelo servidor</string>
+  <string name="dns_override_summary">Use seus próprios servidores DNS</string>
   <string name="searchdomain">Domínio de pesquisa</string>
-  <string name="dns1_summary">Servidor DNS a ser usado.</string>
+  <string name="dns1_summary">Servidor de DNS a utilizar.</string>
   <string name="dns_server">Servidor DNS</string>
   <string name="secondary_dns_message">Servidor DNS secundário utilizado caso o servidor primário esteja inacessível.</string>
   <string name="backup_dns">Servidor DNS alternativo</string>
-  <string name="ignored_pushed_routes">Ignorar rotas empurradas</string>
-  <string name="ignore_routes_summary">Ignorar rota empurrada pelo servidor.</string>
   <string name="default_route_summary">Redireccionar todo o tráfego pela VPN</string>
   <string name="use_default_title">Usar rota padrão</string>
-  <string name="custom_route_message">Digite rotas personalizadas. Apenas indique destino em formato CIDR. \"10.0.0.0 / 8 2002 :: / 16\" iria dirigir as redes 10.0.0.0 / 8 e 2002 :: / 16 sobre a VPN.</string>
-  <string name="custom_route_message_excluded">As rotas que não devem ser encaminhados pelo VPN. Use a mesma sintaxe para rotas incluídas.</string>
   <string name="custom_routes_title">Rotas personalizadas</string>
   <string name="custom_routes_title_excluded">Redes excluídas</string>
-  <string name="log_verbosity_level">Nível de complexidade do log</string>
-  <string name="float_summary">Permite pacotes autenticados a partir de qualquer IP</string>
+  <string name="log_verbosity_level">Nível de verbosidade do log</string>
   <string name="float_title">Permitir servidor flutuante</string>
   <string name="custom_options_title">Opções personalizadas</string>
-  <string name="edit_vpn">Editar configurações de VPN</string>
-  <string name="remove_vpn_query">Remover o perfil VPN \'%s\'?</string>
-  <string name="tun_error_helpful">Em algumas imagens ICS personalizado a permissão em / dev / tun pode estar errada, ou o módulo tun pode estar faltando completamente. Para imagens CM9 tente a opção correção propriedade sobre as configurações gerais</string>
-  <string name="tun_open_error">Falha ao abrir a interface de tun</string>
-  <string name="error">"Erro:"</string>
-  <string name="clear">Claro</string>
-  <string name="last_openvpn_tun_config">Abrindo a interface tun:</string>
-  <string name="local_ip_info">Local IPv4: %1$s/%2$d IPv6:%3$s MTU:%4$d</string>
-  <string name="dns_server_info">Servidor DNS: %1$s, domínio: %2$s</string>
+  <string name="edit_vpn">Editar definições VPN</string>
+  <string name="remove_vpn_query">Remova o perfil VPN \'%s\'?</string>
+  <string name="tun_open_error">Falha ao abrir a interface tun</string>
+  <string name="error">"Erro: "</string>
+  <string name="clear">Limpar</string>
+  <string name="last_openvpn_tun_config">A abrir a interface tun:</string>
+  <string name="local_ip_info">Local IPv4: %1$s/%2$d IPv6: %3$s MTU: %4$d</string>
+  <string name="dns_server_info">Servidor DNS: %1$s, Dominio: %2$s</string>
   <string name="routes_info_incl">Rotas: %1$s %2$s</string>
   <string name="routes_info_excl">Rotas excluídas: %1$s %2$s</string>
-  <string name="routes_debug">Rotas VpnService  instaladas: %1$s %2$s</string>
+  <string name="routes_debug">Rotas VpnService instaladas: %1$s %2$s</string>
   <string name="ip_not_cidr">Existem múltiplas informações de interface, %1$s e %2$s, a aplicação assume que o segundo endereço é um endereço \'peer\' do endereço remoto. Será usada uma máscara de rede /32 para o IP local. O modo estabelecido pela OpenVPN é \"%3$s\".</string>
-  <string name="route_not_cidr">Não consigo entender %1$s e %2$s como uma rota IP com máscara de rede CIDR, usando /32 como máscara de rede.</string>
+  <string name="route_not_cidr">não é possível fazer sentido de %1$s e %2$s como rotas de IP, com máscara de rede CIDR, será usada uma máscara de rede /32.</string>
   <string name="route_not_netip">A rota %1$s/%2$s foi corrigida para %3$s/%2$s</string>
-  <string name="keychain_access">Não é possível aceder aos certificados \'Keychain Android\'. Isso pode ter sido causado por uma atualização de firmware ou uma restauração das configurações da app/app. Será necessário editar o perfil VPN e selecionar novamente o certificado nas configurações básicas para recriar a permissão e possibilitar o acesso ao certificado.</string>
+  <string name="keychain_access">Não é possível aceder aos certificados \'Keychain Android\'. Isto pode ser causado por uma atualização de firmware ou um restauro das configurações da app/app. Será necessário editar o perfil VPN e selecionar novamente o certificado nas configurações básicas para recriar a permissão e possibilitar o acesso ao certificado.</string>
   <string name="version_info">%1$s %2$s</string>
-  <string name="send_logfile">Enviar arquivo de log</string>
+  <string name="send_logfile">Enviar o ficheiro de registo</string>
   <string name="send">Enviar</string>
   <string name="ics_openvpn_log_file">Ficheiro de registo do ICS OpenVPN</string>
   <string name="copied_entry">Entrada de registo copiada para a área de transferência</string>
-  <string name="tap_mode">Entrada de registo copiada para a área de transferência</string>
+  <string name="tap_mode">Modo Tap</string>
   <string name="faq_tap_mode">A API VPN não permite o modo Tap em dispositivos sem acesso root. Desta forma não é possível oferecer suporte Tap nesta aplicação</string>
-  <string name="tap_faq2">Novamente? Você está brincando? Não, o modo tap não é suportado de maneira nenhuma e enviar mais emails a perguntar se eventualmente será, não irá ajudar.</string>
-  <string name="faq">Perguntas frequentes</string>
+  <string name="tap_faq2">Novamente? Estamos a brincar? Não, o modo tap não é suportado de maneira nenhuma e enviar mais emails a perguntar se eventualmente será, não ai ajudar a que seja.</string>
+  <string name="tap_faq3">Uma terceira vez? Na verdade, se poderia escrever um um emulador de torneira baseado no tun que adicionar layer2 informações sobre envio e tira informações layer2 em receber. Mas este emulador de torneira também teria que implementar ARP e, possivelmente, um cliente DHCP. Eu não conheço ninguém fazer nenhum trabalho nesse sentido. Contacte-me se você deseja iniciar a codificação sobre isso. Mas este emulador tap também teria que implementar ARP e, possivelmente, um cliente DHCP. Eu não conheço ninguém a fazer nenhum trabalho nesse sentido. Contacte-me se conhece alguém ou deseja a escrever código nesse sentido.</string>
+  <string name="faq">Perguntas Frequentes</string>
+  <string name="copying_log_entries">Copia entradas de registo</string>
+  <string name="faq_copying">Para copiar uma única entrada do registo selecione e mantenha seleciona a respetiva entrada. Para copiar/enviar o registo completo use a opção enviar registo. Use o botão de menu do equipamento caso não esteja visível no GUI.</string>
+  <string name="faq_shortcut">Atalho para iniciar</string>
+  <string name="no_vpn_support_image">A imagem não suporta a API VPNService, lamentamos :(</string>
   <string name="encryption">Encriptação</string>
+  <string name="cipher_dialog_title">Digite o método de encriptação</string>
+  <string name="settings_auth">Autenticação/encriptação</string>
+  <string name="file_explorer_tab">Explorador de ficheiros</string>
+  <string name="inline_file_tab">Ficheiro embutido</string>
+  <string name="error_importing_file">Erro ao importar ficheiro</string>
+  <string name="import_error_message">Não foi possível importar o ficheiro</string>
+  <string name="inline_file_data">[[Dados do ficheiro embutido]]</string>
+  <string name="opentun_no_ipaddr">Impossível abrir dispositivo tun sem informações de IP</string>
+  <string name="menu_import">Importar Perfil a partir de um ficheiro ovpn</string>
   <string name="menu_import_short">Importar</string>
+  <string name="import_content_resolve_error">Não foi possível ler o perfil a importação</string>
+  <string name="error_reading_config_file">Erro ao ler o ficheiro de configuração</string>
+  <string name="add_profile">Adicionar perfil</string>
+  <string name="import_could_not_open">Não foi possível encontrar o ficheiro %1$s mencionado no ficheiro de configuração importado</string>
+  <string name="importing_config">A importar ficheiro configuração a partir de %1$s</string>
+  <string name="import_done">Terminou a leitura do ficheiro de configuração.</string>
+  <string name="nobind_summary">Não ligar a endereço e porta local</string>
+  <string name="no_bind">Não permitir ligações \'locais\'</string>
+  <string name="import_configuration_file">Importar o ficheiro de configuração</string>
+  <string name="faq_security_title">Considerações de segurança</string>
+  <string name="faq_security">"Como OpenVPN é segurança sensíveis algumas notas sobre segurança são sensatas. Todos os dados no sdcard é inerentemente inseguro. Cada aplicativo pode lê-lo (por exemplo, este programa não requer direitos especiais cartão SD). Os dados desta aplicação só pode ser lido pelo próprio aplicativo. Ao usar a opção de importação para cacert / cert / chave no diálogo os dados do arquivo é armazenado no perfil de VPN. Os perfis de VPN são acessíveis apenas por esta aplicação. (Não se esqueça de apagar as cópias no sd cartão depois). Mesmo com acesso apenas por este aplicativo os dados ainda não é criptografado. torcendo por telefone ou outros exploits pode ser possível recuperar os dados. senhas salvas são armazenadas em texto simples assim. Para arquivos PKCS12 é altamente recomendável que você importá-los para o armazenamento de chaves android. "</string>
   <string name="import_vpn">Importar</string>
   <string name="ipv4">IPv4</string>
   <string name="ipv6">IPv6</string>
+  <string name="speed_waiting">A esperar mensagem de estado...</string>
+  <string name="converted_profile">perfil importado</string>
+  <string name="converted_profile_i">Perfil importado %d</string>
+  <string name="broken_images">Imagens quebradas</string>
+  <string name="private_key_password">Senha de chave privada</string>
   <string name="password">Senha</string>
+  <string name="file_icon">ícone de ficheiro</string>
+  <string name="tls_authentication">Autenticação TLS</string>
+  <string name="generated_config">Config gerado</string>
   <string name="generalsettings">Configurações</string>
+  <string name="owner_fix">Corrija a propriedade de /dev/tun</string>
+  <string name="edit_profile_title">A editar \"%s\"</string>
+  <string name="building_configration">A preparar a configuração...</string>
+  <string name="netchange">Volte a ligar na mudança de rede</string>
+  <string name="netstatus">Estado da rede: %s</string>
+  <string name="select_file">Selecione</string>
+  <string name="show_log_window">Mostrar a janela de log</string>
+  <string name="faq_system_dialogs_title">Aviso de ligação e som de notificação</string>
+  <string name="ipdns">IP e DNS</string>
+  <string name="basic">Básico</string>
+  <string name="routing">Encaminhamento</string>
   <string name="advanced">Avançado</string>
+  <string name="faq_howto_title">Início Rápido</string>
+  <string name="using_proxy">A utilizar proxy %1$s %2$d</string>
+  <string name="use_system_proxy">Usar a proxy do sistema</string>
+  <string name="onbootrestart">Volte a ligar na reinicialização</string>
   <string name="ignore">Ignorar</string>
   <string name="restart">Reiniciar</string>
-  <string name="state_connecting">Conectando</string>
+  <string name="restart_vpn_after_change">As alterações de configuração são aplicadas depois de reiniciar a VPN. Reiniciar a VPN agora?</string>
+  <string name="configuration_changed">Configuração alterada</string>
+  <string name="faq_duplicate_notification_title">Notificações duplicadas</string>
+  <string name="no_vpn_profiles_defined">Não há perfis de VPN definidos.</string>
+  <string name="add_new_vpn_hint">Use o &lt; img src = \"ic_menu_add\" / &gt; ícone para adicionar uma nova VPN</string>
+  <string name="vpn_import_hint">Use o &lt; img src = \"ic_menu_archive\" / &gt; ícone para importar um perfil existente (ovpn ou conf) do seu sdcard.</string>
+  <string name="faq_routing_title">Configuração de roteamento/Interface</string>
+  <string name="persistent_tun_title">Tun Persistente</string>
+  <string name="openvpn_log">OpenVPN Log</string>
+  <string name="import_config">Importar configuração OpenVPN</string>
+  <string name="battery_consumption_title">Consumo de bateria</string>
+  <string name="vpn_tethering_title">VPN e Tethering</string>
+  <string name="connection_retries">Tentativas de ligação</string>
+  <string name="reconnection_settings">Configurações de religação</string>
+  <string name="connectretrywait">Segundos entre ligações</string>
+  <string name="send_minidump">Enviar Minidump para desenvolvedor</string>
+  <string name="notifcation_title">OpenVPN - %s</string>
+  <string name="session_ipv4string">%1$s - %2$s</string>
+  <string name="session_ipv6string">%1$s - %3$s, %2$s</string>
+  <string name="state_connecting">A ligar</string>
+  <string name="state_wait">A esperar pela resposta do servidor</string>
   <string name="state_auth">Autenticando</string>
-  <string name="state_connected">Conectado</string>
-  <string name="add">Add</string>
-  <string name="pauseVPN">Pausa VPN</string>
+  <string name="state_get_config">A obter a configuração do cliente</string>
+  <string name="state_assign_ip">Atribuindo endereços IP</string>
+  <string name="state_add_routes">Adicionando rotas</string>
+  <string name="state_connected">Ligado</string>
+  <string name="state_disconnected">Desligado</string>
+  <string name="state_reconnecting">A religar</string>
+  <string name="state_exiting">A sair</string>
+  <string name="state_noprocess">Parado</string>
+  <string name="state_resolve">A resolver nomes de host</string>
+  <string name="state_tcp_connect">A ligar (TCP)</string>
+  <string name="state_auth_failed">Falha na autenticação</string>
+  <string name="state_nonetwork">A aguardar rede utilizável</string>
+  <string name="statusline_bytecount">↓%2$s/s %1$s - ↑%4$s/s %3$s</string>
+  <string name="notifcation_title_notconnect">Não ligado</string>
+  <string name="start_vpn_title">A ligar a VPN %s</string>
+  <string name="start_vpn_ticker">A ligar a VPN %s</string>
+  <string name="encryption_cipher">Cifra de encriptação</string>
+  <string name="packet_auth">Autenticação de pacotes</string>
+  <string name="auth_dialog_title">Selecione o método de autenticação de pacotes</string>
+  <string name="built_by">Feito por %s</string>
+  <string name="debug_build">compilação de debug</string>
+  <string name="official_build">compilação oficial</string>
+  <string name="make_selection_inline">Copiar para o perfil</string>
+  <string name="crashdump">Crashdump</string>
+  <string name="add">Adicionar</string>
+  <string name="send_config">Enviar ficheiro de configuração</string>
+  <string name="complete_dn">DN completo</string>
+  <string name="rdn">RDN (nome comum)</string>
+  <string name="rdn_prefix">Prefixo RDN</string>
+  <string name="tls_remote_deprecated">TLS-remoto (obsoleto)</string>
+  <string name="help_translate">Pode ajudar a traduzir, visite http://crowdin.net/project/ics-openvpn/invite</string>
+  <string name="prompt">%1$s tenta controlar %2$s</string>
+  <string name="remote_trust">Confio nesta aplicação.</string>
+  <string name="no_external_app_allowed">Nenhuma app pode usar a API externa</string>
+  <string name="allowed_apps">Aplicações permitidas:%s</string>
+  <string name="save_password">Guardar senha</string>
+  <string name="pauseVPN">Pausar VPN</string>
   <string name="resumevpn">Retomar VPN</string>
-  <string name="uploaded_data">Upload</string>
-  <string name="downloaded_data">Download</string>
-  <string name="vpn_status">Vpn Status</string>
-  <string name="logview_options">Ver opções</string>
+  <string name="state_userpause">VPN pausado por solicitação do utilizador</string>
+  <string name="cannotparsecert">Não é possível mostrar as informações de certificado</string>
+  <string name="appbehaviour">Comportamento da aplicação</string>
+  <string name="vpnbehaviour">Comportamento VPN</string>
+  <string name="allow_vpn_changes">Permitir alterações aos perfis de VPN</string>
+  <string name="donatePlayStore">Como alternativa, pode enviar uma doação pela Play Store:</string>
+  <string name="thanks_for_donation">Obrigado por doar %s!</string>
+  <string name="logCleared">Log limpo.</string>
+  <string name="show_password">Mostrar a senha</string>
+  <string name="keyChainAccessError">Erro de acesso às chaves: %s</string>
+  <string name="timestamp_short">Curto</string>
+  <string name="timestamp_iso">ISO</string>
+  <string name="timestamps">Carimbos de hora</string>
+  <string name="timestamps_none">Nenhum</string>
+  <string name="uploaded_data">Fazer upload</string>
+  <string name="downloaded_data">Transferir</string>
+  <string name="vpn_status">Estado da VPN</string>
+  <string name="logview_options">Opções de visualização</string>
+  <string name="unhandled_exception">Unhandled exception: %1$s\n\n%2$s</string>
+  <string name="unhandled_exception_context">%3$s: %1$s\n\n%2$s</string>
+  <string name="full_licenses">Licenças completas</string>
+  <string name="blocklocal_title">Ignorar VPN para redes locais</string>
+  <string name="userpw_file">Ficheiro de utilizador/senha</string>
+  <string name="imported_from_file">[Importado de: %s]</string>
+  <string name="import_log">Log de importação:</string>
 </resources>
diff --git a/app/src/main/res/values-ro/strings-icsopenvpn.xml b/app/src/main/res/values-ro/strings-icsopenvpn.xml
index 8ae2770e..ef4e3a75 100755
--- a/app/src/main/res/values-ro/strings-icsopenvpn.xml
+++ b/app/src/main/res/values-ro/strings-icsopenvpn.xml
@@ -1,5 +1,9 @@
 <?xml version="1.0" encoding="utf-8"?>
-<!--Generated by crowdin.net-->
+<!--Generated by crowdin.com-->
+<!--
+  ~ Copyright (c) 2012-2014 Arne Schwabe
+  ~ Distributed under the GNU GPL v2. For full terms see the file doc/LICENSE.txt
+  -->
 <!-- Generated by crowdin.net -->
 <resources>
 
diff --git a/app/src/main/res/values-ru/strings-icsopenvpn.xml b/app/src/main/res/values-ru/strings-icsopenvpn.xml
index 400269ec..e2bc930c 100755
--- a/app/src/main/res/values-ru/strings-icsopenvpn.xml
+++ b/app/src/main/res/values-ru/strings-icsopenvpn.xml
@@ -1,5 +1,9 @@
 <?xml version="1.0" encoding="utf-8"?>
 <!--Generated by crowdin.com-->
+<!--
+  ~ Copyright (c) 2012-2014 Arne Schwabe
+  ~ Distributed under the GNU GPL v2. For full terms see the file doc/LICENSE.txt
+  -->
 <!-- Generated by crowdin.net -->
 <resources>
 
diff --git a/app/src/main/res/values-sv/strings-icsopenvpn.xml b/app/src/main/res/values-sv/strings-icsopenvpn.xml
index 1e4f3635..9b974522 100755
--- a/app/src/main/res/values-sv/strings-icsopenvpn.xml
+++ b/app/src/main/res/values-sv/strings-icsopenvpn.xml
@@ -1,5 +1,9 @@
 <?xml version="1.0" encoding="utf-8"?>
-<!--Generated by crowdin.net-->
+<!--Generated by crowdin.com-->
+<!--
+  ~ Copyright (c) 2012-2014 Arne Schwabe
+  ~ Distributed under the GNU GPL v2. For full terms see the file doc/LICENSE.txt
+  -->
 <!-- Generated by crowdin.net -->
 <resources>
 
diff --git a/app/src/main/res/values-tr/strings-icsopenvpn.xml b/app/src/main/res/values-tr/strings-icsopenvpn.xml
index a40df5bf..90ad068d 100755
--- a/app/src/main/res/values-tr/strings-icsopenvpn.xml
+++ b/app/src/main/res/values-tr/strings-icsopenvpn.xml
@@ -1,5 +1,9 @@
 <?xml version="1.0" encoding="utf-8"?>
-<!--Generated by crowdin.net-->
+<!--Generated by crowdin.com-->
+<!--
+  ~ Copyright (c) 2012-2014 Arne Schwabe
+  ~ Distributed under the GNU GPL v2. For full terms see the file doc/LICENSE.txt
+  -->
 <!-- Generated by crowdin.net -->
 <resources>
 
@@ -86,6 +90,7 @@
   <string name="use_default_title">Varsayılan Yolu kullan</string>
   <string name="custom_route_message">Özel yolları girin. CIDR biçimde tek hedef girin. \"10.0.0.0 / 8 2002 :: / 16\" ağlar VPN üzerinden 10.0.0.0 / 8 ve 2002 :: / 16 doğrudan.</string>
   <string name="custom_routes_title">Özel Yollar</string>
+  <string name="custom_routes_title_excluded">Dışlanan Ağlar</string>
   <string name="log_verbosity_level">Ayrıntı düzeyi Log</string>
   <string name="float_summary">Herhangi bir IP kimlik doğrulaması paketlerini sağlar</string>
   <string name="float_title">Herhangi bir IP kimlik doğrulaması paketlerini sağlar</string>
diff --git a/app/src/main/res/values-uk/strings-icsopenvpn.xml b/app/src/main/res/values-uk/strings-icsopenvpn.xml
index 97a1e9a4..92637b74 100755
--- a/app/src/main/res/values-uk/strings-icsopenvpn.xml
+++ b/app/src/main/res/values-uk/strings-icsopenvpn.xml
@@ -1,5 +1,9 @@
 <?xml version="1.0" encoding="utf-8"?>
-<!--Generated by crowdin.net-->
+<!--Generated by crowdin.com-->
+<!--
+  ~ Copyright (c) 2012-2014 Arne Schwabe
+  ~ Distributed under the GNU GPL v2. For full terms see the file doc/LICENSE.txt
+  -->
 <!-- Generated by crowdin.net -->
 <resources>
 
diff --git a/app/src/main/res/values-v21/refs.xml b/app/src/main/res/values-v21/refs.xml
new file mode 100644
index 00000000..0d5d271a
--- /dev/null
+++ b/app/src/main/res/values-v21/refs.xml
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+  ~ Copyright (c) 2012-2014 Arne Schwabe
+  ~ Distributed under the GNU GPL v2. For full terms see the file doc/LICENSE.txt
+  -->
+
+<resources>
+    <drawable name="ic_menu_close_clear_cancel">@drawable/ic_close_white_24dp</drawable>
+    <drawable name="ic_menu_share">@drawable/ic_share_white_24dp </drawable>
+    <drawable name="ic_menu_view">@drawable/ic_filter_list_white_24dp</drawable>
+    <drawable name="ic_menu_delete">@drawable/ic_delete_white_24dp</drawable>
+    <drawable name="ic_menu_edit">@drawable/ic_edit_white_24dp</drawable>
+</resources>
diff --git a/app/src/main/res/values-v21/styles.xml b/app/src/main/res/values-v21/styles.xml
new file mode 100644
index 00000000..892b6cb0
--- /dev/null
+++ b/app/src/main/res/values-v21/styles.xml
@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+  ~ Copyright (c) 2012-2014 Arne Schwabe
+  ~ Distributed under the GNU GPL v2. For full terms see the file doc/LICENSE.txt
+  -->
+
+<resources>
+
+    <!-- http://www.google.de/design/spec/style/color.html#color-color-palette -->
+    <style name="appstyle" parent="android:Theme.Material.Light.DarkActionBar">
+        <item name="android:colorPrimary">@color/primary</item>
+        <item name="android:colorPrimaryDark">@color/primary_dark</item>
+        <item name="android:colorAccent">@color/accent</item>
+    </style>
+</resources>
diff --git a/app/src/main/res/values-zh-rCN/strings-icsopenvpn.xml b/app/src/main/res/values-zh-rCN/strings-icsopenvpn.xml
index e49a2240..93e0cbb1 100755
--- a/app/src/main/res/values-zh-rCN/strings-icsopenvpn.xml
+++ b/app/src/main/res/values-zh-rCN/strings-icsopenvpn.xml
@@ -1,5 +1,9 @@
 <?xml version="1.0" encoding="utf-8"?>
-<!--Generated by crowdin.net-->
+<!--Generated by crowdin.com-->
+<!--
+  ~ Copyright (c) 2012-2014 Arne Schwabe
+  ~ Distributed under the GNU GPL v2. For full terms see the file doc/LICENSE.txt
+  -->
 <!-- Generated by crowdin.net -->
 <resources>
 
@@ -23,7 +27,7 @@
   <string name="vpn_list_title">�置文件</string>
   <string name="vpn_type">类型</string>
   <string name="pkcs12pwquery">PKCS12 密�</string>
-  <string name="file_select">请选择...</string>
+  <string name="file_select">请选择&#8230;</string>
   <string name="file_nothing_selected">您必须选择一个文件</string>
   <string name="useTLSAuth">使用 TLS 身份验�</string>
   <string name="tls_direction">TLS 方�</string>
@@ -85,7 +89,6 @@
   <string name="use_default_title">使用默认路由</string>
   <string name="custom_route_message">输入自定义路由。输入 CIDR 格�地�。</string>
   <string name="custom_routes_title">自定义路由</string>
-  <string name="custom_routes_title_excluded">just</string>
   <string name="log_verbosity_level">日志详细级别</string>
   <string name="float_summary">�许�自任何 IP 的认�数�包</string>
   <string name="float_title">�许浮�务器</string>
@@ -100,7 +103,6 @@
   <string name="local_ip_info">本地 IPv4： %1$s/%2$d IPv6： %3$s MTU： %4$d</string>
   <string name="dns_server_info">DNS �务器: %1$s, 域�: %2$s</string>
   <string name="routes_info_excl">排除的路由： %1$s %2$s</string>
-  <string name="routes_debug">China</string>
   <string name="ip_not_cidr">已获得接�信� %1$s 以� %2$s，将第二个地�作为远程地�。使用 /32 作为本地掩�。OpenVPN 给出的模�是 \"%3$s\"。</string>
   <string name="route_not_cidr">无法将 %1$s 和 %2$s 作为 CIDR 形�的路由，将使用 /32 的�网掩�。</string>
   <string name="route_not_netip">纠正路由 %1$s/%2$s 为 %3$s/%2$s</string>
@@ -292,7 +294,7 @@
   <string name="thanks_for_donation">感谢�赠 %s�</string>
   <string name="logCleared">日志已清除。</string>
   <string name="show_password">显示密�</string>
-  <string name="keyChainAccessError">钥匙串访问错误： ％s</string>
+  <string name="keyChainAccessError">钥匙串访问错误： %s</string>
   <string name="timestamp_short">短</string>
   <string name="timestamp_iso">ISO</string>
   <string name="timestamps">时间戳</string>
diff --git a/app/src/main/res/values-zh-rTW/strings-icsopenvpn.xml b/app/src/main/res/values-zh-rTW/strings-icsopenvpn.xml
index e467dd5b..bd155362 100755
--- a/app/src/main/res/values-zh-rTW/strings-icsopenvpn.xml
+++ b/app/src/main/res/values-zh-rTW/strings-icsopenvpn.xml
@@ -1,5 +1,10 @@
 <?xml version="1.0" encoding="utf-8"?>
-<!--Generated by crowdin.net-->
+<!--Generated by crowdin.com-->
+<!--
+  ~ Copyright (c) 2012-2014 Arne Schwabe
+  ~ Distributed under the GNU GPL v2. For full terms see the file doc/LICENSE.txt
+  -->
+<!-- Generated by crowdin.net -->
 <resources>
 
   <string name="address">伺�器地�:</string>
@@ -19,9 +24,10 @@
   <string name="copyright_guicode">�得原始碼與個案追蹤，�上 http://code.google.com/p/ics-openvpn/</string>
   <string name="copyright_others">本程�使用了以下元件，其作者和授權資訊如下</string>
   <string name="about">關於</string>
+  <string name="vpn_list_title">設定檔</string>
   <string name="vpn_type">é¡žåž‹</string>
   <string name="pkcs12pwquery">PKCS12 密碼</string>
-  <string name="file_select">�擇…</string>
+  <string name="file_select">�擇&#8230;</string>
   <string name="file_nothing_selected">你必須�擇一個檔案</string>
   <string name="useTLSAuth">使用傳輸層防�牆(TLS-Auth)</string>
   <string name="tls_direction">TLS方�</string>
@@ -43,19 +49,22 @@
   <string name="ipv4_format_error">解�IPv4地�時發生錯誤</string>
   <string name="custom_route_format_error">解�自訂路由時發生錯誤</string>
   <string name="vpn_shortcut">OpenVPN�徑</string>
-  <string name="vpn_launch_title">連接到VPN</string>
+  <string name="vpn_launch_title">連線到VPN</string>
   <string name="shortcut_profile_notfound">在快�方�找�到指定的設定檔</string>
   <string name="random_host_prefix">隨機主機�稱字首</string>
   <string name="random_host_summary">在主機�稱�加入6個隨機字符</string>
   <string name="custom_config_title">啟用自訂�項</string>
   <string name="custom_config_summary">自訂�項，使用時請�心�</string>
   <string name="route_rejected">路由被Android拒絕</string>
-  <string name="cancel_connection">æ–·ç·š</string>
+  <string name="cancel_connection">中斷連線</string>
+  <string name="cancel_connection_long">中斷VPN連線</string>
   <string name="clear_log">清除記錄檔</string>
   <string name="title_cancel">確��消</string>
+  <string name="cancel_connection_query">中斷已連接的VPN/�消正在嘗試的連線？</string>
   <string name="remove_vpn">移除VPN</string>
-  <string name="check_remote_tlscert">檢查�方出示的是�TLS伺�器憑證</string>
-  <string name="check_remote_tlscert_title">�期�方出示TLS伺�器憑證</string>
+  <string name="check_remote_tlscert_title">�計TLS�務器證書</string>
+  <string name="remote_tlscn_check_summary">檢查�程�務器證書的主題DN</string>
+  <string name="remote_tlscn_check_title">證書的主機�檢查</string>
   <string name="tls_key_auth">啟用傳輸層防�牆(TLS-Auth)</string>
   <string name="tls_auth_file">TLS驗證檔</string>
   <string name="pull_on_summary">�伺�器請求IP地�, 路由和時間資訊</string>
@@ -117,7 +126,9 @@
   <string name="import_vpn">匯入</string>
   <string name="ipv4">IPv4</string>
   <string name="ipv6">IPv6</string>
-  <string name="speed_waiting">等待狀態訊�…</string>
+  <string name="speed_waiting">等待狀態訊�&#8230;</string>
+  <string name="converted_profile">匯入設定檔</string>
+  <string name="converted_profile_i">匯入設定檔%d</string>
   <string name="pkcs12_file_encryption_key">PKCS12檔加密金鑰</string>
   <string name="private_key_password">�密金鑰密碼</string>
   <string name="password">密碼</string>
@@ -128,45 +139,55 @@
   <string name="owner_fix">修正 /dev/tun 的�有者</string>
   <string name="generated_config_summary">顯示本程�生�的設定檔</string>
   <string name="edit_profile_title">正在編輯\"%s\"</string>
-  <string name="building_configration">正在生�設定檔…</string>
-  <string name="netchange_summary">當網絡狀�變更時強制�新連接(例如從WiFi變�手機網絡，�之亦然)</string>
-  <string name="netchange">網絡異動時�新連接</string>
+  <string name="building_configration">正在生�設定檔&#8230;</string>
+  <string name="netchange_summary">若切�此�項當網絡狀�變更時將強制�新連線(例如從WiFi變�手機網絡，�之亦然)</string>
+  <string name="netchange">網絡異動時�新連線</string>
   <string name="netstatus">網絡狀態: %s</string>
   <string name="select_file">�擇</string>
+  <string name="show_log_summary">連接時顯示記錄檔視窗。記錄檔視窗�以隨時從通知欄中進入。</string>
   <string name="show_log_window">顯示記錄視窗</string>
   <string name="mobile_info">於 %1$s (%2$s) %3$s 上�行, Android API 版本: %4$d</string>
   <string name="faq_system_dialogs_title">連線警告和通知時發出音效</string>
-  <string name="translationby">�體中文 由 羊羊@自由網絡研究中心 &lt;sora8964@gmail.com&gt; 翻譯</string>
+  <string name="translationby">�體中文</string>
   <string name="ipdns">IPå’ŒDNS</string>
   <string name="basic">基本</string>
   <string name="routing">路由</string>
   <string name="obscure">鮮為人知的OpenVPN設定，一般情�下�需�派上用場。</string>
   <string name="advanced">進階</string>
   <string name="export_config_title">ICS Openvpn 設定</string>
-  <string name="warn_no_dns">沒有任何DNS伺�器�用，�能無法進行網域�稱解�。請考慮設置自訂的DNS伺�器</string>
   <string name="faq_howto_title">快速入門</string>
   <string name="setting_loadtun_summary">在連線�嘗試載入Tun模組，需�Root。</string>
   <string name="setting_loadtun">載入Tun模組</string>
   <string name="getproxy_error">�得代�伺�器資訊時發生錯誤: %s</string>
   <string name="using_proxy">使用代�伺�器 %1$s %2$d</string>
   <string name="use_system_proxy">使用系統代�</string>
-  <string name="use_system_proxy_summary">使用系統�置的 HTTP/HTTPS 代�伺�器進行連接。</string>
+  <string name="use_system_proxy_summary">使用系統�置的 HTTP/HTTPS 代�伺�器進行連線。</string>
   <string name="donatewithpaypal">你�以�� &lt;a href=\"https://www.paypal.com/cgi-bin/webscr?hosted_button_id=R2M6ZP9AF25LS&amp;amp;cmd=_s-xclick\"&gt;PayPal&lt;/a&gt; �供�助</string>
-  <string name="onbootrestartsummary">如果在�新開機或關機�正連接VPN，開機時自動�新連接。在使用這個�項之�請先閱讀連線警告FAQ。</string>
-  <string name="onbootrestart">開機時�新連接</string>
+  <string name="onbootrestartsummary">如果在�新開機或關機�正連線VPN，開機時自動�新連線。在使用這個�項之�請先閱讀連線警告FAQ。</string>
+  <string name="onbootrestart">開機時�新連線</string>
   <string name="ignore">忽略</string>
   <string name="restart">�置</string>
   <string name="restart_vpn_after_change">�置變更�會在�新啟動VPN時�生效，�在�(�新)啟動VPN嗎？</string>
   <string name="configuration_changed">設定已變更</string>
+  <string name="log_no_last_vpn">無法判斷最後一次連線使用的設定檔，因此無法編輯設定檔。</string>
   <string name="faq_duplicate_notification_title">�複的通知</string>
   <string name="faq_routing_title">路由/網絡介� 設定</string>
   <string name="openvpn_log">OpenVPN �作記錄</string>
   <string name="import_config">匯入 OpenVPN �置</string>
   <string name="battery_consumption_title">電池消耗</string>
   <string name="vpn_tethering_title">VPN與�攜�無線基地�</string>
-  <string name="connection_retries">連線�試次數</string>
-  <string name="connectretrymessage">嘗試�新連線之間的等待秒數</string>
-  <string name="connectretrywait">�新連接間隔時間</string>
+  <string name="connection_retries">�新連線次數</string>
+  <string name="reconnection_settings">�新連線設定</string>
+  <string name="connectretrymessage">嘗試�新連線之間的等待秒數。</string>
+  <string name="connectretrywait">�新連線的間隔時間</string>
   <string name="minidump_generated">OpenVPN��期地崩潰，你或者會考慮在主�單下傳�Minidump給開發人員。</string>
   <string name="send_minidump">�開發人員傳�Minidump</string>
+  <string name="state_connecting">連線中</string>
+  <string name="state_connected">已連線</string>
+  <string name="state_disconnected">中斷連線</string>
+  <string name="state_reconnecting">正在�新連線</string>
+  <string name="state_tcp_connect">連線中 (TCP)</string>
+  <string name="notifcation_title_notconnect">未連線</string>
+  <string name="start_vpn_title">正在連接至 VPN %s</string>
+  <string name="start_vpn_ticker">正在連接至 VPN %s</string>
 </resources>
diff --git a/app/src/main/res/values/colours.xml b/app/src/main/res/values/colours.xml
new file mode 100644
index 00000000..89fb41dd
--- /dev/null
+++ b/app/src/main/res/values/colours.xml
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+  ~ Copyright (c) 2012-2014 Arne Schwabe
+  ~ Distributed under the GNU GPL v2. For full terms see the file doc/LICENSE.txt
+  -->
+
+<resources>
+    <!-- Indigo -->
+    <!-- OpenVPN colours #203155, #C66D0D -->
+    <color name="primary">#3F51B5</color>
+    <color name="primary_dark">#303F9F</color>
+    <color name="accent">#FFA726</color>
+</resources>
\ No newline at end of file
diff --git a/app/src/main/res/values/dimens.xml b/app/src/main/res/values/dimens.xml
index 4f325078..9a53fe4c 100644
--- a/app/src/main/res/values/dimens.xml
+++ b/app/src/main/res/values/dimens.xml
@@ -1,4 +1,9 @@
 <?xml version="1.0" encoding="utf-8"?>
+<!--
+  ~ Copyright (c) 2012-2014 Arne Schwabe
+  ~ Distributed under the GNU GPL v2. For full terms see the file doc/LICENSE.txt
+  -->
+
 <resources>
     <dimen name="paddingItemsSidebarLog">20dp</dimen>
     <dimen name="stdpadding">8dp</dimen>
diff --git a/app/src/main/res/values/refs.xml b/app/src/main/res/values/refs.xml
new file mode 100644
index 00000000..5e7f5e14
--- /dev/null
+++ b/app/src/main/res/values/refs.xml
@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+  ~ Copyright (c) 2012-2014 Arne Schwabe
+  ~ Distributed under the GNU GPL v2. For full terms see the file doc/LICENSE.txt
+  -->
+
+<resources>
+    <drawable name="ic_menu_close_clear_cancel">@android:drawable/ic_menu_close_clear_cancel</drawable>
+    <drawable name="ic_menu_share">@android:drawable/ic_menu_share </drawable>
+    <drawable name="ic_menu_save">@android:drawable/ic_menu_save</drawable>
+    <drawable name="ic_menu_view">@android:drawable/ic_menu_view</drawable>
+    <drawable name="ic_menu_delete">@android:drawable/ic_menu_delete</drawable>
+    <drawable name="ic_menu_edit">@android:drawable/ic_menu_edit</drawable>
+
+</resources>
diff --git a/app/src/main/res/values/strings-icsopenvpn.xml b/app/src/main/res/values/strings-icsopenvpn.xml
index aadbff32..15bf8142 100755
--- a/app/src/main/res/values/strings-icsopenvpn.xml
+++ b/app/src/main/res/values/strings-icsopenvpn.xml
@@ -1,4 +1,7 @@
-<?xml version="1.0" encoding="utf-8"?> <!-- Generated by crowdin.net -->
+<?xml version="1.0" encoding="utf-8"?> <!--
+  ~ Copyright (c) 2012-2014 Arne Schwabe
+  ~ Distributed under the GNU GPL v2. For full terms see the file doc/LICENSE.txt
+  --> <!-- Generated by crowdin.net -->
 <resources>
 
 
@@ -323,5 +326,7 @@
     <string name="mssfix_value_dialog">Announce to TCP sessions running over the tunnel that they should limit their send packet sizes such that after OpenVPN has encapsulated them, the resulting UDP packet size that OpenVPN sends to its peer will not exceed this number of bytes. (default is 1450)</string>
     <string name="mssfix_checkbox">Override MSS value of TCP payload</string>
     <string name="mssfix_dialogtitle">Set MSS of TCP payload</string>
+    <string name="client_behaviour">Client behaviour</string>
+    <string name="clear_external_apps">Clear allowed external apps</string>
 
 </resources>
diff --git a/app/src/main/res/values/strings.xml b/app/src/main/res/values/strings.xml
index 350401d3..68e71886 100644
--- a/app/src/main/res/values/strings.xml
+++ b/app/src/main/res/values/strings.xml
@@ -63,6 +63,7 @@
     <string name="log_out_failed_message">Didn\'t log out.</string>
     <string name="succesful_authentication_message">Authentication succeeded.</string>
     <string name="authentication_failed_message">Authentication failed.</string>
+    <string name="registration_failed_message">Registration failed..</string>
     <string name="successful_authed_cert_downloaded_message">Your own cert has been correctly downloaded.</string>
     <string name="authed_cert_download_failed_message">Your own cert has incorrectly been downloaded.</string>
     <string name="eip_status_start_pending">Initiating connection</string>
diff --git a/app/src/main/res/values/styles.xml b/app/src/main/res/values/styles.xml
index 95e709b3..a60e29b8 100644
--- a/app/src/main/res/values/styles.xml
+++ b/app/src/main/res/values/styles.xml
@@ -1,22 +1,14 @@
 <?xml version="1.0" encoding="utf-8"?>
 <!--
-  Copyright (C) 2011 The Android Open Source Project
-  Copyright (C) 2012 Arne Schwabe
+  ~ Copyright (c) 2012-2014 Arne Schwabe
+  ~ Distributed under the GNU GPL v2. For full terms see the file doc/LICENSE.txt
+  -->
 
-  Licensed under the Apache License, Version 2.0 (the "License");
-  you may not use this file except in compliance with the License.
-  You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
+<resources>
+    <style name="appstyle" parent="android:Theme.DeviceDefault.Light">
 
-  Unless required by applicable law or agreed to in writing, software
-  distributed under the License is distributed on an "AS IS" BASIS,
-  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-  See the License for the specific language governing permissions and
-  limitations under the License.
--->
+    </style>
 
-<resources>
 
     <style name="item">
         <item name="android:layout_width">match_parent</item>
@@ -35,7 +27,7 @@
         <item name="android:paddingTop">10sp</item>
         <item name="android:layout_width">match_parent</item>
         <item name="android:layout_height">wrap_content</item>
-        <item name="android:textAppearance">?android:attr/textAppearanceMedium</item>
+        <item name="android:textAppearance">?android:attr/textAppearanceLarge</item>
         <!-- <item name="android:singleLine">true</item> -->
     </style>
 
diff --git a/app/src/main/res/values/untranslatable.xml b/app/src/main/res/values/untranslatable.xml
index b45d5ae7..82147ab5 100644
--- a/app/src/main/res/values/untranslatable.xml
+++ b/app/src/main/res/values/untranslatable.xml
@@ -2450,4 +2450,724 @@
 
 
 
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
 </resources>
\ No newline at end of file
diff --git a/app/src/release/java/se/leap/bitmaskclient/ConfigurationWizard.java b/app/src/release/java/se/leap/bitmaskclient/ConfigurationWizard.java
index b5a57234..73de29bc 100644
--- a/app/src/release/java/se/leap/bitmaskclient/ConfigurationWizard.java
+++ b/app/src/release/java/se/leap/bitmaskclient/ConfigurationWizard.java
@@ -1,516 +1,412 @@
-/**

- * Copyright (c) 2013 LEAP Encryption Access Project and contributers

- * 

- * This program is free software: you can redistribute it and/or modify

- * it under the terms of the GNU General Public License as published by

- * the Free Software Foundation, either version 3 of the License, or

- * (at your option) any later version.

- *

- * This program is distributed in the hope that it will be useful,

- * but WITHOUT ANY WARRANTY; without even the implied warranty of

- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

- * GNU General Public License for more details.

- *

- * You should have received a copy of the GNU General Public License

- * along with this program. If not, see <http://www.gnu.org/licenses/>.

- */

- package se.leap.bitmaskclient;

-

-
-
-
-

-

-import android.app.Activity;

-import android.app.DialogFragment;

-import android.app.Fragment;

-import android.app.FragmentManager;

-import android.app.FragmentTransaction;

-import android.content.BroadcastReceiver;

-import android.content.Context;

-import android.content.Intent;

-import android.content.IntentFilter;

-import android.content.SharedPreferences;

-import android.content.res.AssetManager;

-import android.os.Bundle;

-import android.os.Handler;

-import android.util.Log;

-import android.view.Display;

-import android.view.Menu;

-import android.view.MenuItem;

-import android.view.View.MeasureSpec;

-import android.view.View;

-import android.view.ViewGroup;

-import android.view.WindowManager;

-import android.widget.ListAdapter;

-import android.widget.ListView;

-import android.widget.ProgressBar;

-import android.widget.ProgressBar;

-import android.widget.RelativeLayout;

-import android.widget.TextView;

-import java.io.IOException;

-import java.io.InputStream;
-import java.net.MalformedURLException;
-import java.net.URL;
-import java.util.Iterator;

-import org.json.JSONException;

-import org.json.JSONObject;

+/**
+ * Copyright (c) 2013 LEAP Encryption Access Project and contributers
+ * 
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+package se.leap.bitmaskclient;
+
+import android.app.*;
+import android.content.*;
+import android.os.*;
+import android.view.*;
+import android.widget.*;
+
+import com.pedrogomez.renderers.*;
+
+import java.net.*;
+import java.util.*;
+
+import butterknife.*;
+
+import org.json.*;
+
+import javax.inject.Inject;
+
 import se.leap.bitmaskclient.DownloadFailedDialog.DownloadFailedDialogInterface;
 import se.leap.bitmaskclient.NewProviderDialog.NewProviderDialogInterface;
 import se.leap.bitmaskclient.ProviderAPIResultReceiver.Receiver;
 import se.leap.bitmaskclient.ProviderDetailFragment.ProviderDetailFragmentInterface;
-import se.leap.bitmaskclient.ProviderListContent.ProviderItem;
-import se.leap.bitmaskclient.R;
-

-/**

- * Activity that builds and shows the list of known available providers.

- * 

- * It also allows the user to enter custom providers with a button.

- * 

- * @author parmegv

- *

- */

-public class ConfigurationWizard extends Activity

-implements ProviderListFragment.Callbacks, NewProviderDialogInterface, ProviderDetailFragmentInterface, DownloadFailedDialogInterface, Receiver {

-

-	private ProgressBar mProgressBar;

-	private TextView progressbar_description;

-	private ProviderListFragment provider_list_fragment;

-	private Intent mConfigState = new Intent();

-	

-	final public static String TAG = "se.leap.bitmaskclient.ConfigurationWizard";

-	final public static String TYPE_OF_CERTIFICATE = "type_of_certificate";

-	final public static String ANON_CERTIFICATE = "anon_certificate";

-	final public static String AUTHED_CERTIFICATE = "authed_certificate";

-

-	final protected static String PROVIDER_SET = "PROVIDER SET";

-	final protected static String SERVICES_RETRIEVED = "SERVICES RETRIEVED";

+import se.leap.bitmaskclient.eip.Constants;
+
+/**
+ * Activity that builds and shows the list of known available providers.
+ * 
+ * It also allows the user to enter custom providers with a button.
+ * 
+ * @author parmegv
+ *
+ */
+public class ConfigurationWizard extends Activity
+implements NewProviderDialogInterface, ProviderDetailFragmentInterface, DownloadFailedDialogInterface, Receiver {
+
+
+    @InjectView(R.id.progressbar_configuration_wizard) ProgressBar mProgressBar;
+    @InjectView(R.id.progressbar_description) TextView progressbar_description;
+
+    @InjectView(R.id.provider_list) ListView provider_list_view;
+    @Inject ProviderListAdapter adapter;
+
+    private ProviderManager provider_manager;
+	private Intent mConfigState = new Intent();
+    private Provider selected_provider;
+	
+    final public static String TAG = ConfigurationWizard.class.getSimpleName();
+	final public static String TYPE_OF_CERTIFICATE = "type_of_certificate";
+	final public static String ANON_CERTIFICATE = "anon_certificate";
+	final public static String AUTHED_CERTIFICATE = "authed_certificate";
+
+	final protected static String PROVIDER_SET = "PROVIDER SET";
+	final protected static String SERVICES_RETRIEVED = "SERVICES RETRIEVED";
     final protected static String ASSETS_URL_FOLDER = "urls";
-    

-    public ProviderAPIResultReceiver providerAPI_result_receiver;

+
+    final private static String PROGRESSBAR_TEXT = TAG + "PROGRESSBAR_TEXT";
+    final private static String PROGRESSBAR_NUMBER = TAG + "PROGRESSBAR_NUMBER";
+    
+    public ProviderAPIResultReceiver providerAPI_result_receiver;
     private ProviderAPIBroadcastReceiver_Update providerAPI_broadcast_receiver_update;
 
-    private static SharedPreferences preferences;

+    private static SharedPreferences preferences;
+    FragmentManagerEnhanced fragment_manager;
     private static boolean setting_up_provider = false;
-    

-    @Override

-    protected void onCreate(Bundle savedInstanceState) {

-        super.onCreate(savedInstanceState);

-	    preferences = getSharedPreferences(Dashboard.SHARED_PREFERENCES, MODE_PRIVATE);

-        

-        setContentView(R.layout.configuration_wizard_activity);

-	    mProgressBar = (ProgressBar) findViewById(R.id.progressbar_configuration_wizard);

-	    mProgressBar.setVisibility(ProgressBar.INVISIBLE);

-	    progressbar_description = (TextView) findViewById(R.id.progressbar_description);

-	    progressbar_description.setVisibility(TextView.INVISIBLE);

-        providerAPI_result_receiver = new ProviderAPIResultReceiver(new Handler());

-        providerAPI_result_receiver.setReceiver(this);

-	    providerAPI_broadcast_receiver_update = new ProviderAPIBroadcastReceiver_Update();

-	    IntentFilter update_intent_filter = new IntentFilter(ProviderAPI.UPDATE_PROGRESSBAR);

-	    update_intent_filter.addCategory(Intent.CATEGORY_DEFAULT);

-	    registerReceiver(providerAPI_broadcast_receiver_update, update_intent_filter);

-

-	    loadPreseededProviders();

-        

-        // Only create our fragments if we're not restoring a saved instance

-        if ( savedInstanceState == null ){

-        	// TODO Some welcome screen?

-        	// We will need better flow control when we have more Fragments (e.g. user auth)

-        	provider_list_fragment = ProviderListFragment.newInstance();

-    		Bundle arguments = new Bundle();

-    		int configuration_wizard_request_code = getIntent().getIntExtra(Dashboard.REQUEST_CODE, -1);

-    		if(configuration_wizard_request_code == Dashboard.SWITCH_PROVIDER) {

-    			arguments.putBoolean(ProviderListFragment.SHOW_ALL_PROVIDERS, true);

-    		}

-			provider_list_fragment.setArguments(arguments);

-

-    		FragmentManager fragmentManager = getFragmentManager();

-    		fragmentManager.beginTransaction()

-    		.replace(R.id.configuration_wizard_layout, provider_list_fragment, ProviderListFragment.TAG)

-    		.commit();

-        }

-

-        // TODO: If exposing deep links into your app, handle intents here.

-    }

-

-	@Override

-	protected void onDestroy() {

-		super.onDestroy();

-		unregisterReceiver(providerAPI_broadcast_receiver_update);

-	}

-

-    public void refreshProviderList(int top_padding) {

-    	ProviderListFragment new_provider_list_fragment = new ProviderListFragment();

-		Bundle top_padding_bundle = new Bundle();

-		top_padding_bundle.putInt(ProviderListFragment.TOP_PADDING, top_padding);

-		new_provider_list_fragment.setArguments(top_padding_bundle);

-		

-		FragmentManager fragmentManager = getFragmentManager();

-		fragmentManager.beginTransaction()

-		.replace(R.id.configuration_wizard_layout, new_provider_list_fragment, ProviderListFragment.TAG)

-		.commit();

-    }

-    

-	@Override

-	public void onReceiveResult(int resultCode, Bundle resultData) {

-		if(resultCode == ProviderAPI.PROVIDER_OK) {

-				mConfigState.setAction(PROVIDER_SET);

-

-				if (preferences.getBoolean(EIP.ALLOWED_ANON, false)){

-					mConfigState.putExtra(SERVICES_RETRIEVED, true);

-					downloadAnonCert();

-				} else {

-					mProgressBar.incrementProgressBy(1);

-				    mProgressBar.setVisibility(ProgressBar.GONE);

-				    progressbar_description.setVisibility(TextView.GONE);

-					setResult(RESULT_OK);
-					showProviderDetails(getCurrentFocus());

-				}
-		} else if(resultCode == ProviderAPI.PROVIDER_NOK) {

-			//refreshProviderList(0);
-			String reason_to_fail = resultData.getString(ProviderAPI.ERRORS);

-			showDownloadFailedDialog(getCurrentFocus(), reason_to_fail);

-			mProgressBar.setVisibility(ProgressBar.GONE);

-			progressbar_description.setVisibility(TextView.GONE);
-			preferences.edit().remove(Provider.KEY).commit();

-			setting_up_provider = false;
-			setResult(RESULT_CANCELED, mConfigState);

-		}

-		else if(resultCode == ProviderAPI.CORRECTLY_DOWNLOADED_CERTIFICATE) {

-			mProgressBar.incrementProgressBy(1);

-		    mProgressBar.setVisibility(ProgressBar.GONE);

-		    progressbar_description.setVisibility(TextView.GONE);

-		    //refreshProviderList(0);

-		    setResult(RESULT_OK);

-		    showProviderDetails(getCurrentFocus());

-		} else if(resultCode == ProviderAPI.INCORRECTLY_DOWNLOADED_CERTIFICATE) {

-			//refreshProviderList(0);

-			mProgressBar.setVisibility(ProgressBar.GONE);

-		    progressbar_description.setVisibility(TextView.GONE);

-			//Toast.makeText(getApplicationContext(), R.string.incorrectly_downloaded_certificate_message, Toast.LENGTH_LONG).show();

-        	setResult(RESULT_CANCELED, mConfigState);

-		} else if(resultCode == AboutActivity.VIEWED) {
-		    // Do nothing, right now
-		    // I need this for CW to wait for the About activity to end before going back to Dashboard.
-		}
-	}

-

-	/**

-     * Callback method from {@link ProviderListFragment.Callbacks}

-     * indicating that the item with the given ID was selected.

-     */

-    @Override

-    public void onItemSelected(String id) {

-	    //TODO Code 2 pane view

-	//	resetOldConnection();

-	    ProviderItem selected_provider = getProvider(id);

-	    int provider_index = getProviderIndex(id);

-
-
-	    startProgressBar(provider_index+1);
-	    provider_list_fragment.hideAllBut(provider_index);
-
-	    setUpProvider(selected_provider.providerMainUrl());
-    }

-    

-    @Override

-    public void onBackPressed() {

-    	if(setting_up_provider) {
-    		stopSettingUpProvider();
-    	} else {

-    		usualBackButton();
+    private String progressbar_text = "";
+    private String provider_name = "";
+    private int progress = -1;
+
+    private void initProviderList() {
+        List<Renderer<Provider>> prototypes = new ArrayList<Renderer<Provider>>();
+        prototypes.add(new ProviderRenderer(this));
+        ProviderRendererBuilder providerRendererBuilder = new ProviderRendererBuilder(prototypes);
+        adapter = new ProviderListAdapter(getLayoutInflater(), providerRendererBuilder, provider_manager);
+        provider_list_view.setAdapter(adapter);
+    }
+    
+    @Override
+    protected void onSaveInstanceState(Bundle outState) {
+        if(mProgressBar != null)
+            outState.putInt(PROGRESSBAR_NUMBER, mProgressBar.getProgress());
+        if(progressbar_description != null)
+            outState.putString(PROGRESSBAR_TEXT, progressbar_description.getText().toString());
+        if(selected_provider != null)
+            outState.putParcelable(Provider.KEY, selected_provider);
+        outState.putParcelable(ProviderAPI.RECEIVER_KEY, providerAPI_result_receiver);
+        super.onSaveInstanceState(outState);
+    }
+    
+    @Override
+    protected void onCreate(Bundle savedInstanceState) {
+        super.onCreate(savedInstanceState);
+	preferences = getSharedPreferences(Dashboard.SHARED_PREFERENCES, MODE_PRIVATE);
+	fragment_manager = new FragmentManagerEnhanced(getFragmentManager());
+        provider_manager = ProviderManager.getInstance(getAssets(), getExternalFilesDir(null));
+	
+	setUpInitialUI();
+
+	setUpProviderAPIResultReceiver();
+
+	setUpProviderList();
+
+	if ( savedInstanceState != null ) {
+	    restoreState(savedInstanceState);
+	}
+    }
+
+    private void restoreState(Bundle savedInstanceState) {
+        progressbar_text = savedInstanceState.getString(PROGRESSBAR_TEXT, "");
+        provider_name = savedInstanceState.getString(Provider.NAME, "");
+        selected_provider = savedInstanceState.getParcelable(Provider.KEY);
+        progress = savedInstanceState.getInt(PROGRESSBAR_NUMBER, -1);
+        providerAPI_result_receiver = savedInstanceState.getParcelable(ProviderAPI.RECEIVER_KEY);
+        providerAPI_result_receiver.setReceiver(this);
+    }
+
+    @Override
+    protected void onPostResume() {
+        super.onPostResume();
+        if(!progressbar_text.isEmpty() && !provider_name.isEmpty() && progress != -1) {
+            progressbar_description.setText(progressbar_text);
+            //onItemSelectedUi(getProvider(provider_name));
+            mProgressBar.setProgress(progress);
+
+            progressbar_text = "";
+            provider_name = "";
+            progress = -1;
+        }
+    }
+
+    private void setUpInitialUI() {
+	setContentView(R.layout.configuration_wizard_activity);
+        ButterKnife.inject(this);
+	
+	hideProgressBar();
+    }
+    
+    private void hideProgressBar() {	
+	mProgressBar.setVisibility(ProgressBar.INVISIBLE);
+	
+	progressbar_description.setVisibility(TextView.INVISIBLE);
+    }
+
+    private void setUpProviderList() {
+        initProviderList();
+    }
+
+    @Override
+    protected void onDestroy() {
+	super.onDestroy();
+	unregisterReceiver(providerAPI_broadcast_receiver_update);
+    }
+
+    private void setUpProviderAPIResultReceiver() {
+        providerAPI_result_receiver = new ProviderAPIResultReceiver(new Handler());
+        providerAPI_result_receiver.setReceiver(this);
+	providerAPI_broadcast_receiver_update = new ProviderAPIBroadcastReceiver_Update();
+	
+	IntentFilter update_intent_filter = new IntentFilter(ProviderAPI.UPDATE_PROGRESSBAR);
+	update_intent_filter.addCategory(Intent.CATEGORY_DEFAULT);
+	registerReceiver(providerAPI_broadcast_receiver_update, update_intent_filter);
+    }
+    
+    @Override
+    public void onReceiveResult(int resultCode, Bundle resultData) {
+	if(resultCode == ProviderAPI.PROVIDER_OK) {
+	    mConfigState.setAction(PROVIDER_SET);
+	    try {
+                String provider_json_string = preferences.getString(Provider.KEY, "");
+                if(!provider_json_string.isEmpty())
+		    selected_provider.define(new JSONObject(provider_json_string));
+            } catch (JSONException e) {
+                e.printStackTrace();
+            }
+	    
+	    if (preferences.getBoolean(Constants.ALLOWED_ANON, false)){
+		mConfigState.putExtra(SERVICES_RETRIEVED, true);
+		
+		downloadAnonCert();
+	    } else {
+		mProgressBar.incrementProgressBy(1);
+		hideProgressBar();
+		
+		setResult(RESULT_OK);
+		
+		showProviderDetails();
+	    }
+	} else if(resultCode == ProviderAPI.PROVIDER_NOK) {
+	    hideProgressBar();
+	    preferences.edit().remove(Provider.KEY).apply();
+	    setting_up_provider = false;
+	    
+	    setResult(RESULT_CANCELED, mConfigState);
+	    
+	    String reason_to_fail = resultData.getString(ProviderAPI.ERRORS);
+	    showDownloadFailedDialog(reason_to_fail);
+	}
+	else if(resultCode == ProviderAPI.CORRECTLY_DOWNLOADED_CERTIFICATE) {
+	    mProgressBar.incrementProgressBy(1);
+	    hideProgressBar();
+	    
+	    showProviderDetails();
+	    
+	    setResult(RESULT_OK);
+	} else if(resultCode == ProviderAPI.INCORRECTLY_DOWNLOADED_CERTIFICATE) {
+	    hideProgressBar();
+	    
+	    setResult(RESULT_CANCELED, mConfigState);
+	} else if(resultCode == AboutActivity.VIEWED) {
+	    // Do nothing, right now
+	    // I need this for CW to wait for the About activity to end before going back to Dashboard.
+	}
+    }
+
+    @OnItemClick(R.id.provider_list)
+    void onItemSelected(int position) {
+	//TODO Code 2 pane view
+        selected_provider = adapter.getItem(position);
+        onItemSelectedUi(selected_provider);
+	onItemSelectedLogic(selected_provider);
+    }
+
+    private void onItemSelectedLogic(Provider selected_provider) {
+        setUpProvider(selected_provider.mainUrl());
+    }
+
+    private void onItemSelectedUi(Provider provider) {
+        startProgressBar();
+	adapter.hideAllBut(adapter.indexOf(provider));
+    }
+    
+    @Override
+    public void onBackPressed() {
+	if(setting_up_provider) {
+	    stopSettingUpProvider();
+    	} else {
+	    askDashboardToQuitApp();
+	    super.onBackPressed();
     	}
     }
-    

-    private void stopSettingUpProvider() {

-		ProviderAPI.stop();

-		mProgressBar.setVisibility(ProgressBar.GONE);

-		mProgressBar.setProgress(0);

-		progressbar_description.setVisibility(TextView.GONE);

-		preferences.edit().remove(Provider.KEY).commit();

-    	setting_up_provider = false;

+    
+    private void stopSettingUpProvider() {
+	ProviderAPI.stop();
+	mProgressBar.setVisibility(ProgressBar.GONE);
+	mProgressBar.setProgress(0);
+	progressbar_description.setVisibility(TextView.GONE);
+	
+	preferences.edit().remove(Provider.KEY).apply();
+    	setting_up_provider = false;
 	showAllProviders();
-    }

-    

-    private void usualBackButton() {

-		try {

-			boolean is_provider_set_up = new JSONObject(preferences.getString(Provider.KEY, "no provider")) != null ? true : false;

-			boolean is_provider_set_up_truly = new JSONObject(preferences.getString(Provider.KEY, "no provider")).length() != 0 ? true : false;

-			if(!is_provider_set_up || !is_provider_set_up_truly) {

-				askDashboardToQuitApp();

-			} else {

-				setResult(RESULT_OK);

-			}

-		} catch (JSONException e) {

-			askDashboardToQuitApp();

-			super.onBackPressed();

-			e.printStackTrace();

-		}

-		super.onBackPressed();

-    }

-    private void askDashboardToQuitApp() {

-		Intent ask_quit = new Intent();

-		ask_quit.putExtra(Dashboard.ACTION_QUIT, Dashboard.ACTION_QUIT);

-		setResult(RESULT_CANCELED, ask_quit);

-    }

-

-    private ProviderItem getProvider(String name) {

-	    Iterator<ProviderItem> providers_iterator = ProviderListContent.ITEMS.iterator();

-	    while(providers_iterator.hasNext()) {

-		    ProviderItem provider = providers_iterator.next();

-		    if(provider.name().equalsIgnoreCase(name)) {

-			    return provider;

-		    }

-	    }

-	    return null;

-    }

-    

-    private String getId(String provider_main_url_string) {
-	try {
-	URL provider_url = new URL(provider_main_url_string);
-	URL aux_provider_url;
-	Iterator<ProviderItem> providers_iterator = ProviderListContent.ITEMS.iterator();
-	while(providers_iterator.hasNext()) {
-	    ProviderItem provider = providers_iterator.next();
-	    aux_provider_url = new URL(provider.providerMainUrl());
-	    if(isSameURL(provider_url, aux_provider_url)) {
-		return provider.name();
-	    }
+    }
+    
+    private void usualBackButton() {
+	if(preferences.getString(Provider.KEY, "").isEmpty()) {
+	    askDashboardToQuitApp();
+	} else {
+	    setResult(RESULT_OK);
 	}
-	} catch (MalformedURLException e) {
-	    e.printStackTrace();
+	super.onBackPressed();
+    }
+    private void askDashboardToQuitApp() {
+		Intent ask_quit = new Intent();
+		ask_quit.putExtra(Dashboard.ACTION_QUIT, Dashboard.ACTION_QUIT);
+		setResult(RESULT_CANCELED, ask_quit);
+    }
+	
+    private void startProgressBar() {
+        mProgressBar.setVisibility(ProgressBar.VISIBLE);
+        progressbar_description.setVisibility(TextView.VISIBLE);
+        mProgressBar.setProgress(0);
+        mProgressBar.setMax(3);
+
+	int measured_height = listItemHeight();
+	mProgressBar.setTranslationY(measured_height);
+	progressbar_description.setTranslationY(measured_height + mProgressBar.getHeight());
+    }
+    
+    private int listItemHeight() {
+        View listItem = adapter.getView(0, null, provider_list_view);
+        listItem.setLayoutParams(new RelativeLayout.LayoutParams(
+                RelativeLayout.LayoutParams.WRAP_CONTENT,
+                RelativeLayout.LayoutParams.WRAP_CONTENT));
+        WindowManager wm = (WindowManager) getApplicationContext()
+                    .getSystemService(Context.WINDOW_SERVICE);
+        Display display = wm.getDefaultDisplay();
+        int screenWidth = display.getWidth(); // deprecated
+
+        int listViewWidth = screenWidth - 10 - 10;
+        int widthSpec = View.MeasureSpec.makeMeasureSpec(listViewWidth,
+                    View.MeasureSpec.AT_MOST);
+        listItem.measure(widthSpec, 0);
+
+        return listItem.getMeasuredHeight();
+    }
+    
+	/**
+	 * Asks ProviderAPI to download an anonymous (anon) VPN certificate.
+	 */
+	private void downloadAnonCert() {
+		Intent provider_API_command = new Intent(this, ProviderAPI.class);
+
+		Bundle parameters = new Bundle();
+
+		parameters.putString(TYPE_OF_CERTIFICATE, ANON_CERTIFICATE);
+
+		provider_API_command.setAction(ProviderAPI.DOWNLOAD_CERTIFICATE);
+		provider_API_command.putExtra(ProviderAPI.PARAMETERS, parameters);
+		provider_API_command.putExtra(ProviderAPI.RECEIVER_KEY, providerAPI_result_receiver);
+
+		startService(provider_API_command);
 	}
-	return "";
-    }

-
-    /**
-     * Checks, whether 2 urls are pointing to the same location.
-     *
-     * @param url a url
-     * @param baseUrl an other url, that should be compared.
-     * @return true, if the urls point to the same host and port and use the 
-     *         same protocol, false otherwise.
-     */
-    private boolean isSameURL(final URL url, final URL baseUrl) {
-	if (!url.getProtocol().equals(baseUrl.getProtocol())) {
-	    return false;
+	
+	/**
+	 * Open the new provider dialog
+	 */
+	public void addAndSelectNewProvider() {
+	    FragmentTransaction fragment_transaction = fragment_manager.removePreviousFragment(NewProviderDialog.TAG);
+        new NewProviderDialog().show(fragment_transaction, NewProviderDialog.TAG);
 	}
-	if (!url.getHost().equals(baseUrl.getHost())) {
-	    return false;
+	
+	/**
+	 * Open the new provider dialog with data
+	 */
+	public void addAndSelectNewProvider(String main_url) {
+	    FragmentTransaction fragment_transaction = fragment_manager.removePreviousFragment(NewProviderDialog.TAG);
+		
+	    DialogFragment newFragment = new NewProviderDialog();
+	    Bundle data = new Bundle();
+	    data.putString(Provider.MAIN_URL, main_url);
+	    newFragment.setArguments(data);
+	    newFragment.show(fragment_transaction, NewProviderDialog.TAG);
 	}
-	if (url.getPort() != baseUrl.getPort()) {
-	    return false;
+	
+	/**
+	 * Once selected a provider, this fragment offers the user to log in, 
+	 * use it anonymously (if possible) 
+	 * or cancel his/her election pressing the back button.
+	 * @param reason_to_fail 
+	 */
+	public void showDownloadFailedDialog(String reason_to_fail) {
+	    FragmentTransaction fragment_transaction = fragment_manager.removePreviousFragment(DownloadFailedDialog.TAG);
+		
+	    DialogFragment newFragment = DownloadFailedDialog.newInstance(reason_to_fail);
+	    newFragment.show(fragment_transaction, DownloadFailedDialog.TAG);
 	}
-	return true;
-    }
-	

-	private void startProgressBar() {

-	    mProgressBar.setVisibility(ProgressBar.VISIBLE);

-	    mProgressBar.setProgress(0);

-	    mProgressBar.setMax(3);

-	}

-	

-	private void startProgressBar(int list_item_index) {

-	    mProgressBar.setVisibility(ProgressBar.VISIBLE);

-	    progressbar_description.setVisibility(TextView.VISIBLE);

-	    mProgressBar.setProgress(0);

-	    mProgressBar.setMax(3);

-	    int measured_height = listItemHeight(list_item_index);

-	    mProgressBar.setTranslationY(measured_height);

-	    progressbar_description.setTranslationY(measured_height + mProgressBar.getHeight());

-	}

-

-    private int getProviderIndex(String id) {

-    	int index = 0;

-	    Iterator<ProviderItem> providers_iterator = ProviderListContent.ITEMS.iterator();

-	    while(providers_iterator.hasNext()) {

-		    ProviderItem provider = providers_iterator.next();

-		    if(provider.name().equalsIgnoreCase(id)) {

-			    break;

-		    } else index++;
-	    }

-	    return index;

-    }

-    

-    private int listItemHeight(int list_item_index) {

-        ListView provider_list_view = (ListView)findViewById(android.R.id.list);

-        ListAdapter provider_list_adapter = provider_list_view.getAdapter();

-        View listItem = provider_list_adapter.getView(0, null, provider_list_view);

-        listItem.setLayoutParams(new RelativeLayout.LayoutParams(

-                    RelativeLayout.LayoutParams.WRAP_CONTENT,

-                    RelativeLayout.LayoutParams.WRAP_CONTENT));

-        WindowManager wm = (WindowManager) getApplicationContext()

-                    .getSystemService(Context.WINDOW_SERVICE);

-        Display display = wm.getDefaultDisplay();

-        int screenWidth = display.getWidth(); // deprecated

-

-        int listViewWidth = screenWidth - 10 - 10;

-        int widthSpec = MeasureSpec.makeMeasureSpec(listViewWidth,

-                    MeasureSpec.AT_MOST);

-        listItem.measure(widthSpec, 0);

-

-        return listItem.getMeasuredHeight();

-}

-	

-        /**
-     * Loads providers data from url files contained in the assets folder
-     * @return true if the files were correctly read
-     */
-    private boolean loadPreseededProviders() {
-    	boolean loaded_preseeded_providers = false;
-        String[] urls_filepaths = null;
+	
+	/**
+	 * Once selected a provider, this fragment offers the user to log in, 
+	 * use it anonymously (if possible) 
+	 * or cancel his/her election pressing the back button.
+	 * @param view
+	 */
+	private void showProviderDetails() {
+		if(setting_up_provider) {
+		    FragmentTransaction fragment_transaction = fragment_manager.removePreviousFragment(ProviderDetailFragment.TAG);
+
+		    DialogFragment newFragment = ProviderDetailFragment.newInstance();
+		    newFragment.show(fragment_transaction, ProviderDetailFragment.TAG);
+		}
+	}
+
+    public void showAndSelectProvider(String provider_main_url) {
 	try {
-	    //TODO Put that folder in a better place (also inside the "for")
-	    urls_filepaths = getAssets().list(ASSETS_URL_FOLDER); 
-	    String provider_name = "";
-	    for(String url_filepath : urls_filepaths) {
-		provider_name = url_filepath.subSequence(0, url_filepath.lastIndexOf(".")).toString();
-		String provider_main_url = extractProviderMainUrlFromAssetsFile(ASSETS_URL_FOLDER + "/" + url_filepath);
-		if(getId(provider_main_url).isEmpty())
-		    ProviderListContent.addItem(new ProviderItem(provider_name, provider_main_url));
-		loaded_preseeded_providers = true;

-	    }
-	} catch (IOException e) {
-	    loaded_preseeded_providers = false;
+	    selected_provider = new Provider(new URL((provider_main_url)));
+	    adapter.add(selected_provider);
+	    adapter.saveProviders();
+            autoSelectProvider(selected_provider);
+	} catch (MalformedURLException e) {
+	    e.printStackTrace();
 	}
-	
-	return loaded_preseeded_providers;
     }
     
-    private String extractProviderMainUrlFromAssetsFile(String filepath) {
-	String provider_main_url = "";
-	try {	    
-	    InputStream input_stream_file_contents = getAssets().open(filepath);
-	    byte[] urls_file_bytes = new byte[input_stream_file_contents.available()];
-	    input_stream_file_contents.read(urls_file_bytes);
-	    String urls_file_content = new String(urls_file_bytes);
-	    JSONObject file_contents = new JSONObject(urls_file_content);
-	    provider_main_url = file_contents.getString(Provider.MAIN_URL);
-	} catch (JSONException e) {
-	} catch (IOException e) {
-	}
-	return provider_main_url;
+    private void autoSelectProvider(Provider provider) {
+	selected_provider = provider;
+        onItemSelectedUi(selected_provider);
+	onItemSelectedLogic(selected_provider);
     }
-    
-	/**

-	 * Asks ProviderAPI to download an anonymous (anon) VPN certificate.

-	 */

-	private void downloadAnonCert() {

-		Intent provider_API_command = new Intent(this, ProviderAPI.class);

-

-		Bundle parameters = new Bundle();

-

-		parameters.putString(TYPE_OF_CERTIFICATE, ANON_CERTIFICATE);

-

-		provider_API_command.setAction(ProviderAPI.DOWNLOAD_CERTIFICATE);

-		provider_API_command.putExtra(ProviderAPI.PARAMETERS, parameters);

-		provider_API_command.putExtra(ProviderAPI.RECEIVER_KEY, providerAPI_result_receiver);

-

-		startService(provider_API_command);

-	}

-	

-	/**

-	 * Open the new provider dialog

-	 */

-	public void addAndSelectNewProvider() {

-		FragmentTransaction fragment_transaction = getFragmentManager().beginTransaction();

-		Fragment previous_new_provider_dialog = getFragmentManager().findFragmentByTag(NewProviderDialog.TAG);

-		if (previous_new_provider_dialog != null) {

-			fragment_transaction.remove(previous_new_provider_dialog);

-		}

-		fragment_transaction.addToBackStack(null);

-		

-		DialogFragment newFragment = NewProviderDialog.newInstance();

-		newFragment.show(fragment_transaction, NewProviderDialog.TAG);

-	}

-	

-	/**

-	 * Open the new provider dialog with data

-	 */

-	public void addAndSelectNewProvider(String main_url) {
-		FragmentTransaction fragment_transaction = getFragmentManager().beginTransaction();

-		Fragment previous_new_provider_dialog = getFragmentManager().findFragmentByTag(NewProviderDialog.TAG);

-		if (previous_new_provider_dialog != null) {

-			fragment_transaction.remove(previous_new_provider_dialog);

-		}

-		

-		DialogFragment newFragment = NewProviderDialog.newInstance();

-		Bundle data = new Bundle();

-		data.putString(Provider.MAIN_URL, main_url);

-		newFragment.setArguments(data);

-		newFragment.show(fragment_transaction, NewProviderDialog.TAG);

-	}

-	

-	/**

-	 * Once selected a provider, this fragment offers the user to log in, 

-	 * use it anonymously (if possible) 

-	 * or cancel his/her election pressing the back button.

-	 * @param view

-	 * @param reason_to_fail 

-	 */

-	public void showDownloadFailedDialog(View view, String reason_to_fail) {

-		FragmentTransaction fragment_transaction = getFragmentManager().beginTransaction();

-		Fragment previous_provider_details_dialog = getFragmentManager().findFragmentByTag(DownloadFailedDialog.TAG);

-		if (previous_provider_details_dialog != null) {

-			fragment_transaction.remove(previous_provider_details_dialog);

-		}

-		fragment_transaction.addToBackStack(null);

-		

-		DialogFragment newFragment = DownloadFailedDialog.newInstance(reason_to_fail);

-		newFragment.show(fragment_transaction, DownloadFailedDialog.TAG);

-	}

-	

-	/**

-	 * Once selected a provider, this fragment offers the user to log in, 

-	 * use it anonymously (if possible) 

-	 * or cancel his/her election pressing the back button.

-	 * @param view

-	 */

-	public void showProviderDetails(View view) {

-		if(setting_up_provider) {

-			FragmentTransaction fragment_transaction = getFragmentManager().beginTransaction();

-			Fragment previous_provider_details_dialog = getFragmentManager().findFragmentByTag(ProviderDetailFragment.TAG);

-			if (previous_provider_details_dialog != null) {

-				fragment_transaction.remove(previous_provider_details_dialog);

-			}

-			fragment_transaction.addToBackStack(null);

-

-			DialogFragment newFragment = ProviderDetailFragment.newInstance();

-			newFragment.show(fragment_transaction, ProviderDetailFragment.TAG);

-		}

-	}

-

-	public void showAndSelectProvider(String provider_main_url) {

-	    if(getId(provider_main_url).isEmpty())
-		showProvider(provider_main_url);

-	    autoSelectProvider(provider_main_url);
-	}

-	

-	private void showProvider(final String provider_main_url) {
-		String provider_name = provider_main_url.replaceFirst("http[s]?://", "").replaceFirst("\\/", "_");

-		ProviderItem added_provider = new ProviderItem(provider_name, provider_main_url);

-		provider_list_fragment.addItem(added_provider);

-	}

-	

-	private void autoSelectProvider(String provider_main_url) {
-		onItemSelected(getId(provider_main_url));

-	}

-	

-	/**

-	 * Asks ProviderAPI to download a new provider.json file

-	 * @param provider_name

-	 * @param provider_main_url

-	 */

-	public void setUpProvider(String provider_main_url) {

-		Intent provider_API_command = new Intent(this, ProviderAPI.class);

-		Bundle parameters = new Bundle();

-		parameters.putString(Provider.MAIN_URL, provider_main_url);

-

-		provider_API_command.setAction(ProviderAPI.SET_UP_PROVIDER);

-		provider_API_command.putExtra(ProviderAPI.PARAMETERS, parameters);

+	
+	/**
+	 * Asks ProviderAPI to download a new provider.json file
+	 * @param provider_name
+	 * @param provider_main_url
+	 */
+	public void setUpProvider(URL provider_main_url) {
+		Intent provider_API_command = new Intent(this, ProviderAPI.class);
+		Bundle parameters = new Bundle();
+		parameters.putString(Provider.MAIN_URL, provider_main_url.toString());
+
+		provider_API_command.setAction(ProviderAPI.SET_UP_PROVIDER);
+		provider_API_command.putExtra(ProviderAPI.PARAMETERS, parameters);
 		provider_API_command.putExtra(ProviderAPI.RECEIVER_KEY, providerAPI_result_receiver);
 
-		startService(provider_API_command);

+		startService(provider_API_command);
 		setting_up_provider = true;
 	}
 
@@ -527,62 +423,61 @@ implements ProviderListFragment.Callbacks, NewProviderDialogInterface, ProviderD
 			startService(provider_API_command);
 		}
 	}
-	@Override

-	public boolean onCreateOptionsMenu(Menu menu) {

-		getMenuInflater().inflate(R.menu.configuration_wizard_activity, menu);

-		return true;

-	}

-	

-	@Override

-	public boolean onOptionsItemSelected(MenuItem item){

-		switch (item.getItemId()){

+	@Override
+	public boolean onCreateOptionsMenu(Menu menu) {
+		getMenuInflater().inflate(R.menu.configuration_wizard_activity, menu);
+		return true;
+	}
+	
+	@Override
+	public boolean onOptionsItemSelected(MenuItem item){
+		switch (item.getItemId()){
 		case R.id.about_leap:
 		    startActivityForResult(new Intent(this, AboutActivity.class), 0);
 			return true;
-		case R.id.new_provider:

-			addAndSelectNewProvider();

-			return true;

-		default:

-			return super.onOptionsItemSelected(item);

-		}

-	}

-		

-	public void showAllProviders() {

-		provider_list_fragment = (ProviderListFragment) getFragmentManager().findFragmentByTag(ProviderListFragment.TAG);

-		if(provider_list_fragment != null)

-			provider_list_fragment.unhideAll();

-	}

-	

-	public void cancelSettingUpProvider() {

-		provider_list_fragment = (ProviderListFragment) getFragmentManager().findFragmentByTag(ProviderListFragment.TAG);

-		if(provider_list_fragment != null) {
-			provider_list_fragment.removeLastItem();

-		}

-		preferences.edit().remove(Provider.KEY).remove(EIP.ALLOWED_ANON).remove(EIP.KEY).commit();

-	}

-

-	@Override

-	public void login() {

-		Intent ask_login = new Intent();

-		ask_login.putExtra(LogInDialog.VERB, LogInDialog.VERB);

-		setResult(RESULT_OK, ask_login);

-		setting_up_provider = false;

-		finish();

-	}

-

-	@Override

-	public void use_anonymously() {

-		setResult(RESULT_OK);

-		setting_up_provider = false;

-		finish();

-	}

-

-	public class ProviderAPIBroadcastReceiver_Update extends BroadcastReceiver {

-

-		@Override

-		public void onReceive(Context context, Intent intent) {

-			int update = intent.getIntExtra(ProviderAPI.CURRENT_PROGRESS, 0);

-			mProgressBar.setProgress(update);

-		}

-	}

-}

+		case R.id.new_provider:
+			addAndSelectNewProvider();
+			return true;
+		default:
+			return super.onOptionsItemSelected(item);
+		}
+	}
+		
+    public void showAllProviders() {
+	adapter.showAllProviders();
+    }
+	
+    public void cancelSettingUpProvider() {
+	adapter.showAllProviders();
+	setting_up_provider = false;
+	preferences.edit().remove(Provider.KEY).remove(Constants.ALLOWED_ANON).remove(Constants.KEY).apply();
+    }
+
+	@Override
+	public void login() {
+		Intent ask_login = new Intent();
+		ask_login.putExtra(Provider.KEY, selected_provider);
+		ask_login.putExtra(SessionDialog.TAG, SessionDialog.TAG);
+		setResult(RESULT_OK, ask_login);
+		setting_up_provider = false;
+		finish();
+	}
+
+    @Override
+    public void use_anonymously() {
+	Intent pass_provider = new Intent();
+	pass_provider.putExtra(Provider.KEY, selected_provider);
+	setResult(RESULT_OK, pass_provider);
+	setting_up_provider = false;
+	finish();
+    }
+
+	public class ProviderAPIBroadcastReceiver_Update extends BroadcastReceiver {
+
+		@Override
+		public void onReceive(Context context, Intent intent) {
+			int update = intent.getIntExtra(ProviderAPI.CURRENT_PROGRESS, 0);
+			mProgressBar.setProgress(update);
+		}
+	}
+}
diff --git a/app/src/release/java/se/leap/bitmaskclient/NewProviderDialog.java b/app/src/release/java/se/leap/bitmaskclient/NewProviderDialog.java
index 7ed1940e..f6709c22 100644
--- a/app/src/release/java/se/leap/bitmaskclient/NewProviderDialog.java
+++ b/app/src/release/java/se/leap/bitmaskclient/NewProviderDialog.java
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) 2013 LEAP Encryption Access Project and contributers
- * 
+ *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
  * the Free Software Foundation, either version 3 of the License, or
@@ -14,16 +14,16 @@
  * You should have received a copy of the GNU General Public License
  * along with this program. If not, see <http://www.gnu.org/licenses/>.
  */
- package se.leap.bitmaskclient;
+package se.leap.bitmaskclient;
 
+import butterknife.ButterKnife;
+import butterknife.InjectView;
 import se.leap.bitmaskclient.ProviderListContent.ProviderItem;
-import se.leap.bitmaskclient.R;
 import android.app.Activity;
 import android.app.AlertDialog;
 import android.app.Dialog;
 import android.app.DialogFragment;
 import android.content.DialogInterface;
-import android.content.Intent;
 import android.os.Bundle;
 import android.view.LayoutInflater;
 import android.view.View;
@@ -33,33 +33,28 @@ import android.widget.Toast;
 
 /**
  * Implements the new custom provider dialog.
- * 
+ *
  * @author parmegv
  *
  */
 public class NewProviderDialog extends DialogFragment {
 
     final public static String TAG = "newProviderDialog";
-        
-	public interface NewProviderDialogInterface {
+
+    @InjectView(R.id.new_provider_url)
+    EditText url_input_field;
+
+    public interface NewProviderDialogInterface {
         public void showAndSelectProvider(String url_provider);
     }
 
-	NewProviderDialogInterface interface_with_ConfigurationWizard;
+    NewProviderDialogInterface interface_with_ConfigurationWizard;
 
-	/**
-	 * @return a new instance of this DialogFragment.
-	 */
-	public static DialogFragment newInstance() {
-		NewProviderDialog dialog_fragment = new NewProviderDialog();
-		return dialog_fragment;
-	}
-	
     @Override
     public void onAttach(Activity activity) {
         super.onAttach(activity);
         try {
-        	interface_with_ConfigurationWizard = (NewProviderDialogInterface) activity;
+            interface_with_ConfigurationWizard = (NewProviderDialogInterface) activity;
         } catch (ClassCastException e) {
             throw new ClassCastException(activity.toString()
                     + " must implement NoticeDialogListener");
@@ -67,51 +62,57 @@ public class NewProviderDialog extends DialogFragment {
     }
 
     @Override
-	public Dialog onCreateDialog(Bundle savedInstanceState) {
-		AlertDialog.Builder builder = new AlertDialog.Builder(getActivity());
-		LayoutInflater inflater = getActivity().getLayoutInflater();
-		View new_provider_dialog_view = inflater.inflate(R.layout.new_provider_dialog, null);
-		final EditText url_input_field = (EditText)new_provider_dialog_view.findViewById(R.id.new_provider_url);
-		if(getArguments() != null && getArguments().containsKey(Provider.MAIN_URL)) {
-			url_input_field.setText(getArguments().getString(Provider.MAIN_URL));
-		}
-		
-		builder.setView(new_provider_dialog_view)
-			.setMessage(R.string.introduce_new_provider)
-			.setPositiveButton(R.string.save, new DialogInterface.OnClickListener() {
-				public void onClick(DialogInterface dialog, int id) {
-					String entered_url = url_input_field.getText().toString().trim();
-					if(!entered_url.startsWith("https://")) {
-						if (entered_url.startsWith("http://")){
-							entered_url = entered_url.substring("http://".length());
-						}
-						entered_url = "https://".concat(entered_url);
-					}
-					if(validURL(entered_url)) {
-						interface_with_ConfigurationWizard.showAndSelectProvider(entered_url);
-						Toast.makeText(getActivity().getApplicationContext(), R.string.valid_url_entered, Toast.LENGTH_LONG).show();
-					} else {
-						url_input_field.setText("");
-						Toast.makeText(getActivity().getApplicationContext(), R.string.not_valid_url_entered, Toast.LENGTH_LONG).show();;
-					}
-				}
-			})
-			.setNegativeButton(R.string.cancel, new DialogInterface.OnClickListener() {
-				public void onClick(DialogInterface dialog, int id) {
-					dialog.cancel();
-				}
-			});
-		// Create the AlertDialog object and return it
-		return builder.create();
-	}
+    public Dialog onCreateDialog(Bundle savedInstanceState) {
+        AlertDialog.Builder builder = new AlertDialog.Builder(getActivity());
+        LayoutInflater inflater = getActivity().getLayoutInflater();
+        View view = inflater.inflate(R.layout.new_provider_dialog, null);
+        ButterKnife.inject(this, view);
+        Bundle arguments = getArguments();
+        if(arguments != null) {
+            url_input_field.setText(arguments.getString(Provider.MAIN_URL, ""));
+        }
+
+        builder.setView(view)
+                .setMessage(R.string.introduce_new_provider)
+                .setPositiveButton(R.string.save, new DialogInterface.OnClickListener() {
+                    public void onClick(DialogInterface dialog, int id) {
+                        saveProvider();
+                    }
+                })
+                .setNegativeButton(R.string.cancel, new DialogInterface.OnClickListener() {
+                    public void onClick(DialogInterface dialog, int id) {
+                        dialog.cancel();
+                    }
+                });
+        // Create the AlertDialog object and return it
+        return builder.create();
+    }
+
+    private void saveProvider() {
+        String entered_url = url_input_field.getText().toString().trim();
+        if(!entered_url.startsWith("https://")) {
+            if (entered_url.startsWith("http://")){
+                entered_url = entered_url.substring("http://".length());
+            }
+            entered_url = "https://".concat(entered_url);
+        }
+
+        if(validURL(entered_url)) {
+            interface_with_ConfigurationWizard.showAndSelectProvider(entered_url);
+            Toast.makeText(getActivity().getApplicationContext(), R.string.valid_url_entered, Toast.LENGTH_LONG).show();
+        } else {
+            url_input_field.setText("");
+            Toast.makeText(getActivity().getApplicationContext(), R.string.not_valid_url_entered, Toast.LENGTH_LONG).show();;
+        }
+    }
 
     /**
      * Checks if the entered url is valid or not.
      * @param entered_url
      * @return true if it's not empty nor contains only the protocol.
      */
-	boolean validURL(String entered_url) {
-		//return !entered_url.isEmpty() && entered_url.matches("http[s]?://.+") && !entered_url.replaceFirst("http[s]?://", "").isEmpty();
-		return android.util.Patterns.WEB_URL.matcher(entered_url).matches();
-	}
+    boolean validURL(String entered_url) {
+        //return !entered_url.isEmpty() && entered_url.matches("http[s]?://.+") && !entered_url.replaceFirst("http[s]?://", "").isEmpty();
+        return android.util.Patterns.WEB_URL.matcher(entered_url).matches();
+    }
 }
diff --git a/app/src/release/java/se/leap/bitmaskclient/ProviderAPI.java b/app/src/release/java/se/leap/bitmaskclient/ProviderAPI.java
index 3c8ec607..f1cb84d6 100644
--- a/app/src/release/java/se/leap/bitmaskclient/ProviderAPI.java
+++ b/app/src/release/java/se/leap/bitmaskclient/ProviderAPI.java
@@ -17,59 +17,23 @@
 package se.leap.bitmaskclient;
 
 import android.app.IntentService;
-import android.content.Intent;
-import android.content.SharedPreferences;
-import android.os.Bundle;
-import android.os.ResultReceiver;
-import android.util.Base64;
-import android.util.Log;
-import java.io.DataOutputStream;
-import java.io.FileNotFoundException;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.UnsupportedEncodingException;
+import android.content.*;
+import android.os.*;
+import android.util.*;
+import java.io.*;
 import java.math.BigInteger;
-import java.net.ConnectException;
-import java.net.CookieHandler;
-import java.net.CookieManager;
-import java.net.CookiePolicy;
-import java.net.MalformedURLException;
-import java.net.SocketTimeoutException;
-import java.net.URISyntaxException;
-import java.net.URL;
-import java.net.URLConnection;
-import java.net.URLEncoder;
-import java.net.UnknownHostException;
-import java.security.KeyManagementException;
-import java.security.KeyStore;
-import java.security.KeyStoreException;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-import java.security.SecureRandom;
-import java.security.cert.CertificateEncodingException;
-import java.security.cert.CertificateException;
-import java.security.cert.X509Certificate;
+import java.net.*;
+import java.security.*;
+import java.security.cert.*;
 import java.security.interfaces.RSAPrivateKey;
-import java.util.Calendar;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.Map;
-import java.util.NoSuchElementException;
-import java.util.Scanner;
-import javax.net.ssl.HostnameVerifier;
-import javax.net.ssl.HttpsURLConnection;
-import javax.net.ssl.KeyManager;
-import javax.net.ssl.SSLContext;
-import javax.net.ssl.SSLHandshakeException;
-import javax.net.ssl.SSLSession;
-import javax.net.ssl.TrustManager;
-import javax.net.ssl.TrustManagerFactory;
-import javax.net.ssl.X509TrustManager;
+import java.util.*;
+import javax.net.ssl.*;
 import org.apache.http.client.ClientProtocolException;
-import org.json.JSONException;
-import org.json.JSONObject;
-import se.leap.bitmaskclient.R;
+import org.json.*;
 
+import se.leap.bitmaskclient.R;
+import se.leap.bitmaskclient.SessionDialog;
+import se.leap.bitmaskclient.eip.*;
 
 /**
  * Implements HTTP api methods used to manage communications with the provider server.
@@ -92,28 +56,23 @@ public class ProviderAPI extends IntentService {
     PARAMETERS = "parameters",
     RESULT_KEY = "result",
     RECEIVER_KEY = "receiver",
-    SESSION_ID_COOKIE_KEY = "session_id_cookie_key",
-    SESSION_ID_KEY = "session_id",
     ERRORS = "errors",
     UPDATE_PROGRESSBAR = "update_progressbar",
     CURRENT_PROGRESS = "current_progress",
-    TAG = "provider_api_tag"
+    TAG = ProviderAPI.class.getSimpleName()
     ;
 
     final public static int
-    CUSTOM_PROVIDER_ADDED = 0,
-    SRP_AUTHENTICATION_SUCCESSFUL = 3,
-    SRP_AUTHENTICATION_FAILED = 4,
-    SRP_REGISTRATION_SUCCESSFUL = 5,
-    SRP_REGISTRATION_FAILED = 6,
-    LOGOUT_SUCCESSFUL = 7,
+    SUCCESSFUL_LOGIN = 3,
+    FAILED_LOGIN = 4,
+    SUCCESSFUL_SIGNUP = 5,
+    FAILED_SIGNUP = 6,
+    SUCCESSFUL_LOGOUT = 7,
     LOGOUT_FAILED = 8,
     CORRECTLY_DOWNLOADED_CERTIFICATE = 9,
     INCORRECTLY_DOWNLOADED_CERTIFICATE = 10,
     PROVIDER_OK = 11,
-    PROVIDER_NOK = 12,
-    CORRECTLY_DOWNLOADED_ANON_CERTIFICATE = 13,
-    INCORRECTLY_DOWNLOADED_ANON_CERTIFICATE = 14
+    PROVIDER_NOK = 12
     ;
 
     private static boolean 
@@ -125,6 +84,7 @@ public class ProviderAPI extends IntentService {
     private static String last_provider_main_url;
     private static boolean setting_up_provider = true;
     private static SharedPreferences preferences;
+    private static String provider_api_url;
     
     public static void stop() {
     	setting_up_provider = false;
@@ -138,6 +98,7 @@ public class ProviderAPI extends IntentService {
     @Override
     public void onCreate() {
 	super.onCreate();
+
 	preferences = getSharedPreferences(Dashboard.SHARED_PREFERENCES, MODE_PRIVATE);
 	CookieHandler.setDefault(new CookieManager(null, CookiePolicy.ACCEPT_ORIGINAL_SERVER));
     }
@@ -155,7 +116,16 @@ public class ProviderAPI extends IntentService {
 		final ResultReceiver receiver = command.getParcelableExtra(RECEIVER_KEY);
 		String action = command.getAction();
 		Bundle parameters = command.getBundleExtra(PARAMETERS);
-		setting_up_provider = true;
+		
+		if(provider_api_url == null && preferences.contains(Provider.KEY)) {
+		    try {
+			JSONObject provider_json = new JSONObject(preferences.getString(Provider.KEY, ""));
+			provider_api_url = provider_json.getString(Provider.API_URL) + "/" + provider_json.getString(Provider.API_VERSION);
+			setting_up_provider = true;
+		    } catch (JSONException e) {
+			setting_up_provider = false;			
+		    }
+		}
 		
 		if(action.equalsIgnoreCase(SET_UP_PROVIDER)) {
 			Bundle result = setUpProvider(parameters);
@@ -169,20 +139,20 @@ public class ProviderAPI extends IntentService {
 		} else if (action.equalsIgnoreCase(SRP_REGISTER)) {
 		    Bundle result = tryToRegister(parameters);
 		    if(result.getBoolean(RESULT_KEY)) {
-			receiver.send(SRP_REGISTRATION_SUCCESSFUL, result);
+			receiver.send(SUCCESSFUL_SIGNUP, result);
 		    } else {
-			receiver.send(SRP_REGISTRATION_FAILED, result);
+			receiver.send(FAILED_SIGNUP, result);
 		    }
 		} else if (action.equalsIgnoreCase(SRP_AUTH)) {
 		    Bundle result = tryToAuthenticate(parameters);
 		    if(result.getBoolean(RESULT_KEY)) {
-			receiver.send(SRP_AUTHENTICATION_SUCCESSFUL, result);
+			receiver.send(SUCCESSFUL_LOGIN, result);
 		    } else {
-			receiver.send(SRP_AUTHENTICATION_FAILED, result);
+			receiver.send(FAILED_LOGIN, result);
 		    }
 		} else if (action.equalsIgnoreCase(LOG_OUT)) {
-				if(logOut(parameters)) {
-					receiver.send(LOGOUT_SUCCESSFUL, Bundle.EMPTY);
+				if(logOut()) {
+					receiver.send(SUCCESSFUL_LOGOUT, Bundle.EMPTY);
 				} else {
 					receiver.send(LOGOUT_FAILED, Bundle.EMPTY);
 				}
@@ -199,40 +169,41 @@ public class ProviderAPI extends IntentService {
 	Bundle session_id_bundle = new Bundle();
 	int progress = 0;
 		
-	String username = (String) task.get(LogInDialog.USERNAME);
-	String password = (String) task.get(LogInDialog.PASSWORD);
-	String authentication_server = (String) task.get(Provider.API_URL);
+	String username = (String) task.get(SessionDialog.USERNAME);
+	String password = (String) task.get(SessionDialog.PASSWORD);
+	
 	if(validUserLoginData(username, password)) {
-	    session_id_bundle = register(username, password, authentication_server);
+	    session_id_bundle = register(username, password);
 	    broadcast_progress(progress++);
 	} else {
 	    if(!wellFormedPassword(password)) {
 		session_id_bundle.putBoolean(RESULT_KEY, false);
-		session_id_bundle.putString(LogInDialog.USERNAME, username);
-		session_id_bundle.putBoolean(LogInDialog.PASSWORD_INVALID_LENGTH, true);
+		session_id_bundle.putString(SessionDialog.USERNAME, username);
+		session_id_bundle.putBoolean(SessionDialog.PASSWORD_INVALID_LENGTH, true);
 	    }
 	    if(username.isEmpty()) {
 		session_id_bundle.putBoolean(RESULT_KEY, false);
-		session_id_bundle.putBoolean(LogInDialog.USERNAME_MISSING, true);
+		session_id_bundle.putBoolean(SessionDialog.USERNAME_MISSING, true);
 	    }
 	}
 		
 	return session_id_bundle;
     }
 
-    private Bundle register(String username, String password, String server) {	
+    private Bundle register(String username, String password) {	
 	LeapSRPSession client = new LeapSRPSession(username, password);
 	byte[] salt = client.calculateNewSalt();
 	
 	BigInteger password_verifier = client.calculateV(username, password, salt);
-	JSONObject api_result = sendNewUserDataToSRPServer(server, username, new BigInteger(1, salt).toString(16), password_verifier.toString(16));
+	
+	JSONObject api_result = sendNewUserDataToSRPServer(provider_api_url, username, new BigInteger(1, salt).toString(16), password_verifier.toString(16));
 
 	Bundle result = new Bundle();	
 	if(api_result.has(ERRORS))
 	    result = authFailedNotification(api_result, username);
 	else {
-	    result.putString(LogInDialog.USERNAME, username);
-	    result.putString(LogInDialog.PASSWORD, password);
+	    result.putString(SessionDialog.USERNAME, username);
+	    result.putString(SessionDialog.PASSWORD, password);
 	    result.putBoolean(RESULT_KEY, true);
 	}
 
@@ -249,42 +220,39 @@ public class ProviderAPI extends IntentService {
 	    Bundle result = new Bundle();
 	    int progress = 0;
 		
-	    String username = (String) task.get(LogInDialog.USERNAME);
-	    String password = (String) task.get(LogInDialog.PASSWORD);
+	    String username = (String) task.get(SessionDialog.USERNAME);
+	    String password = (String) task.get(SessionDialog.PASSWORD);
 	    if(validUserLoginData(username, password)) {
-		
-		String server = (String) task.get(Provider.API_URL);
-
-		authenticate(username, password, server);
+		result = authenticate(username, password);
 		broadcast_progress(progress++);
 	    } else {
 		if(!wellFormedPassword(password)) {
 		    result.putBoolean(RESULT_KEY, false);
-		    result.putString(LogInDialog.USERNAME, username);
-		    result.putBoolean(LogInDialog.PASSWORD_INVALID_LENGTH, true);
+		    result.putString(SessionDialog.USERNAME, username);
+		    result.putBoolean(SessionDialog.PASSWORD_INVALID_LENGTH, true);
 		}
 		if(username.isEmpty()) {
 		    result.putBoolean(RESULT_KEY, false);
-		    result.putBoolean(LogInDialog.USERNAME_MISSING, true);
+		    result.putBoolean(SessionDialog.USERNAME_MISSING, true);
 		}
 	    }
 		
 	    return result;
 	}
 
-    private Bundle authenticate(String username, String password, String server) {
+    private Bundle authenticate(String username, String password) {
 	Bundle result = new Bundle();
 	
 	LeapSRPSession client = new LeapSRPSession(username, password);
 	byte[] A = client.exponential();
 	
-	JSONObject step_result = sendAToSRPServer(server, username, new BigInteger(1, A).toString(16));
+	JSONObject step_result = sendAToSRPServer(provider_api_url, username, new BigInteger(1, A).toString(16));
 	try {
 	    String salt = step_result.getString(LeapSRPSession.SALT);
 	    byte[] Bbytes = new BigInteger(step_result.getString("B"), 16).toByteArray();
 	    byte[] M1 = client.response(new BigInteger(salt, 16).toByteArray(), Bbytes);
 	    if(M1 != null) {
-		step_result = sendM1ToSRPServer(server, username, M1);
+		step_result = sendM1ToSRPServer(provider_api_url, username, M1);
 		setTokenIfAvailable(step_result);
 		byte[] M2 = new BigInteger(step_result.getString(LeapSRPSession.M2), 16).toByteArray();
 		if(client.verify(M2)) {
@@ -294,7 +262,7 @@ public class ProviderAPI extends IntentService {
 		}
 	    } else {
 		result.putBoolean(RESULT_KEY, false);
-		result.putString(LogInDialog.USERNAME, username);
+		result.putString(SessionDialog.USERNAME, username);
 		result.putString(getResources().getString(R.string.user_message), getResources().getString(R.string.error_srp_math_error_user_message));
 	    }
 	} catch (JSONException e) {
@@ -325,7 +293,7 @@ public class ProviderAPI extends IntentService {
 	} catch(JSONException e) {}
 	
 	if(!username.isEmpty())
-	    user_notification_bundle.putString(LogInDialog.USERNAME, username);
+	    user_notification_bundle.putString(SessionDialog.USERNAME, username);
 	user_notification_bundle.putBoolean(RESULT_KEY, false);
 
 	return user_notification_bundle;
@@ -394,7 +362,7 @@ public class ProviderAPI extends IntentService {
 	 * Sends an HTTP POST request to the api server to register a new user.
 	 * @param server_url
 	 * @param username
-	 * @param salted_password
+	 * @param salt
 	 * @param password_verifier   
 	 * @return response from authentication server
 	 */
@@ -499,9 +467,6 @@ public class ProviderAPI extends IntentService {
 	    return result.toString();
 	}
 	
-	
-	
-	
 	/**
 	 * Downloads a provider.json from a given URL, adding a new provider using the given name.  
 	 * @param task containing a boolean meaning if the provider is custom or not, another boolean meaning if the user completely trusts this provider, the provider name and its provider.json url.
@@ -514,6 +479,7 @@ public class ProviderAPI extends IntentService {
 	if(task != null && task.containsKey(Provider.MAIN_URL)) {
 	    last_provider_main_url = task.getString(Provider.MAIN_URL);
 	    CA_CERT_DOWNLOADED = PROVIDER_JSON_DOWNLOADED = EIP_SERVICE_JSON_DOWNLOADED = false;
+	    setting_up_provider = true;
 	}
 
 	if(!PROVIDER_JSON_DOWNLOADED)
@@ -614,12 +580,13 @@ public class ProviderAPI extends IntentService {
 
 			try {
 				JSONObject provider_json = new JSONObject(provider_dot_json_string);
+				provider_api_url = provider_json.getString(Provider.API_URL) + "/" + provider_json.getString(Provider.API_VERSION);
 				String name = provider_json.getString(Provider.NAME);
 				//TODO setProviderName(name);
 
 				preferences.edit().putString(Provider.KEY, provider_json.toString()).commit();
-				preferences.edit().putBoolean(EIP.ALLOWED_ANON, provider_json.getJSONObject(Provider.SERVICE).getBoolean(EIP.ALLOWED_ANON)).commit();
-				preferences.edit().putBoolean(EIP.ALLOWED_REGISTERED, provider_json.getJSONObject(Provider.SERVICE).getBoolean(EIP.ALLOWED_REGISTERED)).commit();
+				preferences.edit().putBoolean(Constants.ALLOWED_ANON, provider_json.getJSONObject(Provider.SERVICE).getBoolean(Constants.ALLOWED_ANON)).commit();
+				preferences.edit().putBoolean(Constants.ALLOWED_REGISTERED, provider_json.getJSONObject(Provider.SERVICE).getBoolean(Constants.ALLOWED_REGISTERED)).commit();
 
 				result.putBoolean(RESULT_KEY, true);
 			} catch (JSONException e) {
@@ -632,12 +599,6 @@ public class ProviderAPI extends IntentService {
 		return result;
 	}
 
-
-	
-	public static boolean providerJsonDownloaded() {
-		return PROVIDER_JSON_DOWNLOADED;
-	}
-
 	private Bundle getAndSetEipServiceJson() {
 		Bundle result = new Bundle();
 		String eip_service_json_string = "";
@@ -649,7 +610,7 @@ public class ProviderAPI extends IntentService {
 				JSONObject eip_service_json = new JSONObject(eip_service_json_string);
 				eip_service_json.getInt(Provider.API_RETURN_SERIAL);
 
-				preferences.edit().putString(EIP.KEY, eip_service_json.toString()).commit();
+				preferences.edit().putString(Constants.KEY, eip_service_json.toString()).commit();
 
 				result.putBoolean(RESULT_KEY, true);
 			} catch (JSONException e) {
@@ -660,10 +621,6 @@ public class ProviderAPI extends IntentService {
 		}
 		return result;
 	}
-
-	public static boolean eipServiceDownloaded() {
-		return EIP_SERVICE_JSON_DOWNLOADED;
-	}
 	
 	/**
 	 * Interprets the error message as a JSON object and extract the "errors" keyword pair.
@@ -730,7 +687,7 @@ public class ProviderAPI extends IntentService {
 
 	/**
 	 * Tries to download the contents of the provided url using not commercially validated CA certificate from chosen provider. 
-	 * @param url as a string
+	 * @param url_string as a string
 	 * @return an empty string if it fails, the url content if not. 
 	 */
 	private String downloadWithProviderCA(String url_string) {
@@ -749,6 +706,7 @@ public class ProviderAPI extends IntentService {
 			// TODO Auto-generated catch block
 			e.printStackTrace();
 		} catch (UnknownHostException e) {
+		    e.printStackTrace();
 			json_file_content = formatErrorMessage(R.string.server_unreachable_message);
 		} catch (IOException e) {
 		    // The downloaded certificate doesn't validate our https connection.
@@ -763,6 +721,7 @@ public class ProviderAPI extends IntentService {
 			// TODO Auto-generated catch block
 			e.printStackTrace();
 		} catch (NoSuchElementException e) {
+		    e.printStackTrace();
 		    json_file_content = formatErrorMessage(R.string.server_unreachable_message);
 		}
 		return json_file_content;
@@ -847,12 +806,11 @@ public class ProviderAPI extends IntentService {
 	
 	/**
 	 * Logs out from the api url retrieved from the task.
-	 * @param task containing api url from which the user will log out
 	 * @return true if there were no exceptions
 	 */
-	private boolean logOut(Bundle task) {
+	private boolean logOut() {
 		try {
-			String delete_url = task.getString(Provider.API_URL) + "/logout";
+			String delete_url = provider_api_url + "/logout";
 			int progress = 0;
 
 			HttpsURLConnection urlConnection = (HttpsURLConnection)new URL(delete_url).openConnection();
@@ -890,79 +848,62 @@ public class ProviderAPI extends IntentService {
 		}
 		return true;
 	}
-
-    private boolean updateVpnCertificate() {
-	getNewCert();
-
-	preferences.edit().putInt(EIP.PARSED_SERIAL, 0).commit();
-	Intent updateEIP = new Intent(getApplicationContext(), EIP.class);
-	updateEIP.setAction(EIP.ACTION_UPDATE_EIP_SERVICE);
-	startService(updateEIP);
-
-	return true;
-    }
     
 	/**
 	 * Downloads a new OpenVPN certificate, attaching authenticated cookie for authenticated certificate.
 	 * 
 	 * @return true if certificate was downloaded correctly, false if provider.json is not present in SharedPreferences, or if the certificate url could not be parsed as a URI, or if there was an SSL error. 
 	 */
-	private boolean getNewCert() {
-
-		try {
-			JSONObject provider_json = new JSONObject(preferences.getString(Provider.KEY, ""));
+	private boolean updateVpnCertificate() {
+	    try {
+		JSONObject provider_json = new JSONObject(preferences.getString(Provider.KEY, ""));
 			
-			String provider_main_url = provider_json.getString(Provider.API_URL);
-			URL new_cert_string_url = new URL(provider_main_url + "/" + provider_json.getString(Provider.API_VERSION) + "/" + EIP.CERTIFICATE);
+		String provider_main_url = provider_json.getString(Provider.API_URL);
+		URL new_cert_string_url = new URL(provider_main_url + "/" + provider_json.getString(Provider.API_VERSION) + "/" + Constants.CERTIFICATE);
 
-			String cert_string = downloadWithProviderCA(new_cert_string_url.toString());
+		String cert_string = downloadWithProviderCA(new_cert_string_url.toString());
 
-			if(!cert_string.isEmpty()) {
-				if(ConfigHelper.checkErroneousDownload(cert_string)) {
-					String reason_to_fail = provider_json.getString(ERRORS);
-					//result.putString(ConfigHelper.ERRORS_KEY, reason_to_fail);
-					//result.putBoolean(ConfigHelper.RESULT_KEY, false);
-					return false;
-				} else {
-					
-					// API returns concatenated cert & key.  Split them for OpenVPN options
-					String certificateString = null, keyString = null;
-					String[] certAndKey = cert_string.split("(?<=-\n)");
-					for (int i=0; i < certAndKey.length-1; i++){
-						if ( certAndKey[i].contains("KEY") ) {
-							keyString = certAndKey[i++] + certAndKey[i];
-						}
-						else if ( certAndKey[i].contains("CERTIFICATE") ) {
-							certificateString = certAndKey[i++] + certAndKey[i];
-						}
-					}
-					try {
-						RSAPrivateKey keyCert = ConfigHelper.parseRsaKeyFromString(keyString);
-						keyString = Base64.encodeToString( keyCert.getEncoded(), Base64.DEFAULT );
-						preferences.edit().putString(EIP.PRIVATE_KEY, "-----BEGIN RSA PRIVATE KEY-----\n"+keyString+"-----END RSA PRIVATE KEY-----").commit();
-
-						X509Certificate certCert = ConfigHelper.parseX509CertificateFromString(certificateString);
-						certificateString = Base64.encodeToString( certCert.getEncoded(), Base64.DEFAULT);
-						preferences.edit().putString(EIP.CERTIFICATE, "-----BEGIN CERTIFICATE-----\n"+certificateString+"-----END CERTIFICATE-----").commit();
-						preferences.edit().putString(EIP.DATE_FROM_CERTIFICATE, EIP.certificate_date_format.format(Calendar.getInstance().getTime())).commit();
-						return true;
-					} catch (CertificateException e) {
-						// TODO Auto-generated catch block
-						e.printStackTrace();
-						return false;
-					}
-				}
-			} else {
-				return false;
-			}
-		} catch (IOException e) {
-			// TODO Auto-generated catch block
-			e.printStackTrace();
-			return false;
-		} catch (JSONException e) {
-			// TODO Auto-generated catch block
-			e.printStackTrace();
-			return false;
+		if(cert_string.isEmpty() || ConfigHelper.checkErroneousDownload(cert_string))
+		    return false;
+		else
+		    return loadCertificate(cert_string);
+	    } catch (IOException e) {
+		// TODO Auto-generated catch block
+		e.printStackTrace();
+		return false;
+	    } catch (JSONException e) {
+		// TODO Auto-generated catch block
+		e.printStackTrace();
+		return false;
+	    }
+	}
+
+    private boolean loadCertificate(String cert_string) {
+	try {
+	    // API returns concatenated cert & key.  Split them for OpenVPN options
+	    String certificateString = null, keyString = null;
+	    String[] certAndKey = cert_string.split("(?<=-\n)");
+	    for (int i=0; i < certAndKey.length-1; i++){
+		if ( certAndKey[i].contains("KEY") ) {
+		    keyString = certAndKey[i++] + certAndKey[i];
 		}
+		else if ( certAndKey[i].contains("CERTIFICATE") ) {
+		    certificateString = certAndKey[i++] + certAndKey[i];
+		}
+	    }
+	    
+	    RSAPrivateKey key = ConfigHelper.parseRsaKeyFromString(keyString);
+	    keyString = Base64.encodeToString(key.getEncoded(), Base64.DEFAULT);
+	    preferences.edit().putString(Constants.PRIVATE_KEY, "-----BEGIN RSA PRIVATE KEY-----\n"+keyString+"-----END RSA PRIVATE KEY-----").commit();
+
+	    X509Certificate certificate = ConfigHelper.parseX509CertificateFromString(certificateString);
+	    certificateString = Base64.encodeToString(certificate.getEncoded(), Base64.DEFAULT);
+	    preferences.edit().putString(Constants.CERTIFICATE, "-----BEGIN CERTIFICATE-----\n"+certificateString+"-----END CERTIFICATE-----").commit();
+	    return true;
+	} catch (CertificateException e) {
+	    // TODO Auto-generated catch block
+	    e.printStackTrace();
+	    return false;
 	}
+    }
 }
diff --git a/app/src/release/java/se/leap/bitmaskclient/ProviderDetailFragment.java b/app/src/release/java/se/leap/bitmaskclient/ProviderDetailFragment.java
index 9252b8fa..97ce5245 100644
--- a/app/src/release/java/se/leap/bitmaskclient/ProviderDetailFragment.java
+++ b/app/src/release/java/se/leap/bitmaskclient/ProviderDetailFragment.java
@@ -1,22 +1,17 @@
-package se.leap.bitmaskclient;

-

-import org.json.JSONException;

-import org.json.JSONObject;

-

-import se.leap.bitmaskclient.R;

-import se.leap.bitmaskclient.ProviderListContent.ProviderItem;

-

-import android.app.Activity;

-import android.app.AlertDialog;

-import android.app.Dialog;

-import android.app.DialogFragment;

-import android.content.DialogInterface;

-import android.content.SharedPreferences;

-import android.os.Bundle;

-import android.view.LayoutInflater;

-import android.view.View;

-import android.widget.TextView;

-

+package se.leap.bitmaskclient;
+
+import org.json.*;
+
+import se.leap.bitmaskclient.R;
+import se.leap.bitmaskclient.eip.Constants;
+import se.leap.bitmaskclient.ProviderListContent.ProviderItem;
+
+import android.app.*;
+import android.content.*;
+import android.os.Bundle;
+import android.view.*;
+import android.widget.TextView;
+
 public class ProviderDetailFragment extends DialogFragment {

 

     final public static String TAG = "providerDetailFragment";

@@ -66,7 +61,7 @@ public class ProviderDetailFragment extends DialogFragment {
 	private boolean anon_allowed(JSONObject provider_json) {

 		try {

 			JSONObject service_description = provider_json.getJSONObject(Provider.SERVICE);

-			return service_description.has(EIP.ALLOWED_ANON) && service_description.getBoolean(EIP.ALLOWED_ANON);

+			return service_description.has(Constants.ALLOWED_ANON) && service_description.getBoolean(Constants.ALLOWED_ANON);
 		} catch (JSONException e) {

 			return false;

 		}

@@ -85,7 +80,7 @@ public class ProviderDetailFragment extends DialogFragment {
 	public void onCancel(DialogInterface dialog) {

 		super.onCancel(dialog);

 		SharedPreferences.Editor editor = getActivity().getSharedPreferences(Dashboard.SHARED_PREFERENCES, Activity.MODE_PRIVATE).edit();

-		editor.remove(Provider.KEY).remove(EIP.ALLOWED_ANON).remove(EIP.KEY).commit();
+		editor.remove(Provider.KEY).remove(Constants.ALLOWED_ANON).remove(Constants.KEY).commit();
 		interface_with_configuration_wizard.showAllProviders();
 	}

 

diff --git a/app/vpndialogxposed/src/main/res/values/strings-icsopenvpn.xml b/app/vpndialogxposed/src/main/res/values/strings-icsopenvpn.xml
deleted file mode 100644
index 6eace130..00000000
--- a/app/vpndialogxposed/src/main/res/values/strings-icsopenvpn.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<resources>
-
-    <string name="app_name">VpnDialog Xposed Module</string>
-    <string name="select_apps">Select the apps that should be allowed to use the VpnService API without user confirmation</string>
-    <string name="no_apps_found">No Apps using the VPNService API found</string>
-
-</resources>