Convert the CONF library to use a typesafe stack: a STACK_OF(CONF_VALUE). It

static BIGNUM *load_serial(char *serialfile);

static int save_serial(char *serialfile, BIGNUM *serial);

static int certify(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,

		   const EVP_MD *dgst,STACK *policy,TXT_DB *db,BIGNUM *serial,

		   char *startdate,int days,int batch,char *ext_sect,

		   LHASH *conf,int verbose);

static int certify_cert(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,

			const EVP_MD *dgst,STACK *policy,TXT_DB *db,

		   const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,TXT_DB *db,

		   BIGNUM *serial, char *startdate,int days,int batch,

		   char *ext_sect, LHASH *conf,int verbose);

static int certify_cert(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,

			const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,

			TXT_DB *db, BIGNUM *serial,char *startdate,int days,

			int batch, char *ext_sect, LHASH *conf,int verbose);

static int certify_spkac(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,

			 const EVP_MD *dgst,STACK *policy,TXT_DB *db,

			 BIGNUM *serial,char *startdate,int days,

			 const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,

			 TXT_DB *db, BIGNUM *serial,char *startdate,int days,

			 char *ext_sect,LHASH *conf,int verbose);

static int fix_data(int nid, int *type);

static void write_new_certificate(BIO *bp, X509 *x, int output_der);

static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,

	STACK *policy, TXT_DB *db, BIGNUM *serial, char *startdate,

	int days, int batch, int verbose, X509_REQ *req, char *ext_sect,

	LHASH *conf);

	STACK_OF(CONF_VALUE) *policy, TXT_DB *db, BIGNUM *serial,

	char *startdate, int days, int batch, int verbose, X509_REQ *req,

	char *ext_sect, LHASH *conf);

static int do_revoke(X509 *x509, TXT_DB *db);

static int check_time_format(char *str);

static LHASH *conf;

	int i,j;

	long l;

	const EVP_MD *dgst=NULL;

	STACK *attribs=NULL;

	STACK_OF(CONF_VALUE) *attribs=NULL;

	STACK *cert_sk=NULL;

	BIO *hex=NULL;

#undef BSIZE

	}

static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,

	     const EVP_MD *dgst, STACK *policy, TXT_DB *db, BIGNUM *serial,

	     char *startdate, int days, int batch, char *ext_sect, LHASH *lconf,

		 int verbose)

	     const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db,

	     BIGNUM *serial, char *startdate, int days, int batch,

	     char *ext_sect, LHASH *lconf, int verbose)

	{

	X509_REQ *req=NULL;

	BIO *in=NULL;

	}

static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,

	     const EVP_MD *dgst, STACK *policy, TXT_DB *db, BIGNUM *serial,

	     char *startdate, int days, int batch, char *ext_sect, LHASH *lconf,

		 int verbose)

	     const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db,

	     BIGNUM *serial, char *startdate, int days, int batch,

	     char *ext_sect, LHASH *lconf, int verbose)

	{

	X509 *req=NULL;

	X509_REQ *rreq=NULL;

	}

static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,

	     STACK *policy, TXT_DB *db, BIGNUM *serial, char *startdate, int days,

	     int batch, int verbose, X509_REQ *req, char *ext_sect, LHASH *lconf)

	     STACK_OF(CONF_VALUE) *policy, TXT_DB *db, BIGNUM *serial,

	     char *startdate, int days, int batch, int verbose, X509_REQ *req,

	     char *ext_sect, LHASH *lconf)

	{

	X509_NAME *name=NULL,*CAname=NULL,*subject=NULL;

	ASN1_UTCTIME *tm,*tmptm;

	if (CAname == NULL) goto err;

	str=str2=NULL;

	for (i=0; i<sk_num(policy); i++)

	for (i=0; i<sk_CONF_VALUE_num(policy); i++)

		{

		cv=(CONF_VALUE *)sk_value(policy,i); /* get the object id */

		cv=sk_CONF_VALUE_value(policy,i); /* get the object id */

		if ((j=OBJ_txt2nid(cv->name)) == NID_undef)

			{

			BIO_printf(bio_err,"%s:unknown object type in 'policy' configuration\n",cv->name);

	}

static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,

	     const EVP_MD *dgst, STACK *policy, TXT_DB *db, BIGNUM *serial,

	     char *startdate, int days, char *ext_sect, LHASH *lconf, int verbose)

	     const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db,

	     BIGNUM *serial, char *startdate, int days, char *ext_sect,

	     LHASH *lconf, int verbose)

	{

	STACK *sk=NULL;

	STACK_OF(CONF_VALUE) *sk=NULL;

	LHASH *parms=NULL;

	X509_REQ *req=NULL;

	CONF_VALUE *cv=NULL;

		}

	sk=CONF_get_section(parms, "default");

	if (sk_num(sk) == 0)

	if (sk_CONF_VALUE_num(sk) == 0)

		{

		BIO_printf(bio_err, "no name/value pairs found in %s\n", infile);

		CONF_free(parms);

	for (i = 0; ; i++)

		{

		if ((int)sk_num(sk) <= i) break;

		if (sk_CONF_VALUE_num(sk) <= i) break;

		cv=(CONF_VALUE *)sk_value(sk,i);

		cv=sk_CONF_VALUE_value(sk,i);

		type=cv->name;

		buf=cv->value;

static int add_oid_section(LHASH *hconf)

{	

	char *p;

	STACK *sktmp;

	STACK_OF(CONF_VALUE) *sktmp;

	CONF_VALUE *cnf;

	int i;

	if(!(p=CONF_get_string(hconf,NULL,"oid_section"))) return 1;

		BIO_printf(bio_err, "problem loading oid section %s\n", p);

		return 0;

	}

	for(i = 0; i < sk_num(sktmp); i++) {

		cnf = (CONF_VALUE *)sk_value(sktmp, i);

	for(i = 0; i < sk_CONF_VALUE_num(sktmp); i++) {

		cnf = sk_CONF_VALUE_value(sktmp, i);

		if(OBJ_create(cnf->value, cnf->name, cnf->name) == NID_undef) {

			BIO_printf(bio_err, "problem creating object %s=%s\n",

							 cnf->name, cnf->value);

	char buf[100];

	int nid,min,max;

	char *type,*def,*tmp,*value,*tmp_attr;

	STACK *sk,*attr=NULL;

	STACK_OF(CONF_VALUE) *sk, *attr=NULL;

	CONF_VALUE *v;

	tmp=CONF_get_string(req_conf,SECTION,DISTINGUISHED_NAME);

	/* setup version number */

	if (!ASN1_INTEGER_set(ri->version,0L)) goto err; /* version 1 */

	if (sk_num(sk))

	if (sk_CONF_VALUE_num(sk))

		{

		i= -1;

start:		for (;;)

			{

			i++;

			if ((int)sk_num(sk) <= i) break;

			if (sk_CONF_VALUE_num(sk) <= i) break;

			v=(CONF_VALUE *)sk_value(sk,i);

			v=sk_CONF_VALUE_value(sk,i);

			p=q=NULL;

			type=v->name;

			if(!check_end(type,"_min") || !check_end(type,"_max") ||

		if (attribs)

			{

			if ((attr != NULL) && (sk_num(attr) > 0))

			if ((attr != NULL) && (sk_CONF_VALUE_num(attr) > 0))

				{

				BIO_printf(bio_err,"\nPlease enter the following 'extra' attributes\n");

				BIO_printf(bio_err,"to be sent with your certificate request\n");

start2:			for (;;)

				{

				i++;

				if ((attr == NULL) || ((int)sk_num(attr) <= i))

				if ((attr == NULL) ||

					    (sk_CONF_VALUE_num(attr) <= i))

					break;

				v=(CONF_VALUE *)sk_value(attr,i);

				v=sk_CONF_VALUE_value(attr,i);

				type=v->name;

				if ((nid=OBJ_txt2nid(type)) == NID_undef)

					goto start2;

static int add_oid_section(LHASH *conf)

{	

	char *p;

	STACK *sktmp;

	STACK_OF(CONF_VALUE) *sktmp;

	CONF_VALUE *cnf;

	int i;

	if(!(p=CONF_get_string(conf,NULL,"oid_section"))) return 1;

		BIO_printf(bio_err, "problem loading oid section %s\n", p);

		return 0;

	}

	for(i = 0; i < sk_num(sktmp); i++) {

		cnf = (CONF_VALUE *)sk_value(sktmp, i);

	for(i = 0; i < sk_CONF_VALUE_num(sktmp); i++) {

		cnf = sk_CONF_VALUE_value(sktmp, i);

		if(OBJ_create(cnf->value, cnf->name, cnf->name) == NID_undef) {

			BIO_printf(bio_err, "problem creating object %s=%s\n",

							 cnf->name, cnf->value);

	CONF_VALUE *v=NULL,*vv,*tv;

	CONF_VALUE *sv=NULL;

	char *section=NULL,*buf;

	STACK *section_sk=NULL,*ts;

	STACK_OF(CONF_VALUE) *section_sk=NULL,*ts;

	char *start,*psection,*pname;

	if ((buff=BUF_MEM_new()) == NULL)

					CONF_R_UNABLE_TO_CREATE_NEW_SECTION);

		goto err;

		}

	section_sk=(STACK *)sv->value;

	section_sk=(STACK_OF(CONF_VALUE) *)sv->value;

	bufnum=0;

	for (;;)

					CONF_R_UNABLE_TO_CREATE_NEW_SECTION);

				goto err;

				}

			section_sk=(STACK *)sv->value;

			section_sk=(STACK_OF(CONF_VALUE) *)sv->value;

			continue;

			}

		else

			p++;

			*p='\0';

			if ((v=(CONF_VALUE *)Malloc(sizeof(CONF_VALUE))) == NULL)

			if (!(v=(CONF_VALUE *)Malloc(sizeof(CONF_VALUE))))

				{

				CONFerr(CONF_F_CONF_LOAD_BIO,

							ERR_R_MALLOC_FAILURE);

					   CONF_R_UNABLE_TO_CREATE_NEW_SECTION);

					goto err;

					}

				ts=(STACK *)tv->value;

				ts=(STACK_OF(CONF_VALUE) *)tv->value;

				}

			else

				{

				ts=section_sk;

				}

			v->section=tv->section;	

			if (!sk_push(ts,(char *)v))

			if (!sk_CONF_VALUE_push(ts,v))

				{

				CONFerr(CONF_F_CONF_LOAD_BIO,

							ERR_R_MALLOC_FAILURE);

			vv=(CONF_VALUE *)lh_insert(ret,(char *)v);

			if (vv != NULL)

				{

				sk_delete_ptr(ts,(char *)vv);

				sk_CONF_VALUE_delete_ptr(ts,vv);

				Free(vv->name);

				Free(vv->value);

				Free(vv);

	return(v);

	}

STACK *CONF_get_section(LHASH *conf, char *section)

STACK_OF(CONF_VALUE) *CONF_get_section(LHASH *conf, char *section)

	{

	CONF_VALUE *v;

	v=get_section(conf,section);

	if (v != NULL)

		return((STACK *)v->value);

		return((STACK_OF(CONF_VALUE) *)v->value);

	else

		return(NULL);

	}

		}

	return(v);

	}

IMPLEMENT_STACK_OF(CONF_VALUE)

#include <openssl/bio.h>

#include <openssl/lhash.h>

#include <openssl/stack.h>

#include <openssl/safestack.h>

typedef struct

	{

	char *value;

	} CONF_VALUE;

DECLARE_STACK_OF(CONF_VALUE)

LHASH *CONF_load(LHASH *conf,const char *file,long *eline);

LHASH *CONF_load_fp(LHASH *conf, FILE *fp,long *eline);

LHASH *CONF_load_bio(LHASH *conf, BIO *bp,long *eline);

STACK *CONF_get_section(LHASH *conf,char *section);

STACK_OF(CONF_VALUE) *CONF_get_section(LHASH *conf,char *section);

char *CONF_get_string(LHASH *conf,char *group,char *name);

long CONF_get_number(LHASH *conf,char *group,char *name);

void CONF_free(LHASH *conf);

void ERR_load_CONF_strings(void );

/* BEGIN ERROR CODES */

/* The following lines are auto generated by the script mkerr.pl. Any changes

 * made after this point may be overwritten when the script is next run.

#include <openssl/asn1_mac.h>

#include <openssl/x509v3.h>

static STACK *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, AUTHORITY_KEYID *akeyid, STACK *extlist);

static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK *values);

static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,

			AUTHORITY_KEYID *akeyid, STACK_OF(CONF_VALUE) *extlist);

static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,

			X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values);

X509V3_EXT_METHOD v3_akey_id = {

NID_authority_key_identifier, X509V3_EXT_MULTILINE,

	Free ((char *)a);

}

static STACK *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,

	     AUTHORITY_KEYID *akeyid, STACK *extlist)

static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,

	     AUTHORITY_KEYID *akeyid, STACK_OF(CONF_VALUE) *extlist)

{

	char *tmp;

	if(akeyid->keyid) {

 */

static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,

	     X509V3_CTX *ctx, STACK *values)

	     X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values)

{

char keyid=0, issuer=0;

int i;

X509_EXTENSION *ext;

X509 *cert;

AUTHORITY_KEYID *akeyid;

for(i = 0; i < sk_num(values); i++) {

	cnf = (CONF_VALUE *)sk_value(values, i);

for(i = 0; i < sk_CONF_VALUE_num(values); i++) {

	cnf = sk_CONF_VALUE_value(values, i);

	if(!strcmp(cnf->name, "keyid")) {

		keyid = 1;

		if(cnf->value && !strcmp(cnf->value, "always")) keyid = 2;