こんにちは。

NetBSD currentにOpenSSL 1.0.0系列のなsnap shotが取り込まれてからRubyの
openssl拡張がコンパイルできないという報告がありました。

ざーっと見直して、ウォーニングを減らす方向で修正してみましたが、かなり
の変更箇所がOpenSSLにあることが改めてわかりました。Rubyのベースは、
Ruby 1.8.7 patchlevel 174です。

なお、openssl_missing.hあたりは暫くdownする前のsvn.ruby-lang.orgの変更
点をそのまま採り入れている部分もあります。一応、

- OpenSSL 1.1.0-dev 10 Jul 2009 on NetBSD current (5.99.15)
- OpenSSL 0.9.9-dev 09 May 2008 on NetBSD 5.0_STABLE
- OpenSSL 0.9.8e 23 Feb 2007 on NetBSD 4.0_STABLE

でコンパイルを確認しました。OpenSSL 1.1.0-dev以外はウォーニングをなく
すことができました。

OpenSSL 1.1.0-devは、ossl_x509attr.cのossl_x509attr_get_value()で、

ossl_x509attr.c:220: warning: passing argument 1 of 'i2d_ASN1_SET' from incompat
ible pointer type
ossl_x509attr.c:224: warning: passing argument 1 of 'i2d_ASN1_SET' from incompat
ible pointer type

と、なります。該当箇所は、以下のi2d_ASN1_SET_OF_ASN1_TYPEが展開された
後のi2d_ASN1_SET()の第1引数ということになりますが、これはよくわかりま
せんでしたが、なんかまずそうな...?

    else{
	length = i2d_ASN1_SET_OF_ASN1_TYPE(attr->value.set, NULL,
			i2d_ASN1_TYPE, V_ASN1_SET, V_ASN1_UNIVERSAL, 0);
	str = rb_str_new(0, length);
	p = RSTRING_PTR(str);
	i2d_ASN1_SET_OF_ASN1_TYPE(attr->value.set, &p,
			i2d_ASN1_TYPE, V_ASN1_SET, V_ASN1_UNIVERSAL, 0);
	ossl_str_adjust(str, p);
    }


0.9.8より古い、OpenSSLの0.9.6や0.9.7での確認はできていません。

以下、パッチの内容のまとめです。

openssl_missing.h
	* i2d_of_void型を使って、ウォーニングをなくす修正。

ossl.h
	* OpenSSL 0.9.9以降でだけconstとするOSSL_CONSTを追加。

ossl.c
	* OSSL_IMPL_SK2ARY()マクロ中の変更。
		- OpenSSL 1.0.0以降でSTACKは_STACKと名前が変更されてい
		  ることもあり、直接使用する代わりにSTACK_OF()マクロを
		  使用するように修正。
		- sk_num()やsk_value()をキャストして使用するのではなく、
		  実際の型用に生成されている関数を使用するように修正。

ossl_asn1.c
ossl_cipher.c
ossl_engine.c
ossl_ns_spki.c
ossl_ocsp.c
ossl_x509attr.c
ossl_x509cert.c
ossl_x509ext.c
ossl_x509name.c
	* const追加。

ossl_config.c
	* IMPLEMENT_LHASH_DOALL_ARG_FN()のパラメータに渡された関数名は
	  そのまま使用されず、"_doall_arg"を付加した関数を呼び出すよう
	  に変更されたことへの対応。(OpenSSL 1.0.0)以降
	* lh_doall_arg()を直接使うのではなく、LHM_lh_doall_arg()を使用
	  するように変更。(OpenSSL 1.0.0)以降
	* const追加。

ossl_pkcs7.c
	* certsかcrlsのいずれかを返すというpkcs7_get_certs_or_crls()は、
	  実行前にどちらを返すかは決まっていることから、別々の関数に分
	  離した上で、それぞれに応じた型を返す関数に変更。
	  (元のpkcs7_get_certs_or_crls()は、無理矢理コードを共用しよう
	  としていたように見えます。)

ossl_ssl.c
	* OpenSSL 0.9.9以降だけのconst追加(OSSL_CONST)。
	* const追加。
	* キャストと共にsk_num()やsk_value()を使用するのではなく、それ
	  ぞれの型に応じて用意されている関数を使用。

ossl_x509crl.c
	* sk_X509_REVOKED_num()を使用すべきところにsk_X509_CRL_num()を
	  使用している(?)のを修正。

以上、おそらくRuby 1.9等も同様の影響はあると思います。

-- 
神戸 隆博 / Takahiro Kambe 


Index: ext/openssl/openssl_missing.h

--- ext/openssl/openssl_missing.h.orig	2008-08-04 13:44:17.000000000 +0900
+++ ext/openssl/openssl_missing.h
@@ -18,6 +18,9 @@ extern "C" {
 #ifndef TYPEDEF_D2I_OF
 typedef char *d2i_of_void();
 #endif
+#ifndef TYPEDEF_I2D_OF
+typedef int i2d_of_void();
+#endif
 
 /*
  * These functions are not included in headers of OPENSSL <= 0.9.6b
@@ -25,39 +28,39 @@ typedef char *d2i_of_void();
 
 #if !defined(PEM_read_bio_DSAPublicKey)
 # define PEM_read_bio_DSAPublicKey(bp,x,cb,u) (DSA *)PEM_ASN1_read_bio( \
-        (char *(*)())d2i_DSAPublicKey,PEM_STRING_DSA_PUBLIC,bp,(char **)x,cb,u)
+        (d2i_of_void *)d2i_DSAPublicKey,PEM_STRING_DSA_PUBLIC,bp,x,cb,u)
 #endif
 
 #if !defined(PEM_write_bio_DSAPublicKey)
 # define PEM_write_bio_DSAPublicKey(bp,x) \
-	PEM_ASN1_write_bio((int (*)())i2d_DSAPublicKey,\
+	PEM_ASN1_write_bio((i2d_of_void *)i2d_DSAPublicKey,\
 		PEM_STRING_DSA_PUBLIC,\
 		bp,(char *)x, NULL, NULL, 0, NULL, NULL)
 #endif
 
 #if !defined(DSAPrivateKey_dup)
-# define DSAPrivateKey_dup(dsa) (DSA *)ASN1_dup((int (*)())i2d_DSAPrivateKey, \
-	(char *(*)())d2i_DSAPrivateKey,(char *)dsa)
+# define DSAPrivateKey_dup(dsa) (DSA *)ASN1_dup((i2d_of_void *)i2d_DSAPrivateKey, \
+	(d2i_of_void *)d2i_DSAPrivateKey,(char *)dsa)
 #endif
 
 #if !defined(DSAPublicKey_dup)
-# define DSAPublicKey_dup(dsa) (DSA *)ASN1_dup((int (*)())i2d_DSAPublicKey, \
-	(char *(*)())d2i_DSAPublicKey,(char *)dsa)
+# define DSAPublicKey_dup(dsa) (DSA *)ASN1_dup((i2d_of_void *)i2d_DSAPublicKey, \
+	(d2i_of_void *)d2i_DSAPublicKey,(char *)dsa)
 #endif
 
 #if !defined(X509_REVOKED_dup)
-# define X509_REVOKED_dup(rev) (X509_REVOKED *)ASN1_dup((int (*)())i2d_X509_REVOKED, \
-	(char *(*)())d2i_X509_REVOKED, (char *)rev)
+# define X509_REVOKED_dup(rev) (X509_REVOKED *)ASN1_dup((i2d_of_void *)i2d_X509_REVOKED, \
+	(d2i_of_void *)d2i_X509_REVOKED, (char *)rev)
 #endif
 
 #if !defined(PKCS7_SIGNER_INFO_dup)
-#  define PKCS7_SIGNER_INFO_dup(si) (PKCS7_SIGNER_INFO *)ASN1_dup((int (*)())i2d_PKCS7_SIGNER_INFO, \
-	(char *(*)())d2i_PKCS7_SIGNER_INFO, (char *)si)
+#  define PKCS7_SIGNER_INFO_dup(si) (PKCS7_SIGNER_INFO *)ASN1_dup((i2d_of_void *)i2d_PKCS7_SIGNER_INFO, \
+	(d2i_of_void *)d2i_PKCS7_SIGNER_INFO, (char *)si)
 #endif
 
 #if !defined(PKCS7_RECIP_INFO_dup)
-#  define PKCS7_RECIP_INFO_dup(ri) (PKCS7_RECIP_INFO *)ASN1_dup((int (*)())i2d_PKCS7_RECIP_INFO, \
-	(char *(*)())d2i_PKCS7_RECIP_INFO, (char *)ri)
+#  define PKCS7_RECIP_INFO_dup(ri) (PKCS7_RECIP_INFO *)ASN1_dup((i2d_of_void *)i2d_PKCS7_RECIP_INFO, \
+	(d2i_of_void *)d2i_PKCS7_RECIP_INFO, (char *)ri)
 #endif
 
 #if !defined(HAVE_EVP_MD_CTX_INIT)
Index: ext/openssl/ossl.h

--- ext/openssl/ossl.h.orig	2008-06-29 17:16:02.000000000 +0900
+++ ext/openssl/ossl.h
@@ -74,6 +74,12 @@ extern "C" {
 #  include <openssl/ocsp.h>
 #endif
 
+#if OPENSSL_VERSION_NUMBER >= 0x00909000L
+#define OSSL_CONST	const
+#else
+#define OSSL_CONST
+#endif
+
 /*
  * Common Module
  */
Index: ext/openssl/ossl.c

--- ext/openssl/ossl.c.orig	2007-06-09 00:02:04.000000000 +0900
+++ ext/openssl/ossl.c
@@ -92,7 +92,7 @@ ossl_x509_ary2sk(VALUE ary)
 
 #define OSSL_IMPL_SK2ARY(name, type)	        \
 VALUE						\
-ossl_##name##_sk2ary(STACK *sk)			\
+ossl_##name##_sk2ary(STACK_OF(type) *sk)	\
 {						\
     type *t;					\
     int i, num;					\
@@ -102,7 +102,7 @@ ossl_##name##_sk2ary(STACK *sk)			\
 	OSSL_Debug("empty sk!");		\
 	return Qnil;				\
     }						\
-    num = sk_num(sk);				\
+    num = sk_##type##_num(sk);			\
     if (num < 0) {				\
 	OSSL_Debug("items in sk < -1???");	\
 	return rb_ary_new();			\
@@ -110,7 +110,7 @@ ossl_##name##_sk2ary(STACK *sk)			\
     ary = rb_ary_new2(num);			\
 						\
     for (i=0; i<num; i++) {			\
-	t = (type *)sk_value(sk, i);		\
+	t = sk_##type##_value(sk, i);		\
 	rb_ary_push(ary, ossl_##name##_new(t));	\
     }						\
     return ary;					\
Index: ext/openssl/ossl_asn1.c

--- ext/openssl/ossl_asn1.c.orig	2007-06-09 00:02:04.000000000 +0900
+++ ext/openssl/ossl_asn1.c
@@ -304,10 +304,10 @@ obj_to_asn1derstr(VALUE obj)
  * DER to Ruby converters
  */
 static VALUE
-decode_bool(unsigned char* der, int length)
+decode_bool(const unsigned char* der, int length)
 {
     int bool;
-    unsigned char *p;
+    const unsigned char *p;
 
     p = der;
     if((bool = d2i_ASN1_BOOLEAN(NULL, &p, length)) < 0)
@@ -317,10 +317,10 @@ decode_bool(unsigned char* der, int leng
 }
 
 static VALUE
-decode_int(unsigned char* der, int length)
+decode_int(const unsigned char* der, int length)
 {
     ASN1_INTEGER *ai;
-    unsigned char *p;
+    const unsigned char *p;
     VALUE ret; 
     int status = 0;
 
@@ -336,10 +336,11 @@ decode_int(unsigned char* der, int lengt
 }
 
 static VALUE
-decode_bstr(unsigned char* der, int length, long *unused_bits)
+decode_bstr(const unsigned char* der, int length, long *unused_bits)
 {
     ASN1_BIT_STRING *bstr;
-    unsigned char *p, *buf;
+    const unsigned char *p;
+    unsigned char *buf;
     long len;
     VALUE ret;
 
@@ -362,10 +363,10 @@ decode_bstr(unsigned char* der, int leng
 }
 
 static VALUE
-decode_enum(unsigned char* der, int length)
+decode_enum(const unsigned char* der, int length)
 {
     ASN1_ENUMERATED *ai;
-    unsigned char *p;
+    const unsigned char *p;
     VALUE ret; 
     int status = 0;
 
@@ -381,10 +382,10 @@ decode_enum(unsigned char* der, int leng
 }
 
 static VALUE
-decode_null(unsigned char* der, int length)
+decode_null(const unsigned char* der, int length)
 {
     ASN1_NULL *null;
-    unsigned char *p;
+    const unsigned char *p;
 
     p = der;
     if(!(null = d2i_ASN1_NULL(NULL, &p, length)))
@@ -395,10 +396,10 @@ decode_null(unsigned char* der, int leng
 }
 
 static VALUE
-decode_obj(unsigned char* der, int length)
+decode_obj(const unsigned char* der, int length)
 {
     ASN1_OBJECT *obj;
-    unsigned char *p;
+    const unsigned char *p;
     VALUE ret;
     int nid;
     BIO *bio;
@@ -424,10 +425,10 @@ decode_obj(unsigned char* der, int lengt
 }
 
 static VALUE
-decode_time(unsigned char* der, int length)
+decode_time(const unsigned char* der, int length)
 {
     ASN1_TIME *time;
-    unsigned char *p;
+    const unsigned char *p;
     VALUE ret;
     int status = 0;
 
@@ -712,10 +713,10 @@ ossl_asn1data_to_der(VALUE self)
 }
 
 static VALUE
-ossl_asn1_decode0(unsigned char **pp, long length, long *offset, long depth,
-		  int once, int yield)
+ossl_asn1_decode0(const unsigned char **pp, long length, long *offset,
+		  long depth, int once, int yield)
 {
-    unsigned char *start, *p;
+    const unsigned char *p, *start;
     long len, off = *offset;
     int hlen, tag, tc, j;
     VALUE ary, asn1data, value, tag_class;
@@ -818,7 +819,7 @@ ossl_asn1_decode0(unsigned char **pp, lo
 static VALUE
 ossl_asn1_traverse(VALUE self, VALUE obj)
 {
-    unsigned char *p;
+    const unsigned char *p;
     long offset = 0;
     volatile VALUE tmp;
 
@@ -834,7 +835,7 @@ static VALUE
 ossl_asn1_decode(VALUE self, VALUE obj)
 {
     VALUE ret, ary;
-    unsigned char *p;
+    const unsigned char *p;
     long offset = 0;
     volatile VALUE tmp;
 
@@ -851,7 +852,7 @@ static VALUE
 ossl_asn1_decode_all(VALUE self, VALUE obj)
 {
     VALUE ret;
-    unsigned char *p;
+    const unsigned char *p;
     long offset = 0;
     volatile VALUE tmp;
 
Index: ext/openssl/ossl_cipher.c

--- ext/openssl/ossl_cipher.c.orig	2007-06-09 00:02:04.000000000 +0900
+++ ext/openssl/ossl_cipher.c
@@ -186,7 +186,7 @@ ossl_cipher_init(int argc, VALUE *argv, 
 	 * We deprecated the arguments for this method, but we decided
 	 * keeping this behaviour for backward compatibility.
 	 */
-	char *cname  = rb_class2name(rb_obj_class(self));
+	const char *cname  = rb_class2name(rb_obj_class(self));
 	rb_warn("argumtents for %s#encrypt and %s#decrypt were deprecated; "
                 "use %s#pkcs5_keyivgen to derive key and IV",
                 cname, cname, cname);
@@ -307,7 +307,7 @@ ossl_cipher_pkcs5_keyivgen(int argc, VAL
 static VALUE
 ossl_cipher_update_deprecated(VALUE self, VALUE data)
 {
-    char *cname;
+    const char *cname;
 
     cname = rb_class2name(rb_obj_class(self));
     rb_warning("%s#<< is deprecated; use %s#update instead", cname, cname);
Index: ext/openssl/ossl_config.c

--- ext/openssl/ossl_config.c.orig	2007-07-20 15:22:54.000000000 +0900
+++ ext/openssl/ossl_config.c
@@ -293,12 +293,27 @@ ossl_config_get_section_old(VALUE self, 
 }
 
 #ifdef IMPLEMENT_LHASH_DOALL_ARG_FN
+
+#if OPENSSL_VERSION_NUMBER >= 0x10000000L
+static void
+get_conf_section_doall_arg(void *arg1, void *arg2)
+{
+    CONF_VALUE *cv;
+    VALUE ary;
+
+    cv = arg1;
+    ary = (VALUE)arg2;
+    if(cv->name) return;
+    rb_ary_push(ary, rb_str_new2(cv->section));
+}
+#else
 static void
 get_conf_section(CONF_VALUE *cv, VALUE ary)
 {
     if(cv->name) return;
     rb_ary_push(ary, rb_str_new2(cv->section));
 }
+#endif
 
 static IMPLEMENT_LHASH_DOALL_ARG_FN(get_conf_section, CONF_VALUE*, VALUE);
 
@@ -310,11 +325,44 @@ ossl_config_get_sections(VALUE self)
 
     GetConfig(self, conf);
     ary = rb_ary_new();
+
+#if OPENSSL_VERSION_NUMBER >= 0x10000000L
+    LHM_lh_doall_arg(CONF_VALUE, conf->data,
+		     LHASH_DOALL_ARG_FN(get_conf_section), void, (void*)ary);
+#else
     lh_doall_arg(conf->data, LHASH_DOALL_ARG_FN(get_conf_section), (void*)ary);
+#endif
 
     return ary;
 }
 
+#if OPENSSL_VERSION_NUMBER >= 0x10000000L
+static void
+dump_conf_value_doall_arg(void *arg1, void *arg2)
+{
+    STACK_OF(CONF_VALUE) *sk;
+    CONF_VALUE *cv, *v;
+    VALUE str;
+    int i, num;
+
+    cv = arg1;
+    if (cv->name) return;
+    str = (VALUE)arg2;
+    sk = (STACK_OF(CONF_VALUE)*)cv->value;
+    num = sk_CONF_VALUE_num(sk);
+    rb_str_cat2(str, "[ ");
+    rb_str_cat2(str, cv->section);
+    rb_str_cat2(str, " ]\n");
+    for(i = 0; i < num; i++){
+	v = sk_CONF_VALUE_value(sk, i);
+	rb_str_cat2(str, v->name ? v->name : "None");
+	rb_str_cat2(str, "=");
+	rb_str_cat2(str, v->value ? v->value : "None");
+	rb_str_cat2(str, "\n");
+    }
+    rb_str_cat2(str, "\n");
+}
+#else
 static void
 dump_conf_value(CONF_VALUE *cv, VALUE str)
 {
@@ -337,6 +385,7 @@ dump_conf_value(CONF_VALUE *cv, VALUE st
     }
     rb_str_cat2(str, "\n");
 }
+#endif
 
 static IMPLEMENT_LHASH_DOALL_ARG_FN(dump_conf_value, CONF_VALUE*, VALUE);
 
@@ -346,7 +395,12 @@ dump_conf(CONF *conf)
     VALUE str;
 
     str = rb_str_new(0, 0);
+#if OPENSSL_VERSION_NUMBER >= 0x10000000L
+    LHM_lh_doall_arg(CONF_VALUE, conf->data,
+		     LHASH_DOALL_ARG_FN(dump_conf_value), void, (void*)str);
+#else
     lh_doall_arg(conf->data, LHASH_DOALL_ARG_FN(dump_conf_value), (void*)str);
+#endif
 
     return str;
 }
@@ -361,8 +415,32 @@ ossl_config_to_s(VALUE self)
     return dump_conf(conf);
 }
 
+#if OPENSSL_VERSION_NUMBER >= 0x10000000L
+static void
+each_conf_value_doall_arg(void *arg1, void* dummy)
+{
+    STACK_OF(CONF_VALUE) *sk;
+    CONF_VALUE *cv, *v;
+    VALUE section, name, value, args;
+    int i, num;
+
+    cv = arg1;
+    if (cv->name) return;
+    sk = (STACK_OF(CONF_VALUE)*)cv->value;
+    num = sk_CONF_VALUE_num(sk);
+    section = rb_str_new2(cv->section);
+    for(i = 0; i < num; i++){
+	v = sk_CONF_VALUE_value(sk, i);
+	name = v->name ? rb_str_new2(v->name) : Qnil;
+	value = v->value ? rb_str_new2(v->value) : Qnil;
+        args = rb_ary_new3(3, section, name, value);
+	rb_yield(args);
+    }
+}
+#else
 static void
-each_conf_value(CONF_VALUE *cv, void* dummy)
+each_conf_value
+(CONF_VALUE *cv, void* dummy)
 {
     STACK_OF(CONF_VALUE) *sk;
     CONF_VALUE *v;
@@ -381,6 +459,7 @@ each_conf_value(CONF_VALUE *cv, void* du
 	rb_yield(args);
     }
 }
+#endif
 
 static IMPLEMENT_LHASH_DOALL_ARG_FN(each_conf_value, CONF_VALUE*, void*);
 
@@ -390,7 +469,12 @@ ossl_config_each(VALUE self)
     CONF *conf;
 
     GetConfig(self, conf);
+#if OPENSSL_VERSION_NUMBER >= 0x10000000L
+    LHM_lh_doall_arg(CONF_VALUE, conf->data,
+		     LHASH_DOALL_ARG_FN(each_conf_value), void, (void*)NULL);
+#else
     lh_doall_arg(conf->data, LHASH_DOALL_ARG_FN(each_conf_value), (void*)NULL);
+#endif
 
     return self;
 }
@@ -421,7 +505,7 @@ static VALUE
 ossl_config_inspect(VALUE self)
 {
     VALUE str, ary = ossl_config_get_sections(self);
-    char *cname = rb_class2name(rb_obj_class(self));
+    const char *cname = rb_class2name(rb_obj_class(self));
 
     str = rb_str_new2("#<");
     rb_str_cat2(str, cname);
Index: ext/openssl/ossl_engine.c

--- ext/openssl/ossl_engine.c.orig	2007-06-09 00:02:04.000000000 +0900
+++ ext/openssl/ossl_engine.c
@@ -326,7 +326,7 @@ static VALUE
 ossl_engine_inspect(VALUE self)
 {
     VALUE str;
-    char *cname = rb_class2name(rb_obj_class(self));
+    const char *cname = rb_class2name(rb_obj_class(self));
     
     str = rb_str_new2("#<");
     rb_str_cat2(str, cname);
Index: ext/openssl/ossl_ns_spki.c

--- ext/openssl/ossl_ns_spki.c.orig	2007-06-09 00:02:04.000000000 +0900
+++ ext/openssl/ossl_ns_spki.c
@@ -56,7 +56,7 @@ ossl_spki_initialize(int argc, VALUE *ar
 {
     NETSCAPE_SPKI *spki;
     VALUE buffer;
-    unsigned char *p;
+    const unsigned char *p;
 	
     if (rb_scan_args(argc, argv, "01", &buffer) == 0) {
 	return self;
Index: ext/openssl/ossl_ocsp.c

--- ext/openssl/ossl_ocsp.c.orig	2009-03-09 20:59:27.000000000 +0900
+++ ext/openssl/ossl_ocsp.c
@@ -103,7 +103,7 @@ static VALUE
 ossl_ocspreq_initialize(int argc, VALUE *argv, VALUE self)
 {
     VALUE arg;
-    unsigned char *p;
+    const unsigned char *p;
 
     rb_scan_args(argc, argv, "01", &arg);
     if(!NIL_P(arg)){
@@ -310,7 +310,7 @@ static VALUE
 ossl_ocspres_initialize(int argc, VALUE *argv, VALUE self)
 {
     VALUE arg;
-    unsigned char *p;
+    const unsigned char *p;
 
     rb_scan_args(argc, argv, "01", &arg);
     if(!NIL_P(arg)){
Index: ext/openssl/ossl_pkcs7.c

--- ext/openssl/ossl_pkcs7.c.orig	2007-06-09 00:02:04.000000000 +0900
+++ ext/openssl/ossl_pkcs7.c
@@ -570,12 +570,11 @@ ossl_pkcs7_add_certificate(VALUE self, V
     return self;
 }
 
-static STACK *
-pkcs7_get_certs_or_crls(VALUE self, int want_certs)
+static STACK_OF(X509) *
+pkcs7_get_certs(VALUE self)
 {
     PKCS7 *pkcs7;
     STACK_OF(X509) *certs;
-    STACK_OF(X509_CRL) *crls;
     int i;
 
     GetPKCS7(self, pkcs7);
@@ -583,17 +582,38 @@ pkcs7_get_certs_or_crls(VALUE self, int 
     switch(i){
     case NID_pkcs7_signed:
         certs = pkcs7->d.sign->cert;
-        crls = pkcs7->d.sign->crl;
         break;
     case NID_pkcs7_signedAndEnveloped:
         certs = pkcs7->d.signed_and_enveloped->cert;
+        break;
+    default:
+        certs = NULL;
+    }
+
+    return certs;
+}
+
+static STACK_OF(X509_CRL) *
+pkcs7_get_crls(VALUE self)
+{
+    PKCS7 *pkcs7;
+    STACK_OF(X509_CRL) *crls;
+    int i;
+
+    GetPKCS7(self, pkcs7);
+    i = OBJ_obj2nid(pkcs7->type);
+    switch(i){
+    case NID_pkcs7_signed:
+        crls = pkcs7->d.sign->crl;
+        break;
+    case NID_pkcs7_signedAndEnveloped:
         crls = pkcs7->d.signed_and_enveloped->crl;
         break;
     default:
-        certs = crls = NULL;
+        crls = NULL;
     }
 
-    return want_certs ? certs : crls;
+    return crls;
 }
 
 static VALUE
@@ -608,7 +628,7 @@ ossl_pkcs7_set_certificates(VALUE self, 
     STACK_OF(X509) *certs;
     X509 *cert;
 
-    certs = pkcs7_get_certs_or_crls(self, 1);
+    certs = pkcs7_get_certs(self);
     while((cert = sk_X509_pop(certs))) X509_free(cert);
     rb_block_call(ary, rb_intern("each"), 0, 0, ossl_pkcs7_set_certs_i, self);
 
@@ -618,7 +638,7 @@ ossl_pkcs7_set_certificates(VALUE self, 
 static VALUE
 ossl_pkcs7_get_certificates(VALUE self)
 {
-    return ossl_x509_sk2ary(pkcs7_get_certs_or_crls(self, 1));
+    return ossl_x509_sk2ary(pkcs7_get_certs(self));
 }
 
 static VALUE
@@ -648,7 +668,7 @@ ossl_pkcs7_set_crls(VALUE self, VALUE ar
     STACK_OF(X509_CRL) *crls;
     X509_CRL *crl;
 
-    crls = pkcs7_get_certs_or_crls(self, 0);
+    crls = pkcs7_get_crls(self);
     while((crl = sk_X509_CRL_pop(crls))) X509_CRL_free(crl);
     rb_block_call(ary, rb_intern("each"), 0, 0, ossl_pkcs7_set_crls_i, self);
 
@@ -658,7 +678,7 @@ ossl_pkcs7_set_crls(VALUE self, VALUE ar
 static VALUE
 ossl_pkcs7_get_crls(VALUE self)
 {
-    return ossl_x509crl_sk2ary(pkcs7_get_certs_or_crls(self, 0));
+    return ossl_x509crl_sk2ary(pkcs7_get_crls(self));
 }
 
 static VALUE
Index: ext/openssl/ossl_ssl.c

--- ext/openssl/ossl_ssl.c.orig	2008-06-06 17:05:24.000000000 +0900
+++ ext/openssl/ossl_ssl.c
@@ -95,7 +95,7 @@ ID ID_callback_state;
  */
 struct {
     const char *name;
-    SSL_METHOD *(*func)(void);
+    OSSL_CONST SSL_METHOD *(*func)(void);
 } ossl_ssl_method_tab[] = {
 #define OSSL_SSL_METHOD_ENTRY(name) { #name, name##_method }
     OSSL_SSL_METHOD_ENTRY(TLSv1),
@@ -144,7 +144,7 @@ ossl_sslctx_s_alloc(VALUE klass)
 static VALUE
 ossl_sslctx_set_ssl_version(VALUE self, VALUE ssl_method)
 {
-    SSL_METHOD *method = NULL;
+    OSSL_CONST SSL_METHOD *method = NULL;
     const char *s;
     int i;
 
@@ -585,7 +585,7 @@ ossl_sslctx_setup(VALUE self)
 }
 
 static VALUE
-ossl_ssl_cipher_to_ary(SSL_CIPHER *cipher)
+ossl_ssl_cipher_to_ary(const SSL_CIPHER *cipher)
 {
     VALUE ary;
     int bits, alg_bits;
@@ -623,10 +623,10 @@ ossl_sslctx_get_ciphers(VALUE self)
     if (!ciphers)
         return rb_ary_new();
 
-    num = sk_num((STACK*)ciphers);
+    num = sk_SSL_CIPHER_num(ciphers);
     ary = rb_ary_new2(num);
     for(i = 0; i < num; i++){
-        cipher = (SSL_CIPHER*)sk_value((STACK*)ciphers, i);
+        cipher = sk_SSL_CIPHER_value(ciphers, i);
         rb_ary_push(ary, ossl_ssl_cipher_to_ary(cipher));
     }
     return ary;
@@ -1196,10 +1196,10 @@ ossl_ssl_get_peer_cert_chain(VALUE self)
     }
     chain = SSL_get_peer_cert_chain(ssl);
     if(!chain) return Qnil;
-    num = sk_num(chain);
+    num = sk_X509_num(chain);
     ary = rb_ary_new2(num);
     for (i = 0; i < num; i++){
-	cert = (X509*)sk_value(chain, i);
+	cert = sk_X509_value(chain, i);
 	rb_ary_push(ary, ossl_x509_new(cert));
     }
 
@@ -1214,7 +1214,7 @@ static VALUE
 ossl_ssl_get_cipher(VALUE self)
 {
     SSL *ssl;
-    SSL_CIPHER *cipher;
+    const SSL_CIPHER *cipher;
 
     Data_Get_Struct(self, SSL, ssl);
     if (!ssl) {
Index: ext/openssl/ossl_x509attr.c

--- ext/openssl/ossl_x509attr.c.orig	2007-06-09 00:02:04.000000000 +0900
+++ ext/openssl/ossl_x509attr.c
@@ -93,7 +93,7 @@ ossl_x509attr_initialize(int argc, VALUE
 {
     VALUE oid, value;
     X509_ATTRIBUTE *attr;
-    unsigned char *p;
+    const unsigned char *p;
 
     GetX509Attr(self, attr);
     if(rb_scan_args(argc, argv, "11", &oid, &value) == 1){
Index: ext/openssl/ossl_x509cert.c

--- ext/openssl/ossl_x509cert.c.orig	2007-06-09 00:02:04.000000000 +0900
+++ ext/openssl/ossl_x509cert.c
@@ -690,7 +690,7 @@ static VALUE
 ossl_x509_inspect(VALUE self)
 {
     VALUE str;
-    char *cname = rb_class2name(rb_obj_class(self));
+    const char *cname = rb_class2name(rb_obj_class(self));
 
     str = rb_str_new2("#<");
     rb_str_cat2(str, cname);
Index: ext/openssl/ossl_x509crl.c

--- ext/openssl/ossl_x509crl.c.orig	2007-06-09 00:02:04.000000000 +0900
+++ ext/openssl/ossl_x509crl.c
@@ -262,7 +262,7 @@ ossl_x509crl_get_revoked(VALUE self)
     VALUE ary, revoked;
 
     GetX509CRL(self, crl);
-    num = sk_X509_CRL_num(X509_CRL_get_REVOKED(crl));
+    num = sk_X509_REVOKED_num(X509_CRL_get_REVOKED(crl));
     if (num < 0) {
 	OSSL_Debug("num < 0???");
 	return rb_ary_new();
@@ -270,7 +270,7 @@ ossl_x509crl_get_revoked(VALUE self)
     ary = rb_ary_new2(num);
     for(i=0; i<num; i++) {
 	/* NO DUP - don't free! */
-	rev = (X509_REVOKED *)sk_X509_CRL_value(X509_CRL_get_REVOKED(crl), i);
+	rev = sk_X509_REVOKED_value(X509_CRL_get_REVOKED(crl), i);
 	revoked = ossl_x509revoked_new(rev);
 	rb_ary_push(ary, revoked);
     }
Index: ext/openssl/ossl_x509ext.c

--- ext/openssl/ossl_x509ext.c.orig	2007-06-09 00:02:04.000000000 +0900
+++ ext/openssl/ossl_x509ext.c
@@ -273,7 +273,7 @@ static VALUE
 ossl_x509ext_initialize(int argc, VALUE *argv, VALUE self)
 {
     VALUE oid, value, critical;
-    unsigned char *p;
+    const unsigned char *p;
     X509_EXTENSION *ext;
 
     GetX509Ext(self, ext);
Index: ext/openssl/ossl_x509name.c

--- ext/openssl/ossl_x509name.c.orig	2007-07-15 22:24:51.000000000 +0900
+++ ext/openssl/ossl_x509name.c
@@ -135,7 +135,7 @@ ossl_x509name_initialize(int argc, VALUE
 	    rb_block_call(tmp, rb_intern("each"), 0, 0, ossl_x509name_init_i, args);
 	}
 	else{
-	    unsigned char *p;
+	    const unsigned char *p;
 	    VALUE str = ossl_to_der_if_possible(arg);
 	    StringValue(str);
 	    p = RSTRING_PTR(str);